Simon Murcott wrote:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cannot address?
Another advantage is the tran
On Thu, 29 Nov 2001, Simon Murcott wrote:
>On Thu, 29 Nov 2001, martin f krafft wrote:
>
>>okay, so i read the FAQ, they are possible. but they don't make sense.
>>in fact, i will argue that as soon as you employ netfilter or
>>ipchains on a linux bridge, you don't have a bridge anymore! you won't
Jeremy T. Bouse wrote:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is what information I've found through my rese
François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I ba
* Simon Murcott <[EMAIL PROTECTED]> [2001.11.29 16:31:12+1300]:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you canno
On Thu, 29 Nov 2001, martin f krafft wrote:
>okay, so i read the FAQ, they are possible. but they don't make sense.
>in fact, i will argue that as soon as you employ netfilter or
>ipchains on a linux bridge, you don't have a bridge anymore! you won't
>have a packet filter or router either, but it'
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's not going to be a
bridge as it concerns itsel
* Jeremy T. Bouse <[EMAIL PROTECTED]> [2001.11.28 09:07:53-0800]:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is wh
* Giacomo Mulas <[EMAIL PROTECTED]> [2001.11.28 18:11:40+0100]:
> > I've installed a linux bridge with 2.4.14 kernel and the
> > bridge-utils packages
>
> I am VERY interested, since I administer a transparent firewall
> myself. My firewall uses proxy arp (I implemented it in the old
> 2.2.x kerne
Simon Murcott wrote:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cannot address?
Another advantage is the tra
On Thu, 29 Nov 2001, Simon Murcott wrote:
>On Thu, 29 Nov 2001, martin f krafft wrote:
>
>>okay, so i read the FAQ, they are possible. but they don't make sense.
>>in fact, i will argue that as soon as you employ netfilter or
>>ipchains on a linux bridge, you don't have a bridge anymore! you won'
Jeremy T. Bouse wrote:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is what information I've found through my res
François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I just finished testing a setup pretty similar to yours. It's a
machine with kernel 2.4.14, patch bridge-nf-0.0.3 and
bridge-utils-0.9.3.
So far it works great and I am really satisfied.
I b
* Simon Murcott <[EMAIL PROTECTED]> [2001.11.29 16:31:12+1300]:
> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of it's
> external interfaces. So how can you do an intrusion attack on a firewall
> that you cann
On Thu, 29 Nov 2001, martin f krafft wrote:
>okay, so i read the FAQ, they are possible. but they don't make sense.
>in fact, i will argue that as soon as you employ netfilter or
>ipchains on a linux bridge, you don't have a bridge anymore! you won't
>have a packet filter or router either, but it
okay, so i read the FAQ, they are possible. but they don't make sense.
in fact, i will argue that as soon as you employ netfilter or
ipchains on a linux bridge, you don't have a bridge anymore! you won't
have a packet filter or router either, but it's not going to be a
bridge as it concerns itse
* Jeremy T. Bouse <[EMAIL PROTECTED]> [2001.11.28 09:07:53-0800]:
> If I'm not mistaken I believe the bridging code runs before
> the firewall code so the bridging by-passes the firewall filters
> completely... Please if I'm incorrect in this would someone care to
> correct me but that is w
* Giacomo Mulas <[EMAIL PROTECTED]> [2001.11.28 18:11:40+0100]:
> > I've installed a linux bridge with 2.4.14 kernel and the
> > bridge-utils packages
>
> I am VERY interested, since I administer a transparent firewall
> myself. My firewall uses proxy arp (I implemented it in the old
> 2.2.x kern
Excuse me if this is old hat, has anyone else heard of a vulnerability
like this?
If it's on the FreeBSD lists, it must be well known...
Curt-
-Original Message-
>From: Kondou, Katsuhiro (IDC)
Sent: Wednesday, November 28, 2001 22:16
To: Hu, Geng; Howland, Curtis
Subject: Fw: [FreeBSD-u
The current woody OpenSSH version is 2.9p2; that means (according to
http://www.openssh.org/portable.html ) the 2nd version made by the
Portability team of the "normal" (i.e. for OpenBSD) 2.9 version. Of course
2.9 stands for 2.9.0, not 2.9.9, so it is vulnerable to those (not very
dangerous, IMHO)
Excuse me if this is old hat, has anyone else heard of a vulnerability
like this?
If it's on the FreeBSD lists, it must be well known...
Curt-
-Original Message-
>From: Kondou, Katsuhiro (IDC)
Sent: Wednesday, November 28, 2001 22:16
To: Hu, Geng; Howland, Curtis
Subject: Fw: [FreeBSD-u
The current woody OpenSSH version is 2.9p2; that means (according to
http://www.openssh.org/portable.html ) the 2nd version made by the
Portability team of the "normal" (i.e. for OpenBSD) 2.9 version. Of course
2.9 stands for 2.9.0, not 2.9.9, so it is vulnerable to those (not very
dangerous, IMHO
On Wed, Nov 28, 2001 at 10:58:47AM +0900, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > Can't you give a group sudo access? If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
>
> That's exactly what my sudo setup
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD rul
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
> That correctly works but now I wo
On Wed, 28 Nov 2001, François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would l
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would l
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would li
On Wed, Nov 28, 2001 at 10:58:47AM +0900, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > Can't you give a group sudo access? If so, just add everyone to a group
> > and give that group sudo /sbin/halt or sudo /sbin/shutdown or both.
>
> That's exactly what my sudo setu
For the moment that's correctly works just with the bridge rule, I use it
with the staging servers since 1 week.
I have change the default gateway on the servers behind the bridge, I use
the ip bridge as gateway that's stay transparent in the traceroute and the
iptable works with the FORWARD ru
On Wed, 28 Nov 2001, Fran?ois Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
Did you include the netfilter patch ?
http://bridge.sourceforge.net/download.html
remember to exclude the netfilter debug option.
> That correctly works but now I w
On Wed, 28 Nov 2001, François Bayart wrote:
> I've installed a linux bridge with 2.4.14 kernel and the bridge-utils packages
I am VERY interested, since I administer a transparent firewall myself. My
firewall uses proxy arp (I implemented it in the old 2.2.x kernel +
ipchains days), but I would
If I'm not mistaken I believe the bridging code runs before
the firewall code so the bridging by-passes the firewall filters
completely... Please if I'm incorrect in this would someone care to
correct me but that is what information I've found through my research
on the subject...
On Wed, Nov 28, 2001 at 03:07:40PM +0100, op wrote:
> Also sprach Johann Spies:
> > One can always make use of /etc/hosts.allow and and /etc/hosts.deny.
>
> not for specific users right?
>
No - only using IP addresses.
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie,
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would l
Hi ,
I've installed a linux bridge with 2.4.14 kernel
and the bridge-utils packages
brctl addbr br0brctl addif br0 eth0brctl
addif br0 eth1ifconfig eth0 0.0.0.0ifconfig eth1 0.0.0.0ifconfig br0
62.4.8.2 netmask 255.255.255.0 broadcast 62.4.8.255
That correctly works but now I would li
On 28 Nov 2001, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > >
> > > > Can't you give a group sudo access? If so, just add everyone to a group
> > > > and give t
On Tue, 27 Nov 2001, Rishi L Khan wrote:
> How about Cntrl-Alt-Del? That shuts down a debian box without even logging
> in. As far as accountablity ... you could do it the old fashioned way and
> have a sign in sheet ... one stupid policy deserves another.
>
> -rishi
It _can_ shu
Also sprach Guillem Jover:
> Use pam_access.
>
> in /etc/security/access.conf
>
> -:localnetuser1 localnetuser2:ALL EXCEPT LOCAL .localdomain
>
> in /etc/pam.d/ssh after "account requiered pam_unix.so"
>
> account requiered pam_access.so
>
> hope that helps
Thanks a bunch to you Guill
Also sprach Johann Spies:
> One can always make use of /etc/hosts.allow and and /etc/hosts.deny.
not for specific users right?
--
Change your thoughts and you change your world.
On Wed, Nov 28, 2001 at 03:07:40PM +0100, op wrote:
> Also sprach Johann Spies:
> > One can always make use of /etc/hosts.allow and and /etc/hosts.deny.
>
> not for specific users right?
>
No - only using IP addresses.
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie
On 28 Nov 2001, Olaf Meeuwissen wrote:
> Blake Barnett <[EMAIL PROTECTED]> writes:
>
> > On Tue, 2001-11-27 at 18:58, Olaf Meeuwissen wrote:
> > > Blake Barnett <[EMAIL PROTECTED]> writes:
> > >
> > > > Can't you give a group sudo access? If so, just add everyone to a group
> > > > and give
On Tue, 27 Nov 2001, Rishi L Khan wrote:
> How about Cntrl-Alt-Del? That shuts down a debian box without even logging
> in. As far as accountablity ... you could do it the old fashioned way and
> have a sign in sheet ... one stupid policy deserves another.
>
> -rishi
It _can_ sh
Also sprach Guillem Jover:
> Use pam_access.
>
> in /etc/security/access.conf
>
> -:localnetuser1 localnetuser2:ALL EXCEPT LOCAL .localdomain
>
> in /etc/pam.d/ssh after "account requiered pam_unix.so"
>
> account requiered pam_access.so
>
> hope that helps
Thanks a bunch to you Guil
Also sprach Johann Spies:
> One can always make use of /etc/hosts.allow and and /etc/hosts.deny.
not for specific users right?
--
Change your thoughts and you change your world.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--- Malcolm Ferguson <[EMAIL PROTECTED]> wrote:
>John DOE wrote:
>>
>> Have to code the application in C ( I would prefer visual basic since it is
>> sometimes hard to tell a professor that this code does it in C especially if
>> you are in Turkey ) or C++ and of course on GNU Debian Linux.
>
--- Wade Richards <[EMAIL PROTECTED]> wrote:
>Hello Mr. Bacteria/John Doe:
>
>Translation: Homework is hard, and plagiarism is so much easier.
>Can someone please do my homework for me?
Wrong translation. First of all I did not ask anybody to do my work for me I
just asked if anyone had such an
--- Malcolm Ferguson <[EMAIL PROTECTED]> wrote:
>John DOE wrote:
>>
>> Have to code the application in C ( I would prefer visual basic since it is
>sometimes hard to tell a professor that this code does it in C especially if you are
>in Turkey ) or C++ and of course on GNU Debian Linux.
>
>I
--- Wade Richards <[EMAIL PROTECTED]> wrote:
>Hello Mr. Bacteria/John Doe:
>
>Translation: Homework is hard, and plagiarism is so much easier.
>Can someone please do my homework for me?
Wrong translation. First of all I did not ask anybody to do my work for me I just
asked if anyone had such a
50 matches
Mail list logo
