automated ppp testing
Is there a package out there that can monitor/test an ISP's connection (using PPP) on a regular basis? Just something that'll start a PPP connection, kill it immediately, and keep a log of it. Thanks, Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dial in
The package 'mgetty' does the trick nicely. It has a debian package but you can read up on it at: http://alpha.greenie.net/mgetty/ Tim. > How do you configure Debian to authenticate an > incoming call. or where to find info on doing this.
Re: Dial in
You were probably looking for RADIUS or something. mgetty is for tty handling. I use cistron based radius daemon. Sorry about the confusion, Tim. > The package 'mgetty' does the trick nicely. > > It has a debian package but you can read up on it at: > http://alpha.greenie.net/mgetty/ > > Tim. > > > How do you configure Debian to authenticate an > > incoming call. or where to find info on doing this. > > >
Re: Firewall on compac flash
if your going to be using iptables, ULOGd -> mySQL (replace fav DBMS) i work of a small IT solutions company and we have a very simlar system using usb drives. but whole (persistant) file system is read-only. if our clients require changes to be made, they flick the r/o switch and we can modifiy configs. -Tim On Fri, May 23, 2003 at 03:39:35PM +0200, Volker Tanger wrote: > Greetings! > > On Fri, 23 May 2003 14:48:27 +0200 "debian-isp" > <[EMAIL PROTECTED]> wrote: > > > We are just considering if we should try to set up our firewall on a > > Rackmountsystem with only Compac flash card and onboard cpu. Which > > would reduce a least the possibility of a harddisk crash, and would > > provide an easy possiblity to swap cards when there is a problem. The > > compac flash card (available also with 512MB is acting like a > > harddisk... Any experience with that kind of hardware ? > > Main problem with flash cards is the limited number of write cycles. > This may not be THAT much of a problem with config and even less with > the software. > > One thing, though, often overseen: where do you put the logs? A firewall > without logs looses a *LOT* of its practical value. > > Bye > > Volker Tanger > > IT-Security > discon gmbh > DeTeWe AG & Co. KG > > Fon +49 30 6104-3307 > Fax +49 30 6104-3435 > http://www.detewe.de/ > > -- > > > --- > Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de . > Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich. > > Visit our new Internet Pages on http://www.detewe.de . > Our Highlight: Online Product Adviser for Home & Office. > (Currently available in German only) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Dial in
The package 'mgetty' does the trick nicely. It has a debian package but you can read up on it at: http://alpha.greenie.net/mgetty/ Tim. > How do you configure Debian to authenticate an > incoming call. or where to find info on doing this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Dial in
You were probably looking for RADIUS or something. mgetty is for tty handling. I use cistron based radius daemon. Sorry about the confusion, Tim. > The package 'mgetty' does the trick nicely. > > It has a debian package but you can read up on it at: > http://alpha.greenie.net/mgetty/ > > Tim. > > > How do you configure Debian to authenticate an > > incoming call. or where to find info on doing this. > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
COMMERCIAL ANNOUNCEMENT:- The World's Cheapest Sun Cobalt RaQ4 Servers are here in Australia - au$99 / US$49 / GBP 35 - per month
Hi, Just a quick announcement. Please don't be mad at me for posting to your group, you guys are hard to find by any other means, and I know what we are doing is commercial, but it's a deal that's pretty innovative and I think it benefits the developer community and beyond. But hey, if I'm wrong, tell me - you've got my email address, phone number and name, so I'm not going anywhere fast + I'm keen for feedback, good bad or otherwise. We're a bunch of developers ourselves and we're keen to make dedicated hosting as cheap as a shared hosting and Sun Cobalt in Australia is keen to help us do that. So do we have a deal for you ! BTW. If that gets us flames so be it. Well we've just launched our Dedicated Server company here in Australia and the reaction has been amazing. To the best of our knowledge we are offering the world's lowest priced RaQ4 dedicated servers at just au$99 / US$49 / 35 UK pounds. This is thanks to our huge purchasing volumes from Aussie supporters and our weak dollar against most major world currencies. For more details of our servers and a full explanation of the offers click here http://www.dedicatedservers.com.au/thedeal.shtml We have a number of options, including outright purchase of the server at well below market price, which also includes one year's co-location. Our servers are located in carrier class data centers here in Australia, and we have 24.7.365 manned technical support. Our datacenters are on major peering points for both Asia, UK and the US. We have partnered with Red Hat to offer support, and the servers have been installed with Kurant's award winning Ecommerce solution StoreSense at no charge. A fully enabled 30 day trial of the amazing urchin statistics software is also included in the deal, and if you choose to purchase the license after the trial period you will receive very special pricing. The RaQ4 also comes factory installed with Chilisoft to allow Active Server Page - ASP equivalency. Upcoming software partner bundles including Cold Fusion and Real Media servers are only days away - so if you're looking for that functionality join our mailing list and we'll notify you when they are available. Our customers come from all over the world and if you need an IP address to check routing and timing to your customer base we're happy to supply this to you. Just send a request, including details of your organisation to [EMAIL PROTECTED] Full details of our servers, including datasheets and manual PDF's for download, and working online demos of all the servers and software are on our site at http://www.dedicatedservers.com.au Thanks for your time and I welcome any inquiries you may have. There in an online chat system on the site, or, we can be contacted directly at [EMAIL PROTECTED] We are here to serve! Kind regards, Tim Rignold Dedicated Servers Australia Dedicated Servers is a 100% Australian Owned private business, we have no affiliation with any companies anywhere in the world bearing similar names. _ Dedicated Servers Australia - BRISBANE Telephone + 61 7 3831 9111 80 Berry Street Facsimile + 61 7 3839 5442 Spring Hill Queensland mailto:[EMAIL PROTECTED] AUSTRALIA 4000 http://www.dedicatedservers.com.au A WEBHOST COMPANY - PROUDLY 100% AUSTRALIAN OWNED -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail Relay Problems
Gene Grimm wrote: > This network has been driving me nuts for weeks and this is only making it > worse. Here are the extracts from the maillog file coming from my > workstation. It makes no difference if I use the HELO protocol, and there is > an PTR entry in the in-addr.arpa zone for this address block with my > workstation host name/FQDN. I'm not sure how to test reverse IP lookup > through Linux just yet, but our DNS is NT-based. type host It should return a FQDN if the PTR entry exists and is working properly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange provider needs me to limit bandwidth
You could use 'iproute2' I'm sure this is covered in: http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html Regards Tim <<< Alejandro Borges <[EMAIL PROTECTED]> 9/18 4:06a >>> My bw providers wants me to limit my 128kb connection because thats what i paid for...he is right, he said that to pay me for the work of doing it myself he gives me permission to take hold of the whole T3 on weekends (im connected through a wavelan card and a big antena)... so its a cool deal, but the problem is that i dont know how to limit bandwith i saw something in the kernel but it was in the QOS section, so i dont think thats the good one. Any ideas on a good program or kernel module i can use for this? Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache
>Most likely you want to run asp pages written in VBScript, don't you? >Same problem here, trying to scape from this MS hell. Apache::ASP >won't help; as far as I can see it's just for running the asp >framework using Perl as the language. I'm looking now at chilisoft, >this looks as the answer. But... what about the database connections >and database-related stuff??? Anyone can report any experiences on this? I looked at that a while ago and it seems like they can connect to windows databases via an ODBC to ODBC bridge. Considering that the price of an easysoft or openlink is more then chilisoftit sounds like a good deal. It does connect to SQL server 7.0 via a merant odbc driver (retail cost $6000.00). I have no idea about SQL 2000 All and all it seems like a bargain for about $500.00. You can download a copy and try it out. I never did (I bit the bullet and converted all my pages to php by hand) but If you try it I would love to hear about your experiences. :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Transparent Proxy in the 2.4.x kernel
Apparently, on Tue, Nov 13, 2001 at 02:46:46PM +1100, Andrew Tait wrote: > Hi All, > > I have been considering upgrading our servers from the 2.2.x kernel up to > the 2.4 (we have 1 server running testing/woody, soon to be 2). However, one > thing I want in a new kernel is transparent proxying, which wasn't (AFAIK) > compiled in the debian image for 2.2. > > Is the 2.4 debian kernel-image compiled with transparent proxy? Or do I need > to compile my own? I don't know what the 2.4 debian kernel-image has in it since I've only compiled my own but here is how you would setup a transparent proxy with 2.4. http://netfilter.samba.org/netfilter-faq-3.html#ss3.12 I would guess the debian image has the necessary netfilter modules. -- Tim Moss [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sourceforge and postgresql
> >When I do a dpk-reconfigure libpam-ldap and I set the root login = >cn=admin, dc=< ?? > What do I put for dc? >If I am using debian.org as my ldap server location would I have >cn=admin, dc=debian, dc=com? >I am confused, after I configured the ldap again I got ldap_bind: >Invalid credentials which I guess means that I got the password wrong. >I went through and reconfigured everything to have an empty password, >and still I got the same thing. >Any ides? I really want to get this to work, and I feel like I am so >close. I don't pretend to be a ldap expert but this is what worked for me. I picked my host name as my root dn. So you should set dc=myhost, dc=mydomain, dc=com as your root DN. So anytime you need to specify the dc repeat that. cn=admin, dc=myhost, dc=mydomain, dc=com. If you keep consistent in your configurations you should be OK. ------ Tim Uckun Mobile Intelligence Unit. ------ "There are some who call me TIM?" -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rogue Chinese crawler
Martin WHEELER <[EMAIL PROTECTED]> writes: > Is anyone else having problems with the robot from > openfind.com.tw > -- an intrusive, irritating, hard-to-get-rid-of crawler that completely > paralyses my system *every day*? Nope. How does it paralyse you, anyway? > Despite what I put in any robots.txt, this one disregards all rules and > just jams up my system, downloading every damn' thing in sight. Mails to > the owners are totally disregarded. > > Anyone know of a sure-fire robot killer under woody? `iptables -s openfind.com.tw -j MIRROR' would be favourite. > Who should this thing be reported to to get it stopped? jason @ openfind.com.tw, according to whois. You might also consider finding someone at seed.net.tw or even wcg.net, to drop a mail to. ~Tim -- Sometimes you're the pigeon,|[EMAIL PROTECTED] Sometimes you're the statue.|http://spodzone.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Accounting software
On Thu, 11 Oct 2001 16:17:49 +0200 "Craig" <[EMAIL PROTECTED]> wrote: > Hi Guys > > Does anyone know of accounting software that can run on Linux, > with Point of Sale capabilities ?> > I've never tried this, just read about it a couple days ago. Might be something to check out. http://nola.noguska.com/main.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache suEXEC Question
On Fri, 12 Oct 2001 09:55:31 -0400 "A.Sleep" <[EMAIL PROTECTED]> wrote: > Oddly, this is the first time I've had this issue... > > I've added my User and Group directives in the vhosts in my vhost.conf > and > I'm getting Forbidden errors. > Here's an example: > > The User and Group directives are set to foo > Here's an -ls -l of /home/f/ and /home/f/foo/ > > ls -l /home/ > > drwxr-xr-x2 root root 4096 Oct 11 09:51 f > > > ls -l /home/f/ > > drwxrwx---7 foo foo 4096 Oct 12 08:37 foo > Seems like this directory should be mode 755. Setting the User and Group in a VirtualHost section only affects what user and group CGI programs run as. The main webserver User & Group don't have any access to this directory unless those happen to be foo & foo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help... SSH CRC-32 compensation attack detectorvulnerability
I know this is not a complete solution, but for starters you could try 'chkrootkit': http://packages.debian.org/unstable/misc/chkrootkit.html http://www.chkrootkit.org/ Stable doesn't have a package but I'm sure you could build the unstable .deb from source. Regards Tim >>> "Jason Lim" <[EMAIL PROTECTED]> 12/03/01 08:33AM >>> Hi, sigh... yes... some of our servers have been hit with the "SSH CRC-32 compensation attack detector vulnerability" attack. some servers have been compromised, and the usual rootkit stuff (install root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.). What is an easy way to locate binaries that are different from the ones provided in the original debs? And is there any other relatively easier way of cleaning up a system that has had a rootkit installed? We've done a netstat -a and removed/killed all strange processes, and cleaned inetd.conf as much as we can, but some of the programs in inetd.conf have themselves also been tampered with (eg. in.telnetd). Please help... I have a bad feeling the crackers are coming back real soon to really finish off the job... so any help at this time in removing all their crap would be greatly appreciated. Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help... SSH CRC-32 compensation attack detectorvulnerability
> Never really looked into how reliable that is, but it's there. I'd like to > see apt-get support some sort of 'reinstall' command. apt-get install --reinstall package Regards Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Pop or Imap?
I am concerned about pop passwords being transmitted plaintext. Does imap encrypt passwords? if not does any protocol exists which does. THX. -- Tim Uckun Mobile Intelligence Unit. -- "There are some who call me TIM?" -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Pop or Imap?
At 07:21 PM 12/7/2001 +1100, Jeremy Lunn wrote: >On Fri, Dec 07, 2001 at 08:13:26PM +1300, Michael Jager wrote: > > > I am concerned about pop passwords being transmitted plaintext. Does imap > > > encrypt passwords? if not does any protocol exists which does. > > APOP. I dunno how you get it or whatever, but I know it exists and > passwords > > are encrypted (IIRC). > >IIRC APOP uses challange response, requireing both ends to know the >password in cleartext. Rather than sending the password as one string, >the server asks the client a few questions about the password that it >has. AFAIK it is not possible to work out the password at all from >monitoring the network traffic. I just checked my eudora and it seems to support APOP. Outlook express supports something called SPA does anybody know what that is? ------ Tim Uckun Mobile Intelligence Unit. ------ "There are some who call me TIM?" -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: What this means in my logs?
Petre Daniel <[EMAIL PROTECTED]> writes: > Heya,i got those lines often lately..Can anyone explain me every little > part of it? If you can drop an url link too,it would be great.. Thank > you. > > Nov 30 16:16:28 brutus-gw kernel: Packet log: input DENY eth1 PROTO=6 > 210.86.20.213:1621 194.102.92.21:6000 L=48 S=0x00 I=52039 F=0x4000 T=102 > SYN (#1) Paste it into the ipchains analyser at <http://logi.cc/>; that'll tell you about every word in detail. ~Tim -- Clouds cross the black moonlight, |[EMAIL PROTECTED] Rushing on down to the sound|http://spodzone.org.uk/ of a turning world | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RAID1 on sparc64
Hello, I have installed Debian 2.2 on a Sun Enterprise 420R. Everything seems to be working alright except software RAID, which is working fine on our x86 machines. The patch itself installs cleanly as does the kernel build, it is just the 'fdisk' and 'mkraid' tools that give me issues: # fdisk /dev/sdb Command (m for help): t Partition number (1-8): 1 Hex code (type L to list codes): fd Changed system type of partition 1 to fd (Unknown) # mkraid /dev/md0 handling MD device /dev/md0 analyzing super-block disk 0: /dev/sdb1, 2356000kB, raid superblock at 2355904kB disk 1: /dev/sda1, failed /dev/md0: Invalid argument I have tried running mkraid with the filesystem type set to 83 but this gives the same error. This is my /etc/raidtab: raiddev /dev/md0 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 chunk-size 4 persistent-superblock 1 device /dev/sdb1 raid-disk 0 device /dev/sda1 failed-disk 1 raiddev /dev/md1 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 chunk-size 4 persistent-superblock 1 device /dev/sdb2 raid-disk 0 device /dev/sda2 failed-disk 1 Regards, Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Fwd: scp, no ssh
how about setting the user's shell to /bin/true. this allows ftp, but no login shell. so it may work for scp as well. -- Forwarded Message -- Subject: scp, no ssh Date: Wed, 9 Jan 2002 09:49:10 +0100 From: Robert Janusz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] How to allow, for some users' IPs, only scp and no ssh? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] an.org with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: scp, no ssh
On Wednesday 09 January 2002 21:23, Joel Michael wrote: > On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote: > > how about setting the user's shell to /bin/true. this allows ftp, but no > > login shell. so it may work for scp as well. > > This is true, but you can still (probably) use ssh to execute commands, > like /bin/sh, and effectively get a shell. you may be right, as i've never tried this with scp but what true does (as a shell) is log you out instantly. so, in theory, you couldn't execute a command from ssh because as soon as you authenticate, true would log you out. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PPOP3 Webmail
Apparently, on Sat, Jan 19, 2002 at 09:44:34PM -0500, Gene Grimm wrote: > Does anyone know of a open source package for providing access to a POP3 > mail box via a web interface? > I just setup openwebmail (http://openwebmail.org/) and it's working out very well. It's only been a couple days but, so far, I recommend it. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PPOP3 Webmail
On Mon, 2002-01-21 at 05:14, Robert Waldner wrote: > > On Sun, 20 Jan 2002 12:08:46 EST, [EMAIL PROTECTED] writes: > >I agree! I have squirrelmail (which is still broken in Debian), > <...> > > What exactly is broken in squirrelmail? Works just fine here: I'm running unstable for a number of reasons, and for the last two uploaded versions, you can't even log in. Tim > ii cyrus-admin1.5.19-2 Cyrus mail system (administration tool) > ii cyrus-common 1.5.19-2 Cyrus mail system (common files) > ii cyrus-imapd1.5.19-2 Cyrus mail system (IMAP support) > ii cyrus-pop3d1.5.19-2 Cyrus mail system (POP3 support) > ii squirrelmail 1.2.2-1Webmail for nuts > ii php4 4.0.3pl1-0pota A server-side, HTML-embedded scripting langu > > cheers, > &rw > -- > / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ > \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Neighbour Table Overflow
This is what happens (I believe) when you don't have the loopback up (ifup lo) Tim On Fri, 2002-01-25 at 00:49, James Mclean wrote: > > > All, > > I have just returned from setting up a small internet cafe, where the server is > based on Debian Woody. > > Whilst i was setting up the machine, with it not plugged into the ethernet > switch every 2 seconds it would display Neighbour Table Overflow on the > console. It was *very* annoying to say the least. > > Now for the strange part... I plug in the Ethernet into the switch, and the > messages dissapear. The machine is the server, gateway, using SDSL to the > upstream. Ethernet Cards are both Intel 10/100 (Brand new ones... not sure of > exact model). > > The messages went away when plugged into ethernet, I am curious as to what this > is, or what it may be? > > Regards, > > James Mclean > Adam Internet > > » [EMAIL PROTECTED] | www.adam.com.au « > » 199 Sturt St. | P: 8231 0303« > » Adelaide 5000 | F: 8231 0223« > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
LDAP Woes....
I am ahving problems connecting to a local LDAP server. Here is what I did. Install slapd install libnss-ldap install pibpam-ldap I run ldap and it starts OK. If I run netstat -ln it shows ldp port as being listened to. If I try ldapsearch (with or without -h option) I get an error message that says it can not connect to ldap server. I can not telnet to localhost ldap port. /etc/init.d/slapd stop does not work (i need to do a killall -9 slapd to stop it) The syslog is not very helpful because ldapsearch has not connected. What entry do I need to put where to get slapd to listen properly. This is driving me nuts. :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central authentication with LDAP
>If the LDAP server accepts the connection and just does nothing then things >can get bad. I am having a problem like this (I think). I installed slapd using apt-get and it did not complain. But very strange things are happening. When I do an ldapsearch it hangs for a long time and then returns with "ldap_sasl_interactive_bind_s: Can't contact LDAP server" This occurs even if I do a ldapsearch -h 127.0.0.1 ps -ax shows ldap running. LSOF shows ldap listening. but /etc/init.d/slapd stop will not stop slapd. killall -9 slapd will stop it. If I start it by hand /usr/sbin/slapd -d 256 the first thing it says is.. daemon: socket() failed errno=22 (invalid argument) then it starts and starts saying daemon: conn=X FS=Y connection from IP=(it's own IP):somehighport (ip=0.0.0.0:34049) accepted Where X and Y are increasing integers So why is slapd running, listening but not answering? :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central authentication with LDAP
> >Using the "-x" switch to disable SASL is one solution to this (and it's quite >adequate for localhost connections). For network connections you may want to >get SASL working (I don't know how to do this) or to use TLS (not currently >supported in Debian packages last time I checked). Tried that but it didn't work either. > > but /etc/init.d/slapd stop will not stop slapd. killall -9 slapd will stop > > it. > >Strange. Sounds like a buggy init script. A new set of OpenLDAP packages is >due soon, hopefully they'll involve a re-write of the start scripts. It's not the init script. I tried starting it by hand with the same result. > > If I start it by hand /usr/sbin/slapd -d 256 the first thing it says is.. > > daemon: socket() failed errno=22 (invalid argument) > > then it starts and starts saying > >The slapd doesn't display enough debugging info. You'll have to strace it to >find out what that error means exactly. Actually after it spit out a few thousand connect messages it locked up the computer. The computer kept saying no free files. I had to reboot using the switch!. I went home after that. Something is very very broken but I have no idea what it is.. -- Tim Uckun Mobile Intelligence Unit. -- "There are some who call me TIM?" -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central authentication with LDAP
> >openldap installer (potato unstable/testing) for libnss-ldap, >libpam-ldap configures /etc/ldap/ldap.conf, but the openldap utilities >look in /etc/openldap/ldap.conf (just make a symlink). Is this also true for unstable? Also I noticed that the file names in /etc/openldap and /etc/ldap are the same. Can I just symlink the entire /etc/ldap directory to /etc/openldap? On padl's site I downloaded the "Migration tools", then crouched one >or two of them and now I am able to say on my central autentication host: I will check these out... >It's not baken out, but I would be very glad to share and discuss with >other people interested in the same thing. Thank you for your generocity. I have been struggling with openldap on debian unstable for weeks now any help or suggestions you may have is greatly appreciated. >In fact I mailed a collect-mail to some of the maintainers because I >think that pam/ldap/nss actuall are dangerous for the non-guru >installer, but I only got response from one. You are telling me. As a non guru I may have totally hosed my system by now. Just today I was seriously thinking about re-installing from scratch. BTW is it possible to downgrade your debian from unstable to testing? I am also thinking about doing that. :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange problem
On Fri, 2002-02-01 at 00:59, Jeremy C. Reed wrote: > In my experience, unstable is "unstable". At times. > > and came up in a very strange state. No users could log in, only root, and > > things like ps, w, and top wouldn't work. I was called, got in via ssh, > > Why happens when you runs these commands? (What does "wouldn't > work" mean?) They hung. Nothing happened until I hit ^C > What do the logs say? Nothing. syslogd is one of the things that didn't start. > What do you mean that it is impossible to be the same? (Are you saying > that proc was also mounted at / ?) Hmm. I didn't say that right. Mount showed /proc mounted. 'df' *also* showed /proc mounted, with the same size/used/free as /. > > > /proc by hand, started up the utils that didn't start, checked things out > > the best I could, and rebooted again. Same thing. I've gone through > > What do the kernel messages say? Nothing. > What do the logs say? Nothing > What are these utils that didn't start? (Some network services that need > to be correctly setup in /etc/rc*.d/ ?) networking, syslog, just about anything that needs /proc to me mounted and readable. > Sometimes when I upgrade from stable to unstable, I have had some packages > not reinstalled and some software didn't start that should have. This machine was running unstable for quite some time, stabley. :) Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: unstable is "unstable"; stable is "outdated"
> kernel, etc... and as we all know, jumping from "stable" to "unstable" is > problem-prone and doesn't worth flawlessly every time. Why jump all the way to unstable, why not use testing? Testing is usually stable enough for most applications plus the various software packages are pretty up to date. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: unstable is "unstable"; stable is "outdated"
> >Feel free to disagree with any point I made, 'cause I'm not as good as I >sound. I'll throw my $.02 here. I think there is a more fundamental problem here. That is somehow incorporating the latest apache into stable will somehow make stable break. What needs to get done is to build a distro which isolates applications to a sufficient degree that they don't break each other. If you are able to build a distro like that then all you have to worry about is the application itself. If postgres 7.2 is deemed stable then you add it to your stable distro. Apple has done very interesting things with their bundle system if anyone cares to look, encap also looks pretty interesting. Ideally a distribution should act like this. Applications should not overly interfere with each other. It should be possible to install multiple versions of the same application. The distribution should be able to incorporate manually installed applications (make install) It should be possible to reconstruct the package database from the disk drive. all that and apt goodness too of course. feel free to add your own to the list. :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Going backwards.
Is it possible to move backwards from debian unstable to testing? :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Inexpensive gigabit copper NICs?
Apparently, on Tue, Mar 05, 2002 at 10:06:29AM -0500, Jeff S Wheeler wrote: > Can anyone recommend some inexpensive GIGE NICs that use CAT 5 instead > of fibre pairs? I just want to run some back-to-back from a busy NFS > server to a couple of its clients for now. I have not even looked into > GIGE copper switches but I imagine they ROI would not be very high for > my shop just yet :-) > Check out the D-Link DGE-550T http://www.dlink.com/products/gigabit/dge550t/ It appears to be supported in the 2.4.x kernels (maybe 2.2 but I don't have that to check) and it lists for only $89. I've actually been thinking of trying these myself so, if you get them and they work well, I'd love to hear about it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Another stupid question
On Thu, 2002-03-14 at 22:37, Bob Billson wrote: > On Thu, Mar 14, 2002 at 06:42:32PM -0500, [EMAIL PROTECTED] wrote: > > I want to switch over to maildir in Exim, but, no matter what I try, I > > still get the files in /var/spool/mail . Is there a working example > > somewhere? > > Take a look on exim.org. Look at the FAQ there. One of the questions > gives a clear description how to do it. If you still can't get it, post > the router, director and transport sections of your exim.conf file so we > can see where the problem is. OK, I'm number than I thought. I see nothing but a mere mention of maildir in one or two spots. Can you give a little more obvious pointer? Tim -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Forced DHCP setup
NoCatAuth (nocat.net) does exactly this. Although I think NoCat is designed with wireless in mind. Not sure if it works with normal wired network cards, but I can't see any reason why it wouldn't. On Wed, 30 Oct 2002, C. R. Oldham wrote: > > I don't believe it's possible to have a user log in to get an IP. > > It is possible, in hotels that have broadband in rooms, and on some > university campuses I've been too they have a DHCP server setup to serve > addresses from a private block. On that network there is a webserver > setup to intercept any http request coming from a client in the private > block and redirect the user to a page where he/she has to login. On > login a cgi (or some such) makes a change in the DHCP database to > allocate the user a "real" IP. The user gets instructions on the > ensuing webpage to do a release/renew and boom they are setup. > > Sorry, I don't know of any opensource packages to do this, but it > shouldn't be too hard. > > Of course, unless you setup your routers to block packets based on MAC > address this won't prevent someone from "guessing" a valid IP and > setting it up static. > > -- > C. R. Oldham > Director of Technology > NCA CASI > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Being new to Debian...
I agree. If you are running in a production environment that is exposed to the Internet definently stick with stable. It's much easier to compile a few "latest and greatest" programs that fit your needs than it is to keep track of and compile all of the security updates. On Fri, 15 Nov 2002, Robin Y. Millette wrote: > Sonny Kupka wrote: > > Being new to Debian distro, I was just wondering what people's thoughts > > were on running testing in a ISP environment on a main server.. > > > > I don't want bleeding edge I just want "up to date" software on my > > servers.. > > > > Just curious to others thoughts on the matter.. > > > > --- > > Sonny > > > > > > The moment you abandon the security of the stable distribution, you have > to handle all security alerts manually. If you can live with the > versions offered by the stable applications, but still find there are a > few applications where you need a more current version, look into the > "pinning" feature woody offers. > > -- > Robin Y. Millette (aka Lord D. Nattor) > http://rym.waglo.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: debian friendly unmanaged hosting joints?
Well, you have to commend Mark's honesty. He did say, "I really didn't want to use this excellent mailing list as a sales platform." And he answered the question. It's better than being subversive and saying something like, "I am a _very_ _happy_ customer of company XYZ. They rule" On Mon, 2003-02-17 at 20:16, Jason Lim wrote: > Agree... let's try and keep this for a discussion about ISPs running > Debian... not Sales & Marketing. > > We're pretty much all offering Debian here as part of our services, > otherwise we wouldn't BE here to start with ;-) > > I don't think anyone minds a line or two mentioning your company, cool... > but the whole email with paragraphs worth of promotions? > > - Original Message - > From: "Mark Lijftogt" <[EMAIL PROTECTED]> > To: "Loopshot Operator" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, 18 February, 2003 6:46 AM > Subject: Re: debian friendly unmanaged hosting joints? > > > > > > You forgot about how your company is growing, the amount of job > openings, > > the nice and bright future and stuff.. > > > > naah.. nevermind.. > > > > > > On Mon, Feb 17, 2003 at 02:27:00PM -0800, Loopshot Operator wrote: > > > Old-Return-Path: <[EMAIL PROTECTED]> > > > Subject: Re: debian friendly unmanaged hosting joints? > > > Cc: [EMAIL PROTECTED] > > > To: Jamie Penner <[EMAIL PROTECTED]> > > > From: Loopshot Operator <[EMAIL PROTECTED]> > > > > > > I really didn't want to use this excellent mailing list as a sales > > > platform, but it seems like there are several interested parties > > > looking for Debian-specific dedicated/managed hosting stateside. > > > > > > Our firm does just that. We are Debian-specific, in that we really > > > don't promote other distros or OSes nearly as much (only if > requested). > > > Pricing is $195/mo. for 30 GB of bandwidth. Full data-center > > > amenities, such as 10 day battery backup, diesel generator backup, > dual > > > DS-3 capacity, environmental control, etc. > > > > > > With our dedicated server packages, we also give you access to your > own > > > power control so you can power-cycle your server as you see fit. We > > > will also do full monitoring of ports/services/intrusion and nightly > > > backup, if you so desire, (although most on this list seem like > they're > > > perfectly capable of doing that themselves.) > > > > > > So that aside, feel free to contact me off-list if you'd like more > > > information. Our web site is currently being revamped, so some of the > > > info on there is out of date. Here's the contact info: > > > > > > Eric Jennings > > > [EMAIL PROTECTED] > > > Loopshot, Inc. > > > http://www.loopshot.com > > > +1 (775) 856-3455 > > > > > > Once again, my apologies for those who may not be interested, but I > > > thought I'd mention it since several have asked about firms offering > > > Debian servers in the U.S. > > > > > > Thanks- > > > Eric > > > > > > > > > On Monday, February 17, 2003, at 01:56 PM, Jamie Penner wrote: > > > > > > > > > > >Wish they were in N. America! (or someone like them!) > > > > > > > >At 12:46 PM 2/17/2003, you wrote: > > > > > > > >>On Mon, 17 Feb 2003, Brett Parker wrote: > > > >> > > > >>> > http://www.positiveinternet.co.uk/ > > > >>> > > > >>> isn't that www.positive-internet.co.uk? > > > >> > > > >>The address works with or without the hyphen; with or without the > www. > > > >>(That's the sort of attention to little detail you get with them.) > > > >> > > > >>> one of the maintainers of the debian packages for apache2 works > > > >>> there, he has clue > > > >> > > > >>Not only that, but when chatting on #debian-uk one night, I got > > > >>instant > > > >>service from one of their employees for a question about their > > > >>service I had, > > > >>that just cropped up in the course of conversation. > > > >> > > > >>Very, very "Debian", all round. > > > > > > > > > > > > > > > > > > > >-- > > > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > >with a subject of "unsubscribe". Trouble? Contact > > > >[EMAIL PROTECTED] > > > > > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > > [EMAIL PROTECTED] > > > > > > > -- > > > > > > -- Mark Lijftogt > > -- http://www.qut.nl > > -- http://www.lijftogt.nl > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cracking attempt
On Mon, 24 Feb 2003, Russell Coker wrote: > On Mon, 24 Feb 2003 07:38, Jason Lim wrote: > > Usually if we get such a report, we'll inform the client of their actions. > > Most times that discourages them from doing it. > > In any case it's a service to your client - who is the one paying you. It > always amazes me that people on the net expect you to take their side against > one of your clients for something innocent like a bit of portscanning! > > > unless someone is REALLY repeatedly hammering a server. Then if no action > > is taken we may even block them at the router/switch level. > > That's the only thing to do, if someone is excessively scanning you then you > block their IP addresses for a while. Of course you can't be too trigger > happy with this or you'll end up with half the Internet in your firewall rule > set... In the defense of the ballistic person that is complaining about the portscan, one of our servers is running a backup server that dies with no error/warning when the server is portscanned. Unfortunately, our servers can not be put behind a firewall as funding is at an all time low. This is a very inconvenient feature and the company that provides the backup server will do nothing about it so we have to manually restart the deamon from time to time because we were (innocently) portscanned. I guess my point is that there can be some wierd side-effects to obscure things that portscans/other non-normal network behaviour can create. However I will still side with you on the fact that abnormal behaviour should be handled and discarded by the software. Oh well. My two cents worth. -Tim > > -- > http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/Postal SMTP/POP benchmark > http://www.coker.com.au/~russell/ My home page > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cracking attempt
On Mon, 24 Feb 2003, Russell Coker wrote: > On Mon, 24 Feb 2003 10:59, Tim Spriggs wrote: > > > That's the only thing to do, if someone is excessively scanning you then > > > you block their IP addresses for a while. Of course you can't be too > > > trigger happy with this or you'll end up with half the Internet in your > > > firewall rule set... > > > > In the defense of the ballistic person that is complaining about the > > portscan, one of our servers is running a backup server that dies with no > > error/warning when the server is portscanned. Unfortunately, our servers > > can not be put behind a firewall as funding is at an all time low. > > !?!?!? > > Firstly having a backup server on a public IP address is just asking for > trouble. Yes, I know. > > What OS are you using? Presumably if it was Linux you would have solved the > problem with iptables or ipchains long ago... Solaris 9 :( It does have some firewalling software but caused some major conflicts at one point with no config and honestly, I and one other person are pushing to get a firewall and seperation of tasks on different machines. The way this thing sits right now I'd be un-surprised if someone with an hour of spare time and a little talent could get in and fuck a _LOT_ up. > > BTW As a rule of thumb, if you can crash it then you can probably exploit it, > I hope that server isn't running as root. I realize that too. Unfortunately, Universities (at least around here) tend to be VERY political and getting something like linux as a main college server in place would be "making waves" with the type of people that run the money upstairs. Like I said, I'm pushing it. Debian has been an all-time favorite of mine since I left redhat at version 5.2/5.0 several years back. I'd love to put Linux on the machine and call it a day. For one, things compile MUCH easier. > > This is a very inconvenient feature and the company that provides the > > backup server will do nothing about it so we have to manually restart the > > deamon from time to time because we were (innocently) portscanned. > > That sucks. Napster clients used to do the same, but you couldn't complain > too much about free software that is used for unauthorised audio copying. ;) Yeah, but you can sure as hell complain about backup software that you BUY and then don't recieve technical support in any way without paying more and having a setup that barely works as it is. ~cough~ Veritas ~clears throught~ sorry... Just a little built up... The hardware is kinda fun though... Sun v880 with 4GB's of ram and 6 36GB Fiber Channel drives. On of the drives is dedicated to mirrors by the way. We have a debian/cpan/xfree86/sunfreeware mirror setup on the box for anyone that's in/around/close to Arizona. -Tim < PRE > ##--##--##--##--##--##--##--##--##--##--##--##--## | T I MS P R I G G S | |Assistant Sysadmin - Development| |College of Engineering and Mines| |ECE206A - (520) 621-3185| ##--##--##--##--##--##--##--##--##--##--##--##--## -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Cracking attempt
Good point. The only other problem is that our department is looking for ways to cut back and so asking for _anything_ to my immediate superiors seems risky in their eyes. Certainly there are people on their level in other departments who wholeheartedly agree with me and even the people right above me to a degree but stuff seems to be flying left and right as people do not want to lose their jobs. Hmm, maybe I should dedicate a box of my own so I don't lose mine? :) Anywho, I appreciate the concern and I do realize what a mess this entire thing is. If it were solely up to me I would have a linux firewall that routed all ssh/mail/other user services to a single box and then keep all of the system level crap on another (such as our LDAP server and backup client). As of right now, I can think of way too many ways that this thing is holier than the pope's golf clubs. -Tim < PRE > ##--##--##--##--##--##--##--##--##--##--##--##--## | T I MS P R I G G S | |Assistant Sysadmin - Development| |College of Engineering and Mines| |ECE206A - (520) 621-3185| ##--##--##--##--##--##--##--##--##--##--##--##--## On Mon, 24 Feb 2003, Emile van Bergen wrote: > Hi, > > On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote: > > > On Mon, 24 Feb 2003, Russell Coker wrote: > > > > > BTW As a rule of thumb, if you can crash it then you can probably > > > exploit it, I hope that server isn't running as root. > > > > I realize that too. Unfortunately, Universities (at least around here) > > tend to be VERY political and getting something like linux as a main > > college server in place would be "making waves" with the type of > > people that run the money upstairs. > > Just rest assured that a non-firewalled box containing backups will make > a /lot/ more waves upstairs when (sic!) it gets cracked. > > You don't need to push Linux, you just need to explain the current > risks, their cost and what it costs to implement a solution (be it > Debian or Windows-95 based, ultimately they won't care), and the risks > associated with that. > > Even the people upstairs have their gut feelings or prejudices about > things they don't understand -- and we all know how hard that can make > things -- they do tend to be sensitive to talks that mention well > founded estimates of risks and costs. > > Cheers, > > > Emile. > > -- > E-Advies / Emile van Bergen | [EMAIL PROTECTED] > tel. +31 (0)70 3906153| http://www.e-advies.info > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Cracking attempt
Thanks everyone. -Tim < PRE > ##--##--##--##--##--##--##--##--##--##--##--##--## | T I MS P R I G G S | |Assistant Sysadmin - Development| |College of Engineering and Mines| |ECE206A - (520) 621-3185| ##--##--##--##--##--##--##--##--##--##--##--##--## On Tue, 25 Feb 2003, Stefaan Teerlinck wrote: > There are also cheap ($100) NAT routers / "firewalls" available like > D-Link or Netgear if you don't need a speed > 10Mbps > You'll have to spend $100, but it won't consume you time, it takes a lot > less space, and it will consume a lot less electricity. > > > -Oorspronkelijk bericht- > > Van: Craig Sanders [mailto:[EMAIL PROTECTED] > > Verzonden: dinsdag 25 februari 2003 1:38 > > Aan: Tim Spriggs > > CC: [EMAIL PROTECTED] > > Onderwerp: Re: Cracking attempt > > > > > > On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote: > > > > What OS are you using? Presumably if it was Linux you would have > > > > solved the problem with iptables or ipchains long ago... > > > > > > Solaris 9 :( It does have some firewalling software but caused some > > > major conflicts at one point with no config and honestly, I and one > > > other person are pushing to get a firewall and seperation > > of tasks on > > > different machines. The way this thing sits right now I'd be > > > un-surprised if someone with an hour of spare time and a > > little talent > > > could get in and fuck a _LOT_ up. > > > > here's a quick-and-dirty (and cheap!) temporary solution: > > > > get an old 386/486/pentium box - there should be several > > gathering dust > > at any university. put two ethernet cards in it, and install > > linux (any > > debian with kernel 2.4.x) on the machine and configure it as a NAT > > firewall. plug one NIC into your network, and use a > > crossover cable to > > connect the other NIC to your solaris box. > > > > in short, what this will do is take the solaris box off the external > > network and put it on a second (private) network. DNAT on > > the linux box > > will allow authorised machines to connect to it and SNAT allows the > > solaris box to get out. > > > > if you configure the NAT stuff right, the change will be completely > > transparent to all users. > > > > it's pretty ugly, but it will work...and it's something you can do > > without spending any money or asking permission (remember it's always > > easier to get forgiveness than permission :). > > > > if anyone ever notices and complains, you can justify it by saying you > > had no choice. you had to protect the server and the backups it > > contained but had no budget to do it with. > > > > > > alternatively, build the linux box but put it between your external > > router and your main network. there's no need for NAT in this setup, > > just plain routing and iptables firewalling rules. > > > > > > a third alternative, (which may or may not be viable, > > depending on what > > kind of border router you have and how your network is set up) is to > > replace the router with the linux box. > > > > craig > > > > -- > > craig sanders <[EMAIL PROTECTED]> > > > > Fabricati Diem, PVNC. > > -- motto of the Ankh-Morpork City Watch > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Very slow login
If you don't want to run a name service, you could add the hosts you connect from into /etc/hosts. Tim. - Original Message - From: "Tamas TEVESZ" <[EMAIL PROTECTED]> To: "Áts Attila" <[EMAIL PROTECTED]> Cc: Sent: Thursday, June 29, 2000 7:15 AM Subject: Re: Very slow login On Wed, 28 Jun 2000, [iso-8859-1] Áts Attila wrote: > I've installed a server. Logging in at the console is very fast. > But when I make a connection through Teknet or FTP it takes very > long to get the login prompt. What can be the problem and the > solution? tries to look up some name for the connecting host. do some name service stuff on the machine and you'll be ok. -- [-] there's a devil waiting outside your door -- -- a legintelligensebb liposzómák segítség nélkül jutnak el a 25.000 - forintos kérdésig. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: multiple MTA's
> > For our company network we want to have a "quite" secure mail > > environment. On W32 clients we want to use Lotus Notes R5. We have a > > mailserver running Debian with Exim and on this machine I also installed > > Domino. The Domino MTA is running on port 26, Exim on port 25. > > How can I set up mail exchange between those two mailsystems? The reason > > for using Exim as the only mailer to accept external mail is the security > > aspect, there are some exploits in the Domino mailsystem. > > > > Does anybody have experience with this? > > if you use domino as the internal smtp server, and exim as the external, > you should make domino use exim as a smarthost. I've done something like > this running two instances of exim with different configs. Along with using the smarthost, you could probably bind each MTA to its own interface, that way they can both run on port 25, but exim on your external address, and domino on the internal one. Tim.
Re: arpwatch and more
I guess that means you have to keep those quad Ethernet Sun cards away. Tim. - Original Message - From: "Marc Haber" <[EMAIL PROTECTED]> To: Sent: Saturday, March 17, 2001 7:50 PM Subject: Re: arpwatch and more > On Fri, 16 Mar 2001 13:05:06 -0800, Mike Fedyk <[EMAIL PROTECTED]> > wrote: > >On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote: > >> Please be aware, though, that the MAC address is trivial to forge > >> nowadays. > >Hmm, how does a switch deal with the same mac address coming from two ports > >at the same time? > > It will probably flap. MAC address forging will only work if the host > that owns the forged MAC is switched off or disabled in some other > way.
Backup Programs
I am using a DDS3 tape drive and was just wanting to know what you all use for backups. Do you write your own scripts or use a frontend/utility/program to help out? Tim.
Re: Virtual Hosts
Have you ifconfig'd the additional addresses you are going to use? Tim. - Original Message - From: "Y2KNET" <[EMAIL PROTECTED]> To: Sent: Thursday, April 05, 2001 1:40 PM Subject: Virtual Hosts > When I remotely or internally telnet www.xyz.net, > it does not connect and give the error > "unable to connect remote host: no route to host" > but when I tried to connect www.abc.net > it connected. It looks like it is not connetcting > to www.xyz.net. > > I have the entry for zone xyz.net in named.conf file for xyz.net > and a separate host file as xyz.hosts besides abc.net. > When I do dig www.xyz.net then it right away answers > all the queries. > > Looks, I am making some mistakes in dns files. > But for dns file in xyz.host, I have the > following entries: > > wwwIN A192.55.34.5 > > Any idea please! > > Abu Umair > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: Virtual Hosts
Read the ifconfig man page, bring up the addresses you need, then test Apache. If all is good, throw the IP details in /etc/network/interfaces and they will come up again after a reboot. Tim. - Original Message - From: "Y2KNET" <[EMAIL PROTECTED]> To: "Tim Kent" <[EMAIL PROTECTED]> Cc: Sent: Thursday, April 05, 2001 2:44 PM Subject: Re: Virtual Hosts > No, I have not and here it looks the problem, > but in Debian 2.2r2 there is a networking file > in /etc/init.d, instead of network file where > ifconfig was added. I am trying to find where can I look > these ifconfig files. > > I do not know how to add additiona IP address for > ifconfig in 2.2r2. > > Abu Umair > > Tim Kent wrote: > > > Have you ifconfig'd the additional addresses you are going to use? > > > > Tim. > > - Original Message - > > From: "Y2KNET" <[EMAIL PROTECTED]> > > To: > > Sent: Thursday, April 05, 2001 1:40 PM > > Subject: Virtual Hosts > > > > > When I remotely or internally telnet www.xyz.net, > > > it does not connect and give the error > > > "unable to connect remote host: no route to host" > > > but when I tried to connect www.abc.net > > > it connected. It looks like it is not connetcting > > > to www.xyz.net. > > > > > > I have the entry for zone xyz.net in named.conf file for xyz.net > > > and a separate host file as xyz.hosts besides abc.net. > > > When I do dig www.xyz.net then it right away answers > > > all the queries. > > > > > > Looks, I am making some mistakes in dns files. > > > But for dns file in xyz.host, I have the > > > following entries: > > > > > > wwwIN A192.55.34.5 > > > > > > Any idea please! > > > > > > Abu Umair > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: get school connected to the inet
On Sun, 22 Apr 2001 16:26:26 Joachim Schiele wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > hello dear list members: > i have to connect a school to the internet but i have to avoid that the > users(kids) look at certain webpages with criminal and sexual backgrounds > > is there a possibility to stop that, maybe on the firewall (debian linux) > to > block requests like www.sex.de and things (words maybe) like sex, drugs > and > so on? > > are there any good, non-cost-intensive tools for ding that? > if so, please let me know ;-) Use squid, with the associated filters, and authentication methods. Tim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631) 924-3728 << >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
COMMERCIAL ANNOUNCEMENT:- The World's Cheapest Sun Cobalt RaQ4 Servers are here in Australia - au$99 / US$49 / GBP 35 - per month
Hi, Just a quick announcement. Please don't be mad at me for posting to your group, you guys are hard to find by any other means, and I know what we are doing is commercial, but it's a deal that's pretty innovative and I think it benefits the developer community and beyond. But hey, if I'm wrong, tell me - you've got my email address, phone number and name, so I'm not going anywhere fast + I'm keen for feedback, good bad or otherwise. We're a bunch of developers ourselves and we're keen to make dedicated hosting as cheap as a shared hosting and Sun Cobalt in Australia is keen to help us do that. So do we have a deal for you ! BTW. If that gets us flames so be it. Well we've just launched our Dedicated Server company here in Australia and the reaction has been amazing. To the best of our knowledge we are offering the world's lowest priced RaQ4 dedicated servers at just au$99 / US$49 / 35 UK pounds. This is thanks to our huge purchasing volumes from Aussie supporters and our weak dollar against most major world currencies. For more details of our servers and a full explanation of the offers click here http://www.dedicatedservers.com.au/thedeal.shtml We have a number of options, including outright purchase of the server at well below market price, which also includes one year's co-location. Our servers are located in carrier class data centers here in Australia, and we have 24.7.365 manned technical support. Our datacenters are on major peering points for both Asia, UK and the US. We have partnered with Red Hat to offer support, and the servers have been installed with Kurant's award winning Ecommerce solution StoreSense at no charge. A fully enabled 30 day trial of the amazing urchin statistics software is also included in the deal, and if you choose to purchase the license after the trial period you will receive very special pricing. The RaQ4 also comes factory installed with Chilisoft to allow Active Server Page - ASP equivalency. Upcoming software partner bundles including Cold Fusion and Real Media servers are only days away - so if you're looking for that functionality join our mailing list and we'll notify you when they are available. Our customers come from all over the world and if you need an IP address to check routing and timing to your customer base we're happy to supply this to you. Just send a request, including details of your organisation to [EMAIL PROTECTED] Full details of our servers, including datasheets and manual PDF's for download, and working online demos of all the servers and software are on our site at http://www.dedicatedservers.com.au Thanks for your time and I welcome any inquiries you may have. There in an online chat system on the site, or, we can be contacted directly at [EMAIL PROTECTED] We are here to serve! Kind regards, Tim Rignold Dedicated Servers Australia Dedicated Servers is a 100% Australian Owned private business, we have no affiliation with any companies anywhere in the world bearing similar names. _ Dedicated Servers Australia - BRISBANE Telephone + 61 7 3831 9111 80 Berry Street Facsimile + 61 7 3839 5442 Spring Hill Queensland mailto:[EMAIL PROTECTED] AUSTRALIA 4000 http://www.dedicatedservers.com.au A WEBHOST COMPANY - PROUDLY 100% AUSTRALIAN OWNED
Re: Accounting software
On Thu, 11 Oct 2001 16:17:49 +0200 "Craig" <[EMAIL PROTECTED]> wrote: > Hi Guys > > Does anyone know of accounting software that can run on Linux, > with Point of Sale capabilities ?> > I've never tried this, just read about it a couple days ago. Might be something to check out. http://nola.noguska.com/main.html
Re: Apache suEXEC Question
On Fri, 12 Oct 2001 09:55:31 -0400 "A.Sleep" <[EMAIL PROTECTED]> wrote: > Oddly, this is the first time I've had this issue... > > I've added my User and Group directives in the vhosts in my vhost.conf > and > I'm getting Forbidden errors. > Here's an example: > > The User and Group directives are set to foo > Here's an -ls -l of /home/f/ and /home/f/foo/ > > ls -l /home/ > > drwxr-xr-x2 root root 4096 Oct 11 09:51 f > > > ls -l /home/f/ > > drwxrwx---7 foo foo 4096 Oct 12 08:37 foo > Seems like this directory should be mode 755. Setting the User and Group in a VirtualHost section only affects what user and group CGI programs run as. The main webserver User & Group don't have any access to this directory unless those happen to be foo & foo.
Re: Transparent Proxy in the 2.4.x kernel
Apparently, on Tue, Nov 13, 2001 at 02:46:46PM +1100, Andrew Tait wrote: > Hi All, > > I have been considering upgrading our servers from the 2.2.x kernel up to > the 2.4 (we have 1 server running testing/woody, soon to be 2). However, one > thing I want in a new kernel is transparent proxying, which wasn't (AFAIK) > compiled in the debian image for 2.2. > > Is the 2.4 debian kernel-image compiled with transparent proxy? Or do I need > to compile my own? I don't know what the 2.4 debian kernel-image has in it since I've only compiled my own but here is how you would setup a transparent proxy with 2.4. http://netfilter.samba.org/netfilter-faq-3.html#ss3.12 I would guess the debian image has the necessary netfilter modules. -- Tim Moss [EMAIL PROTECTED]
Re: sourceforge and postgresql
When I do a dpk-reconfigure libpam-ldap and I set the root login =
cn=admin, dc=< ?? > What do I put for dc?
If I am using debian.org as my ldap server location would I have
cn=admin, dc=debian, dc=com?
I am confused, after I configured the ldap again I got ldap_bind:
Invalid credentials which I guess means that I got the password wrong.
I went through and reconfigured everything to have an empty password,
and still I got the same thing.
Any ides? I really want to get this to work, and I feel like I am so
close.
I don't pretend to be a ldap expert but this is what worked for me.
I picked my host name as my root dn. So you should set dc=myhost,
dc=mydomain, dc=com as your root DN. So anytime you need to specify the dc
repeat that. cn=admin, dc=myhost, dc=mydomain, dc=com. If you keep
consistent in your configurations you should be OK.
--
Tim Uckun
Mobile Intelligence Unit.
--
"There are some who call me TIM?"
--
Re: rogue Chinese crawler
Martin WHEELER <[EMAIL PROTECTED]> writes: > Is anyone else having problems with the robot from > openfind.com.tw > -- an intrusive, irritating, hard-to-get-rid-of crawler that completely > paralyses my system *every day*? Nope. How does it paralyse you, anyway? > Despite what I put in any robots.txt, this one disregards all rules and > just jams up my system, downloading every damn' thing in sight. Mails to > the owners are totally disregarded. > > Anyone know of a sure-fire robot killer under woody? `iptables -s openfind.com.tw -j MIRROR' would be favourite. > Who should this thing be reported to to get it stopped? jason @ openfind.com.tw, according to whois. You might also consider finding someone at seed.net.tw or even wcg.net, to drop a mail to. ~Tim -- Sometimes you're the pigeon,|[EMAIL PROTECTED] Sometimes you're the statue.|http://spodzone.org.uk/
Re: What this means in my logs?
Petre Daniel <[EMAIL PROTECTED]> writes: > Heya,i got those lines often lately..Can anyone explain me every little > part of it? If you can drop an url link too,it would be great.. Thank > you. > > Nov 30 16:16:28 brutus-gw kernel: Packet log: input DENY eth1 PROTO=6 > 210.86.20.213:1621 194.102.92.21:6000 L=48 S=0x00 I=52039 F=0x4000 T=102 > SYN (#1) Paste it into the ipchains analyser at <http://logi.cc/>; that'll tell you about every word in detail. ~Tim -- Clouds cross the black moonlight, |[EMAIL PROTECTED] Rushing on down to the sound|http://spodzone.org.uk/ of a turning world |
Re: Help... SSH CRC-32 compensation attack detector vulnerability
I know this is not a complete solution, but for starters you could try 'chkrootkit': http://packages.debian.org/unstable/misc/chkrootkit.html http://www.chkrootkit.org/ Stable doesn't have a package but I'm sure you could build the unstable .deb from source. Regards Tim >>> "Jason Lim" <[EMAIL PROTECTED]> 12/03/01 08:33AM >>> Hi, sigh... yes... some of our servers have been hit with the "SSH CRC-32 compensation attack detector vulnerability" attack. some servers have been compromised, and the usual rootkit stuff (install root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.). What is an easy way to locate binaries that are different from the ones provided in the original debs? And is there any other relatively easier way of cleaning up a system that has had a rootkit installed? We've done a netstat -a and removed/killed all strange processes, and cleaned inetd.conf as much as we can, but some of the programs in inetd.conf have themselves also been tampered with (eg. in.telnetd). Please help... I have a bad feeling the crackers are coming back real soon to really finish off the job... so any help at this time in removing all their crap would be greatly appreciated. Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help... SSH CRC-32 compensation attack detector vulnerability
> Never really looked into how reliable that is, but it's there. I'd like to > see apt-get support some sort of 'reinstall' command. apt-get install --reinstall package Regards Tim
Pop or Imap?
I am concerned about pop passwords being transmitted plaintext. Does imap encrypt passwords? if not does any protocol exists which does. THX. -- Tim Uckun Mobile Intelligence Unit. -- "There are some who call me TIM?" --
Re: Pop or Imap?
At 07:21 PM 12/7/2001 +1100, Jeremy Lunn wrote: On Fri, Dec 07, 2001 at 08:13:26PM +1300, Michael Jager wrote: > > I am concerned about pop passwords being transmitted plaintext. Does imap > > encrypt passwords? if not does any protocol exists which does. > APOP. I dunno how you get it or whatever, but I know it exists and passwords > are encrypted (IIRC). IIRC APOP uses challange response, requireing both ends to know the password in cleartext. Rather than sending the password as one string, the server asks the client a few questions about the password that it has. AFAIK it is not possible to work out the password at all from monitoring the network traffic. I just checked my eudora and it seems to support APOP. Outlook express supports something called SPA does anybody know what that is? ------ Tim Uckun Mobile Intelligence Unit. -- "There are some who call me TIM?" --
RAID1 on sparc64
Hello, I have installed Debian 2.2 on a Sun Enterprise 420R. Everything seems to be working alright except software RAID, which is working fine on our x86 machines. The patch itself installs cleanly as does the kernel build, it is just the 'fdisk' and 'mkraid' tools that give me issues: # fdisk /dev/sdb Command (m for help): t Partition number (1-8): 1 Hex code (type L to list codes): fd Changed system type of partition 1 to fd (Unknown) # mkraid /dev/md0 handling MD device /dev/md0 analyzing super-block disk 0: /dev/sdb1, 2356000kB, raid superblock at 2355904kB disk 1: /dev/sda1, failed /dev/md0: Invalid argument I have tried running mkraid with the filesystem type set to 83 but this gives the same error. This is my /etc/raidtab: raiddev /dev/md0 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 chunk-size 4 persistent-superblock 1 device /dev/sdb1 raid-disk 0 device /dev/sda1 failed-disk 1 raiddev /dev/md1 raid-level 1 nr-raid-disks 2 nr-spare-disks 0 chunk-size 4 persistent-superblock 1 device /dev/sdb2 raid-disk 0 device /dev/sda2 failed-disk 1 Regards, Tim
Fwd: scp, no ssh
how about setting the user's shell to /bin/true. this allows ftp, but no login shell. so it may work for scp as well. -- Forwarded Message -- Subject: scp, no ssh Date: Wed, 9 Jan 2002 09:49:10 +0100 From: Robert Janusz <[EMAIL PROTECTED]> To: debian-isp@lists.debian.org How to allow, for some users' IPs, only scp and no ssh? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] an.org with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] ---
Re: Fwd: scp, no ssh
On Wednesday 09 January 2002 21:23, Joel Michael wrote: > On Thu, 2002-01-10 at 12:19, Tim Quinlan wrote: > > how about setting the user's shell to /bin/true. this allows ftp, but no > > login shell. so it may work for scp as well. > > This is true, but you can still (probably) use ssh to execute commands, > like /bin/sh, and effectively get a shell. you may be right, as i've never tried this with scp but what true does (as a shell) is log you out instantly. so, in theory, you couldn't execute a command from ssh because as soon as you authenticate, true would log you out.
Re: Strange problem
On Fri, 2002-02-01 at 00:59, Jeremy C. Reed wrote: > In my experience, unstable is "unstable". At times. > > and came up in a very strange state. No users could log in, only root, and > > things like ps, w, and top wouldn't work. I was called, got in via ssh, > > Why happens when you runs these commands? (What does "wouldn't > work" mean?) They hung. Nothing happened until I hit ^C > What do the logs say? Nothing. syslogd is one of the things that didn't start. > What do you mean that it is impossible to be the same? (Are you saying > that proc was also mounted at / ?) Hmm. I didn't say that right. Mount showed /proc mounted. 'df' *also* showed /proc mounted, with the same size/used/free as /. > > > /proc by hand, started up the utils that didn't start, checked things out > > the best I could, and rebooted again. Same thing. I've gone through > > What do the kernel messages say? Nothing. > What do the logs say? Nothing > What are these utils that didn't start? (Some network services that need > to be correctly setup in /etc/rc*.d/ ?) networking, syslog, just about anything that needs /proc to me mounted and readable. > Sometimes when I upgrade from stable to unstable, I have had some packages > not reinstalled and some software didn't start that should have. This machine was running unstable for quite some time, stabley. :) Tim
Re: unstable is "unstable"; stable is "outdated"
> kernel, etc... and as we all know, jumping from "stable" to "unstable" is > problem-prone and doesn't worth flawlessly every time. Why jump all the way to unstable, why not use testing? Testing is usually stable enough for most applications plus the various software packages are pretty up to date.
Re: unstable is "unstable"; stable is "outdated"
Feel free to disagree with any point I made, 'cause I'm not as good as I sound. I'll throw my $.02 here. I think there is a more fundamental problem here. That is somehow incorporating the latest apache into stable will somehow make stable break. What needs to get done is to build a distro which isolates applications to a sufficient degree that they don't break each other. If you are able to build a distro like that then all you have to worry about is the application itself. If postgres 7.2 is deemed stable then you add it to your stable distro. Apple has done very interesting things with their bundle system if anyone cares to look, encap also looks pretty interesting. Ideally a distribution should act like this. Applications should not overly interfere with each other. It should be possible to install multiple versions of the same application. The distribution should be able to incorporate manually installed applications (make install) It should be possible to reconstruct the package database from the disk drive. all that and apt goodness too of course. feel free to add your own to the list. :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/
Going backwards.
Is it possible to move backwards from debian unstable to testing? :wq Tim Uckun US Investigations Services/Due Diligence http://www.diligence.com/
RE: Forced DHCP setup
NoCatAuth (nocat.net) does exactly this. Although I think NoCat is designed with wireless in mind. Not sure if it works with normal wired network cards, but I can't see any reason why it wouldn't. On Wed, 30 Oct 2002, C. R. Oldham wrote: > > I don't believe it's possible to have a user log in to get an IP. > > It is possible, in hotels that have broadband in rooms, and on some > university campuses I've been too they have a DHCP server setup to serve > addresses from a private block. On that network there is a webserver > setup to intercept any http request coming from a client in the private > block and redirect the user to a page where he/she has to login. On > login a cgi (or some such) makes a change in the DHCP database to > allocate the user a "real" IP. The user gets instructions on the > ensuing webpage to do a release/renew and boom they are setup. > > Sorry, I don't know of any opensource packages to do this, but it > shouldn't be too hard. > > Of course, unless you setup your routers to block packets based on MAC > address this won't prevent someone from "guessing" a valid IP and > setting it up static. > > -- > C. R. Oldham > Director of Technology > NCA CASI > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
Re: Being new to Debian...
I agree. If you are running in a production environment that is exposed to the Internet definently stick with stable. It's much easier to compile a few "latest and greatest" programs that fit your needs than it is to keep track of and compile all of the security updates. On Fri, 15 Nov 2002, Robin Y. Millette wrote: > Sonny Kupka wrote: > > Being new to Debian distro, I was just wondering what people's thoughts > > were on running testing in a ISP environment on a main server.. > > > > I don't want bleeding edge I just want "up to date" software on my > > servers.. > > > > Just curious to others thoughts on the matter.. > > > > --- > > Sonny > > > > > > The moment you abandon the security of the stable distribution, you have > to handle all security alerts manually. If you can live with the > versions offered by the stable applications, but still find there are a > few applications where you need a more current version, look into the > "pinning" feature woody offers. > > -- > Robin Y. Millette (aka Lord D. Nattor) > http://rym.waglo.com > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
RE: Cracking attempt
Thanks everyone. -Tim < PRE > ##--##--##--##--##--##--##--##--##--##--##--##--## | T I MS P R I G G S | |Assistant Sysadmin - Development| |College of Engineering and Mines| |ECE206A - (520) 621-3185| ##--##--##--##--##--##--##--##--##--##--##--##--## On Tue, 25 Feb 2003, Stefaan Teerlinck wrote: > There are also cheap ($100) NAT routers / "firewalls" available like > D-Link or Netgear if you don't need a speed > 10Mbps > You'll have to spend $100, but it won't consume you time, it takes a lot > less space, and it will consume a lot less electricity. > > > -Oorspronkelijk bericht- > > Van: Craig Sanders [mailto:[EMAIL PROTECTED] > > Verzonden: dinsdag 25 februari 2003 1:38 > > Aan: Tim Spriggs > > CC: debian-isp@lists.debian.org > > Onderwerp: Re: Cracking attempt > > > > > > On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote: > > > > What OS are you using? Presumably if it was Linux you would have > > > > solved the problem with iptables or ipchains long ago... > > > > > > Solaris 9 :( It does have some firewalling software but caused some > > > major conflicts at one point with no config and honestly, I and one > > > other person are pushing to get a firewall and seperation > > of tasks on > > > different machines. The way this thing sits right now I'd be > > > un-surprised if someone with an hour of spare time and a > > little talent > > > could get in and fuck a _LOT_ up. > > > > here's a quick-and-dirty (and cheap!) temporary solution: > > > > get an old 386/486/pentium box - there should be several > > gathering dust > > at any university. put two ethernet cards in it, and install > > linux (any > > debian with kernel 2.4.x) on the machine and configure it as a NAT > > firewall. plug one NIC into your network, and use a > > crossover cable to > > connect the other NIC to your solaris box. > > > > in short, what this will do is take the solaris box off the external > > network and put it on a second (private) network. DNAT on > > the linux box > > will allow authorised machines to connect to it and SNAT allows the > > solaris box to get out. > > > > if you configure the NAT stuff right, the change will be completely > > transparent to all users. > > > > it's pretty ugly, but it will work...and it's something you can do > > without spending any money or asking permission (remember it's always > > easier to get forgiveness than permission :). > > > > if anyone ever notices and complains, you can justify it by saying you > > had no choice. you had to protect the server and the backups it > > contained but had no budget to do it with. > > > > > > alternatively, build the linux box but put it between your external > > router and your main network. there's no need for NAT in this setup, > > just plain routing and iptables firewalling rules. > > > > > > a third alternative, (which may or may not be viable, > > depending on what > > kind of border router you have and how your network is set up) is to > > replace the router with the linux box. > > > > craig > > > > -- > > craig sanders <[EMAIL PROTECTED]> > > > > Fabricati Diem, PVNC. > > -- motto of the Ankh-Morpork City Watch > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
Watchdog Program
As a small ISP, I need a way to make sure that our systems are running properly. Obviously, if something goes wrong, I get a notice from the root mail, however if the mail server goes down, it creates a problem for this to notify me. I am new to Linux so I would appreciate your help. Is there a package that I can use to monitor a whole range of systems remotely? Any help appreciated. Tim Philp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Civil Engineering Quiz
If you are unable to view the images in this email, please copy and paste the following url into your browser...http://www.haestad.com/cq_cq_20030514 This message is intended for civil engineers and water resource professionals. If it has reached [EMAIL PROTECTED] in error, reply to this message with a subject line of "stop". LSID: 12403-2074318
Re: Which Spam Block List to use for a network?
Russell Coker <[EMAIL PROTECTED]> said on Sat, 19 Jun 2004 19:54:55 +1000: > On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote: > > On Saturday 19 June 2004 07:50, Russell Coker wrote: > > > By far the most false-positive entries I have had are from > > > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org. The > > > > That's because rfc-ignorant.org's lists aren't about spamming. They are > > about domains that fail to conform to certain RFCs. (Although I > > disagree with their listing of *.uk on the grounds that the UK registry > > allows people to withhold their private contact details from whois.) Haven't they always allowed to be fake anyway? Isn't that how spammers get away with spamming in the US? > They also list all of Australia for the same reason as listing the UK. It > seems that whois is not worth much any more. And all of our national monopoly^Wcarrier are in some other blacklists, because they are not so prompt in dealing with spam. Unfortunately, what does every ISP use as an upstream? -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ Never trust a man who can count to 1,023 on his fingers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Civil Engineering Quiz
If you are unable to view the images in this email, please copy and paste the following url into your browser...http://www.haestad.com/cq_cq_20030514 This message is intended for civil engineers and water resource professionals. If it has reached debian-isp@lists.debian.org in error, reply to this message with a subject line of "stop". LSID: 12403-2074318
Re: Which Spam Block List to use for a network?
Russell Coker <[EMAIL PROTECTED]> said on Sat, 19 Jun 2004 19:54:55 +1000: > On Sat, 19 Jun 2004 18:04, Adam Funk <[EMAIL PROTECTED]> wrote: > > On Saturday 19 June 2004 07:50, Russell Coker wrote: > > > By far the most false-positive entries I have had are from > > > postmaster.rfc-ignorant.org and abuse.rfc-ignorant.org. The > > > > That's because rfc-ignorant.org's lists aren't about spamming. They are > > about domains that fail to conform to certain RFCs. (Although I > > disagree with their listing of *.uk on the grounds that the UK registry > > allows people to withhold their private contact details from whois.) Haven't they always allowed to be fake anyway? Isn't that how spammers get away with spamming in the US? > They also list all of Australia for the same reason as listing the UK. It > seems that whois is not worth much any more. And all of our national monopoly^Wcarrier are in some other blacklists, because they are not so prompt in dealing with spam. Unfortunately, what does every ISP use as an upstream? -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ Never trust a man who can count to 1,023 on his fingers.
Re: Very slow login
If you don't want to run a name service, you could add the hosts you connect from into /etc/hosts. Tim. - Original Message - From: "Tamas TEVESZ" <[EMAIL PROTECTED]> To: "Áts Attila" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, June 29, 2000 7:15 AM Subject: Re: Very slow login On Wed, 28 Jun 2000, [iso-8859-1] Áts Attila wrote: > I've installed a server. Logging in at the console is very fast. > But when I make a connection through Teknet or FTP it takes very > long to get the login prompt. What can be the problem and the > solution? tries to look up some name for the connecting host. do some name service stuff on the machine and you'll be ok. -- [-] there's a devil waiting outside your door -- -- a legintelligensebb liposzómák segítség nélkül jutnak el a 25.000 - forintos kérdésig. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: multiple MTA's
> > For our company network we want to have a "quite" secure mail > > environment. On W32 clients we want to use Lotus Notes R5. We have a > > mailserver running Debian with Exim and on this machine I also installed > > Domino. The Domino MTA is running on port 26, Exim on port 25. > > How can I set up mail exchange between those two mailsystems? The reason > > for using Exim as the only mailer to accept external mail is the security > > aspect, there are some exploits in the Domino mailsystem. > > > > Does anybody have experience with this? > > if you use domino as the internal smtp server, and exim as the external, > you should make domino use exim as a smarthost. I've done something like > this running two instances of exim with different configs. Along with using the smarthost, you could probably bind each MTA to its own interface, that way they can both run on port 25, but exim on your external address, and domino on the internal one. Tim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: arpwatch and more
I guess that means you have to keep those quad Ethernet Sun cards away. Tim. - Original Message - From: "Marc Haber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 17, 2001 7:50 PM Subject: Re: arpwatch and more > On Fri, 16 Mar 2001 13:05:06 -0800, Mike Fedyk <[EMAIL PROTECTED]> > wrote: > >On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote: > >> Please be aware, though, that the MAC address is trivial to forge > >> nowadays. > >Hmm, how does a switch deal with the same mac address coming from two ports > >at the same time? > > It will probably flap. MAC address forging will only work if the host > that owns the forged MAC is switched off or disabled in some other > way. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Backup Programs
I am using a DDS3 tape drive and was just wanting to know what you all use for backups. Do you write your own scripts or use a frontend/utility/program to help out? Tim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Hosts
Have you ifconfig'd the additional addresses you are going to use? Tim. - Original Message - From: "Y2KNET" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 05, 2001 1:40 PM Subject: Virtual Hosts > When I remotely or internally telnet www.xyz.net, > it does not connect and give the error > "unable to connect remote host: no route to host" > but when I tried to connect www.abc.net > it connected. It looks like it is not connetcting > to www.xyz.net. > > I have the entry for zone xyz.net in named.conf file for xyz.net > and a separate host file as xyz.hosts besides abc.net. > When I do dig www.xyz.net then it right away answers > all the queries. > > Looks, I am making some mistakes in dns files. > But for dns file in xyz.host, I have the > following entries: > > wwwIN A192.55.34.5 > > Any idea please! > > Abu Umair > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Hosts
Read the ifconfig man page, bring up the addresses you need, then test Apache. If all is good, throw the IP details in /etc/network/interfaces and they will come up again after a reboot. Tim. - Original Message - From: "Y2KNET" <[EMAIL PROTECTED]> To: "Tim Kent" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, April 05, 2001 2:44 PM Subject: Re: Virtual Hosts > No, I have not and here it looks the problem, > but in Debian 2.2r2 there is a networking file > in /etc/init.d, instead of network file where > ifconfig was added. I am trying to find where can I look > these ifconfig files. > > I do not know how to add additiona IP address for > ifconfig in 2.2r2. > > Abu Umair > > Tim Kent wrote: > > > Have you ifconfig'd the additional addresses you are going to use? > > > > Tim. > > - Original Message - > > From: "Y2KNET" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 05, 2001 1:40 PM > > Subject: Virtual Hosts > > > > > When I remotely or internally telnet www.xyz.net, > > > it does not connect and give the error > > > "unable to connect remote host: no route to host" > > > but when I tried to connect www.abc.net > > > it connected. It looks like it is not connetcting > > > to www.xyz.net. > > > > > > I have the entry for zone xyz.net in named.conf file for xyz.net > > > and a separate host file as xyz.hosts besides abc.net. > > > When I do dig www.xyz.net then it right away answers > > > all the queries. > > > > > > Looks, I am making some mistakes in dns files. > > > But for dns file in xyz.host, I have the > > > following entries: > > > > > > wwwIN A192.55.34.5 > > > > > > Any idea please! > > > > > > Abu Umair > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: get school connected to the inet
On Sun, 22 Apr 2001 16:26:26 Joachim Schiele wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > hello dear list members: > i have to connect a school to the internet but i have to avoid that the > users(kids) look at certain webpages with criminal and sexual backgrounds > > is there a possibility to stop that, maybe on the firewall (debian linux) > to > block requests like www.sex.de and things (words maybe) like sex, drugs > and > so on? > > are there any good, non-cost-intensive tools for ding that? > if so, please let me know ;-) Use squid, with the associated filters, and authentication methods. Tim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631) 924-3728 << >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
PHP using suexec
Hello list, Has anyone experiences running PHP using suexec? All doku's are telling this should not be use to keep the Performance of the Server up, but is this still true for a today's dual XEON Machine? I need to feed about 1,5 Million hits a day, around 30 hits request .php files. [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PHP using suexec
Hello list, > My experience with PHP and suexec was less than favorable. I have been playing around yesterday, but found nothing that worked perfect. The Problem is that most of those Patches need a hashbang in the.php files and all need a HTML-header sent out by the PHP skript. There are some wrappers out who deal with this problem, but those i found needed to be installed for every vhost. This is not a good idea because the customer can delete it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: debian friendly unmanaged hosting joints?
Hello List > >We are looking for simple unmanaged hosting service that provides Debian > >3.0 as the baseline. We are offering debian-based hosting. We have a 'default' setup for the machines, but we will install them the way the customer want's them to be. For further information see www.domainbox.de. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual hosting solutions
Hello List, > I'm currently in the need of a complete virtual hosting solution. Confixx could do the Job. The only Service it does not have is imap. The mailuser it creates don't have a shell, so they have no space to store the folders. > I'm completely independent in the backend choice, but I think it will > scale down to either LDAP, mysql or pgsql. Anyone can give some hints what > backend has which advantages and disadvantages? It uses MySQL or pgsql as backend and handels even 1000 Domains easily. > Any hints, URLS or tools are welcome. Any comments and experience reports > are very welcome :) http://www.yippi-yeah.de/prod_cfx_pro.html When this all sounds good, here comes the worse part: it's not free :( If someone knows a free System that runs nice and can handle resellers, i'm very interested. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Apache Virtual Hosts Chroot ?
http://httpd.apache.org/docs-2.0/mod/perchild.html I tried that one, but the child-processes directly died. As it says, work is ongoing to make it functional. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Help] IDE Raid - Another Question,,,,
http://www.tldp.org/HOWTO/Software-RAID-0.4x-HOWTO.html - Original Message - From: "Lem Bryant" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 13, 2002 4:44 PM Subject: [Help] IDE Raid - Another Question > I would like to implement a RAID 1 setup using software and the built in > controllers for a system that I have just installed Woody on.
Re: Apache Virtual Hosts Chroot ?
http://httpd.apache.org/docs-2.0/mod/perchild.html I tried that one, but the child-processes directly died. As it says, work is ongoing to make it functional.
Rootkit?
Hello,
In our Serverfarm i found different Machines not working properly. They show
up complaining:
webbox:/chkrootkit# gzip -d
gzip: invalid option -- d
Segmentation fault
The binarys running are take a look at /proc/uptime, what they are not
supposed to do:
webbox:/chkrootkit# strace -eopen ls
open("/etc/ld.so.preload", O_RDONLY)= -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/librt.so.1", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY)= 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/proc/uptime", O_RDONLY) = 3
open("/proc/4215/exe", O_RDONLY)= 3
--- SIGCHLD (Child exited) ---
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a
directory)
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
open("/etc/mtab", O_RDONLY) = 5
open("/proc/meminfo", O_RDONLY) = 5
ACKNOWLEDGMENTS README check_wtmpxchkdirs.c chkpro
chkrootkit chkwtmp.cstrings
COPYRIGHTREADME.chklastlog check_wtmpx.c chklastlogchkproc
chkrootkit.lsm ifpromiscstrings.c
Makefile README.chkwtmp chkdirschklastlog.c chkproc.c
chkwtmp ifpromisc.c
webbox:/chkrootkit#
Is this an rootkit installed, has someone experienced stuff like this? The
machine's are running debian 3.0 with differents kernel's
2.4.18-bf2.4 or an static 2.4.20
[EMAIL PROTECTED]
the countless lonely voices, like whispers in the dark...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rootkit?
Hello,
> Looks almost same here:
Yes, but without those lines
> open("/proc/uptime", O_RDONLY) = 3
> open("/proc/4215/exe", O_RDONLY)= 3
This is in all binary's i have checked (echo, ifconfig, ...)
> The gzip thing looks really weird. Does chkrootkit show any evidents?
> maybe gzip got broken somehow.
No, chrootkit doesn't find anything. I got this some weeks ago, but couldn't
find
anything on the box, so i thought it was just broken an re-installed. But
the same
box was hit again this week and an other one to, which got also all websites
defaced tonight.
And again, the only thing i could find is gzip not working.
> I would build some checksum database of /bin,/sbin,/usr/bin,/usr/sbin off
a
> definitely not infected machine (using tripwire or aide), burn the
> database(s) and the binaries to check/build them on a CDROM and compare
that
> with the weird system's binaries.
I checked with md5sum, the binarys differ to other machines who look clean.
Very strange: if i ftp the 'gzip' Binary from a clean Machine to the
'infected' it is
then changed to the same md5sum that the 'gzip' binary has on the 'infected'
Machine.
> _really_ check if something seriuos has changed without taking the
machines
> in question off (and check them with e.g. chkrootkit from a knoppix cd)
I already did this. I bootet from the woody install-cd and did a chroot to
the system.
the effects are still there, so this should be nothing running in the
kernel.
I reinstalled the Machines (got the old disks here for further research) so
this is not urgent.
I just need to know what happened, because i would like the other boxes here
to stay clean ;-)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rootkit?
Hello, >just need to find one that offers additional protection WITHOUT > needing a whole bunch of new config files to make and set, I got stuck waiting for updated Kernel Security-Patches when new kernels are released, so i use libsafe (http://www.research.avayalabs.com/project/libsafe/) which seems to run nice even in production environment. Until now i only found one Binary not running, hwclock. This will be terminated by libsafe because it seems to do nasty stuff :) Bute there is an 'exclude these binarys please' file where this could be specified [EMAIL PROTECTED] the countless lonely voices, like whispers in the dark... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Rootkit?
Hello, > Did you copy the gzip binary under the gzip name, or under another, and > of course, the machine was "possibly infected" at the time? Uh, i got so much stuff in my mind today, it's hard to remember ;-) I think tried to ftp' the clean gzip binary named as 'gzip' and 'foo', both where then infected. > If so, it would tend to indicate a similar situation to what I had, on a > non-debian box, where a certain list of binaries were hijacked through > ld_preload tricks and uninfected copies were on the file system, but > infection wrappers in /proc were run before each one... Well, i will put the 'infected' disc into an other clean box at the weekend and see what i can find... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
> I'm searching a solution to count in- and outgoing traffic for each > virtual user (domain). I searched for a solution some Month ago. All accounting i could find is based on ipchains/iptables who are not working on the needed Layer to seperate virtual Hosts. They just work up to the tcp Layer, so you can only seperate between ip's. There are Solutions to Account virtual Hosts, but the are not free. I now patched iptables to get an promisc chains on which i account the traffic ip-based. http://idea.hosting.lv/a/iptables-promisc/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
> >There are Solutions to Account virtual Hosts, but the are not free. > > could you name these, please? would be interested in taking a closer > look at this... This was done by ip24 i think, but the company was bought by ipvalue (www.ipvalue.de) I dont't know what happened to that produnkt, i cannot rember the name under which it had run by ipvalue. But this was so expensive i dropped all research on that. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Count traffic
> what exactly does this patch and how is it to be used? not much > documentation on that site... It creates an PROMISC chain that catches all pakets on the wire, this is then connected to an hub just before the border router ans sniffes the paktes, it goes like iptables -t meter -P PROMISCUOUS ACCEPT iptables -t meter -N incoming iptables -t meter -N outgoing iptables -t meter -A incoming -d 62.208.70.1 -j ACCEPT iptables -t meter -A outgoing -s 62.208.70.1 -j ACCEPT This data is read by a cronjob that runs a perlskript with a statement like my(@OUTLINES) = `/usr/local/sbin/iptables -t meter -nL outgoing -vx -Z`; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Rootkit?
Hello,
In our Serverfarm i found different Machines not working properly. They show
up complaining:
webbox:/chkrootkit# gzip -d
gzip: invalid option -- d
Segmentation fault
The binarys running are take a look at /proc/uptime, what they are not
supposed to do:
webbox:/chkrootkit# strace -eopen ls
open("/etc/ld.so.preload", O_RDONLY)= -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/librt.so.1", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY)= 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/proc/uptime", O_RDONLY) = 3
open("/proc/4215/exe", O_RDONLY)= 3
--- SIGCHLD (Child exited) ---
open("/dev/null", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a
directory)
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 5
open("/etc/mtab", O_RDONLY) = 5
open("/proc/meminfo", O_RDONLY) = 5
ACKNOWLEDGMENTS README check_wtmpxchkdirs.c chkpro
chkrootkit chkwtmp.cstrings
COPYRIGHTREADME.chklastlog check_wtmpx.c chklastlogchkproc
chkrootkit.lsm ifpromiscstrings.c
Makefile README.chkwtmp chkdirschklastlog.c chkproc.c
chkwtmp ifpromisc.c
webbox:/chkrootkit#
Is this an rootkit installed, has someone experienced stuff like this? The
machine's are running debian 3.0 with differents kernel's
2.4.18-bf2.4 or an static 2.4.20
[EMAIL PROTECTED]
the countless lonely voices, like whispers in the dark...
Re: Rootkit?
Hello,
> Looks almost same here:
Yes, but without those lines
> open("/proc/uptime", O_RDONLY) = 3
> open("/proc/4215/exe", O_RDONLY)= 3
This is in all binary's i have checked (echo, ifconfig, ...)
> The gzip thing looks really weird. Does chkrootkit show any evidents?
> maybe gzip got broken somehow.
No, chrootkit doesn't find anything. I got this some weeks ago, but couldn't
find
anything on the box, so i thought it was just broken an re-installed. But
the same
box was hit again this week and an other one to, which got also all websites
defaced tonight.
And again, the only thing i could find is gzip not working.
> I would build some checksum database of /bin,/sbin,/usr/bin,/usr/sbin off
a
> definitely not infected machine (using tripwire or aide), burn the
> database(s) and the binaries to check/build them on a CDROM and compare
that
> with the weird system's binaries.
I checked with md5sum, the binarys differ to other machines who look clean.
Very strange: if i ftp the 'gzip' Binary from a clean Machine to the
'infected' it is
then changed to the same md5sum that the 'gzip' binary has on the 'infected'
Machine.
> _really_ check if something seriuos has changed without taking the
machines
> in question off (and check them with e.g. chkrootkit from a knoppix cd)
I already did this. I bootet from the woody install-cd and did a chroot to
the system.
the effects are still there, so this should be nothing running in the
kernel.
I reinstalled the Machines (got the old disks here for further research) so
this is not urgent.
I just need to know what happened, because i would like the other boxes here
to stay clean ;-)
Re: Rootkit?
Hello, >just need to find one that offers additional protection WITHOUT > needing a whole bunch of new config files to make and set, I got stuck waiting for updated Kernel Security-Patches when new kernels are released, so i use libsafe (http://www.research.avayalabs.com/project/libsafe/) which seems to run nice even in production environment. Until now i only found one Binary not running, hwclock. This will be terminated by libsafe because it seems to do nasty stuff :) Bute there is an 'exclude these binarys please' file where this could be specified [EMAIL PROTECTED] the countless lonely voices, like whispers in the dark...
