Route command
Hi, the route command main function opens a routing socket & writes user messages to it through the rtmsg(). My doubt is who is reading from that routing socket? Kindly educate me on this. regards ravi prasad __ Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Route command
On Tue, Jun 19, 2001 at 05:08:07AM -0400, [EMAIL PROTECTED] wrote: > Hi, > the route command main function opens a routing socket & writes user > messages to it through the rtmsg(). My doubt is who is reading from > that routing socket? > Many programs do: natd(8), route(8), routed(8), etc. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
keywords.h file included in the route.c file of route command.
Hi,
This with reference to the following file
/usr/src/sbin/route/route.c & /usr/src/sbin/route/ directory
The keywords variable is defined in route.c file as
struct keytab {
char *kt_cp;
int kt_i;
} keywords[] = {
#include "keywords.h"
{0, 0}
};
But i couldnot find the keywords.h file in the directory /usr/src/sbin/. Kindly mail
me where it is?
regards
ravi prasad
__
Get your own FREE, personal Netscape Webmail account today at
http://webmail.netscape.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Re: Route command
On Tue, Jun 19, 2001 at 06:13:23AM -0400, [EMAIL PROTECTED] wrote: > Hi, > Iam not clear about your point. > All my queries are withrespect to the file /usr/src/sbin/route/route.c. > > The "route" command main() open a routing socket. All the user > requests are stored in are stored in the structure rt_msghdr. Then > the function rtmsg()writes to the routing socket. Later the same > function reads from the same socket to display messages to the user about the >result of the command. > > My doubt is who is reading this information that he writes to the > routing socket & updating the kernel routing table. Whether the > routed daemon? > This is from the route(4) manpage: : Any messages sent to the kernel are returned, and copies are sent to all : interested listeners. The kernel will provide the process ID for the : sender, and the sender may use an additional sequence field to distin- : guish between outstanding messages. And yes, routing daemon (if running) will receive these messages. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
ftpd-BSD and standalone
although in the bieringer Site it is explicitly written that the ftpd-BSD must be started in standalone modus, I had tried to build it in the inetd.conf and that was the reason why I couldn't make ftp to a host where the ftpd-BSD was started by ftp request. I have tried the allow and deny files, seemed to work when I started the request from a free-BSD pc, but a file transport from a Linux SuSE (with the same server running) was impossible (421 ftp error code) though the connection was succesful (/var/log/messages). When I start the daemon in standalone modus there are no problems. Does anybody have experience with this thing? Anastasia To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
freeBSD-Linux SuSE via ftp
when I do ftp from a freeBSD pc to a Linux SuSE it takes long between a succesful connection, but then the file transfer goes fast. Does anybody know how can I check where the time is used? Any useful command? thanks:Anastasia To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: freeBSD-Linux SuSE via ftp
Sounds as though the host (SuSE) is probably waiting for a DNS lookup to timeout. Try putting an entry into /etc/hosts for your freeBSD box, and making sure that the SuSE box uses files before DNS for resolving - might be a nsswitch.conf, or 'search files,dns' entry in /etc/resolv.conf. Each Linux seems to do this differently... -M Anastasia Leventi-Peetz wrote: > > when I do ftp from a freeBSD pc to a Linux SuSE it takes long > between a succesful connection, but then the file transfer goes fast. > Does anybody know how can I check where the time is used? > Any useful command? > thanks:Anastasia > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: freeBSD-Linux SuSE via ftp
but I give directly the address ftp 3ffe: so that no DNS must be started for the connection. The SuSE "box" really uses dns before files, but if it gets the appeal from a certain address must the dns first be started? Do I fail some important information at the point? thanks:Anastasia To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: freeBSD-Linux SuSE via ftp
I assume you are using the ftp client that comes with FreeBSD. Before opening the connection try taking the client out of "passive" mode. Ex. ftp ftp> passive Passive mode off. ftp> I have noticed that some ftp servers do not react well to passive mode. Ted (* when I do ftp from a freeBSD pc to a Linux SuSE it takes long (* between a succesful connection, but then the file transfer goes fast. (* Does anybody know how can I check where the time is used? (* Any useful command? (* thanks:Anastasia (* (* To Unsubscribe: send mail to [EMAIL PROTECTED] (* with "unsubscribe freebsd-net" in the body of the message (* -- | Ted Wisniewski INET: [EMAIL PROTECTED]| | Information Technology Services [EMAIL PROTECTED] | | Plymouth State College [EMAIL PROTECTED] | | Plymouth NH, 03264 HTTP: http://oz.plymouth.edu/~ted/ | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
tap network interface
Hi, I'm using 4.3-STABLE and added 'pseudo-device tap' to my kernel (after trying to kldload if_tap) but it's not possible to bring the device up because ifconfig says tap0 doesn't exist (although it's in /dev). Does anyone who is using it can give me an insight about how this is supposed to work ? I searched through the archives without success. .. | Giovanni Picoli Tirloni, [EMAIL PROTECTED] | `' To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
tcp template removal / scalability patch
As suggested by Terry, I've cooked up a patch which halts the use of mbufs
for storing tcp template structures. The structure was only used in two
places; tcp_output.c when sending packets, and tcp_timer.c when sending
keepalives. tcp_output now pulls the info directly from the tcpcb, while
tcp_timer creates a short-term tcp template that is destroyed after use.
The end result is that rather than 1 mbuf being the minimum used per
connection, 0 mbufs is now the minimum. As a result, those with boxes
handling a lot of connections should see greatly reduced mbuf usage.
I've attached two patches; one for current, and one for stable. Please
review / test, _especially_ if you're using IPv6 or IPSec - while those
cases look correct, I'm not running either and haven't tested them.
Thanks,
Mike "Silby" Silbersack
Only in netinet.old/: icmp_var.h.orig
Only in netinet.old/: ip_icmp.c.orig
diff -u -r netinet.old/tcp_input.c netinet/tcp_input.c
--- netinet.old/tcp_input.c Tue Jun 19 11:53:16 2001
+++ netinet/tcp_input.c Tue Jun 19 11:53:25 2001
@@ -1066,12 +1066,7 @@
}
FREE(sin, M_SONAME);
}
- tp->t_template = tcp_template(tp);
- if (tp->t_template == 0) {
- tp = tcp_drop(tp, ENOBUFS);
- dropsocket = 0; /* socket is already gone */
- goto drop;
- }
+ tp->t_template = NULL;
if ((taop = tcp_gettaocache(inp)) == NULL) {
taop = &tao_noncached;
bzero(taop, sizeof(*taop));
Only in netinet.old/: tcp_input.c.orig
Only in netinet.old/: tcp_input.c.rej
diff -u -r netinet.old/tcp_output.c netinet/tcp_output.c
--- netinet.old/tcp_output.cTue Jun 19 11:53:16 2001
+++ netinet/tcp_output.cTue Jun 19 11:53:25 2001
@@ -630,16 +630,12 @@
m->m_len = hdrlen;
}
m->m_pkthdr.rcvif = (struct ifnet *)0;
- if (tp->t_template == 0)
- panic("tcp_output");
+
#ifdef INET6
if (isipv6) {
ip6 = mtod(m, struct ip6_hdr *);
th = (struct tcphdr *)(ip6 + 1);
- bcopy((caddr_t)tp->t_template->tt_ipgen, (caddr_t)ip6,
- sizeof(struct ip6_hdr));
- bcopy((caddr_t)&tp->t_template->tt_t, (caddr_t)th,
- sizeof(struct tcphdr));
+ tcp_fillheaders(tp, ip6, th);
} else
#endif /* INET6 */
{
@@ -647,10 +643,7 @@
ipov = (struct ipovly *)ip;
th = (struct tcphdr *)(ip + 1);
/* this picks up the pseudo header (w/o the length) */
- bcopy((caddr_t)tp->t_template->tt_ipgen, (caddr_t)ip,
- sizeof(struct ip));
- bcopy((caddr_t)&tp->t_template->tt_t, (caddr_t)th,
- sizeof(struct tcphdr));
+ tcp_fillheaders(tp, ip, th);
}
/*
Only in netinet.old/: tcp_output.c.orig
Only in netinet.old/: tcp_seq.h.orig
diff -u -r netinet.old/tcp_subr.c netinet/tcp_subr.c
--- netinet.old/tcp_subr.c Tue Jun 19 11:53:16 2001
+++ netinet/tcp_subr.c Tue Jun 19 11:57:56 2001
@@ -220,32 +220,27 @@
#undef TCP_MINPROTOHDR
}
+
/*
- * Create template to be used to send tcp packets on a connection.
- * Call after host entry created, allocates an mbuf and fills
- * in a skeletal tcp/ip header, minimizing the amount of work
- * necessary when the connection is used.
+ * Fill in the IP and TCP headers for an outgoing packet, given the tcpcb.
+ * tcp_template used to store this data in mbufs, but we now recopy it out
+ * of the tcpcb each time to conserve mbufs.
*/
-struct tcptemp *
-tcp_template(tp)
+
+void
+tcp_fillheaders(tp, ip_ptr, tcp_ptr)
struct tcpcb *tp;
+ void *ip_ptr;
+ void *tcp_ptr;
{
- register struct inpcb *inp = tp->t_inpcb;
- register struct mbuf *m;
- register struct tcptemp *n;
+ struct inpcb *inp = tp->t_inpcb;
+ struct tcphdr *tcp_hdr = (struct tcphdr *)tcp_ptr;
- if ((n = tp->t_template) == 0) {
- m = m_get(M_DONTWAIT, MT_HEADER);
- if (m == NULL)
- return (0);
- m->m_len = sizeof (struct tcptemp);
- n = mtod(m, struct tcptemp *);
- }
#ifdef INET6
if ((inp->inp_vflag & INP_IPV6) != 0) {
- register struct ip6_hdr *ip6;
+ struct ip6_hdr *ip6;
- ip6 = (struct ip6_hdr *)n->tt_ipgen;
+ ip6 = (struct ip6_hdr *)ip_ptr;
ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) |
(inp->in6p_flowinfo & IPV6_FLOWINFO_MASK);
ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) |
@@ -254,29 +249,52 @@
ip6->ip6_plen = sizeof(struct tcphdr);
ip6->ip6_src = inp->in6p_laddr;
Securing the root account
I come from the Windoze side of the playground, where you are able to rename the Administrator account name, in order to provide a bit more security. Can a similar thing be done with FreeBSD? Cam
Re: Securing the root account
Hi cameron, The short answer is that yes you can. The name is really not that important, it is the userid that is associated with a name that is used for verifying permissions etc. You can easily create a login name "cameron" that is assigned userid 0, and that user will have root privileges. Lars Cameron Haegle wrote: I come from the Windoze side of the playground, where you are able to rename the Administrator account name, in order to provide a bit more security. Can a similar thing be done with FreeBSD? Cam
Re: Securing the root account
Umm. i don'tthink that is advisable since you have normal username with uid 0,the passwd will have to be the same..else, every timeyou do su - wrote: > Hi cameron, > > The short answer is that yes you can. The name is really not that > important, it is the userid that is associated with a name that is used > for verifying permissions etc. You can easily create a login name > "cameron" that is assigned userid 0, and that user will have root > privileges. > > Lars > Cameron Haegle wrote: > > > I come from the Windoze side of the playground, where you are able to > > rename the Administrator account name, in order to provide a bit more > > security. Can a similar thing be done with FreeBSD? Cam > __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus sprach: > I come from the Windoze side of the playground, where you are able > to rename the Administrator account name, in order to provide a > bit more security. > Can a similar thing be done with FreeBSD? You could, but what you are proposing is the classic 'Security through obsurity model'. That never works. Root is a traditional account name since 1969, but it also maps to user ID 0 as someone else mentioned. Every system requires a user ID 0 no matter whether it is root, larry, manny or moe. Make sure that no one can log in as root anywhere except at the console. You can even elminate root login at the console if your system is not in a 1% secure location :-) Then the only memember who can use root are those you put in the 'wheel' group. Let's get back to UID 0 for a moment. If anyone can get into that machine, even if they don't have the ability to become super user, and you have named your root account mxtylplx, then anyone on that machine will know that is the admin account by listing any directory in which used ID 0 has a file it owns. Don't putz around with security 'ideas'. Do security in the right manner. Limit the wheel account users. Make sure they keep their login password secure, and keep the root password secure. Get rid of all telnet account and put in SSH so that no clear text passwords ever cross the net. That's just a small step on the way, to locking down a system, but just changing login names won't do it. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
Very well put! Lars Bill Vermillion wrote: > On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus > sprach: > > > I come from the Windoze side of the playground, where you are able > > to rename the Administrator account name, in order to provide a > > bit more security. > > > Can a similar thing be done with FreeBSD? > > You could, but what you are proposing is the classic 'Security > through obsurity model'. That never works. > > Root is a traditional account name since 1969, but it also maps to > user ID 0 as someone else mentioned. Every system requires > a user ID 0 no matter whether it is root, larry, manny or moe. > > Make sure that no one can log in as root anywhere except at the > console. You can even elminate root login at the console if your > system is not in a 1% secure location :-) > > Then the only memember who can use root are those you put in the > 'wheel' group. > > Let's get back to UID 0 for a moment. If anyone can get into that > machine, even if they don't have the ability to become super user, > and you have named your root account mxtylplx, then anyone on that > machine will know that is the admin account by listing any > directory in which used ID 0 has a file it owns. > > Don't putz around with security 'ideas'. Do security in the right > manner. Limit the wheel account users. Make sure they keep their > login password secure, and keep the root password secure. > > Get rid of all telnet account and put in SSH so that no clear text > passwords ever cross the net. That's just a small step on the > way, to locking down a system, but just changing login names won't > do it. > > Bill > > -- > Bill Vermillion - bv @ wjv . com > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: keywords.h file included in the route.c file of route command.
[EMAIL PROTECTED] writes: > This with reference to the following file > /usr/src/sbin/route/route.c & /usr/src/sbin/route/ directory > > But i couldnot find the keywords.h file in the directory > /usr/src/sbin/. Kindly mail me where it is? It's being generated at build time from the file keywords in the source directory. See the Makefile for details on the generation. /assar To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
I want to thank everyone for their input on this issue. I will take everyone's input into serious consideration, before I fo forward. Thanks. Cam - Original Message - From: "Lars Fredriksen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Cameron Haegle" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, June 19, 2001 1:58 PM Subject: Re: Securing the root account > Very well put! > > Lars > Bill Vermillion wrote: > > > On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus > > sprach: > > > > > I come from the Windoze side of the playground, where you are able > > > to rename the Administrator account name, in order to provide a > > > bit more security. > > > > > Can a similar thing be done with FreeBSD? > > > > You could, but what you are proposing is the classic 'Security > > through obsurity model'. That never works. > > > > Root is a traditional account name since 1969, but it also maps to > > user ID 0 as someone else mentioned. Every system requires > > a user ID 0 no matter whether it is root, larry, manny or moe. > > > > Make sure that no one can log in as root anywhere except at the > > console. You can even elminate root login at the console if your > > system is not in a 1% secure location :-) > > > > Then the only memember who can use root are those you put in the > > 'wheel' group. > > > > Let's get back to UID 0 for a moment. If anyone can get into that > > machine, even if they don't have the ability to become super user, > > and you have named your root account mxtylplx, then anyone on that > > machine will know that is the admin account by listing any > > directory in which used ID 0 has a file it owns. > > > > Don't putz around with security 'ideas'. Do security in the right > > manner. Limit the wheel account users. Make sure they keep their > > login password secure, and keep the root password secure. > > > > Get rid of all telnet account and put in SSH so that no clear text > > passwords ever cross the net. That's just a small step on the > > way, to locking down a system, but just changing login names won't > > do it. > > > > Bill > > > > -- > > Bill Vermillion - bv @ wjv . com > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: tcp template removal / scalability patch
On Tue, 19 Jun 2001, Bosko Milekic wrote: > > I've attached two patches; one for current, and one for stable. Please > > review / test, _especially_ if you're using IPv6 or IPSec - while those > > cases look correct, I'm not running either and haven't tested them. > > I've spotted some patch-related (not conceptual) things worth > mentionning, so I'll do that now and give you the conceptual review a little > later, hopefully before I leave. Ok, I'll go through and check out all the spacing issues you raised. This would be easier if jesper MFCs the removal of TCP_COMPAT_42, which causes the differences between -stable and -current. :) Looking back, I should change the keepalive case so that it never needs the tcp template; this will require simple mods to tcp_respond. I'll change this and make a new patch soon. > Perhaps this should be an INVARIANTS-enabled KASSERT()? Is this > something that can only happen due to programming error? It seems to me like > it's the case here (assuming we're not dealing with a huge-assed memory > corruption). Actually, I should just change t_template to unused and avoid the issue altogether. You're right, only a programming error would fill that field now. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: tcp template removal / scalability patch
On Tue, Jun 19, 2001 at 05:48:14PM -0500, Mike Silbersack wrote: > > On Tue, 19 Jun 2001, Bosko Milekic wrote: > > > > I've attached two patches; one for current, and one for stable. Please > > > review / test, _especially_ if you're using IPv6 or IPSec - while those > > > cases look correct, I'm not running either and haven't tested them. > > > > I've spotted some patch-related (not conceptual) things worth > > mentionning, so I'll do that now and give you the conceptual review a little > > later, hopefully before I leave. > > Ok, I'll go through and check out all the spacing issues you raised. This > would be easier if jesper MFCs the removal of TCP_COMPAT_42, which causes > the differences between -stable and -current. :) I think we should leave TCP_COMPAT_42 in RELENG_4, so 4.x users won't be surprised if it's suddenly gone ... /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work:Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, 19 Jun 2001, Lars Fredriksen wrote: > Lars Cameron Haegle wrote: > > > I come from the Windoze side of the playground, where you are able to > > rename the Administrator account name, in order to provide a bit more > > security. Can a similar thing be done with FreeBSD? Cam > > Hi cameron, > > The short answer is that yes you can. The name is really not that > important, it is the userid that is associated with a name that is used > for verifying permissions etc. You can easily create a login name > "cameron" that is assigned userid 0, and that user will have root > privileges. Of course this add absolutely *no* security... It only makes the account that will be the target of the `evil hackers' (TM) be called 'cameron' instead of 'root'. Nothing too excitingly secure about this, I would dare say. -giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
> I come from the Windoze side of the playground, where you are able to > rename the Administrator account name, in order to provide a bit more > security. How is that anything other than security through obscurity? That is fairly retarded and will not really provide anything except for a *false* sense of security. -Jeff To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
] > I come from the Windoze side of the playground, where you are able to ] > rename the Administrator account name, in order to provide a bit more ] > security. ] ] How is that anything other than security through obscurity? I agree that this is a bad idea from a security standpoint. However, it could be a useful thing to do, in terms of being able to "rebadge" FreeBSD for, say, and embedded system; that really begs the question of "open box" vs. "closed box", and how useful a rebadging process would be, if you were to permit root access. Terry Lambert [EMAIL PROTECTED] --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: tcp template removal / scalability patch
On Wed, 20 Jun 2001, Jesper Skriver wrote: > I think we should leave TCP_COMPAT_42 in RELENG_4, so 4.x users > won't be surprised if it's suddenly gone ... > > /Jesper Actually, TCP_COMPAT_42 was a virtual no-op until Kris imported the OpenBSD sequence number generation system. The only effect it had until that point was in keepalive generation, which is unimportant, and would have broken non-4.2 host keepalives. So, it's extremely unlikely anyone is/was using TCP_COMPAT_42. Please kill it. :) Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
Speaking of SSH, are there any recommended SSH clients for Windows 95? orville. On Tue, 19 Jun 2001, Bill Vermillion wrote: > Get rid of all telnet account and put in SSH so that no clear text > passwords ever cross the net. That's just a small step on the > way, to locking down a system, but just changing login names won't > do it. --- Orville R. Weyrich, Jr. Weyrich Computer Consulting mailto:[EMAIL PROTECTED] KD7HJVhttp://www.weyrich.com --- Visit our online collection of book reviews: http://www.weyrich.com/book_reviews/ Ask about our world wide web services! --- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
Orville, The only thing I know and tried yet is PuTTY. It's a freeware. Cheers, Chang "Orville R. Weyrich.Jr" wrote: > Speaking of SSH, are there any recommended SSH clients for Windows 95? > > orville. > > On Tue, 19 Jun 2001, Bill Vermillion wrote: > > > Get rid of all telnet account and put in SSH so that no clear text > > passwords ever cross the net. That's just a small step on the > > way, to locking down a system, but just changing login names won't > > do it. > > --- > Orville R. Weyrich, Jr. Weyrich Computer Consulting > mailto:[EMAIL PROTECTED] KD7HJVhttp://www.weyrich.com > --- > Visit our online collection of book reviews: > > http://www.weyrich.com/book_reviews/ > > Ask about our world wide web services! > --- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-net" in the body of the message -- Changhoon Kim Dept. of Internet Technologies Electronics and Telecommunications Research Institute (ETRI) Taejon, KOREA Tel) +82-42-860-5801 Fax) +82-42-860-5440 *** Man usually avoids attributing cleverness to somebody else, unless it is an enemy. -- Albert Einstein To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, Jun 19, 2001 at 08:20:02PM -0700, Orville R. Weyrich.Jr thus sprach: > Speaking of SSH, are there any recommended SSH clients for Windows 95? Putty. Don't recall where I got it though. It's free > > orville. > > On Tue, 19 Jun 2001, Bill Vermillion wrote: > > > Get rid of all telnet account and put in SSH so that no clear text > > passwords ever cross the net. That's just a small step on the > > way, to locking down a system, but just changing login names won't > > do it. > > --- > Orville R. Weyrich, Jr. Weyrich Computer Consulting > mailto:[EMAIL PROTECTED] KD7HJVhttp://www.weyrich.com > --- > Visit our online collection of book reviews: > > http://www.weyrich.com/book_reviews/ > > Ask about our world wide web services! > --- > > -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: tcp template removal / scalability patch
On Tue, 19 Jun 2001, Mike Silbersack wrote: > Looking back, I should change the keepalive case so that it never needs > the tcp template; this will require simple mods to tcp_respond. I'll > change this and make a new patch soon. Blech. tcp_respond doesn't look friendly, and the case where a keepalive is actually sent is rare. We can live with using 2 mbufs instead of 1 once every two hours of idle time. I'm going to stick with the current patch (aside from formatting changes.) The removal of the panic and renaming of t_template are inconsequental to the operation of the patch, please review it as is. Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
On Tue, 19 Jun 2001, Orville R. Weyrich.Jr wrote: > Speaking of SSH, are there any recommended SSH clients for Windows 95? > > orville. SecureCRT is nice, if you want to cough up some cash. There's a trial version which will run for 30 or so days. Check it out at www.vandyke.com Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: tcp template removal / scalability patch
On Tue, Jun 19, 2001 at 09:24:00PM -0500, Mike Silbersack wrote: > > On Wed, 20 Jun 2001, Jesper Skriver wrote: > > > I think we should leave TCP_COMPAT_42 in RELENG_4, so 4.x users > > won't be surprised if it's suddenly gone ... > > > > /Jesper > > Actually, TCP_COMPAT_42 was a virtual no-op until Kris imported the > OpenBSD sequence number generation system. The only effect it had until > that point was in keepalive generation, which is unimportant, and would > have broken non-4.2 host keepalives. > > So, it's extremely unlikely anyone is/was using TCP_COMPAT_42. Please > kill it. :) I'm going to be away for the remainder of the week, I'll do it when I get back, but feel free to kill it your self before then. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work:Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Securing the root account
ftp://psg.com/pub/w95/ssh/SSHWin-2.4.0-pl2.exe is a very windoze-ish tool. there's also a good/windowy scp tool there. randy To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Optimize FreeBSD for proxy servers
Hi All, I use my freebsd box as a proxy server, I had 256 MB of memory and Fast SCSI harddisk. I think that's enough for proxy server that serves over 200 computers... But now, I think my proxy servers is slow, especially if the connections increase (i use netstat -tna to see this connection) I want to ask you all about optimize my proxy server, in all way, such as kernel, files, etc. I need suggestion.. thank you... Royyana MI To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: freeBSD-Linux SuSE via ftp
Hello Steve, hello Ted, hallo Matthew hello Bill and hello Dave! thanks a lot for your advices. You were right. In the far machine I didn't have the client ftp pc in /etc/hosts and I thought I didn't need it because the target pc is also the name server. However I had not made possible for the name server the reverse name resolution because I thought it was not necessary. I find it curious that though reverse name resolution doesn't work, I did come through but it took time. What was the compromise done by the system in this case? When I made the suggested change in /etc/hosts there was not delay like you have said! The passive mode is a very interesting point. I didn't know that before. For the case it couldn't help of course. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: ftpd-BSD and standalone
oops? for what it is worth: ftpd is stared from inetd on BSD systems since the very existence of inetd, that is since the early 1980s. There is no reason this should not work, unless you are on some creepy system, or I may not have the full context here. Let's say you may be doing IPv6 and the ftpd that's called from inetd6 is not IPv6 ready? In that case, check the path in inetd.conf and make sure you've got the IPv6 ready ftpd invoked instead of the old one. However, on FreeBSD you have everything IPv6 ready out of the box these days. I'm sure you have some file version mess-up, because I would even trust Linux these days to be able to make a standard FTP connection :-). It sometimes helps to take all security down for a moment. Be aware that ftp needs a separate data channel, so if you do IP filters and TCP wrappers you might get into all sorts of troubles if you don't know exactly what you're doing. regards -Gunther Anastasia Leventi-Peetz wrote: > > although in the bieringer Site it is explicitly written that the > ftpd-BSD must be started in standalone modus, I had tried to build it in > the inetd.conf and that was the reason why I couldn't make ftp to > a host where the ftpd-BSD was started by ftp request. I have tried the allow > and deny files, seemed to work when I started the request from a free-BSD > pc, but a file transport from a Linux SuSE (with the same server running) > was impossible (421 ftp error code) though the connection was succesful > (/var/log/messages). When I start the daemon in standalone modus > there are no problems. > Does anybody have experience with this thing? > Anastasia > -- Gunther Schadow, M.D., Ph.D.[EMAIL PROTECTED] Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistant ProfessorIndiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
