From owner-freebsd-security Sun May 12 0: 6:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from trillian.santala.org (ip212-226-173-33.adsl.kpnqwest.fi [212.226.173.33]) by hub.freebsd.org (Postfix) with SMTP id 02E8337B401 for ; Sun, 12 May 2002 00:06:38 -0700 (PDT) Received: (qmail 28318 invoked by uid 11053); 12 May 2002 07:06:32 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 May 2002 07:06:32 -0000 Date: Sun, 12 May 2002 10:06:32 +0300 (EEST) From: Jarkko Santala X-X-Sender: jake@trillian.santala.org To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: DHCPD bug In-Reply-To: <200205112302.RAA15457@forum.lariat.org> Message-ID: <20020512100311.D258-100000@trillian.santala.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 11 May 2002, Brett Glass wrote: > There's a nasty bug in ISC's DHCPD -- a remote root hole -- that affects > the versions that have been provided as ports and packages in recent > releases. See Based on the CERT Advisory, it would seem to me that one is only vulnerable if dynamic dns updates are enabled. If they're off, I would have to think dhcpd doesn't try log any replies from nameservers. None of the advisories I've read mention anything about this. I'd definitely like to know if I'm wrong. ;) http://www.cert.org/advisories/CA-2002-12.html Thanks, -jake -- Jarkko Santala http://www.iki.fi/~jake/ System Administrator 2001:670:83:f08::/64 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 3: 6:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from dubb05h07-0.dplanet.ch (dubb05h07-0.dplanet.ch [212.35.36.31]) by hub.freebsd.org (Postfix) with ESMTP id 25DE837B403 for ; Sun, 12 May 2002 03:06:26 -0700 (PDT) Received: (from luser@localhost) by dubb05h07-0.dplanet.ch (8.11.6/8.11.6) id g4CA6FM01637; Sun, 12 May 2002 12:06:15 +0200 Date: Sun, 12 May 2002 12:06:15 +0200 Message-Id: <200205121006.g4CA6FM01637@dubb05h07-0.dplanet.ch> X-Authentication-Warning: dubb05h07-0.dplanet.ch: luser set sender to quak@mydiax.ch using -f Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: quak@mydiax.ch To: freebsd-security@FreeBSD.org Subject: IPSEC: is ipcomp broken in 4.5-stable ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greetings, Is there anyone who have gotten the ipsec compression (ipcomp) working in t= he 4.5-stable ?? We try to establish a transport compression between 2 machines with followi= ng setkey setup Box 1 (192.168.20.1) add 192.168.20.1 192.168.10.1 ipcomp 2010 -C deflate; add 192.168.10.1 192.168.20.1 ipcomp 1020 -C deflate; spdadd 192.168.20.1 192.168.10.1 any -P out ipsec ipcomp/transport//require; spdadd 192.168.10.1 192.168.20.1 any -P in ipsec ipcomp/transport//require; Box 2 (192.168.10.1) add 192.168.20.1 192.168.10.1 ipcomp 2010 -C deflate; add 192.168.10.1 192.168.20.1 ipcomp 1020 -C deflate; spdadd 192.168.10.1 192.168.20.1 any -P out ipsec ipcomp/transport//require; spdadd 192.168.20.1 192.168.10.1 any -P in ipsec ipcomp/transport//require; Now we can ping both machines, but as soon as we begin doing a simple ftp t= ransfer from box1 to box2, the transfer will *always* hang up at the 34816 = bytes transferred. There seems to be some mess in the compression / decompression mechanism, b= ecause if we add a racoon to this mix (Default configuration, no changes to= racoon.conf, just psk.txt entries on both boxes) the transfers suddenly be= gin to work better, that is: we infact get some major speed boost, but it c= omes in waves, time to time boxes will spit out something like=20 ipcomp_decompress: inflate(Z_FINISH): unknown error (-2) and transfer will = stall for 3-6 seconds, the proceed again. Also, the setkey does not accept lzs as an compression option. man setkey s= ays that it should. What is going on ? Regards Kirill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 4:48:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id DB24A37B401 for ; Sun, 12 May 2002 04:48:51 -0700 (PDT) Received: from mille.mahoroba.org (IDENT:QxeLyq/tdMWFkfycXLCGAK34k/Yf8sRY4iFIuVofBgQ9YgLErD8gaKr056/UQfj6@mille.mahoroba.org [IPv6:2001:200:301:0:202:2dff:fe0a:6bee]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g4CBmjLR025209 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 12 May 2002 20:48:46 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 12 May 2002 20:48:45 +0900 Message-ID: From: Hajimu UMEMOTO To: quak@mydiax.ch Cc: freebsd-security@FreeBSD.org Subject: Re: IPSEC: is ipcomp broken in 4.5-stable ? In-Reply-To: <200205121006.g4CA6FM01637@dubb05h07-0.dplanet.ch> References: <200205121006.g4CA6FM01637@dubb05h07-0.dplanet.ch> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 12 May 2002 12:06:15 +0200 >>>>> quak@mydiax.ch said: quak> ipcomp_decompress: inflate(Z_FINISH): unknown error (-2) and transfer will stall for 3-6 seconds, the proceed again. It seems it was broken by recent zlib change. Does this patch work for you? Index: sys/netinet6/ipcomp_core.c diff -u sys/netinet6/ipcomp_core.c.orig sys/netinet6/ipcomp_core.c --- sys/netinet6/ipcomp_core.c.orig Sun May 5 04:33:23 2002 +++ sys/netinet6/ipcomp_core.c Sun May 12 20:41:58 2002 @@ -252,14 +252,17 @@ MOREBLOCK(); } - zerror = mode ? inflate(&zs, Z_FINISH) + zerror = mode ? inflate(&zs, Z_SYNC_FLUSH) : deflate(&zs, Z_FINISH); if (zerror == Z_STREAM_END) break; - else if (zerror == Z_OK) - ; /* once more. */ - else { + else if (zerror == Z_OK) { + if (mode && zs.avail_out != 0) + goto terminate; + else + ; /* once more. */ + } else { if (zs.msg) { ipseclog((LOG_ERR, "ipcomp_%scompress: " "%sflate(Z_FINISH): %s\n", -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 4:50:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id BD07337B40F for ; Sun, 12 May 2002 04:50:07 -0700 (PDT) Received: by peitho.fxp.org (Postfix, from userid 1501) id 8986F1366F; Sun, 12 May 2002 07:50:01 -0400 (EDT) Date: Sun, 12 May 2002 07:50:01 -0400 From: Chris Faulhaber To: Brett Glass Cc: security@freebsd.org Subject: Re: DHCPD bug Message-ID: <20020512115001.GA9166@peitho.fxp.org> References: <200205112302.RAA15457@forum.lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0F1p//8PRICkK4MW" Content-Disposition: inline In-Reply-To: <200205112302.RAA15457@forum.lariat.org> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 11, 2002 at 05:02:00PM -0600, Brett Glass wrote: > There's a nasty bug in ISC's DHCPD -- a remote root hole -- that affects > the versions that have been provided as ports and packages in recent > releases. See >=20 > http://www.extremetech.com/article/0,3396,apn=3D2&s=3D1024&a=3D26709&ap= =3D1,00.asp >=20 > for a description of the problem. The version of the port that's online > has been updated to close the hole, but the package hasn't -- which means I assume you first emailed portmgr@FreeBSD.org (since they work the packages) or perhaps admins@FreeBSD.org or hub@FreeBSD.org (who maintain the various FreeBSD machines) and you received no response so you are trying to contact them using the -security list. > that users installing FreeBSD who grab the daemon via /stand/sysinstall > will find themselves vulnerable. Also, no advisory has been issued.... > One should be. >=20 As Jacques stated, a Security Notice is in the works for this and other recently-vulnerable ports/packages. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE83lboObaG4P6BelARAvr7AJ9A7VhflW7/1QGJdh6retFArIFDgwCgkDSY l4n9OIovwRABesKbA5GW5hg= =94Is -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 5:51: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from dubb04h05-0.dplanet.ch (dubb04h05-0.dplanet.ch [212.35.36.59]) by hub.freebsd.org (Postfix) with ESMTP id 5AE2237B409 for ; Sun, 12 May 2002 05:50:56 -0700 (PDT) Received: (from luser@localhost) by dubb04h05-0.dplanet.ch (8.11.6/8.11.6) id g4CComR07757; Sun, 12 May 2002 14:50:48 +0200 Date: Sun, 12 May 2002 14:50:48 +0200 Message-Id: <200205121250.g4CComR07757@dubb04h05-0.dplanet.ch> X-Authentication-Warning: dubb04h05-0.dplanet.ch: luser set sender to quak@mydiax.ch using -f Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: quak@mydiax.ch To: freebsd-security@FreeBSD.org Subject: Re: Re: IPSEC: is ipcomp broken in 4.5-stable ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Greetings >Hi, > >>>>>> On Sun, 12 May 2002 12:06:15 +0200 >>>>>> quak@mydiax.ch said: > >quak> ipcomp_decompress: inflate(Z_FINISH): unknown error (-2) and transfe= r will stall for 3-6 seconds, the proceed again. > >It seems it was broken by recent zlib change. Does this patch work >for you? Nop, patch says: Hunk #1 failed at 252. My kernel sources are from the original 4.5 CD (Image). Regards Kirill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 6:12:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id 88EE137B406 for ; Sun, 12 May 2002 06:12:34 -0700 (PDT) Received: from mille.mahoroba.org (IDENT:SNxXUT0Isb/DjlS/roS0zukjzVHz36etAk09LNmoDEn1IovrWArUZMXqbZJegDHY@mille.mahoroba.org [IPv6:2001:200:301:0:202:2dff:fe0a:6bee]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g4CDCVLR071264 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 12 May 2002 22:12:31 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 12 May 2002 22:12:28 +0900 Message-ID: From: Hajimu UMEMOTO To: quak@mydiax.ch Cc: freebsd-security@FreeBSD.org Subject: Re: IPSEC: is ipcomp broken in 4.5-stable ? In-Reply-To: <200205121250.g4CComR07757@dubb04h05-0.dplanet.ch> References: <200205121250.g4CComR07757@dubb04h05-0.dplanet.ch> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 12 May 2002 14:50:48 +0200 >>>>> quak@mydiax.ch said: quak> Nop, patch says: quak> Hunk #1 failed at 252. quak> My kernel sources are from the original 4.5 CD (Image). Okay, this patch is against ipcomp_core.c of 4.5-RELEASE. Index: ipcomp_core.c diff -u ipcomp_core.c.orig ipcomp_core.c --- ipcomp_core.c.orig Sun May 12 22:06:25 2002 +++ ipcomp_core.c Sun May 12 22:09:42 2002 @@ -252,14 +252,17 @@ MOREBLOCK(); } - zerror = mode ? inflate(&zs, Z_FINISH) + zerror = mode ? inflate(&zs, Z_SYNC_FLUSH) : deflate(&zs, Z_FINISH); if (zerror == Z_STREAM_END) break; - else if (zerror == Z_OK) - ; /*once more.*/ - else { + else if (zerror == Z_OK) { + if (mode && zs.avail_out != 0) + goto terminate; + else + ; /* once more. */ + } else { if (zs.msg) { ipseclog((LOG_ERR, "ipcomp_%scompress: " "%sflate(Z_FINISH): %s\n", -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 7: 0: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from dubb03h04-0.dplanet.ch (dubb03h04-0.dplanet.ch [212.35.36.50]) by hub.freebsd.org (Postfix) with ESMTP id E411F37B406 for ; Sun, 12 May 2002 07:00:00 -0700 (PDT) Received: (from luser@localhost) by dubb03h04-0.dplanet.ch (8.11.6/8.11.6) id g4CDxqm27601; Sun, 12 May 2002 15:59:52 +0200 Date: Sun, 12 May 2002 15:59:52 +0200 Message-Id: <200205121359.g4CDxqm27601@dubb03h04-0.dplanet.ch> X-Authentication-Warning: dubb03h04-0.dplanet.ch: luser set sender to quak@mydiax.ch using -f Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: quak@mydiax.ch To: freebsd-security@FreeBSD.org Subject: Re: Re: IPSEC: is ipcomp broken in 4.5-stable ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Hi, >Okay, this patch is against ipcomp_core.c of 4.5-RELEASE. Ouch, my bad... mixed STABLE and RELEASE. Patch works ! Thank you VERY much Hajimu !! Regards Kirill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 7:30:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id 1DEC037B401 for ; Sun, 12 May 2002 07:30:15 -0700 (PDT) Received: from mille.mahoroba.org (IDENT:yJCiw9soEEn2DBiRmqpVQrPuwuLypfcDIfH/HKcU1R9xoLwf9V2P0C22/OOaPaaa@mille.mahoroba.org [IPv6:2001:200:301:0:202:2dff:fe0a:6bee]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g4CEUBLR059700 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 12 May 2002 23:30:11 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sun, 12 May 2002 23:30:11 +0900 Message-ID: From: Hajimu UMEMOTO To: quak@mydiax.ch Cc: freebsd-security@FreeBSD.org Subject: Re: IPSEC: is ipcomp broken in 4.5-stable ? In-Reply-To: <200205121359.g4CDxqm27601@dubb03h04-0.dplanet.ch> References: <200205121359.g4CDxqm27601@dubb03h04-0.dplanet.ch> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 12 May 2002 15:59:52 +0200 >>>>> quak@mydiax.ch said: >Okay, this patch is against ipcomp_core.c of 4.5-RELEASE. quak> Ouch, my bad... mixed STABLE and RELEASE. quak> Patch works ! Thank you VERY much Hajimu !! You are welcome. I just committed the fix into 5-CURRENT. Since 4-STABLE is in code freeze, when approved by re, I'll do MFC it. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 8:56: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 4509337B400 for ; Sun, 12 May 2002 08:56:04 -0700 (PDT) Received: (qmail 24094 invoked from network); 12 May 2002 15:56:02 -0000 Received: from c-159.nlink.com.br (HELO ear.com.br) (200.167.176.159) by mirage.nlink.com.br with SMTP; 12 May 2002 15:56:02 -0000 Received: from EARMDPA01/SpoolDir by ear.com.br (Mercury 1.48); 12 May 02 12:59:44 GMT-3 Received: from SpoolDir by EARMDPA01 (Mercury 1.48); 12 May 02 12:58:00 GMT-3 From: "Mario Lobo" Organization: American School of Recife - Brazil To: security@FreeBSD.ORG Date: Sun, 12 May 2002 12:56:06 -0300 MIME-Version: 1.0 Subject: watchdog Reply-To: mlobo@ear.com.br Message-ID: <3CDE666A.20037.6F8C36@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi; I had the following non-stop message on my screen: dc0: watchdog timeout I reset, everything went back to normal. Was this a hardware problem or a break in attempt ? thanks, - *** Mario Lobo *** Head of Computer Department *** American School of Recife To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 9: 0:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3283D37B400 for ; Sun, 12 May 2002 09:00:15 -0700 (PDT) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.3/8.12.3) with ESMTP id g4CFxtb4030234; Sun, 12 May 2002 11:59:55 -0400 (EDT) (envelope-from arr@FreeBSD.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.12.3/8.12.3/Submit) with SMTP id g4CFxsub030231; Sun, 12 May 2002 11:59:55 -0400 (EDT) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Sun, 12 May 2002 11:59:53 -0400 (EDT) From: "Andrew R. Reiter" X-Sender: arr@fledge.watson.org To: Mario Lobo Cc: security@FreeBSD.org Subject: Re: watchdog In-Reply-To: <3CDE666A.20037.6F8C36@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 12 May 2002, Mario Lobo wrote: :Hi; : :I had the following non-stop message on my screen: : :dc0: watchdog timeout : Check the DIAGNOSTICS section of the dc.4 man page. Cheers, -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 9:17:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from forum.lariat.org (forum.lariat.org [12.23.109.3]) by hub.freebsd.org (Postfix) with ESMTP id 0F02837B401 for ; Sun, 12 May 2002 09:17:21 -0700 (PDT) Received: (from brett@localhost) by forum.lariat.org (8.9.3/8.9.3) id KAA16441; Sun, 12 May 2002 10:17:15 -0600 (MDT) Date: Sun, 12 May 2002 10:17:15 -0600 (MDT) From: Brett Glass Message-Id: <200205121617.KAA16441@forum.lariat.org> To: jake@iki.fi, security@freebsd.org Subject: Re: DHCPD bug Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jarkko Santala writes: >Based on the CERT Advisory, it would seem to me that one is only >vulnerable if dynamic dns updates are enabled. If they're off, I would >have to think dhcpd doesn't try log any replies from nameservers. Alas, if the daemon gets a "reply" that isn't really a reply to anything, it still logs it. --Brett / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 9:25:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from forum.lariat.org (forum.lariat.org [12.23.109.3]) by hub.freebsd.org (Postfix) with ESMTP id 531F237B407 for ; Sun, 12 May 2002 09:25:39 -0700 (PDT) Received: (from brett@localhost) by forum.lariat.org (8.9.3/8.9.3) id KAA16452; Sun, 12 May 2002 10:25:38 -0600 (MDT) Date: Sun, 12 May 2002 10:25:38 -0600 (MDT) From: Brett Glass Message-Id: <200205121625.KAA16452@forum.lariat.org> To: jedgar@fxp.org, security@freebsd.org Subject: Re: DHCPD bug Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris Faulhaber writes: >I assume you first emailed portmgr@FreeBSD.org (since they work the >packages) or perhaps admins@FreeBSD.org or hub@FreeBSD.org (who >maintain the various FreeBSD machines) and you received no response >so you are trying to contact them using the -security list. That assumption is incorrect. None of the addresses you mention above are listed as contacts for such requests, or if they are I could not find them listed as such. I did post to the -ports list, which one would expect to be monitored at least as closely by those in charge of updating packages, but received no response at all. I posted to the -security list not only because failure to update the package is a very serious security issue, but also because no advisory has yet gone out. It is important that an advisory be sent before exploits become widespread. You can bet that the malware authors are already hard at work on skripts and worms that exploit the hole. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 12 10:10:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from dubb05h07-0.dplanet.ch (dubb05h07-0.dplanet.ch [212.35.36.31]) by hub.freebsd.org (Postfix) with ESMTP id 8133637B407 for ; Sun, 12 May 2002 10:10:08 -0700 (PDT) Received: (from luser@localhost) by dubb05h07-0.dplanet.ch (8.11.6/8.11.6) id g4CHA0o11330; Sun, 12 May 2002 19:10:00 +0200 Date: Sun, 12 May 2002 19:10:00 +0200 Message-Id: <200205121710.g4CHA0o11330@dubb05h07-0.dplanet.ch> X-Authentication-Warning: dubb05h07-0.dplanet.ch: luser set sender to quak@mydiax.ch using -f Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: quak@mydiax.ch To: freebsd-security@FreeBSD.org Subject: Re: Re: IPSEC: is ipcomp broken in 4.5-stable ? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Hi, > > >You are welcome. I just committed the fix into 5-CURRENT. Since >4-STABLE is in code freeze, when approved by re, I'll do MFC it. Whoops, Hajimu=20 Transport compression works flawlessly, but tunnel mode seems to still be b= roken now, if I use: spdadd 192.168.2.0/24 192.168.1.0/24 any -P out ipsec ipcomp/tunnel/192.168= .20.1-192.168.10.1/require; spdadd 192.168.1.0/24 192.168.2.0/24 any -P in ipsec ipcomp/tunnel/192.168.= 10.1-192.168.20.1/require; (And mirror of this on another machine) transfers die again with similar symptoms, transfers hang at 34816, kernel = spits errors: ipcomp_decompress: inflate(Z_NO_FLUSH): invalid bit length repeat ipcomp_decompress: inflate(Z_NO_FLUSH): oversubscribed literal/length tree What is this ? :) Regards Kirill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 0:19:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail1.ing.nl (mail1.ing.nl [145.221.93.2]) by hub.freebsd.org (Postfix) with ESMTP id 1BDC237B405 for ; Mon, 13 May 2002 00:19:22 -0700 (PDT) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DHCPD bug Date: Mon, 13 May 2002 09:18:59 +0200 Message-ID: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DHCPD bug thread-index: AcH5P+3smcEYRSboQF6D8Q/2x03G+ABDZtDw From: "Carroll, D. (Danny)" To: Importance: normal X-OriginalArrivalTime: 13 May 2002 07:18:59.0742 (UTC) FILETIME=[73A12BE0:01C1FA4E] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As a little aside, whilst reading the CERT advisory I noticed that NetBSD is not vulernable because: "NetBSD fixed this during a format string sweep performed on 11-Oct-2000. No released version of NetBSD is vulnerable to this issue." Nice and prudent. Is there any reason why this would be difficult to do in the FreeBSD source / Ports source?? I don't know a hell of a lot about buffer over-runs but the patch passes ("%s", ptr) rather than simply (ptr)... If the fix for most over-runs is this simple then this task should be easy to do. At least it might be easy to identify potential issues. -D -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 2: 3:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id CC9F037B406 for ; Mon, 13 May 2002 02:03:36 -0700 (PDT) Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id FAA20333; Mon, 13 May 2002 05:06:49 -0400 Received: from localhost (mitch@localhost) by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id FAA13071; Mon, 13 May 2002 05:03:35 -0400 X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs Date: Mon, 13 May 2002 05:03:35 -0400 (EDT) From: Mitch Collinsworth To: "Carroll, D. (Danny)" Cc: security@FreeBSD.ORG Subject: RE: DHCPD bug In-Reply-To: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 13 May 2002, Carroll, D. (Danny) wrote: > As a little aside, whilst reading the CERT advisory I noticed that > NetBSD is not vulernable because: "NetBSD fixed this during a format > string sweep performed on 11-Oct-2000. No released version of NetBSD is > vulnerable to this issue." > > Nice and prudent. Sheesh. Nice would have been sending their patch to Ted when they discovered it back in 2000. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 2:13:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail1.ing.nl (mail1.ing.nl [145.221.93.2]) by hub.freebsd.org (Postfix) with ESMTP id 40ECE37B403 for ; Mon, 13 May 2002 02:13:31 -0700 (PDT) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: DHCPD bug Date: Mon, 13 May 2002 11:11:06 +0200 Message-ID: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: DHCPD bug thread-index: AcH6XR1c86G2oqYVQEGICGvAoM8cmQAAM16A From: "Carroll, D. (Danny)" To: "Mitch Collinsworth" Cc: Importance: normal X-OriginalArrivalTime: 13 May 2002 09:11:05.0658 (UTC) FILETIME=[1C9681A0:01C1FA5E] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :> Nice and prudent. : :Sheesh. Nice would have been sending their patch to Ted when they :discovered it back in 2000. True.... But my point is, maybe a simple sed or perl script ran over the source might yeild other potential problems? -D -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 4: 0:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from portal.eltex.ru (eltex-gw2.nw.ru [195.19.203.86]) by hub.freebsd.org (Postfix) with ESMTP id 7A66C37B403 for ; Mon, 13 May 2002 04:00:05 -0700 (PDT) Received: (from root@localhost) by portal.eltex.ru (8.12.3/8.11.3) id g4DAxw7c057135; Mon, 13 May 2002 14:59:58 +0400 (MSD) (envelope-from ark@eltex.ru) Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2]) by portal.eltex.ru (8.12.3/8.11.3av) with SMTP id g4DAxqV9057127; Mon, 13 May 2002 14:59:52 +0400 (MSD) (envelope-from ark@eltex.ru) From: ark@eltex.ru Received: by yaksha.eltex.ru (ssmtp TIS-1.1alpha, 17 Jan 2002); Mon, 13 May 2002 14:52:02 +0400 Received: from undisclosed-intranet-sender id smtpdi16867; Mon May 13 14:51:56 2002 Date: Mon, 13 May 2002 14:52:08 +0400 Message-Id: <200205131052.OAA24503@paranoid.eltex.ru> In-Reply-To: <20020510084653.51d1ba8e.nkinkade@dsl-only.com> from "Nathan Kinkade " Organization: "Klingon Imperial Intelligence Service" Subject: Re: Second request Talk ports/sockets To: nkinkade@dsl-only.com Cc: sam@wa4phy.net, security@freebsd.org X-Virus-Scanned: by Eltex TC Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- talk/ntalk use udp for paging user and initial handshake and then tcp connection (to/from some random port) is used for chat session, afair. Nathan Kinkade said : > On Fri, 10 May 2002 09:41:16 -0400 > Sam Drinkard wrote: > > > Since tightening up the firewall, my talk (from internal, not network) > > is broken. I can't seem to figure out what ucp/tcp port(s) to open to > > allow the talk utility to work. Looking at the source code didn't > > help much either, but reference to sockets was mentioned. Once a user > > logs in, does the talk utility not use the localhost address for > > connections? > > The port for talk is 517. > The port for ntalk is 518. > > I first found this out by launching ethereal (a network protocol > analyzer that's in the ports collection). Then I attempted to launch a > talk session with a non-existent host just to see some traffic. A quick > review of the captured packets showed that my machine was attempting to > communicate using ntalk on UDP port 518. > > I then did a quick search on Google for 'ntalk tcp port number'. The > very first returned hit revealed the following. > > talk 517/tcp like tenex link, but across > # machine - unfortunately, doesn't > # use link protocol (this is actually > # just a rendezvous port from which a > # tcp connection is established) > talk 517/udp like tenex link, but across > # machine - unfortunately, doesn't > # use link protocol (this is actually > # just a rendezvous port from which a > # tcp connection is established) > ntalk 518/tcp > ntalk 518/udp > > Further, a quick browse through /etc/services revealed exactly the same > text as above. Presumably that's where the site got the information in > the first place. > > There are plenty of ways to figure out information like this....it just > requires that you think about it for a minute. The Google search engine > is invaluable...and then again, as demonstrated above, often the info > lies right on your own computer. Hope this helps. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQCVAwUBPN+a16H/mIJW9LeBAQGZggP9GyBUOtejoE3Fv+rPuTZHazRfv8R3eoqV kiZv4LOPVo775bkOfS7WTp5t9zMqSq0mwhr8cvXWTK6qTNUCStArhMgQF0vaXRW1 RGYspwyHyZTQw1qwr/YXzh80NpDiijAS7jeD07k9iDjGUTyIXM2xNtYmcR9ccDe2 1mvZGVV1Z3Q= =mIZl -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 4: 5:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (svr-ganmtc-appserv-mgmt.ncf.coxexpress.com [24.136.46.5]) by hub.freebsd.org (Postfix) with ESMTP id 9E3A037B400 for ; Mon, 13 May 2002 04:05:22 -0700 (PDT) Received: from darkstar.doublethink.cx (cpe-oca-24-136-59-202-cmcpe.ncf.coxexpress.com [24.136.59.202]) by svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (8.11.4/8.11.4) with ESMTP id g4DB5L729922; Mon, 13 May 2002 07:05:21 -0400 Received: by darkstar.doublethink.cx (Postfix, from userid 1000) id DF323479; Mon, 13 May 2002 07:05:20 -0400 (EDT) Date: Mon, 13 May 2002 07:05:20 -0400 From: Chris Faulhaber To: "Carroll, D. (Danny)" Cc: security@freebsd.org Subject: Re: DHCPD bug Message-ID: <20020513110520.GA21996@darkstar.doublethink.cx> References: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline In-Reply-To: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2002 at 09:18:59AM +0200, Carroll, D. (Danny) wrote: > As a little aside, whilst reading the CERT advisory I noticed that > NetBSD is not vulernable because: "NetBSD fixed this during a format > string sweep performed on 11-Oct-2000. No released version of NetBSD is > vulnerable to this issue." >=20 > Nice and prudent. Is there any reason why this would be difficult to do > in the FreeBSD source / Ports source?? >=20 Numerous developers have performed audits on much of the base system along with bringing in fixes from NetBSD, OpenBSD, and other parts of the open-source community. As for the ports tree, with over 6000 independently-written applications, finding (or funding) developers to perform a full-scale audit may be a bit difficult. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjzfnfAACgkQObaG4P6BelBaaQCgmKu1yrixhq9qGOuWSSBUSD7e dzcAniGpJZD8/0uKFt6TuEi0kiSsil7U =atRe -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 4:16:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by hub.freebsd.org (Postfix) with ESMTP id 205C537B403 for ; Mon, 13 May 2002 04:16:43 -0700 (PDT) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id PAA03274; Mon, 13 May 2002 15:16:36 +0400 (MSD) Received: from 217.195.79.7 ([217.195.79.7]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id KHFVGFSK; Mon, 13 May 2002 15:16:25 +0400 Date: Mon, 13 May 2002 15:16:24 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A. Kritsky" X-Priority: 3 (Normal) Message-ID: <622555674.20020513151624@internethelp.ru> To: "Drew Tomlinson" Cc: security@FreeBSD.ORG Subject: Re: Allowing FTP Through *My* IPFW Firewall In-reply-To: <00f701c1f781$b77478b0$6e2a6ba5@lc.ca.gov> References: <00f701c1f781$b77478b0$6e2a6ba5@lc.ca.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Drew, I think you should read FTP RFC (#0959 AFAIK), the part about "passive mode" FTP. I think that in your case it is the only thing to do. Or try to read manual to your 3COM modem, to search something like FreeBSD's `punch_fw' option. Thursday, May 09, 2002, 9:48:23 PM, you wrote: DT> I'm trying to figure out what rule I need to add or change to allow ftp DT> sessions to pass through my ipfw firewall. I have search the archives DT> but the only conclusions I have found is that this is a difficult task DT> because of the nature of ftp. I'm hoping someone can help me with my DT> specific situation. DT> Here is how my home network is configured: DT> ISP DT> | DT> | Public DHCP address DT> | DT> 3Com ADSL Modem/Router DT> (Router performs NAT and passes packets to 10.2 by default) DT> | (192.168.10.1) DT> | DT> | DT> | (ed1 192.168.10.2) DT> FBSD Gateway DT> | (ed0 192.168.1.2) DT> | DT> | DT> Internal LAN DT> These are my current firewall rules: DT> blacksheep# ipfw list DT> 00100 allow ip from any to any via lo0 DT> 00200 deny log ip from any to 127.0.0.0/8 DT> 00300 deny log ip from 192.168.1.0/24 to any in recv ed1 DT> 00400 deny log ip from not 192.168.1.0/24 to any in recv ed0 DT> 00500 check-state DT> 00600 allow tcp from 192.168.1.0/24 DT> 21,22,25,80,143,389,443,993,5405,10001 to any established DT> 00700 allow tcp from any to 192.168.1.0/24 DT> 21,22,25,80,143,389,443,993,5405,10001 DT> 00800 allow tcp from 192.168.10.2 to any 21,22,8021 established DT> 00900 allow tcp from any to 192.168.10.2 21,22,8021 DT> 01000 allow icmp from any to any icmptype 3,4,11,12 DT> 01100 allow icmp from any to any out icmptype 8 DT> 01200 allow icmp from any to any in icmptype 0 DT> 01300 reset log tcp from any to any 113 DT> 01400 allow udp from 206.13.19.133 123 to 192.168.10.2 123 DT> 01500 allow udp from 165.227.1.1 123 to 192.168.10.2 123 DT> 01600 allow udp from 63.192.96.2 123 to 192.168.10.2 123 DT> 01700 allow udp from 63.192.96.3 123 to 192.168.10.2 123 DT> 01800 allow udp from 132.239.254.49 123 to 192.168.10.2 123 DT> 01900 allow udp from 192.168.10.1 to any DT> 02000 allow udp from any to 192.168.10.1 DT> 02100 allow ip from 192.168.10.2 to any keep-state out xmit ed1 DT> 02200 allow ip from 192.168.1.0/24 to any keep-state via ed0 DT> 65500 deny log ip from any to any DT> An FTP client on the outside can establish as session and login through DT> the firewall but fails when the first data transfer (listing the remote DT> directory) begins. Here is a sample entry from my security log: DT> May 9 09:56:57 blacksheep /kernel: ipfw: 65500 Deny TCP DT> 207.173.226.108:2191 192.168.1.4:49172 in via ed1 DT> Any help would be appreciated. DT> Thanks, DT> Drew ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 6:34:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id 8554937B406 for ; Mon, 13 May 2002 06:34:11 -0700 (PDT) Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id JAA25075; Mon, 13 May 2002 09:37:24 -0400 Received: from localhost (mitch@localhost) by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id JAA13642; Mon, 13 May 2002 09:34:10 -0400 X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs Date: Mon, 13 May 2002 09:34:10 -0400 (EDT) From: Mitch Collinsworth To: "Carroll, D. (Danny)" Cc: security@FreeBSD.ORG Subject: RE: DHCPD bug In-Reply-To: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 13 May 2002, Carroll, D. (Danny) wrote: > :> Nice and prudent. > : > :Sheesh. Nice would have been sending their patch to Ted when they > :discovered it back in 2000. > > True.... > > But my point is, maybe a simple sed or perl script ran over the source > might yeild other potential problems? I agree with your point. My point is, if they don't report bugs as they find them back to the maintainers then a) they're going to have to keep patching the same bugs every time they integrate new versions of code brought in from other projects, and b) noone else benefits from their having found the bug and it continues to exist until someone else finds it. They are of course free to report or not report bugs as they choose, but in a case like this where they're using and benefitting from someone else's work I'd say not reporting violates the spirit of open source development. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 7:29:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3DACC37B409; Mon, 13 May 2002 07:28:30 -0700 (PDT) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4DESUU29292; Mon, 13 May 2002 07:28:30 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 13 May 2002 07:28:30 -0700 (PDT) Message-Id: <200205131428.g4DESUU29292@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Notice FreeBSD-SN-02:02 Reply-To: security-advisories@FreeBSD.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:02 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-05-13 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. These ports are not installed by default, nor are they ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: analog Affected: versions < analog-5.22 Status: Fixed Cross-site scripting attack. +------------------------------------------------------------------------+ Port name: ascend-radius, freeradius-devel, icradius, radius-basic, radiusclient, radiusd-cistron, xtradius Affected: versions < radiusd-cistron-1.6.6 all versions of ascend-radius, freeradius-devel, icradius, radius-basic, radiusclient Status: Fixed: radiusd-cistron Not fixed: all others Digest Calculation buffer overflow and/or insufficient validation of attribute lengths. +------------------------------------------------------------------------+ Port name: dnews Affected: versions < dnews-5.5h2 Status: Fixed ``Security fault.'' +------------------------------------------------------------------------+ Port name: ethereal Affected: versions < ethereal-0.9.3 Status: Fixed SNMP vulnerability: malformed SNMP packets may cause ethereal to crash. +------------------------------------------------------------------------+ Port name: icecast Affected: versions < icecast-1.3.12 Status: Fixed Directory traversal vulnerability. Remote attackers may cause a denial of service via a URL that ends in . (dot), / (forward slash), or \ (backward slash). Buffer overflows may allow remote attackers to execute arbitrary code or cause a denial of service. +------------------------------------------------------------------------+ Port name: isc-dhcp3 Affected: versions < dhcp-3.0.1.r8_1 Status: Fixed Format string vulnerability when logging DNS-update request transactions. +------------------------------------------------------------------------+ Port name: jdk, jdk12-beta Affected: all versions Status: Not fixed ``A vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to monitor requests to and responses from an HTTP proxy server when a persistent connection is used between a client and an HTTP proxy server.'' (Bulletin 216) +------------------------------------------------------------------------+ Port name: linux-mozilla, mozilla Affected: versions < linux-mozilla-0.9.9.2002050810 versions < mozilla-1.0.rc1_3,1 Status: Fixed Buffer overflow in Chatzilla. XMLHttpRequest allows reading of local files. +------------------------------------------------------------------------+ Port name: mod_python Affected: versions < mod_python-2.7.8 Status: Fixed A publisher may access an indirectly imported module allowing a remote attacker to call functions from that module. +------------------------------------------------------------------------+ Port name: ntop Affected: all versions Status: Not fixed ``Preauthentication Remote Root Hole in NTOP'' +------------------------------------------------------------------------+ Port name: p5-SOAP-Lite Affected: versions < p5-SOAP-Lite-0.55 Status: Fixed Client may call any procedure on server. +------------------------------------------------------------------------+ Port name: puf Affected: versions < puf-0.93.1 Status: Fixed Format string vulnerability in error output. +------------------------------------------------------------------------+ Port name: sudo Affected: versions < sudo-1.6.6 Status: Fixed Heap overflow may allow local users to gain root access. +------------------------------------------------------------------------+ Port name: webalizer Affected: versions < webalizer-2.1.10 Status: Fixed Buffer overflow in the DNS resolver code. +------------------------------------------------------------------------+ Port name: xpilot Affected: versions < xpilot-4.5.2 Status: Fixed Stack buffer overflow in server. +------------------------------------------------------------------------+ III. Upgrading Ports/Packages To upgrade a fixed port/packages, perform one of the following: 1) Upgrade your Ports Collection and rebuild and reinstall the port. Several tools are available in the Ports Collection to make this easier. See: /usr/ports/devel/portcheckout /usr/ports/misc/porteasy /usr/ports/sysutils/portupgrade 2) Deinstall the old package and install a new package obtained from [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ Packages are not automatically generated for other architectures at this time. +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBPN/CwlUuHi5z0oilAQERywP/dSqt97FPlLlDJE7tYpA5625FSjqbrWod KsoKIBHM2ZIHAjnhAyF82tUT4ivMvJwepk1NE+W9YX77K7n5LHkfqY4kzCaVZJrY gkaR63Dw+M5gqJ5FjO0RkSDxsltsKjSa6ZzKxWdAeRwDPbE7CwsjTI2AoS/kzaLw ex+PhdbYjbc= =fK1t -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 8:38:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from cnvbrlx01.net.cnv.at (ws166.cnv.at [212.51.224.166]) by hub.freebsd.org (Postfix) with ESMTP id 63C5937B408 for ; Mon, 13 May 2002 08:38:27 -0700 (PDT) Received: from cnvbrlx01.net.cnv.at (localhost [127.0.0.1]) by cnvbrlx01.net.cnv.at (8.12.1/8.12.1) with ESMTP id g4DFYGJZ004945; Mon, 13 May 2002 17:34:16 +0200 Received: from slashtom.slash10.com (fritz.intra.vtg.at [10.254.0.234]) by cnvbrlx01.net.cnv.at (8.12.1/8.12.1) with ESMTP id g4DFYGVo004940; Mon, 13 May 2002 17:34:16 +0200 Message-Id: <5.1.0.14.0.20020513174837.02c04d28@alpha.slash10.net> X-Sender: tf@alpha.slash10.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 13 May 2002 17:54:54 +0200 To: freebsd-security@FreeBSD.ORG From: Thomas Fritz Subject: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there! On the URL http://www.onlamp.com/pub/a/bsd/2001/12/10/ipsec.html I found this warning below: One other word of warning -- if you reboot one of the hosts, and suddenly have connectivity problems, flush the keys on both machines by running setkey -F. It's possible for the keys to get out of sync. Is there any way to overcome this problem without flushing the keys by hand? Thanks in advance /tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 8:53: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by hub.freebsd.org (Postfix) with ESMTP id D4DF437B401 for ; Mon, 13 May 2002 08:53:01 -0700 (PDT) Received: from ZABU ([131.106.3.56]) (authenticated bits=0) by ebb.errno.com (8.12.1/8.12.1) with ESMTP id g4DFqu4F012613 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Mon, 13 May 2002 08:52:58 -0700 (PDT)?g (envelope-from sam@errno.com)œ Message-ID: <007201c1fa96$7f8a6820$38036a83@ZABU> From: "Sam Leffler" To: "Carroll, D. (Danny)" , "Mitch Collinsworth" Cc: References: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com> Subject: Re: DHCPD bug Date: Mon, 13 May 2002 08:54:35 -0700 Organization: Errno Consulting MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-DCC-errno-Metrics: ebb.errno.com 1006; Body=3 Fuz1=3 Fuz2=3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > But my point is, maybe a simple sed or perl script ran over the source > might yeild other potential problems? NetBSD used gcc -Wformat (or whatever it is) to validate format strings against the varags parameter lists. Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 10: 0:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id 9AEA037B403 for ; Mon, 13 May 2002 10:00:07 -0700 (PDT) Received: (qmail 84795 invoked from network); 13 May 2002 17:07:19 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 13 May 2002 17:07:19 -0000 Received: (qmail 57763 invoked by uid 1000); 13 May 2002 16:58:57 -0000 Date: Mon, 13 May 2002 19:58:57 +0300 From: Peter Pentchev To: Sam Leffler Cc: "Carroll, D. (Danny)" , Mitch Collinsworth , security@FreeBSD.ORG Subject: Re: DHCPD bug Message-ID: <20020513195857.J34169@straylight.oblivion.bg> Mail-Followup-To: Sam Leffler , "Carroll, D. (Danny)" , Mitch Collinsworth , security@FreeBSD.ORG References: <6C506EA550443D44A061432F1E92EA4C6C5156@ing.com> <007201c1fa96$7f8a6820$38036a83@ZABU> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5vjQsMS/9MbKYGLq" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <007201c1fa96$7f8a6820$38036a83@ZABU>; from sam@errno.com on Mon, May 13, 2002 at 08:54:35AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5vjQsMS/9MbKYGLq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2002 at 08:54:35AM -0700, Sam Leffler wrote: > > But my point is, maybe a simple sed or perl script ran over the source > > might yeild other potential problems? >=20 > NetBSD used gcc -Wformat (or whatever it is) to validate format > strings against the varags parameter lists. So does FreeBSD, for the base system, if FORMAT_AUDIT is defined in the Makefile - -Wnon-const-format and -Wno-format-extra-args are added to CFLAGS, making gcc whine for the case of syslog(var) and syslog("%s %s", var), respectively. For the ports, though - I have tried exorcising the compiler warnings from a couple of largish ports that I maintain, nothing to compare with the size of KDE, GNOME, GCC, or even ISC-DHCP, and let me tell you, it is no fun, no fun at all.. A little make(1) output postprocessor (or a simple fgrep run over the make(1) output) could help things, if you are only looking for format string misuse, but even then, it may not help a whole lot - the two format warnings added to gcc only analyze calls to functions that have been explicitly defined as being printf-like, and most programs out there roll out their own logging functions, few (very few) of which are marked as such. So basically, yes, it could be done; no, I would not expect each and every port maintainer to try for it. Come to think of it, I myself have not tried for it until now; this might change, but then again, I maintain neither the largest nor the most important ports, so it might be feasible for me, but not for others. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Thit sentence is not self-referential because "thit" is not a word. --5vjQsMS/9MbKYGLq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE83/DR7Ri2jRYZRVMRAsR0AJwOtYkCdrR/UcuwJLRgTxkXOwTnHgCgj0Go c1yI0WfGKG6Rv896V05OSkQ= =uy8h -----END PGP SIGNATURE----- --5vjQsMS/9MbKYGLq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 11: 4:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7BBAB37B40B for ; Mon, 13 May 2002 11:03:47 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4DI3lh60221 for security@freebsd.org; Mon, 13 May 2002 11:03:47 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 13 May 2002 11:03:47 -0700 (PDT) Message-Id: <200205131803.g4DI3lh60221@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 11:11:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from oxmail.ox.ac.uk (oxmail1.ox.ac.uk [129.67.1.2]) by hub.freebsd.org (Postfix) with ESMTP id D376637B405 for ; Mon, 13 May 2002 11:11:32 -0700 (PDT) Received: from heraldgate2.oucs.ox.ac.uk ([163.1.2.50] helo=frontend2.herald.ox.ac.uk ident=exim) by oxmail.ox.ac.uk with esmtp (Exim 3.36 #1) id 177KIF-0007bo-01 for security@freebsd.org; Mon, 13 May 2002 19:11:31 +0100 Received: from dhcp1125.wadham.ox.ac.uk ([163.1.161.125] helo=piii600.wadham.ox.ac.uk) by frontend2.herald.ox.ac.uk with esmtp (Exim 3.32 #1) id 177KIF-00017e-00 for security@FreeBSD.ORG; Mon, 13 May 2002 19:11:31 +0100 X-Info-RBL1: ox.ac.uk filters email against various lists. X-Info-RBL2: If your replies bounce, try sending them to cperciva@sfu.ca Message-Id: <5.0.2.1.1.20020513190947.0238a4e0@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Mon, 13 May 2002 19:11:18 +0100 To: security@FreeBSD.ORG From: Colin Percival Subject: Re: Current problem reports assigned to you In-Reply-To: <200205131803.g4DI3lh60221@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message has been arriving once a week since the beginning of April... does anyone know whom to contact to make this stop? Colin Percival At 11:03 13/05/2002 -0700, FreeBSD bugmaster wrote: >Current FreeBSD problem reports >No matches to your query > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 11:17: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.ulstu.ru (ns.ulstu.ru [62.76.34.36]) by hub.freebsd.org (Postfix) with ESMTP id 19C6A37B405 for ; Mon, 13 May 2002 11:16:58 -0700 (PDT) Received: by ns.ulstu.ru (Postfix-ULSTU, from userid 3909) id 11799107879; Mon, 13 May 2002 22:16:56 +0400 (MSD) Date: Mon, 13 May 2002 22:16:56 +0400 From: zhuravlev alexander To: Colin Percival Cc: security@FreeBSD.ORG Subject: Re: Current problem reports assigned to you Message-ID: <20020513221655.A82693@ns.ulstu.ru> Reply-To: zhuravlev alexander Mail-Followup-To: Colin Percival , security@FreeBSD.ORG References: <200205131803.g4DI3lh60221@freefall.freebsd.org> <5.0.2.1.1.20020513190947.0238a4e0@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.0.2.1.1.20020513190947.0238a4e0@popserver.sfu.ca>; from colin.percival@wadham.ox.ac.uk on Mon, May 13, 2002 at 07:11:18PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 13, 2002 at 07:11:18PM +0100, Colin Percival wrote: > This message has been arriving once a week since the beginning of > April... does anyone know whom to contact to make this stop? GNATS system sends thouse messages > > Colin Percival > > At 11:03 13/05/2002 -0700, FreeBSD bugmaster wrote: > >Current FreeBSD problem reports > >No matches to your query > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- zhuravlev alexander u l s t u n o c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 11:33:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 48DD137B400 for ; Mon, 13 May 2002 11:33:08 -0700 (PDT) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.3/8.9.1) with ESMTP id g4DIX8hU069326; Mon, 13 May 2002 11:33:08 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.3/8.12.3/Submit) id g4DIX8kS069325; Mon, 13 May 2002 11:33:08 -0700 (PDT) Date: Mon, 13 May 2002 11:33:08 -0700 (PDT) From: Matthew Dillon Message-Id: <200205131833.g4DIX8kS069325@apollo.backplane.com> To: Colin Percival Cc: security@FreeBSD.ORG Subject: Re: Current problem reports assigned to you References: <5.0.2.1.1.20020513190947.0238a4e0@popserver.sfu.ca> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org : This message has been arriving once a week since the beginning of :April... does anyone know whom to contact to make this stop? : :Colin Percival : :At 11:03 13/05/2002 -0700, FreeBSD bugmaster wrote: :>Current FreeBSD problem reports :>No matches to your query :> :>To Unsubscribe: send mail to majordomo@FreeBSD.org :>with "unsubscribe freebsd-security" in the body of the message I get this to. It's being sent to security@FreeBSD.ORG so presumably everyone on the list gets it :-) I greped through the PR database and didn't see anything right off the bat. There are a few PRs whos Responsible: is set to 'security-officer'. I wonder if the partial match is creating an issue (PR 5103, 14158, 36404). -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 12:55:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 00F6E37B406 for ; Mon, 13 May 2002 12:55:32 -0700 (PDT) Received: by leaf.lumiere.net (Postfix, from userid 1082) id C921BCD25; Mon, 13 May 2002 12:55:26 -0700 (PDT) Date: Mon, 13 May 2002 12:55:26 -0700 From: Derrick John Klise To: security@freebsd.org Subject: Re: bandwidth monitoring tools ? Message-ID: <20020513125526.A9334@leaf.lumiere.net> References: <034901c1fa98$509ddae0$fd6e34c6@mlevy> <20020513183701.GA27548@chocobo.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020513183701.GA27548@chocobo.cx>; from chip@chocobo.cx on Mon, May 13, 2002 at 02:37:01PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 13, 2002 at 02:37:01PM -0400, Chip Marshall wrote: > On May 13, 2002, Moti sent me the following: > > I'm interested in ip bandwidth reporting. > > basically I have a client who's using part of my t1 and I want to know how > > much bandwidth he's taking. > > the gateway is FreeBSD stable and I'm using ipf/ipnat as my firewall. > > I know I can use ucd-snmp for statistics and ipfm for ip based logging > > i'm wondering what other people are using and how. > > is there anyone using trafd ? ipband ? > > I know some people use count rules with ipfw to do such a thing. I > don't know if ipf has a similar mechanism for counting packets and > bytes. > IP Filter does have an accounting rules, # accounting count in from any to CUSTOMER count out from CUSTOMER to any would keep track of how many bytes are sent to and from CUSTOMER. You can then get the statistics gathered with `ipfstat -aio`. -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 12:58:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id DFD0B37B401 for ; Mon, 13 May 2002 12:58:01 -0700 (PDT) Received: by leaf.lumiere.net (Postfix, from userid 1082) id D7061CE93; Mon, 13 May 2002 12:58:01 -0700 (PDT) Date: Mon, 13 May 2002 12:58:01 -0700 From: Derrick John Klise To: security@freebsd.org Subject: Re: bandwidth monitoring tools ? Message-ID: <20020513125801.C9334@leaf.lumiere.net> References: <034901c1fa98$509ddae0$fd6e34c6@mlevy> <20020513183701.GA27548@chocobo.cx> <20020513125526.A9334@leaf.lumiere.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020513125526.A9334@leaf.lumiere.net>; from derrick@lumiere.net on Mon, May 13, 2002 at 12:55:26PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 13, 2002 at 12:55:26PM -0700, Derrick John Klise wrote: > > IP Filter does have an accounting rules, > > # accounting > count in from any to CUSTOMER > count out from CUSTOMER to any > > would keep track of how many bytes are sent to and from CUSTOMER. You > can then get the statistics gathered with `ipfstat -aio`. > Misfire, sorry about that. -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 16:25:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from selenite.tzc.com (selenite.tzc.com [204.209.140.47]) by hub.freebsd.org (Postfix) with SMTP id 8260237B400 for ; Mon, 13 May 2002 16:25:19 -0700 (PDT) Received: (qmail 59660 invoked from network); 13 May 2002 23:25:13 -0000 Received: from unknown (HELO h410g3n.localnet) (204.209.140.10) by 0 with SMTP; 13 May 2002 23:25:13 -0000 Content-Type: text/plain; charset="us-ascii" From: "Dalin S. Owen" Reply-To: dowen@pstis.com Organization: Nexus XI Corp. To: security@freebsd.org Subject: Error in URL in FreeBSD-SN-02_01.asc Date: Mon, 13 May 2002 17:20:40 -0600 X-Mailer: KMail [version 1.4] MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200205131720.40320.dowen@pstis.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I found a spelling mistake in this URL on this recent advisory... Yes, I = am a=20 bastard.... here is a patch (for a little geek humor)... --SNIP-- --- FreeBSD-SN-02_01.asc Mon May 13 17:16:27 2002 +++ FreeBSD-SN-02_01.asc.fixed Mon May 13 17:16:54 2002 @@ -71,7 +71,7 @@ Affected: all versions Status: Not yet fixed. Race condition in directory removal. - + +-----------------------------------------------------------------------= -+ Port name: imlib Affected: versions < imlib-1.9.13 --SNIP-- --=20 Regards, Dalin S. Owen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 17: 1:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [63.167.241.66]) by hub.freebsd.org (Postfix) with ESMTP id AF5CA37B406 for ; Mon, 13 May 2002 17:01:22 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id g4E01Eg05120; Mon, 13 May 2002 20:01:14 -0400 (EDT) (envelope-from str) Date: Mon, 13 May 2002 20:01:14 -0400 (EDT) From: Igor Roshchin Message-Id: <200205140001.g4E01Eg05120@giganda.komkon.org> To: drew@mykitchentable.net, security@FreeBSD.ORG Subject: Re: Allowing FTP Through *My* IPFW Firewall In-Reply-To: <00f701c1f781$b77478b0$6e2a6ba5@lc.ca.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Here is an idea of what you can try. It depends whether you want to allow both passive and active ftp transfer modes, or only one of them. In case you need to allow both, (this way you cover all possible ftp-clients, including web-browers) you'd have to have many ports open, and one of the ways to do that is as follows (someone might suggest a somewhat different solution): FTP="xxx.xxx.xxx.xxx" # with xxx.xxx.xxx.xxx - being your address, probably 192.168.10.2 in this case. ${fwcmd} add pass tcp from ${FTP} to any established ${fwcmd} add pass tcp from ${FTP} 20 to any setup ${fwcmd} add pass tcp from any to ${FTP} established ${fwcmd} add pass tcp from any to ${FTP} 50000-59999 setup ${fwcmd} add pass tcp from any to ${FTP} 21 setup You would also need to configure that the server establishes connections on the same range of high-numbered ports. Say, in WuFTPd you can use something like the following command in ftpaccess file: passive ports 0.0.0.0/0 50000 59999 or something similar to that (check the man pages) Hope that helps. Igor > From owner-freebsd-security@FreeBSD.ORG Thu May 9 13:48:47 2002 > From: "Drew Tomlinson" > To: > Subject: Allowing FTP Through *My* IPFW Firewall > Date: Thu, 9 May 2002 10:48:23 -0700 > > I'm trying to figure out what rule I need to add or change to allow ftp > sessions to pass through my ipfw firewall. I have search the archives > but the only conclusions I have found is that this is a difficult task > because of the nature of ftp. I'm hoping someone can help me with my > specific situation. > > Here is how my home network is configured: > > ISP > | > | Public DHCP address > | > 3Com ADSL Modem/Router > (Router performs NAT and passes packets to 10.2 by default) > | (192.168.10.1) > | > | > | (ed1 192.168.10.2) > FBSD Gateway > | (ed0 192.168.1.2) > | > | > Internal LAN > > > These are my current firewall rules: > > blacksheep# ipfw list > 00100 allow ip from any to any via lo0 > 00200 deny log ip from any to 127.0.0.0/8 > 00300 deny log ip from 192.168.1.0/24 to any in recv ed1 > 00400 deny log ip from not 192.168.1.0/24 to any in recv ed0 > 00500 check-state > 00600 allow tcp from 192.168.1.0/24 > 21,22,25,80,143,389,443,993,5405,10001 to any established > 00700 allow tcp from any to 192.168.1.0/24 > 21,22,25,80,143,389,443,993,5405,10001 > 00800 allow tcp from 192.168.10.2 to any 21,22,8021 established > 00900 allow tcp from any to 192.168.10.2 21,22,8021 > 01000 allow icmp from any to any icmptype 3,4,11,12 > 01100 allow icmp from any to any out icmptype 8 > 01200 allow icmp from any to any in icmptype 0 > 01300 reset log tcp from any to any 113 > 01400 allow udp from 206.13.19.133 123 to 192.168.10.2 123 > 01500 allow udp from 165.227.1.1 123 to 192.168.10.2 123 > 01600 allow udp from 63.192.96.2 123 to 192.168.10.2 123 > 01700 allow udp from 63.192.96.3 123 to 192.168.10.2 123 > 01800 allow udp from 132.239.254.49 123 to 192.168.10.2 123 > 01900 allow udp from 192.168.10.1 to any > 02000 allow udp from any to 192.168.10.1 > 02100 allow ip from 192.168.10.2 to any keep-state out xmit ed1 > 02200 allow ip from 192.168.1.0/24 to any keep-state via ed0 > 65500 deny log ip from any to any > > An FTP client on the outside can establish as session and login through > the firewall but fails when the first data transfer (listing the remote > directory) begins. Here is a sample entry from my security log: > > May 9 09:56:57 blacksheep /kernel: ipfw: 65500 Deny TCP > 207.173.226.108:2191 192.168.1.4:49172 in via ed1 > > Any help would be appreciated. > > Thanks, > > Drew > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 20:13:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from dart.sr.se (dart.sr.se [134.25.0.132]) by hub.freebsd.org (Postfix) with ESMTP id 4469437B406 for ; Mon, 13 May 2002 20:13:35 -0700 (PDT) Received: from honken.sr.se (honken.sr.se [134.25.128.27]) by dart.sr.se (8.11.6/8.11.6) with ESMTP id g4E3DXN12281 for ; Tue, 14 May 2002 05:13:33 +0200 (CEST) (envelope-from gunnar@pluto.sr.se) Received: from pluto.sr.se (pluto.SR.SE [134.25.193.91]) by honken.sr.se (8.9.3/8.9.3) with ESMTP id FAA20777 for ; Tue, 14 May 2002 05:13:33 +0200 (CEST) (envelope-from gunnar@pluto.sr.se) Received: (from root@localhost) by pluto.sr.se (8.11.6/8.11.1) id g4E3DXe33965 for freebsd-security@freebsd.org; Tue, 14 May 2002 05:13:33 +0200 (CEST) (envelope-from gunnar) Received: (from gunnar@localhost) by pluto.sr.se (8.11.6/8.11.1av) id g4E3DUE33957 for freebsd-security@freebsd.org; Tue, 14 May 2002 05:13:30 +0200 (CEST) (envelope-from gunnar) Date: Tue, 14 May 2002 05:13:30 +0200 From: Gunnar Flygt To: freebsd-security@freebsd.org Subject: Secure installation of Apache on 4.5 Message-ID: <20020514051330.B33845@sr.se> Reply-To: Gunnar Flygt Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What would be an secure approach to running Apache with Java-Tomcat on a FreeBSD 4.5 (or higher) Should I install Apache the default port way, or? And the same for the java parts. -- __o regards, Gunnar ---_ \<,_ email: flygt@sr.se ---- (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 20:53:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id E0F9837B401 for ; Mon, 13 May 2002 20:53:19 -0700 (PDT) Received: from workstation (d2i-dialin-83.kl.terranova.net [216.89.230.83]) by imation.homenetweb.com (8.12.3/8.12.3) with SMTP id g4E3rGHi014029; Mon, 13 May 2002 23:53:17 -0400 (EDT) Message-ID: <001601c1fafa$dd437c40$53e659d8@workstation> From: "Richard Ward" To: "Gunnar Flygt" , References: <20020514051330.B33845@sr.se> Subject: Re: Secure installation of Apache on 4.5 Date: Mon, 13 May 2002 23:52:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd start by running Apache under a pseudo user in a chroot environment. As a good rule of thumb, chroot as many daemons as you can. -- Richard Ward, GM Home Net Web, Inc. ----- Original Message ----- From: "Gunnar Flygt" To: Sent: Monday, May 13, 2002 11:13 PM Subject: Secure installation of Apache on 4.5 > What would be an secure approach to running Apache with Java-Tomcat on a > FreeBSD 4.5 (or higher) > > Should I install Apache the default port way, or? And the same for the > java parts. > > -- > __o > regards, Gunnar ---_ \<,_ > email: flygt@sr.se ---- (_)/ (_) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 13 21: 0:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from dart.sr.se (dart.sr.se [134.25.0.132]) by hub.freebsd.org (Postfix) with ESMTP id BBD5237B409 for ; Mon, 13 May 2002 21:00:45 -0700 (PDT) Received: from honken.sr.se (honken.sr.se [134.25.128.27]) by dart.sr.se (8.11.6/8.11.6) with ESMTP id g4E40eN13045; Tue, 14 May 2002 06:00:40 +0200 (CEST) (envelope-from gunnar@pluto.sr.se) Received: from pluto.sr.se (pluto.SR.SE [134.25.193.91]) by honken.sr.se (8.9.3/8.9.3) with ESMTP id GAA22035; Tue, 14 May 2002 06:00:40 +0200 (CEST) (envelope-from gunnar@pluto.sr.se) Received: (from root@localhost) by pluto.sr.se (8.11.6/8.11.1) id g4E40eT34117; Tue, 14 May 2002 06:00:40 +0200 (CEST) (envelope-from gunnar) Received: (from gunnar@localhost) by pluto.sr.se (8.11.6/8.11.1av) id g4E40bv34109; Tue, 14 May 2002 06:00:37 +0200 (CEST) (envelope-from gunnar) Date: Tue, 14 May 2002 06:00:37 +0200 From: Gunnar Flygt To: Richard Ward Cc: freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 Message-ID: <20020514060037.D33845@sr.se> Reply-To: Gunnar Flygt References: <20020514051330.B33845@sr.se> <001601c1fafa$dd437c40$53e659d8@workstation> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001601c1fafa$dd437c40$53e659d8@workstation>; from mh@homenetweb.com on Mon, May 13, 2002 at 11:52:54PM -0400 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 13, 2002 at 11:52:54PM -0400, Richard Ward wrote: > I'd start by running Apache under a pseudo user in a chroot environment. As > a good rule of thumb, chroot as many daemons as you can. Yes that seems to be a good start, but is there any reason NOT to install the binaries in the (by the ports) default directories? > > -- > Richard Ward, GM > Home Net Web, Inc. > > > ----- Original Message ----- > From: "Gunnar Flygt" > To: > Sent: Monday, May 13, 2002 11:13 PM > Subject: Secure installation of Apache on 4.5 > > > > What would be an secure approach to running Apache with Java-Tomcat on a > > FreeBSD 4.5 (or higher) > > > > Should I install Apache the default port way, or? And the same for the > > java parts. > > > > -- > > __o > > regards, Gunnar ---_ \<,_ > > email: flygt@sr.se ---- (_)/ (_) > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- __o regards, Gunnar ---_ \<,_ email: flygt@sr.se ---- (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 0:36:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by hub.freebsd.org (Postfix) with ESMTP id 98A9237B404 for ; Tue, 14 May 2002 00:36:38 -0700 (PDT) Received: (qmail 13437 invoked from network); 14 May 2002 07:45:32 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 14 May 2002 07:45:32 -0000 Message-ID: <3CE0BCE8.D6B258F3@liwing.de> Date: Tue, 14 May 2002 09:29:44 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gunnar Flygt Cc: freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 References: <20020514051330.B33845@sr.se> Content-Type: multipart/mixed; boundary="------------00EC553232E3C84D231364F4" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------00EC553232E3C84D231364F4 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Gunnar Flygt wrote: > > What would be an secure approach to running Apache with Java-Tomcat on a > FreeBSD 4.5 (or higher) > > Should I install Apache the default port way, or? And the same for the > java parts. I choose patch the makefile and the apache.sh start script (as attached). It's not a chroot-env, but without s-bits and a listening port higher 1024 - what can a user without a shell and a home-dir do? Delete it's owned files? 'tar xf backup'. With Tomcat I do not have any expirience, sorry. Jens Rehsack > -- > __o > regards, Gunnar ---_ \<,_ > email: flygt@sr.se ---- (_)/ (_) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstraße 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ --------------00EC553232E3C84D231364F4 Content-Type: application/x-sh; name="apache.sh" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="apache.sh" #!/bin/sh case "$1" in start) touch /var/log/httpd-access.log chmod 600 /var/log/httpd-access.log chown www:www /var/log/httpd-access.log touch /var/log/httpd-script.log chmod 600 /var/log/httpd-script.log chown www:www /var/log/httpd-script.log touch /var/log/httpd-error.log chmod 600 /var/log/httpd-error.log chown www:www /var/log/httpd-error.log touch /var/run/httpd.pid chmod 600 /var/run/httpd.pid chown www:www /var/run/httpd.pid [ -x /usr/local/sbin/apachectl ] && { su -m www -c \ '/usr/local/sbin/apachectl start > /dev/null' echo -n ' apache' } ;; stop) [ -r /var/run/httpd.pid ] && /usr/local/sbin/apachectl stop > /dev/null && echo -n ' apache' ;; *) echo "Usage: `basename $0` {start|stop}" >&2 ;; esac exit 0 --------------00EC553232E3C84D231364F4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 1:34:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail2.zrz.tu-berlin.de (mail2.zrz.TU-Berlin.DE [130.149.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 5B02137B407 for ; Tue, 14 May 2002 01:34:36 -0700 (PDT) Received: from p-164-213.zrz.tu-berlin.de ([130.149.164.213] helo=math.tu-berlin.de) by mail2.zrz.tu-berlin.de with esmtp (exim-3.36) id 177XlT-0005kD-00; Tue, 14 May 2002 10:34:35 +0200 Received: from localhost (petros@localhost) by math.tu-berlin.de (8.9.3/8.9.3) with ESMTP id KAA07370; Tue, 14 May 2002 10:35:04 +0200 (CEST) (envelope-from peter.ross@alumni.tu-berlin.de) X-Authentication-Warning: sorchen.zrz.tu-berlin.de: petros owned process doing -bs Date: Tue, 14 May 2002 10:35:04 +0200 (CEST) From: Peter Ross X-Sender: petros@sorchen.zrz.tu-berlin.de To: Jens Rehsack Cc: Gunnar Flygt , freebsd-security@freebsd.org Subject: Re: Secure installation of Apache on 4.5 In-Reply-To: <3CE0BCE8.D6B258F3@liwing.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Tue, 14 May 2002, Jens Rehsack wrote: > Gunnar Flygt wrote: > > > > What would be an secure approach to running Apache with Java-Tomcat on a > > FreeBSD 4.5 (or higher) > .. > > With Tomcat I do not have any expirience, sorry. I installed tomcat 3.x by using the binary from jakarte.apache.org. Unfortunetely there is no reasonable separation between configuration files and runtime files needing writeable access (created when tomcat starts). $TOMCATHOME/conf resides in /var (writeable and noexec), configuration files are linked to $TOMCATHOME/etc (in /usr), webapps to /home/tomcat.. It isn't a masterpiece but it works. I didn't try tomcat 4.x. Hope for progress;) Peter Ross To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 7:50:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id 8302A37B409 for ; Tue, 14 May 2002 07:50:17 -0700 (PDT) Received: (qmail 271 invoked from network); 14 May 2002 14:51:15 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 14 May 2002 14:51:15 -0000 Message-ID: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: Subject: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 10:52:12 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Guys! I have FreeBSD 4.5 RELEASE as Firewall with two NICs: xl0 - external interface xl1 - internal interface ipfw and natd + port_redirect works just fine! My problem is that when someone from the internal network is trying to hit external_IP:redirected_port, the redirection is not working for him - connection refused. It works only for host from outside (Internet). For simplicity lets assume that the firewall type is *open*. What rules to ipfw or natd I need in order to permit the port redirection to works for the internal hosts, also? I RTFM, I search the archives but I didn't found a clear answer to that situation. This is common problem to the corporate servers behind firewalls_with_natd_and_redirected_port and probably deserve to be into FreeBSD handbook - otherwise, good documentation! There is some security concerns *is port_redirection a good idea at all*, but that's it I need this working - don't ask why ;-) Thanks in advance! --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 8: 0:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 2CD3037B406 for ; Tue, 14 May 2002 08:00:34 -0700 (PDT) Received: (qmail 68626 invoked from network); 14 May 2002 15:00:32 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 14 May 2002 15:00:32 -0000 Message-ID: <3CE12690.1060102@tenebras.com> Date: Tue, 14 May 2002 08:00:32 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc1) Gecko/20020427 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Miroslav Pendev wrote: > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > For simplicity lets assume that the firewall type is *open*. I find it simpler not to make assumptions -- perhaps you'd like to explicitly state: the fw rule set, your natd settings, what port a process in listening on at the target machine, and whether the target machine has a default route that goes through your nat box. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 8: 5: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id 77C2137B400 for ; Tue, 14 May 2002 08:04:57 -0700 (PDT) Received: (qmail 362 invoked from network); 14 May 2002 15:05:55 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 14 May 2002 15:05:55 -0000 Message-ID: <032101c1fb58$fc090d30$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Vladimir Terziev" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <20020514175742.2acc6f7a.vlady@rila.bg> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 11:06:46 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Redirection is made by ipfw or by natd? > > > On Tue, 14 May 2002 10:52:12 -0400 > "Miroslav Pendev" wrote: > > > Hi Guys! > > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > > xl0 - external interface > > xl1 - internal interface > > > > ipfw and natd + port_redirect works just fine! > > > > My problem is that when someone from the internal network > > is trying to hit external_IP:redirected_port, the redirection > > is not working for him - connection refused. > > It works only for host from outside (Internet). > > > > For simplicity lets assume that the firewall type is *open*. > > > > What rules to ipfw or natd I need in order to permit > > the port redirection to works for the internal hosts, also? > > > > I RTFM, I search the archives but I didn't found a clear > > answer to that situation. > > > > This is common problem to the corporate servers behind > > firewalls_with_natd_and_redirected_port and probably deserve > > to be into FreeBSD handbook - otherwise, good documentation! > > > > There is some security concerns *is port_redirection a good idea > > at all*, but that's it I need this working - don't ask why ;-) > > > > Thanks in advance! > > > > --Miro > > By natd in rc.conf : natd_flags="-redirect_port tcp 192.168.1.100:21 21" --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 9:44:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id 054A137B406 for ; Tue, 14 May 2002 09:44:29 -0700 (PDT) Received: (qmail 238 invoked from network); 14 May 2002 16:45:27 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 14 May 2002 16:45:27 -0000 Message-ID: <037d01c1fb66$e405dcf0$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Michael Sierchio" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <3CE12690.1060102@tenebras.com> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 11:16:31 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Miroslav Pendev wrote: > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > For simplicity lets assume that the firewall type is *open*. > > I find it simpler not to make assumptions -- perhaps you'd like > to explicitly state: the fw rule set, your natd settings, > what port a process in listening on at the target machine, > and whether the target machine has a default route that goes > through your nat box. > OK, the firewall type IS *open* in rc.conf I have this: ======================= #ftp server natd_flags="-redirect_port tcp 192.168.1.100:21 21" #apache server natd_flags="-redirect_port tcp 192.168.1.100:80 9090" 192.168.1.21 - default gateway (FreeBSD Firewall NAT - internal interface xl1) In the internal network: ======================== 192.168.1.100:21 - ftp server 192.168.1.100:80 - apache web server 192.168.1.90 - host in the internal network trying to reach the external interface of the firewall on port 9090 or 21 (192.168.1.21- default gateway) --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 10:58:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from exodus.ait.co.za (exodus.ait.co.za [66.8.26.2]) by hub.freebsd.org (Postfix) with SMTP id 1B62537B405 for ; Tue, 14 May 2002 10:58:12 -0700 (PDT) Received: from aragon [66.8.86.210] by exodus.ait.co.za (SMTPD32-4.06) id AE6A1560112; Tue, 14 May 2002 19:56:42 0200 Message-ID: <005501c1fb70$bb32ebb0$01000001@aragon> From: "Aragon Gouveia" To: "Miroslav Pendev" , References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 19:56:52 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Howdy, Have you tried an ipfw fwd rule? Regards, Aragon ----- Original Message ----- From: "Miroslav Pendev" To: Sent: Tuesday, May 14, 2002 4:52 PM Subject: ipfw + nat + port_redirect - works, but not for the internal net > Hi Guys! > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > xl0 - external interface > xl1 - internal interface > > ipfw and natd + port_redirect works just fine! > > My problem is that when someone from the internal network > is trying to hit external_IP:redirected_port, the redirection > is not working for him - connection refused. > It works only for host from outside (Internet). > > For simplicity lets assume that the firewall type is *open*. > > What rules to ipfw or natd I need in order to permit > the port redirection to works for the internal hosts, also? > > I RTFM, I search the archives but I didn't found a clear > answer to that situation. > > This is common problem to the corporate servers behind > firewalls_with_natd_and_redirected_port and probably deserve > to be into FreeBSD handbook - otherwise, good documentation! > > There is some security concerns *is port_redirection a good idea > at all*, but that's it I need this working - don't ask why ;-) > > Thanks in advance! > > --Miro > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 11:25:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id 9F29637B403 for ; Tue, 14 May 2002 11:25:35 -0700 (PDT) Received: (qmail 573 invoked from network); 14 May 2002 18:26:34 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 14 May 2002 18:26:34 -0000 Message-ID: <042e01c1fb75$048699c0$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Aragon Gouveia" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <005501c1fb70$bb32ebb0$01000001@aragon> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 14:27:33 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I recompiled the kernel with options IPFIREWALL_FORWARD I even I made some tests but with no success with the following in rc.firewall (24.24.24.24 is not my real ext. IP): ${fwcmd} add fwd 24.24.24.24,9090 tcp from any to 192.168.1.100 80 in It seems to be what I need but... I have one stupid Linksys Cable&DSL router with NAT and from the internal network I can access redirected port on the external interface to internal host: this is what I need to do, but with FreeBSD firewall. So it seems that this is not a big problem, I just do not know how to get it work. --Miro > Howdy, > > Have you tried an ipfw fwd rule? > > > Regards, > Aragon > > ----- Original Message ----- > From: "Miroslav Pendev" > > To: > Sent: Tuesday, May 14, 2002 4:52 PM > Subject: ipfw + nat + port_redirect - works, but not for the internal net > > > > Hi Guys! > > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > > xl0 - external interface > > xl1 - internal interface > > > > ipfw and natd + port_redirect works just fine! > > > > My problem is that when someone from the internal network > > is trying to hit external_IP:redirected_port, the redirection > > is not working for him - connection refused. > > It works only for host from outside (Internet). > > > > For simplicity lets assume that the firewall type is *open*. > > > > What rules to ipfw or natd I need in order to permit > > the port redirection to works for the internal hosts, also? > > > > I RTFM, I search the archives but I didn't found a clear > > answer to that situation. > > > > This is common problem to the corporate servers behind > > firewalls_with_natd_and_redirected_port and probably deserve > > to be into FreeBSD handbook - otherwise, good documentation! > > > > There is some security concerns *is port_redirection a good idea > > at all*, but that's it I need this working - don't ask why ;-) > > > > Thanks in advance! > > > > --Miro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 12: 3:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from exodus.ait.co.za (exodus.ait.co.za [66.8.26.2]) by hub.freebsd.org (Postfix) with SMTP id BE38037B403 for ; Tue, 14 May 2002 12:03:28 -0700 (PDT) Received: from aragon [66.8.86.210] by exodus.ait.co.za (SMTPD32-4.06) id ADBF19320144; Tue, 14 May 2002 21:02:07 0200 Message-ID: <001101c1fb79$de1aafb0$01000001@aragon> From: "Aragon Gouveia" To: "Miroslav Pendev" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <005501c1fb70$bb32ebb0$01000001@aragon> <042e01c1fb75$048699c0$c801a8c0@vsivyoung> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 21:02:16 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Personally, what I'd do is simply connect directly to 192.168.1.100 instead of trying to go via your freebsd gateway. If I really really needed to go via the freebsd gateway and I couldn't get ipfw fwd working, I guess I'd try running datapipe. It's available from ports, but bare in mind it's not very stable. If you can find a program called sockpipe, it's much stabler than datapipe, but can't bind to a specific IP like datapipe can. Regards, Aragon ----- Original Message ----- From: "Miroslav Pendev" To: "Aragon Gouveia" Cc: Sent: Tuesday, May 14, 2002 8:27 PM Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net > Yes, I recompiled the kernel with options IPFIREWALL_FORWARD > I even I made some tests but with no success with the following > in rc.firewall (24.24.24.24 is not my real ext. IP): > > ${fwcmd} add fwd 24.24.24.24,9090 tcp from any to 192.168.1.100 80 in > > It seems to be what I need but... > > I have one stupid Linksys Cable&DSL router with NAT > and from the internal network I can access redirected port > on the external interface to internal host: > this is what I need to do, but with FreeBSD firewall. > > So it seems that this is not a big problem, I just > do not know how to get it work. > > --Miro > > > > Howdy, > > > > Have you tried an ipfw fwd rule? > > > > > > Regards, > > Aragon > > > > ----- Original Message ----- > > From: "Miroslav Pendev" > > > > To: > > Sent: Tuesday, May 14, 2002 4:52 PM > > Subject: ipfw + nat + port_redirect - works, but not for the internal net > > > > > > > Hi Guys! > > > > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > > > > xl0 - external interface > > > xl1 - internal interface > > > > > > ipfw and natd + port_redirect works just fine! > > > > > > My problem is that when someone from the internal network > > > is trying to hit external_IP:redirected_port, the redirection > > > is not working for him - connection refused. > > > It works only for host from outside (Internet). > > > > > > For simplicity lets assume that the firewall type is *open*. > > > > > > What rules to ipfw or natd I need in order to permit > > > the port redirection to works for the internal hosts, also? > > > > > > I RTFM, I search the archives but I didn't found a clear > > > answer to that situation. > > > > > > This is common problem to the corporate servers behind > > > firewalls_with_natd_and_redirected_port and probably deserve > > > to be into FreeBSD handbook - otherwise, good documentation! > > > > > > There is some security concerns *is port_redirection a good idea > > > at all*, but that's it I need this working - don't ask why ;-) > > > > > > Thanks in advance! > > > > > > --Miro > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 12:25:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id D781537B47D for ; Tue, 14 May 2002 12:24:52 -0700 (PDT) Received: (qmail 876 invoked from network); 14 May 2002 19:25:51 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 14 May 2002 19:25:51 -0000 Message-ID: <046401c1fb7d$4d0f32d0$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Aragon Gouveia" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <005501c1fb70$bb32ebb0$01000001@aragon> <042e01c1fb75$048699c0$c801a8c0@vsivyoung> <001101c1fb79$de1aafb0$01000001@aragon> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Tue, 14 May 2002 15:26:49 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Aragon, thanks for the info I will take a look at data(and sock)pipe. > Personally, what I'd do is simply connect directly to 192.168.1.100 instead > of trying to go via your freebsd gateway. Yes, the direct access to 192.168.1.100:80 is Ok! But here is what I have: Web server in *Internet* is serving web pages with some forms and then the data is sent to the internal (behind the firewall) apache + php server. Everithing work just perfect for the clients (hosts from internet) but it doesnt work for the people in the internal network. I do not want to make a miror site only because I dont know (for now) how to get this working. Thanks anyway! --Miro > > If I really really needed to go via the freebsd gateway and I couldn't get > ipfw fwd working, I guess I'd try running datapipe. It's available from > ports, but bare in mind it's not very stable. If you can find a program > called sockpipe, it's much stabler than datapipe, but can't bind to a > specific IP like datapipe can. > > > Regards, > Aragon > > > ----- Original Message ----- > From: "Miroslav Pendev" > > To: "Aragon Gouveia" > Cc: > Sent: Tuesday, May 14, 2002 8:27 PM > Subject: Re: ipfw + nat + port_redirect - works, but not for the internal > net > > > > Yes, I recompiled the kernel with options IPFIREWALL_FORWARD > > I even I made some tests but with no success with the following > > in rc.firewall (24.24.24.24 is not my real ext. IP): > > > > ${fwcmd} add fwd 24.24.24.24,9090 tcp from any to 192.168.1.100 80 in > > > > It seems to be what I need but... > > > > I have one stupid Linksys Cable&DSL router with NAT > > and from the internal network I can access redirected port > > on the external interface to internal host: > > this is what I need to do, but with FreeBSD firewall. > > > > So it seems that this is not a big problem, I just > > do not know how to get it work. > > > > --Miro > > > > > > > Howdy, > > > > > > Have you tried an ipfw fwd rule? > > > > > > > > > Regards, > > > Aragon > > > > > > ----- Original Message ----- > > > From: "Miroslav Pendev" > > > > > > To: > > > Sent: Tuesday, May 14, 2002 4:52 PM > > > Subject: ipfw + nat + port_redirect - works, but not for the internal > net > > > > > > > > > > Hi Guys! > > > > > > > > I have FreeBSD 4.5 RELEASE as Firewall with two NICs: > > > > > > > > xl0 - external interface > > > > xl1 - internal interface > > > > > > > > ipfw and natd + port_redirect works just fine! > > > > > > > > My problem is that when someone from the internal network > > > > is trying to hit external_IP:redirected_port, the redirection > > > > is not working for him - connection refused. > > > > It works only for host from outside (Internet). > > > > > > > > For simplicity lets assume that the firewall type is *open*. > > > > > > > > What rules to ipfw or natd I need in order to permit > > > > the port redirection to works for the internal hosts, also? > > > > > > > > I RTFM, I search the archives but I didn't found a clear > > > > answer to that situation. > > > > > > > > This is common problem to the corporate servers behind > > > > firewalls_with_natd_and_redirected_port and probably deserve > > > > to be into FreeBSD handbook - otherwise, good documentation! > > > > > > > > There is some security concerns *is port_redirection a good idea > > > > at all*, but that's it I need this working - don't ask why ;-) > > > > > > > > Thanks in advance! > > > > > > > > --Miro > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 12:44:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from infinitive.futureperfectcorporation.com (infinitive.futureperfectcorporation.com [196.25.137.68]) by hub.freebsd.org (Postfix) with SMTP id F28F937B406 for ; Tue, 14 May 2002 12:43:58 -0700 (PDT) Received: (qmail 61628 invoked by uid 0); 14 May 2002 19:43:06 -0000 Received: from unknown (HELO gerund.futureperfectcorporation.com) (196.25.137.65) by infinitive.futureperfectcorporation.com with DES-CBC3-SHA encrypted SMTP; 14 May 2002 19:43:06 -0000 Received: (qmail 89358 invoked by uid 1001); 14 May 2002 19:43:12 -0000 Date: Tue, 14 May 2002 21:43:11 +0200 From: Neil Blakey-Milner To: Miroslav Pendev Cc: Aragon Gouveia , freebsd-security@freebsd.org Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Message-ID: <20020514194311.GA89260@mithrandr.moria.org> References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <005501c1fb70$bb32ebb0$01000001@aragon> <042e01c1fb75$048699c0$c801a8c0@vsivyoung> <001101c1fb79$de1aafb0$01000001@aragon> <046401c1fb7d$4d0f32d0$c801a8c0@vsivyoung> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <046401c1fb7d$4d0f32d0$c801a8c0@vsivyoung> User-Agent: Mutt/1.3.27i Organization: iTouch Labs X-Operating-System: FreeBSD 4.3-RELEASE i386 X-URL: http://mithrandr.moria.org/nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue 2002-05-14 (15:26), Miroslav Pendev wrote: > Hi Aragon, thanks for the info > I will take a look at data(and sock)pipe. > > > Personally, what I'd do is simply connect directly to 192.168.1.100 instead > > of trying to go via your freebsd gateway. > > Yes, the direct access to 192.168.1.100:80 is Ok! > But here is what I have: > > Web server in *Internet* is serving web pages with some forms and then > the data is sent to the internal (behind the firewall) > apache + php server. > Everithing work just perfect for the clients > (hosts from internet) but it doesnt work for the people > in the internal network. I do not want to make a miror > site only because I dont know (for now) how to get this > working. > > Thanks anyway! Basically, I think you just need to make sure you NAT the traffic arriving on the internal interface. For example, if you have: add 7000 divert natd ip from any to any via ${extif} You probably need: add 7000 divert natd ip from any to any via ${extif} add 7005 divert natd ip from any to any via ${intif} I could be entirely wrong, but this works for me in about 12 installations. Just make sure you're using 'unregistered_only', or some things get a bit confusing - "double NAT" causing all traffic to end up being from the alias address, not the specific redirect_address. Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 16:23:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 8B7F237B401 for ; Tue, 14 May 2002 16:23:35 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA14992; Mon, 13 May 2002 14:10:33 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020513140848.038cac50@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 13 May 2002 14:10:29 -0600 To: "Carroll, D. (Danny)" , From: Brett Glass Subject: RE: DHCPD bug In-Reply-To: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:18 AM 5/13/2002, Carroll, D. (Danny) wrote: >As a little aside, whilst reading the CERT advisory I noticed that >NetBSD is not vulernable because: "NetBSD fixed this during a format >string sweep performed on 11-Oct-2000. No released version of NetBSD is >vulnerable to this issue." I wonder if they notified ISC? It could be that their notice was missed or ignored, or that because they've forked their own version they didn't know whether the bugs were still present in ISC's original code. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 16:25:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 3AB1537B400 for ; Tue, 14 May 2002 16:25:00 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA29676 for ; Thu, 9 May 2002 18:00:19 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 09 May 2002 17:59:58 -0600 To: security@FreeBSD.ORG From: Brett Glass Subject: Patch/Announcement for DHCPD remote root hole? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are a patch and an announcement for the ISC DHCPD format string vulnerability/remote root hole imminent? See http://www.extremetech.com/article/0,3396,apn=2&s=1024&a=26709&ap=1,00.asp for info.... It is not at all hyperbolic to say that a worm which exploits this bug on a few key platforms could take down huge chunks of the Internet as well as many, many LANs attached to it. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 14 18:55:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15]) by hub.freebsd.org (Postfix) with ESMTP id 0DB9737B40B for ; Tue, 14 May 2002 18:55:09 -0700 (PDT) Received: from localhost (localhost [::1]) by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet6 id g4F1t0v45904; Wed, 15 May 2002 10:55:01 +0900 (JST) (envelope-from matusita@jp.FreeBSD.org) Cc: security@FreeBSD.org In-Reply-To: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> X-User-Agent: Mew/1.94.2 XEmacs/21.5 (bamboo) X-FaceAnim: (-O_O-)(O_O- )(_O- )(O- )(- -)( -O)( -O_)( -O_O)(-O_O-) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Dispatcher: imput version 20000228(IM140) Lines: 18 From: Makoto Matsushita To: brett@lariat.org Subject: Re: Patch/Announcement for DHCPD remote root hole? Date: Wed, 15 May 2002 10:54:53 +0900 Message-Id: <20020515105453K.matusita@jp.FreeBSD.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org brett> Are a patch and an announcement for the ISC DHCPD format string brett> vulnerability/remote root hole imminent? From FreeBSD-SN-02:02: > Port name: isc-dhcp3 > Affected: versions < dhcp-3.0.1.r8_1 > Status: Fixed > Format string vulnerability when logging DNS-update request transactions. > > Is it what you want? ports/net/isc-dhcp3 is already fixed, updating to dhcp-3.0.1.r9. -- - Makoto `MAR' Matsushita To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 0: 1: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail1.ing.nl (mail1.ing.nl [145.221.93.2]) by hub.freebsd.org (Postfix) with ESMTP id 6D35D37B409 for ; Wed, 15 May 2002 00:00:54 -0700 (PDT) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: ipfw + nat + port_redirect - works, but not for the internal net Date: Wed, 15 May 2002 08:59:35 +0200 Message-ID: <6C506EA550443D44A061432F1E92EA4C6C516B@citsnl045.europe.intranet> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ipfw + nat + port_redirect - works, but not for the internal net Thread-Index: AcH7fTzh+y6gh6cKS+Wo+UTVa1t12wAYHFtg From: "Carroll, D. (Danny)" To: "Miroslav Pendev" , "Aragon Gouveia" Importance: normal Cc: X-OriginalArrivalTime: 15 May 2002 06:59:35.0911 (UTC) FILETIME=[12C22770:01C1FBDE] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :Yes, the direct access to 192.168.1.100:80 is Ok! :But here is what I have: : :Web server in *Internet* is serving web pages with some forms and then :the data is sent to the internal (behind the firewall)=20 :apache + php server. :Everithing work just perfect for the clients=20 :(hosts from internet) but it doesnt work for the people :in the internal network. I do not want to make a miror :site only because I dont know (for now) how to get this :working. If the external website is getting the internal client to post a form, could you not alter your internal DNS server (if you have one) The ports are different but is there anything stopping you from running the internal site on port 9090, just like the external. Of course it assumes you have an internal address and can change the port but if you can't get the NAT / IPFW stuff to work it might be something to try. -D -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 7:17:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com (CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com [24.103.39.131]) by hub.freebsd.org (Postfix) with SMTP id 839E237B405 for ; Wed, 15 May 2002 07:17:07 -0700 (PDT) Received: (qmail 1728 invoked from network); 15 May 2002 14:18:06 -0000 Received: from unknown (HELO vsivyoung) (66.46.21.253) by cpe0004761ac738-cm00109515bc65.cpe.net.cable.rogers.com with SMTP; 15 May 2002 14:18:06 -0000 Message-ID: <004701c1fc1b$7e4d3470$c801a8c0@vsivyoung> From: "Miroslav Pendev" To: "Neil Blakey-Milner" Cc: References: <030301c1fb56$ef9fefc0$c801a8c0@vsivyoung> <005501c1fb70$bb32ebb0$01000001@aragon> <042e01c1fb75$048699c0$c801a8c0@vsivyoung> <001101c1fb79$de1aafb0$01000001@aragon> <046401c1fb7d$4d0f32d0$c801a8c0@vsivyoung> <20020514194311.GA89260@mithrandr.moria.org> Subject: Re: ipfw + nat + port_redirect - works, but not for the internal net Date: Wed, 15 May 2002 10:19:14 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Tue 2002-05-14 (15:26), Miroslav Pendev wrote: > > Hi Aragon, thanks for the info > > I will take a look at data(and sock)pipe. > > > > > Personally, what I'd do is simply connect directly to 192.168.1.100 instead > > > of trying to go via your freebsd gateway. > > > > Yes, the direct access to 192.168.1.100:80 is Ok! > > But here is what I have: > > > > Web server in *Internet* is serving web pages with some forms and then > > the data is sent to the internal (behind the firewall) > > apache + php server. > > Everithing work just perfect for the clients > > (hosts from internet) but it doesnt work for the people > > in the internal network. I do not want to make a miror > > site only because I dont know (for now) how to get this > > working. > > > > Thanks anyway! > > Basically, I think you just need to make sure you NAT the traffic > arriving on the internal interface. > > For example, if you have: > > add 7000 divert natd ip from any to any via ${extif} > > You probably need: > > add 7000 divert natd ip from any to any via ${extif} > add 7005 divert natd ip from any to any via ${intif} > > I could be entirely wrong, but this works for me in about 12 > installations. > > Just make sure you're using 'unregistered_only', or some things get a > bit confusing - "double NAT" causing all traffic to end up being from > the alias address, not the specific redirect_address. > Hi Guys! That did it!!! It works. I dont know if this is the *right way* for that problem but it works! Thanks to all of you guys for the advices that I did (or didn't;) try! For the people looking for the answer of the same problem in the mail archives - here is what I have in rc.firewall (in my firewall type): # this is the default entry for NAT to work ${fwcmd} add divert natd all from any to any via ${natd_interface} # the new row for the internal hosts - thanks Neil ${fwcmd} add divert natd ip from any to any via ${iif} ------------- I was able to redirect two ports: 21 -> 21 and 9090 -> 80 The redirection works for both ftp and http, Vladimir, thanks for your advice, anyway! There is some other ways to get *this* working but I do not have the time to try now! May be this weekend ;-) who knows... If some IPFW - NAT guru is reading this: I will appreciate his opinion! So far I do not know better way... Can we put the answer of this into FreeBSD Handbook - or at least into FAQs? Thanks, one more time, for your time guys! Neil!, Vladimir, Carroll, Aragon, Michael (did I forgot somebody;)! --Miro "That's all folks!..." Have a nice IP Firewall-ing... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 9:38:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 979A137B400 for ; Wed, 15 May 2002 09:38:25 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA16926; Wed, 15 May 2002 10:37:57 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 10:37:49 -0600 To: Makoto Matsushita From: Brett Glass Subject: Re: Patch/Announcement for DHCPD remote root hole? Cc: security@FreeBSD.org In-Reply-To: <20020515105453K.matusita@jp.FreeBSD.org> References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think you misunderstood my message. Yes, the port is updated, but the package is not. In fact, if you use /stand/sysinstall to list the packages for 4.5-RELEASE on ftp.freebsd.org, you see an entry for isc-dhcp3-3.0.1.r4, which is quite old. This is a major security problem. Users who install FreeBSD (either over the Net or from a CD-ROM) and use /stand/sysinstall to bring in the package (which the program encourages them to do!), will instantly make their systems vulnerable. Whenever a port is updated due to a security problem, the package on the FTP server and mirrors should be rebuilt at the same time. Otherwise, every new install -- even over the Net! -- is likely to be vulnerable. This is not good for users, for the Net, or for FreeBSD's reputation. --Brett At 07:54 PM 5/14/2002, Makoto Matsushita wrote: >brett> Are a patch and an announcement for the ISC DHCPD format string >brett> vulnerability/remote root hole imminent? > >>From FreeBSD-SN-02:02: > >> Port name: isc-dhcp3 >> Affected: versions < dhcp-3.0.1.r8_1 >> Status: Fixed >> Format string vulnerability when logging DNS-update request transactions. >> >> > >Is it what you want? ports/net/isc-dhcp3 is already fixed, updating >to dhcp-3.0.1.r9. > >-- - >Makoto `MAR' Matsushita To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 9:46: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 8FA1937B40A for ; Wed, 15 May 2002 09:45:57 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 1929D47; Wed, 15 May 2002 11:45:57 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4FGjupd033477; Wed, 15 May 2002 11:45:56 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4FGjtBk033476; Wed, 15 May 2002 11:45:55 -0500 (CDT) Date: Wed, 15 May 2002 11:45:55 -0500 From: "Jacques A. Vidrine" To: Brett Glass Cc: Makoto Matsushita , security@FreeBSD.org Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020515164555.GA33357@madman.nectar.cc> References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 15, 2002 at 10:37:49AM -0600, Brett Glass wrote: > I think you misunderstood my message. Yes, the port is updated, > but the package is not. In fact, if you use /stand/sysinstall > to list the packages for 4.5-RELEASE on ftp.freebsd.org, you > see an entry for isc-dhcp3-3.0.1.r4, which is quite old. > > This is a major security problem. Users who install FreeBSD > (either over the Net or from a CD-ROM) and use /stand/sysinstall > to bring in the package (which the program encourages them to do!), > will instantly make their systems vulnerable. Whenever a port is > updated due to a security problem, the package on the FTP server > and mirrors should be rebuilt at the same time. Otherwise, every > new install -- even over the Net! -- is likely to be vulnerable. > This is not good for users, for the Net, or for FreeBSD's > reputation. Careless system administrators / consultants are an even bigger security problem. If you install 4.5-RELEASE, you get packages that were generated for 4.5-RELEASE. Surprise. Updated packages are here: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-4.5-stable/All/ isc-dhcp3-3.0.1.r8_1.tgz This URL is listed as part of the Security Notice. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 10: 3:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125]) by hub.freebsd.org (Postfix) with ESMTP id ABF4037B401 for ; Wed, 15 May 2002 10:03:30 -0700 (PDT) Received: from switchblade.cyberpunkz.org (rob@localhost [127.0.0.1]) by switchblade.cyberpunkz.org (8.12.3/8.12.3) with ESMTP id g4FH3Oid002742; Wed, 15 May 2002 12:03:29 -0500 (CDT) (envelope-from rob@switchblade.cyberpunkz.org) Posted-Date: Wed, 15 May 2002 12:03:29 -0500 (CDT) Received: (from rob@localhost) by switchblade.cyberpunkz.org (8.12.3/8.12.3/Submit) id g4FH3OXr002741; Wed, 15 May 2002 12:03:24 -0500 (CDT)?g (envelope-from rob) Date: Wed, 15 May 2002 12:03:24 -0500 From: Rob Andrews To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020515120324.E69211@switchblade.cyberpunkz.org> References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5mCyUwZo2JvN/JJP" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org>; from brett@lariat.org on Wed, May 15, 2002 at 10:37:49AM -0600 Organization: Cyberpunk Alliance Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =2E- - - - - - Brett Glass wrote (2002/05/15 at 11:38:51 AM) - - - - - - | |> I think you misunderstood my message. Yes, the port is updated, |> but the package is not. In fact, if you use /stand/sysinstall |> to list the packages for 4.5-RELEASE on ftp.freebsd.org, you |> see an entry for isc-dhcp3-3.0.1.r4, which is quite old. Why is it that you complain about these same issues over and over and get answers but seem to ignore them.. A user that installs a fresh system should always take the time to update a system to the current cvs branch with the latest updates for either -stable or -release. When you have a "release" version on CD you can't pull all those cd's back in, make the changes and send them back out to the stores now can you? Same logic applies to an ftp install of the released version of FreeBSD. It is what was released and was known stable at the time for the release. Updating that software before putting it to use, since there is an availability to do so, is not only a logical thing but its also common practice. (even Microsoft uses windowsupdate for this purpose.. go figure..) Packages imho should be avoided when possible. This is why we have cvsup and the ports collection. If people take the time to read the documentation as well as use countless other resources available to them before or after installing the operating system then they have a firm understanding of what needs to be done to take care of their system and how to prevent troubles in the first place. =20 [ snip ] Yes and those same packages are what they dump onto the cd's when they release the cd sets to the general public. Read above. cvsup and use ports.. same argument different week.. -r --5mCyUwZo2JvN/JJP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE84pTbAXwJ9YLqJJURArkMAJ9Sq6FnPJAODW1RZgdVSC8LXdIPigCcDOXS gElupdV0egnLq8ldCOVo8Wc= =9rbq -----END PGP SIGNATURE----- --5mCyUwZo2JvN/JJP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 12:25:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 2249937B406; Wed, 15 May 2002 12:25:44 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA19210; Wed, 15 May 2002 13:25:37 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 13:25:33 -0600 To: "Jacques A. Vidrine" From: Brett Glass Subject: Re: Patch/Announcement for DHCPD remote root hole? Cc: Makoto Matsushita , security@FreeBSD.org In-Reply-To: <20020515164555.GA33357@madman.nectar.cc> References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:45 AM 5/15/2002, Jacques A. Vidrine wrote: >Careless system administrators / consultants are an even bigger >security problem. You're not careless if you expect the package to reflect the latest version of the port. You're expecting something perfectly reasonable. >If you install 4.5-RELEASE, you get packages that were generated for >4.5-RELEASE. Surprise. Why? The packages, like the ports, are software that is not part of FreeBSD. It makes sense to provide the latest versions of those packages to anyone who's downloading. I seem to recall that there's some way to tell /stand/sysinstall to grab packages from -STABLE. But new users won't know that. (*I* don't even remember what magic incantation you have to type in.) Best to have the latest version of every package be the default, and to make sure that the packages are kept up with the ports. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 12:36:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 4906D37B408 for ; Wed, 15 May 2002 12:36:04 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA19333; Wed, 15 May 2002 13:35:40 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 13:35:35 -0600 To: Rob Andrews From: Brett Glass Subject: Re: Patch/Announcement for DHCPD remote root hole? Cc: security@FreeBSD.ORG In-Reply-To: <20020515120324.E69211@switchblade.cyberpunkz.org> References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:03 AM 5/15/2002, Rob Andrews wrote: >Why is it that you complain about these same issues over and over >and get answers but seem to ignore them.. Not so. > A user that installs >a fresh system should always take the time to update a system >to the current cvs branch with the latest updates for either -stable >or -release. CVSup is a programmer's tool, not an administrator's tool. And it is certainly not a tool for newcomers. It makes the learning curve far too steep -- especially if the person doing the install is just learning UNIX. Use of CVSup should not be necessary to do a secure install of the system. Also, as I mentioned in an earlier message, there is absolutely no reason to supply buggy, dangerously insecure versions of packages by default. All we're doing is hurting users. >When you have a "release" version on CD you can't pull all those >cd's back in, make the changes and send them back out to the stores >now can you? No, but you can make it easy to update. In fact, there's good reason for /stand/sysinstall to take users out onto the Net and help them secure the system. Antivirus programs, which are also sold in CD form, do this. The vendor knows that the day after the CD is pressed (maybe even BEFORE the CD is pressed; it takes time to make a master), there's a new update. So, the first thing the program does is try to update itself via the Net. >Same logic applies to an ftp install of the released >version of FreeBSD. There's almost no reason -- ever! -- to do an FTP install of -RELEASE rather than -RELEASE-pN if patches exist. The FreeBSD Web site should steer those who are interested in installing via FTP to the latest patched release by default. Only if they *specifically ask for* the unpatched release should they get it. Otherwise, again, we are doing them a disservice and tarnishing FreeBSD's reputation. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 12:37:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 2FD1237B437 for ; Wed, 15 May 2002 12:37:42 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id AF2972C; Wed, 15 May 2002 14:37:41 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4FJbfpd032371; Wed, 15 May 2002 14:37:41 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4FJbfe8032370; Wed, 15 May 2002 14:37:41 -0500 (CDT) Date: Wed, 15 May 2002 14:37:41 -0500 From: "Jacques A. Vidrine" To: Brett Glass Cc: security@FreeBSD.org Subject: [Brett Glass] Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020515193741.GA32329@madman.nectar.cc> References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [As a courtesy to fellow freebsd-security mailing list readers, I have tagged this thread with `[Brett Glass]' in the subject line for easy identification and application of the Delete key. I will also follow this convention in the future should I continue to be so foolish as to follow up to Brett's postings.] On Wed, May 15, 2002 at 01:25:33PM -0600, Brett Glass wrote: > I seem to recall that there's some way to tell /stand/sysinstall to > grab packages from -STABLE. But new users won't know that. (*I* don't > even remember what magic incantation you have to type in.) Then why don't you do something useful, determine exactly what the incantation is, and work with a doc committer to get sysinstall updated? -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 12:50:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from user205.net239.fl.sprint-hsd.net (user205.net239.fl.sprint-hsd.net [209.26.20.205]) by hub.freebsd.org (Postfix) with SMTP id DA48137B40F for ; Wed, 15 May 2002 12:50:10 -0700 (PDT) Received: (qmail 30603 invoked by uid 85); 15 May 2002 19:50:21 -0000 Received: from scorpio@drkshdw.org by scorpio.DrkShdw.org by uid 89 with qmail-scanner-1.10 (uvscan: v4.1.60/v4199. . Clear:0. Processed in 0.804553 secs); 15 May 2002 19:50:21 -0000 Received: from jeff.home.lan (HELO jeffrey.drkshdw.org) (192.168.134.2) by user205.net239.fl.sprint-hsd.net with SMTP; 15 May 2002 19:50:19 -0000 Message-Id: <5.1.0.14.0.20020515154731.00b5e870@mail.drkshdw.org> X-Sender: scorpio@mail.drkshdw.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 15 May 2002 15:51:38 -0400 To: security@freebsd.org From: Jeff Palmer Subject: Re: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> References: <20020515120324.E69211@switchblade.cyberpunkz.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >CVSup is a programmer's tool, not an administrator's tool. And it is >certainly not a tool for newcomers. It makes the learning curve far >too steep -- especially if the person doing the install is just learning >UNIX. Use of CVSup should not be necessary to do a secure install of >the system. If CVSup is a programmers tool, and not an administrators tool.. How is one supposed to keep his system updated and secure AFTER the initial install? How is one supposed to update to the latest branch, after the initial install. Sure, for security problems, You can just use supplied patches, However.. patches are typically only released for security related issues, not for average bugs. Saying that CVSup isn't an administrators tool, is a little narrow minded, and a lot unreasonable in my opinion. Part of being an administrator involves keeping the system up to date. Jeff Palmer scorpio@drkshdw.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 13:42:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 6996137B406; Wed, 15 May 2002 13:42:48 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA20320; Wed, 15 May 2002 14:42:37 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515144111.0314b860@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 14:42:33 -0600 To: "Jacques A. Vidrine" From: Brett Glass Subject: Re: [Brett Glass] Re: Patch/Announcement for DHCPD remote root hole? Cc: security@FreeBSD.org In-Reply-To: <20020515193741.GA32329@madman.nectar.cc> References: <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515132148.03139eb0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:37 PM 5/15/2002, Jacques A. Vidrine wrote: >On Wed, May 15, 2002 at 01:25:33PM -0600, Brett Glass wrote: >> I seem to recall that there's some way to tell /stand/sysinstall to >> grab packages from -STABLE. But new users won't know that. (*I* don't >> even remember what magic incantation you have to type in.) > >Then why don't you do something useful, determine exactly what the >incantation is, and work with a doc committer to get sysinstall >updated? Because I doubt that this is possible without a commitment from the admins to maintain the updated packages in a place that will be consistent from version to version. There's more to be done here than just a patch; policy also has to be set. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 14:23:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 9A67237B401 for ; Wed, 15 May 2002 14:23:01 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id PAA20980; Wed, 15 May 2002 15:22:35 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 15:22:29 -0600 To: Jeff Palmer , security@FreeBSD.ORG From: Brett Glass Subject: Re: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <5.1.0.14.0.20020515154731.00b5e870@mail.drkshdw.org> References: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> <20020515120324.E69211@switchblade.cyberpunkz.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:51 PM 5/15/2002, Jeff Palmer wrote: >If CVSup is a programmers tool, and not an administrators tool.. >How is one supposed to keep his system updated and secure AFTER the initial install? That's been exactly my point in earlier discussions. It should not be necessary to download and recompile the world to get a patch. New users aren't ready for that, nor should they be expected to be. And admins, who have many responsibilities and are virtually always overloaded, should not be burdened with that task. Even more importantly, it shouldn't be the policy of the FreeBSD Project -- or the default behavior of its software -- to release software that, by default, installs on your machine software with known security holes. I've been playing with /stand/sysinstall to see if it is even POSSIBLE for someone who installs FreeBSD to get the latest version of a port as a package. I used isc-dhcpd as my test case, since the lack of an updated package required me to do several rebuilds from source for clients. (They can install packages themselves, but don't understand how to rebuild from source.) It turns out that if you go to the "Options" item on the menu, you can set a release name that governs where /stand/sysinstall looks for packages. Alas, for i386 releases, it's limited to ftp:///pub/FreeBSD/releases/i386// Now, if you go to ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ you'll notice that there are only a few releases there, and that NONE of them has a DHCPD package that is new enough to have the latest bug fixes. No matter how you set the release string, you can't get to one. You're guaranteed to have a vulnerable system after an FTP install. I then checked out the Japanese snapshot server, at snapshots.jp.freebsd.org. Its packages had been updated more recently; it had isc-dhcp3-3.0.1.r8 instead of .r6. Trouble is, the root hole was fixed in .r9. I couldn't find any way to direct /stand/sysinstall to a place where there was a package containing .r9, even though the bug has now been fully public for more than a week. This is simply not right. New installs should not get old, buggy software by default... and in this case they not only get it by default but have no choice. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 14:32:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from uranium.dowco.com (uranium.dowco.com [209.87.128.101]) by hub.freebsd.org (Postfix) with ESMTP id CE7CF37B403 for ; Wed, 15 May 2002 14:32:02 -0700 (PDT) Received: from neptunium.dowco.com (root@neptunium.dowco.com [209.87.128.98]) by uranium.dowco.com (8.11.6/8.11.6) with ESMTP id g4FLVvs84939 for ; Wed, 15 May 2002 14:31:57 -0700 (PDT) (envelope-from mlafren@dowco.com) Received: from webmail.dowco.com (webmail.dowco.com [209.87.128.102]) by neptunium.dowco.com (8.12.2/8.12.2) with ESMTP id g4FLVvxg011681; Wed, 15 May 2002 14:31:57 -0700 (PDT) (envelope-from mlafren@dowco.com) Received: (from pop@localhost) by webmail.dowco.com (8.12.3/8.12.3/Submit) id g4FLVv1J011677; Wed, 15 May 2002 14:31:57 -0700 (PDT) (envelope-from mlafren@dowco.com) Date: Wed, 15 May 2002 14:31:57 -0700 (PDT) Message-Id: <200205152131.g4FLVv1J011677@webmail.dowco.com> From: "Michael Lafreniere" To: freebsd-security@FreeBSD.ORG Reply-To: mlafren@dowco.com Subject: RE: Patch/Announcement for DHCPD remote root hole? X-Mailer: NeoMail 0.82 X-IPAddress: 66.183.111.41 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, "CVSup is a programmer's tool, not an administrator's tool. And it is certainly not a tool for newcomers. It makes the learning curve far too steep -- especially if the person doing the install is just learning UNIX." Speak for yourself, cause you can't figure out CVS quickly doesn't mean "newcomers" can't. I'm a self proclaimed noob to freebsd, but took me 15mins to setup cron to do a weekly CVS update (now removed and only done when needed by hand). If you need help I can post some sites on how to quickly set it up :) Someone that can't figure this out shouldn't be admining boxes in the wild period. CVS is a programming AND admin tool. I've used it for 4-5 months now on the boxes I admin, so please correct your statement. How else am I to keep my source and ports up-to-date with FreeBSD? You must be running very insecure machines if you don't use CVS in an admin function to keep your machines updated :) I don't wanna be an arse but I've been following this list for over 6 months now and you seem to get stuck on the same issues over and over again. Even after you've gotten good solid answers. Listen, absorb for a day or two, then reply if you still disagree, you seem to fire from the hip more then thinking it over well. -Mike -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Brett Glass Sent: Wednesday, May 15, 2002 12:36 PM To: Rob Andrews Cc: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? At 11:03 AM 5/15/2002, Rob Andrews wrote: >Why is it that you complain about these same issues over and over >and get answers but seem to ignore them.. Not so. > A user that installs >a fresh system should always take the time to update a system >to the current cvs branch with the latest updates for either -stable >or -release. CVSup is a programmer's tool, not an administrator's tool. And it is certainly not a tool for newcomers. It makes the learning curve far too steep -- especially if the person doing the install is just learning UNIX. Use of CVSup should not be necessary to do a secure install of the system. Also, as I mentioned in an earlier message, there is absolutely no reason to supply buggy, dangerously insecure versions of packages by default. All we're doing is hurting users. >When you have a "release" version on CD you can't pull all those >cd's back in, make the changes and send them back out to the stores >now can you? No, but you can make it easy to update. In fact, there's good reason for /stand/sysinstall to take users out onto the Net and help them secure the system. Antivirus programs, which are also sold in CD form, do this. The vendor knows that the day after the CD is pressed (maybe even BEFORE the CD is pressed; it takes time to make a master), there's a new update. So, the first thing the program does is try to update itself via the Net. >Same logic applies to an ftp install of the released >version of FreeBSD. There's almost no reason -- ever! -- to do an FTP install of -RELEASE rather than -RELEASE-pN if patches exist. The FreeBSD Web site should steer those who are interested in installing via FTP to the latest patched release by default. Only if they *specifically ask for* the unpatched release should they get it. Otherwise, again, we are doing them a disservice and tarnishing FreeBSD's reputation. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 14:45:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 0243237B403 for ; Wed, 15 May 2002 14:45:32 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id PAA21335; Wed, 15 May 2002 15:45:22 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 15 May 2002 15:45:16 -0600 To: mlafren@dowco.com, freebsd-security@FreeBSD.ORG From: Brett Glass Subject: RE: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <200205152131.g4FLVv1J011677@webmail.dowco.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 03:31 PM 5/15/2002, Michael Lafreniere wrote: >CVS is a programming AND admin tool. Only for admins that are willing to risk problems on mission-critical systems. One should not blindly do updates, and certainly not with cron. >I don't wanna be an arse but I've been following this list for over 6 >months now and you seem to get stuck on the same issues over and over >again. Even after you've gotten good solid answers. Those "answers" were not solid. In fact, the were not really answers at all. They were a combination of elitist remarks (e.g. "Anyone who doesn't use CVSup is a lamer") and poor excuses. It's sad that these vocal few seem to have forgotten what it was like to be a new user of UNIX and FreeBSD. Or that they lack the ethical compass to recognize that allowing FreeBSD to install, by default, with open remote root holes and not warning the user is simply WRONG. The excuses I've heard here are almost as bad as the excuses Microsoft makes for refusing to reveal and patch security holes. It's sadder still that the flamers have pushed many of those who support the ideas I'm expressing here into private mail because they don't want to be flamed. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 16:30:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from addr-mx02.addr.com (addr-mx02.addr.com [209.249.147.146]) by hub.freebsd.org (Postfix) with ESMTP id 4C5F337B408 for ; Wed, 15 May 2002 16:30:17 -0700 (PDT) Received: from proxy1.addr.com (proxy1.addr.com [209.249.147.28]) by addr-mx02.addr.com (8.12.2/8.12.2) with ESMTP id g4FMW8UC013525 for ; Wed, 15 May 2002 15:32:08 -0700 (PDT) Received: from demon (114-pm14.nwc.alaska.net [209.112.141.114]) by proxy1.addr.com (8.11.6/8.9.1) with ESMTP id g4FMW7o09821 for ; Wed, 15 May 2002 15:32:07 -0700 (PDT) (envelope-from greg@beldamar.com)(envelope-to ) Date: Wed, 15 May 2002 14:32:16 -0800 From: RapidFX X-Mailer: The Bat! (v1.60h) UNREG / CD5BF9353B3B7091 Reply-To: RapidFX Organization: RapidFX X-Priority: 3 (Normal) Message-ID: <18214319800.20020515143216@beldamar.com> To: freebsd-security@FreeBSD.ORG Subject: Re[2]: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> References: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.6 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello... So true. So very true with unix/linux world. It's pretty sad how people control others by insulting them. If I had a thought, I sure wouldn't post it to most lists because of lame comments. Now i've posted, now I wait for the flame........... If you have nothing nice to say, keep your freaking mouth shut. There is too much of the "admin's should know everything or they are lame admins" arguments... Anyway, enough rambling.... Enjoy the day. Wednesday, May 15, 2002, 1:45:16 PM, you wrote: BG> It's sadder still that the flamers have pushed many of those who support BG> the ideas I'm expressing here into private mail because they don't want BG> to be flamed. BG> --Brett - -- Greg S. Wirth Some Sort of Computer fix-it guy Anchorage, Alaska To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 16:31:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id EDE2337B411 for ; Wed, 15 May 2002 16:30:44 -0700 (PDT) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.12.3/8.12.3) with ESMTP id g4FNUicI092019 for ; Wed, 15 May 2002 19:30:44 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Wed, 15 May 2002 19:30:39 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: FreeBSD Security Subject: RE: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> Message-ID: <20020515192522.V91981-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 15 May 2002, Brett Glass wrote: > At 03:31 PM 5/15/2002, Michael Lafreniere wrote: > > >CVS is a programming AND admin tool. > > Only for admins that are willing to risk problems on mission-critical > systems. One should not blindly do updates, and certainly not with > cron. Asked and addressed--REPEATEDLY--in this forum. If you have mission-critical machines, then you set aside a machine to do your builds and testing on, and then use the results of the (now tested) build to upgrade your mission-critical servers. Don't like it? Step up and supply the patches needed to automate providing binary patches to userland and /modules. /kernel must still be built by hand for everyone who doesn't use GENERIC (and that's darned near everyone), and *that* mandates CVSup, CVS, or CTM, unless you can think of (and contribute) a different method. > >I don't wanna be an arse but I've been following this list for over 6 > >months now and you seem to get stuck on the same issues over and over > >again. Even after you've gotten good solid answers. > > Those "answers" were not solid. In fact, the were not really answers at all. > > They were a combination of elitist remarks (e.g. "Anyone who doesn't > use CVSup is a lamer") and poor excuses. It's sad that these vocal > few seem to have forgotten what it was like to be a new user of UNIX and > FreeBSD. Or that they lack the ethical compass to recognize that allowing > FreeBSD to install, by default, with open remote root holes and not warning > the user is simply WRONG. If that bothers you so much, CONTRIBUTE THE PATCHES TO CHANGE IT. No one else appears to have such a problem with requiring users and admins to RTFM and use CVSup to upgrade their machines--at least, it's not a big enough problem to them to warrant dropping everything to implement a solution right *now*. > The excuses I've heard here are almost as bad as the excuses Microsoft > makes for refusing to reveal and patch security holes. What excuse do *you* make for not contributing to the solution that you desire so much? Stuff like this only gets contributed when someone cares about it enough to do so. Sitting back and demanding that someone else implement your pet desire--for free--is sheer petulance. (I'm about to put my money where my mouth is--I have a machine set aside for CURRENT, and I'll be playing in that sandbox pretty soon.) -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net Turning coffee into software since 1990. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 16:35: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns3.ideathcare.com (mail.allneo.com [216.185.96.68]) by hub.freebsd.org (Postfix) with ESMTP id 662DA37B400 for ; Wed, 15 May 2002 16:34:57 -0700 (PDT) Received: (qmail 56523 invoked by uid 85); 15 May 2002 23:53:53 -0000 Received: from jps@funeralexchange.com by ns3.ideathcare.com with qmail-scanner-1.03 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.241975 secs); 15 May 2002 23:53:53 -0000 Received: from unknown (HELO funeralexchange.com) (127.0.0.1) by localhost.ideathcare.com with SMTP; 15 May 2002 23:53:53 -0000 Received: from 66.171.47.11 (SquirrelMail authenticated user jps@funeralexchange.com) by webmail.allneo.com with HTTP; Wed, 15 May 2002 18:53:53 -0500 (CDT) Message-ID: <4621.66.171.47.11.1021506833.squirrel@webmail.allneo.com> Date: Wed, 15 May 2002 18:53:53 -0500 (CDT) Subject: RE: Patch/Announcement for DHCPD remote root hole? From: "Jeremy Suo-Anttila" To: In-Reply-To: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> References: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: , Reply-To: jps@funeralexchange.com X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett, Do you ever just STFU ? really come on . Can you not take this to a list otherthen -security? You are wasteting my time and b/w with your moaning and groaning about a FREE OS. NOTE *FREE* as in these people who spend THIER time and possilbly THEIR money on the development and hosting of it. So if you do not like whats wrong with the OS fix it your god damn self and stop bitching about it. I do not see your name listed ANYWHERE in the source code or anywhere else for that matter except for the mailing lists where its associated with you bitching and whining. ---< snip whining >-- > It's sadder still that the flamers have pushed many of those who > support the ideas I'm expressing here into private mail because they > don't want to be flamed. > > --Brett <-- more whining-->--- > Yes consider this another flame i am just sick of your crap. -- Jeremy Suo-Anttila jps@funeralexchange.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 17:30: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 8074937B409 for ; Wed, 15 May 2002 17:30:00 -0700 (PDT) Received: by gw.nectar.cc (Postfix, from userid 1001) id 08EB242; Wed, 15 May 2002 19:30:00 -0500 (CDT) Date: Wed, 15 May 2002 19:29:59 -0500 From: "Jacques A. Vidrine" To: Brett Glass Cc: security@FreeBSD.ORG Subject: [Brett Glass] Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020516002959.GD87067@hellblazer.nectar.cc> References: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> <20020515120324.E69211@switchblade.cyberpunkz.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 15, 2002 at 03:22:29PM -0600, Brett Glass wrote: > Even more importantly, it shouldn't be the policy of the FreeBSD Project -- or > the default behavior of its software -- to release software that, by default, > installs on your machine software with known security holes. That isn't the policy, and your suggestion that it is our policy is simply a big FU to our community. Take a hike, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 18:17:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from postoffice.igalaxy.net (hal.igalaxy.net [64.160.104.142]) by hub.freebsd.org (Postfix) with ESMTP id 7F7F137B400 for ; Wed, 15 May 2002 18:17:05 -0700 (PDT) Received: from mikeyg [64.160.106.13] by postoffice.igalaxy.net (SMTPD32-7.06) id A97337D50130; Wed, 15 May 2002 18:20:51 -0700 Message-ID: <063e01c1fc77$627cfa30$0301a8c0@mikeyg> Reply-To: "Mike Grissom" From: "Mike Grissom" To: References: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> Subject: Re: Patch/Announcement for DHCPD remote root hole? Date: Wed, 15 May 2002 18:17:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Admins do not have to use CVSUP in order to patch the system. If you look on the security advisories at the freebsd site, it tells you how to patch a current system and the exact steps how to do it. For example the stdio advisory: 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. ----- Original Message ----- From: "Brett Glass" To: ; Sent: Wednesday, May 15, 2002 2:45 PM Subject: RE: Patch/Announcement for DHCPD remote root hole? > At 03:31 PM 5/15/2002, Michael Lafreniere wrote: > > >CVS is a programming AND admin tool. > > Only for admins that are willing to risk problems on mission-critical > systems. One should not blindly do updates, and certainly not with > cron. > > >I don't wanna be an arse but I've been following this list for over 6 > >months now and you seem to get stuck on the same issues over and over > >again. Even after you've gotten good solid answers. > > Those "answers" were not solid. In fact, the were not really answers at all. > > They were a combination of elitist remarks (e.g. "Anyone who doesn't > use CVSup is a lamer") and poor excuses. It's sad that these vocal > few seem to have forgotten what it was like to be a new user of UNIX and > FreeBSD. Or that they lack the ethical compass to recognize that allowing > FreeBSD to install, by default, with open remote root holes and not warning > the user is simply WRONG. > > The excuses I've heard here are almost as bad as the excuses Microsoft > makes for refusing to reveal and patch security holes. > > It's sadder still that the flamers have pushed many of those who support > the ideas I'm expressing here into private mail because they don't want > to be flamed. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 20:29:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from inigo.digitaldeck.com (adsl-66-124-240-186.dsl.snfc21.pacbell.net [66.124.240.186]) by hub.freebsd.org (Postfix) with ESMTP id 9DE7837B404 for ; Wed, 15 May 2002 20:29:46 -0700 (PDT) Received: from IVANOVA2K (ivanova-2k.office-ca1.digitaldeck.com [192.168.1.133]) by inigo.digitaldeck.com (8.11.6/8.11.3) with SMTP id g4G3SLM97773; Wed, 15 May 2002 20:28:21 -0700 (PDT) (envelope-from chris@digitaldeck.com) From: "Chris McCluskey" To: Cc: , Subject: RE: Patch/Announcement for DHCPD remote root hole? Date: Wed, 15 May 2002 20:29:25 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-reply-to: <4621.66.171.47.11.1021506833.squirrel@webmail.allneo.com> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [Acknowledged misuse of specific list] New to the FreeBSD administration side of things, so I might be able to provide a more unique point of view as compared to all you FreeBSD veterans. Both "sides" from my POV are making valid points (even if the methods of presentation could be improved). I think we all agree that the fix-it-or-forget it philosophy rule applies for all open source development -- whether it's bugs, improvements, or documentation: If you like it, use it -- make it better. If you don't like it, fix it to make it better. The end result -- it's better. In this specific case I think all that is required is a simple front end to cvsup -- a kind-of "This package has been fixed for the following issues... Do you want to build it and install it now?" kind of thing. I'm not ready to write this myself, so I'll "shut up" on the subject. But I think there is another issue here, which may be more to the point. The FreeBSD documentation is great, but I have yet to see perfect documentation. There are some small potholes in learning the cvsup tool, and there are no concrete examples to follow. For those that are good admins with tarballs and Makefiles, but are new to CVS this is a hard road. The handbook basically says -- we tend to use cvsup, cvsup uses CVS, these are the options, here's a template, now go! A step by step example would be great (saying things like "This is where you specify the release tag. Go to http://here for a list of valid tags."). The important gotchas for me were as follows: 1) Starting out with the template file is good -- but knowing which CVS server supports which protocols, which servers are online, and which servers are "fully-synced" on a certain tree would be valuable. A monitoring web page that checks for these things and a link to this page in the handbook could easily fix this. The mirrors page is just a bit to static. 2) The convention for naming (and retrieving) certain releases is good. But a small blurb refreshing the user/admin as to what the options are would be good. In fact a page listing and annotating the different suffixes would be cool (does it exist already?!). It takes the "new user" a bit of time to understand the labels used, but that's part of the FreeBSD rite of passage. That said some clear references and reminders as to what exactly [example only] RELENG_4_5 is would be nice. A valid frame of reference for cvsup documentation would be to take an admin who has used tarballs, configure scripts, and Makefiles to the next level that of a CVS/cvsup user -- one the things that make BSD unique and cool. My hats off to all the coders, developers, and documentation people -- FreeBSD is a great OS. We can't write code for those that can't read, but for those that can read, let's give them enough text and examples so they can find out how good FreeBSD is -- and can be. Thanks for the time and the bits. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 21: 2:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by hub.freebsd.org (Postfix) with SMTP id 7DDE537B400 for ; Wed, 15 May 2002 21:02:14 -0700 (PDT) Message-ID: <20020516040214.97098.qmail@web14606.mail.yahoo.com> Received: from [66.156.9.133] by web14606.mail.yahoo.com via HTTP; Wed, 15 May 2002 21:02:14 PDT Date: Wed, 15 May 2002 21:02:14 -0700 (PDT) From: Jerry Murdock Subject: Racoon SA Hard/Soft Lifetimes To: FreeBSD-Security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is the Soft lifetime limit configurable for Racoon generated SA's? I've googled around, but can't find anything on this. I've successfully got a 2day old -Stable build to talk IPSEC/IKE with a Sonicwall, but things fall apart when the SAs hit the soft lifetime limit. A new SA is successfully negotiated with the Sonicwall when the soft lifetime runs out, but the Sonicwall then ignores anything coming into it on the "old" SA(which FBSD uses until the hard lifetime runs out). The result that no traffic passes for 20% of the SA's lifetime. I need FBSD to either switch immediately to the new SA, or bump the Soft lifetime limit up to the hard lifetime. A few seconds of dropped packets every 4 hours of so can be tolerated. I hope I'm being dense and someone will tell me what I'm missing. Thanks, Jerry __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 21:49:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-166-7.stny.rr.com [24.169.166.7]) by hub.freebsd.org (Postfix) with ESMTP id 615AD37B406 for ; Wed, 15 May 2002 21:49:13 -0700 (PDT) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.3/8.12.3) with ESMTP id g4G4nBDn006019; Thu, 16 May 2002 00:49:11 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.3/8.12.3/Submit) with ESMTP id g4G4nBZK006016; Thu, 16 May 2002 00:49:11 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 16 May 2002 00:49:11 -0400 (EDT) From: Matt Piechota To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? In-Reply-To: <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> Message-ID: <20020516004110.R5989-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 15 May 2002, Brett Glass wrote: > That's been exactly my point in earlier discussions. It should not be necessary > to download and recompile the world to get a patch. New users aren't ready > for that, nor should they be expected to be. And admins, who have > many responsibilities and are virtually always overloaded, should not be > burdened with that task. That's why they're not required to cvsup to get patches. Do you even read the Security Notices? They include links to get individual patches. You can click on them even, at least I assume you can in Eudora. You have the right to cry at the wind about FreeBSD all you like, but find some new questions. The three you always ask (and are always answered) are getting old. And if you don't like the answers, I'm looking forward to BrettBSD, or the annoucement of you as a new contributer to FreeBSD. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 15 21:59:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.lambertfam.org (www.lambertfam.org [216.223.196.6]) by hub.freebsd.org (Postfix) with ESMTP id 5267537B407 for ; Wed, 15 May 2002 21:59:25 -0700 (PDT) Received: from localhost.localdomain (localhost [127.0.0.1]) by localhost.inch.com (Postfix) with ESMTP id 8879C3501F for ; Thu, 16 May 2002 00:57:07 -0400 (EDT) Received: from laptop.lambertfam.org (TC1-dial-24-195.oldslip.inch.com [216.223.195.24]) by mail.lambertfam.org (Postfix) with ESMTP id 3230335019 for ; Thu, 16 May 2002 00:57:01 -0400 (EDT) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 0E17028B09; Thu, 16 May 2002 00:59:10 -0400 (EDT) Date: Thu, 16 May 2002 00:59:10 -0400 From: Scott Lambert To: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020516045909.GC7616@laptop.lambertfam.org> Reply-To: security@FreeBSD.ORG Mail-Followup-To: security@FreeBSD.ORG References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 15, 2002 at 01:35:35PM -0600, Brett Glass wrote: > > Also, as I mentioned in an earlier message, there is absolutely no > reason to supply buggy, dangerously insecure versions of packages > by default. All we're doing is hurting users. Sure there is. When you install release, you know you are getting a certain level of code. It makes support more consistent. > No, but you can make it easy to update. In fact, there's good reason > for /stand/sysinstall to take users out onto the Net and help them > secure the system. > > Antivirus programs, which are also sold in CD form, do this. The vendor > knows that the day after the CD is pressed (maybe even BEFORE the CD > is pressed; it takes time to make a master), there's a new update. So, > the first thing the program does is try to update itself via the Net. You are right, but it's not sysinstalls job to do this. This is portupgrade's job. Until we get binary patch kits, we just can't do the same thing for the OS. I am assuming that someone has taken the trouble of diff'ing the install images between patch levels to see how many files, and what that translates to in megabytes, would be required for a tarball that just unpacks over all changed files. I am also assuming that it is prohibitively large since it is a simple, brute force method. My iBook came with OS X 10.1.1. I had to download 40 MB of patches to get to 10.1.2. Reboot. Download 5 MB of patches to get to 10.1.3. Reboot. Download 2.5MB of patches to get to 10.1.4. That's not counting the updates to the included software. The last time I installed Solaris, it was a similar process except that the patch sets always got larger due to their cumulative nature. You can hunt down the individual patches but the sysadmins you are talking about couldn't be bothered with that. OS/2 was the same way. > There's almost no reason -- ever! -- to do an FTP install of -RELEASE > rather than -RELEASE-pN if patches exist. The FreeBSD Web site should > steer those who are interested in installing via FTP to the latest > patched release by default. Only if they *specifically ask for* the > unpatched release should they get it. Otherwise, again, we are doing > them a disservice and tarnishing FreeBSD's reputation. Supply the hardware. Fund the development. Get your newbie sysadmins to fund it. They are the ones who need these features, let them pay for it. It sounds great. But, it is going to take several hours of somebody's "quality time with the kids" to code it up. That's why it probably won't happen without funding. If you get started on the process now, it might be ready for 5.0. Maybe. Rather than ranting on the lists, your time might be better spent fund- raising so that the issues you want resolved can get the attention you think they should get. Installation and maintenance are hard for commercial vendors to get right. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org http://www.lambertfam.org/~lambert/resume.html 3 years Sr. SysAdmin experience with FreeBSD in small & medium size ISPs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 4:45:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f193.law11.hotmail.com [64.4.17.193]) by hub.freebsd.org (Postfix) with ESMTP id 0E34737B407 for ; Thu, 16 May 2002 04:45:22 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 16 May 2002 04:45:21 -0700 Received: from 62.217.96.223 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 16 May 2002 11:45:21 GMT X-Originating-IP: [62.217.96.223] From: "mohammad mirzaeenasir" To: freebsd-security@FreeBSD.ORG Subject: HELP ME Date: Thu, 16 May 2002 11:45:21 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 16 May 2002 11:45:21.0942 (UTC) FILETIME=[29009B60:01C1FCCF] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org DERA STAFF, HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO SCAN OTHER NETWORK PORTS. THANK YOU VERY MUCH MOHAMMAD _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 5: 8:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from shady.org (closed-networks.com [195.167.170.242]) by hub.freebsd.org (Postfix) with SMTP id DD6AA37B420 for ; Thu, 16 May 2002 05:08:11 -0700 (PDT) Received: (qmail 66698 invoked by uid 1000); 16 May 2002 12:08:05 -0000 Date: Thu, 16 May 2002 13:08:05 +0100 From: Marc Rogers To: mohammad mirzaeenasir Cc: freebsd-security@FreeBSD.ORG Subject: Re: HELP ME Message-ID: <20020516130805.I75489@closed-networks.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from hezare3@hotmail.com on Thu, May 16, 2002 at 11:45:21AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The obvious option is for you to place a firewall (either locally, or another machine) between the internet and your machine. By firewalling transparently either by using a stealth firewall or a totally transparent firewall any attackers that try to connect to firewalled ports will get timeouts. [The firewall should be configured to drop offending packets silently, as any politeness, such as informing the source that the destination is administratively blocked will betray the firewall] To be honest you probably dont have alot to gain. The vast majority of scanning that goes on out on the net is automated to some extent. This means unless the tool is unable to route to your machine at all, it will still try to scan every port it has been instructed to check. the presence of even a single open (or closed / filtered) port (mail,ssh, web etc) will betray the existence of a firewalled machine. I guess the success of this depends entirely on who is going to be using your machine. If there are no public services, then by using a "denied unless explicitly permitted" approach you will achieve a fairly good result. Hope this helps Marc Rogers Senior Systems Administrator Systems Architect Vizzavi On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > SCAN OTHER NETWORK PORTS. > > > THANK YOU VERY MUCH > MOHAMMAD > > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 5:17: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from midway.uchicago.edu (midway.uchicago.edu [128.135.12.12]) by hub.freebsd.org (Postfix) with ESMTP id 717BD37B407 for ; Thu, 16 May 2002 05:16:56 -0700 (PDT) Received: from there (adsl-64-108-205-248.dsl.chcgil.ameritech.net [64.108.205.248]) by midway.uchicago.edu (8.12.2/8.12.2) with SMTP id g4GCGlxY010458; Thu, 16 May 2002 07:16:48 -0500 (CDT) Message-Id: <200205161216.g4GCGlxY010458@midway.uchicago.edu> Content-Type: text/plain; charset="iso-8859-1" From: David Syphers Reply-To: dsyphers@uchicago.edu To: "Chris McCluskey" Subject: Re: Patch/Announcement for DHCPD remote root hole? Date: Thu, 16 May 2002 07:16:50 -0500 X-Mailer: KMail [version 1.3.2] Cc: References: In-Reply-To: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 15 May 2002 10:29 pm, Chris McCluskey wrote: > In this specific case I think all that is required is a simple front > end to cvsup -- a kind-of "This package has been fixed for the > following issues... Do you want to build it and install it now?" kind > of thing. After CVSuping, you can see which ports have changed with pkg_version -v | '<'. If you're curious what the update to the port was, you can head over to http://www.freebsd.org/cgi/cvsweb.cgi/ and find out. Granted, this is not quite as simple as a front end for CVSup, but it's not really that hard. > But I think there is another issue here, which may be more to the > point. The FreeBSD documentation is great, but I have yet to see > perfect documentation. There are some small potholes in learning the > cvsup tool, and there are no concrete examples to follow. For those > that are good admins with tarballs and Makefiles, but are new to CVS > this is a hard road. The handbook basically says -- we tend to use > cvsup, cvsup uses CVS, these are the options, here's a template, now > go! A step by step example would be great (saying things like "This is > where you specify the release tag. Go to http://here for a list of > valid tags."). I know manpages are scary for newbies, but when I learned CVSup all I needed was 'man cvsup' and the sample supfile. YMMV, I suppose. > 2) The convention for naming (and retrieving) certain releases is > good. But a small blurb refreshing the user/admin as to what the > options are would be good. In fact a page listing and annotating the > different suffixes would be cool (does it exist already?!). It takes > the "new user" a bit of time to understand the labels used, but that's > part of the FreeBSD rite of passage. That said some clear references > and reminders as to what exactly [example only] RELENG_4_5 is would be > nice. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html is the page after the CVSup page in the handbook. > We can't write code for those that can't read, but for those that can > read, let's give them enough text and examples so they can find out > how good FreeBSD is -- and can be. It sounds like you know what needs to be written - how about writing it up and sending it to the doc people? Docs are definitely an important contribution. -David -- Everyone who believes in telekinesis, raise my hand... Center for Cosmological Physics The University of Chicago To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 5:23:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f9.law11.hotmail.com [64.4.17.9]) by hub.freebsd.org (Postfix) with ESMTP id 89DC937B403 for ; Thu, 16 May 2002 05:23:52 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 16 May 2002 05:23:52 -0700 Received: from 62.217.96.223 by lw11fd.law11.hotmail.msn.com with HTTP; Thu, 16 May 2002 12:23:52 GMT X-Originating-IP: [62.217.96.223] From: "mohammad mirzaeenasir" To: marcr@closed-networks.com Cc: freebsd-security@FreeBSD.ORG Subject: reply Date: Thu, 16 May 2002 12:23:52 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 16 May 2002 12:23:52.0461 (UTC) FILETIME=[8A2DD3D0:01C1FCD4] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi, thanks for your reply.I installed a transparent proxy on my machine with "ipfw" rules.everything is ok and i tested it.but someone told me that if you set your "kernel_secure_level = NO" , all kind of tcp connection will ignore by kernel and for example in the case of telneting it , it will reply "connection timed out". and i checked it , he was quit right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it will reply me "connection refused". now, plz help me to find out more. thank you again, mohammad _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 5:36:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from gateway.fasti.net (cisco.pornemails.com [216.94.0.251]) by hub.freebsd.org (Postfix) with ESMTP id 135FA37B406 for ; Thu, 16 May 2002 05:36:47 -0700 (PDT) Received: from joey (gateway2.fasti.net [216.138.250.94]) by gateway.fasti.net (8.11.6/8.11.6) with ESMTP id g4GCelH20727; Thu, 16 May 2002 08:40:47 -0400 (EDT) (envelope-from joe@fasti.net) From: "Joe Oliveiro" To: "'mohammad mirzaeenasir'" , Cc: Subject: RE: reply Date: Thu, 16 May 2002 08:36:44 -0400 Message-ID: <003901c1fcd6$56a85d80$a101a8c0@joey> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Since you've killed the inetd deamon you will no longer be able to use telnet since there is nothing to start it up upon an incoming connection, Either start inetd (and fine tune it) or just use SSH. Joeh > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd- > security@FreeBSD.ORG] On Behalf Of mohammad mirzaeenasir > Sent: Thursday, May 16, 2002 8:24 AM > To: marcr@closed-networks.com > Cc: freebsd-security@FreeBSD.ORG > Subject: reply > > hi, > > thanks for your reply.I installed a transparent proxy on my machine with > > "ipfw" rules.everything is ok and i tested it.but someone told me that > > if you set your "kernel_secure_level = NO" , all kind of tcp connection > > will ignore by kernel and for example in the case of telneting it , > > it will reply "connection timed out". and i checked it , he was quit > > right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it > > will reply me "connection refused". > > now, plz help me to find out more. > > > thank you again, > mohammad > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 7: 4:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mars.elim.net (elim.net [203.239.130.5]) by hub.freebsd.org (Postfix) with ESMTP id 70D7137B403; Thu, 16 May 2002 06:27:51 -0700 (PDT) Received: from sworll.nrs7ef.co.fi ([210.102.0.148]) by mars.elim.net (8.12.3/8.12.3) with SMTP id g4GDPZDm013343; Thu, 16 May 2002 22:26:55 +0900 (KST) Date: Thu, 16 May 2002 22:26:55 +0900 (KST) Message-Id: <200205161326.g4GDPZDm013343@mars.elim.net> From: To: MIME-Version: 1.0 Subject: =?EUC-KR?B?cHF2vNK52sfRILLeQG1CR1J4?= Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ¿¬¾Ö¶õ ³²ÀÚ°¡ ´Ü ÇÑ »ç¶÷ÀÇ ¿©ÀÚ¿¡ ¸¸Á·Çϱâ À§ÇØ Ä¡·ç´Â ³ë·ÂÀÌ´Ù. -Ç® Á¦¶ó¸£µð ±¸Çؼ­ ¾òÀº »ç¶ûÀº ÁÁÀº °ÍÀÌ´Ù. ±×·¯³ª ±¸ÇÏÁö ¾Ê°í ¾òÀº °ÍÀº ´õ¿í ÁÁ´Ù. -¼ÎÀͽºÇÇ¾î »ç¶ûÇÏ´Â °ÍÀÌ ÀλýÀÌ´Ù. ±â»ÝÀÌ ÀÖ´Â °÷¿¡ »ç¶÷°ú »ç¶÷ »çÀÌÀÇ °áÇÕÀÌ ¹ÞÀ¸½Ã´Â ºÐ²² ÇÊ¿äÇÑ Á¤º¸°¡ µÇ±æ ¹Ù¶ó¸ç º¸³»µå¸³´Ï´Ù. ±×·¸Áö ¾ÊÀº°æ¿ì¶ó¸é Áø½ÉÀ¸·Î »çÁ˵帳´Ï´Ù. ÇÁ·Î±×·¥ ŸÀÌƲ 2100¿©Àå°ú µ¿¿µ»ó ŸÀÌƲ 500¿©ÆíµîÀÇ ÀÎÅÍ³Ý "ÃÖ´Ù"ÀÇ Á¦Ç°µéÀ» ÁÖ¹®¹Þ¾Æ¼­ º¸³»µå¸®°í ÀÖ½À´Ï´Ù. ÄÄÇ»Å͸¦ ¾²½Ã´ÂÇÑ ¾ðÁ¨°£ ÇÊ¿äÇϽÇÅ×´Ï ÀúÀåÇϼż­ ÀÌ¿ëÇϽøé Æí¸®ÇϽʴϴÙ. ---------------------------------------------------- . Á¦Å¸ÀÌƲµéÀº ´ëºÎºÐ ¼ö½Ê¸¸¿ø¿¡¼­ ¼öõ¸¸¿ø¾¿ÇÏ´Â Á¦Ç°µéÀÔ´Ï´Ù. . ÀÎÅÍ³Ý Ãִ٠ŸÀÌƲÀ» º¸À¯ÇÏ°í ÀÖ½À´Ï´Ù. . ¿Ïº®ÇÑ Å©·¢/ÆÐÄ¡µéÀ» º¸À¯ÇÏ°í ÀÖ½À´Ï´Ù. Á¦°¡ Ãë±ÞÇÏ´Â ¼ÒÇÁÆ®¿þ¾î´Â ÃÖ½ÅÀÇ Ç®¹öÀüÀ̸ç 1 0 0 % ½ÇÇàÅ×½ºÆ®¸¦ ¸¶Ä£ Á¦Ç°µéÀÔ´Ï´Ù. Åë½Å»ó¿¡¼­ °¡Àå ¾çÁúÀÇ Á¦Ç°À̶ó ÀÚºÎÇÕ´Ï´Ù. µ¿¿µ»óÀº ¼ºÀοëÀ̹ǷΠ¹Ì¼º³â²²´Â ÆǸÅÄ¡ ¾Ê½À´Ï´Ù. ¹°·Ð AS µµ ÃæºÐÈ÷ Áö¿øµÇ°í ÀÖ½À´Ï´Ù. **¾ðÁ¦³ª ÃÖ½ÅÁ¦Ç°ÀÇ ¸ñ·Ï µéÀÌ ÇÊ¿äÇϽôٸé ÀüÈ­Áֽøé Á¦ ¸ÞÀΠȨÆäÀÌÁö¸¦ ¾È³»ÇØ µå¸®°Ú½À´Ï´Ù.** ¾Æ¸¶ ãÀ¸½Ã´Â Á¦Ç°Àº °ÅÀÇ ´Ù ÀÖÀ»°Ì´Ï´Ù. ¾ø´õ¶óµµ ¹®ÀÇÁÖ½Ã¸é ±¸Çص帳´Ï´Ù. ----------------------------------------------- >>-A/S¾È³»-<< Å×½ºÆ®¸¦ ¸¶Ä£ Á¦Ç°µéÀ̱⠶§¹®¿¡ º°´Ù¸¥ A/S »çÇ×Àº ¾øÀ» °ÍÀÔ´Ï´Ù. ¹°·Ð ¾î¶² °æ¿ì¶óµµ ¿Ïº®ÇÑ A/S ¸¦ º¸ÀåÇØ µå¸³´Ï´Ù. ¹®Á¦°¡ ¹ß»ýÇÒ °æ¿ì´Â '¹Ýµå½Ã' ¿¬¶ôÁֽʽÿÀ ²À! ÇØ°áÇØ µå¸³´Ï´Ù. ±âŸ¾÷ÀÚ¿¡°Ô¼­ ½ÇÇà ¾ÈµÇ´Â Á¦Ç°À» ±¸ÀÔÇغ¸½Å ºÐµéÀ̳ª, ¼³Ä¡¹æ¹ý ¹°¾îº¸¸é ÀüÈ­²÷¾î¹ö¸®´Â^^ ¾÷ÀÚ³ª È£Ãâ±â·Î ÁÖ¹®¹Þ´Â ¾÷ÀÚ¿¡°Ô¼­ »ç±â´çÇϼż­ ¿¬¶ôµµ ¸øÇغ¸½Ã°í ¹ß¸¸ µ¿µ¿±¼·¯º¸½Å ºÐµé, ºñ½Ñ°ªÁÖ°í ±¸ÀÔÇÑ°ÍÀÌ °Ü¿ì ¸³¹öÀüÀ̳ª ¼¼¾î¿þ¾î¿´´ø ºÐµé, ÀÌÁ¦ ´ä´äÇÑ ¸¶À½À» ¹ö¸®½Ã°í Àú¿Í »óÀÇÇϽʽÿÀ =================================================== ===================[ ÀÌ¿ë¾È³» ]================== =================================================== ÇÊ¿äÇÑ °ÍÀÌ ÀÖ´Ù¸é ¾Æ·¡¸¦ ÂüÁ¶ÇÏ¿© ÀüÈ­·Î ÁÖ¹®ÁֽøéµË´Ï´Ù. ! . ¸ÞÀϷδ ÁÖ¹®¹ÞÁö ¾Ê½À´Ï´Ù . ! ! . º¸³»µå¸° ¸ÞÀÏÁּҷδ ÁÖ¹®Áּŵµ Á¦°¡ ¹ÞÁö¸¦ ¸øÇÕ´Ï´Ù . ! >>-ÁÖ ¹® ¹æ ¹ý-<< ÀüÈ­ÁÖ½ÅÈÄ ¹°°ÇÀÇ ¹øÈ£¿Í ¹ÞÀ¸½Ã´ÂºÐÀÇ ÁÖ¼Ò¿Í ¼ºÇÔ,¿¬¶ôó ÀÔ±ÝÇϽôºÐÀÇ ¼ºÇÔÀ» ¸»¾¸ÁÖ½ÅÈÄ ÀúÈñ°¡ ¾Ë·Áµå¸®´Â °èÁ·ΠÀÔ±ÝÇϽøé , È®ÀÎÈÄ ¹ß¼ÛÇÕ´Ï´Ù. ÈÞÀÏÀº ½±´Ï´Ù.. ÀºÇ൵ ¹è´ÞºÎµµ ½¬°Åµç¿ä.. >>-ÀԱݽà ȮÀλçÇ×-<< Á¦°èÁ°¡ ÃàÇùÀÌ ³óÇùÀ¸·Î º¯ÇÑ°ÍÀÌ¶ó¼­ ³óÇùÀÌ ¾Æ´Ñ ŸÇàÀԱݽÿ¡ Á¦ °èÁ¹øÈ£¸¸ ³ª¿À°í Á¦À̸§ÀÌ È­¸é¿¡ ¾È ¶ß´Â °æ¿ì°¡ ÀÖÀ¾´Ï´Ù. ÀÌ°æ¿ì °èÁ¹øÈ£¸¸ ÀÏÄ¡Çϸé ÀÔ±ÝÇϽøé Á¦°Ô·Î Á¤È®È÷ ÀÔ±Ý µË´Ï´Ù. (³óÇù¿¡¼­ ÀÔ±ÝÇϽô °æ¿ì´Â »ó°üÀÌ ¾ø½À´Ï´Ù.) >>>>>>>>>>>>>>-ÁÖ ¹® Àü È­ ¹ø È£-<<<<<<<<<<<<<<< ÇÚ µå Æù : 0 ¢Ã 1 ¢Ã 1 - 9 ¢Ã 0 ¢Ã 2 ¢Ã 2 - 0 ¢Ã 6 ¢Ã 2 ¢Ã 1 ÇÚ µå Æù : 0 ¢Ã 1 ¢Ã 1 - 9 ¢Ã 0 ¢Ã 2 ¢Ã 2 - 0 ¢Ã 6 ¢Ã 2 ¢Ã 1 >>-¿µ ¾÷ ½Ã °£-<< ¿ÀÀü 10½ÃºÎÅÍ ¿ÀÈÄ 6½Ã±îÁö. (°¡²û7½Ã±îÁöµµ ÄÕ´Ï´Ù) °£È¤ ²¨Á®Àִ°æ¿ì 1½Ã°£ÈÄ ¿¬¶ôÁֽðųª ÀüÈ­¹øÈ£¸¦ ³²°ÜÁÖ¼¼¿ä. 1½Ã°£ À̳»·Î ¿¬¶ôµå¸®°Ú½À´Ï´Ù. (Àú³áÀÏ°æ¿ì ÀÍÀÏ¿ÀÀü¿¡ ²À ¿¬¶ôµå¸³´Ï´Ù) >>-¼Ò ¿ä ½Ã °£-<< ´ëºÎºÐ ""ÀÔ±ÝÇϽŠ´ÙÀ½³¯"" ¹ÞÀ¸½Ê´Ï´Ù. (24½Ã°£À̳») >>-°¡ °Ý-<< °¡°ÝÀº º°µµ Ç¥½ÃµÈ Á¦Ç°À» Á¦¿ÜÇÏ°í´Â ¸ðµÎ 1¸¸ 5õ¿øÀ¸·Î °è»ê ÇÏ½Ã¸é µË´Ï´Ù. Åùèºñ´Â 5õ¿øº°µµ . (5¸¸¿øÀÌ»ó½Ã Åùèºñ¹«·á) (ÇѲ¨¹ø¿¡ 5Àå ±¸ÀԽà ¾ßµ¿1Àå ´õ ¼±Åð¡´É!) >>-¸ñ·Ï±¸¼º¾È³»-<< ´ÙÀ½°ú °°Àº ¼ø¼­·Î ±¸¼ºµÇ¾îÀÖ½À´Ï´Ù. ========================================================= 1 - * ÃֽŠ¾÷µ¥ÀÌÆ® ¸®½ºÆ® * -ÃÖ±Ù ¾÷µÈ ºÎºÐÀÔ´Ï´Ù. 2 - * ¸ÞÀθ®½ºÆ® * - Á¦ ¸®½ºÆ®ÀÇ Àüü¸ñ·ÏÀÔ´Ï´Ù. Àüü¸ñ·ÏÀº ´ÙÀ½°ú °°Àº ¼ø¼­·Î ±¸¼ºµÇ¾îÀÖ½À´Ï´Ù. O - ¿î¿µÃ¼Á¦,Norton(¹ÙÀÌ·¯½º...) W - »ç¹«¿ë ¿ÀÇǽº,¿öµå,ÀüÀÚÃâÆÇ,¹®ÀÚÀνÄ(OCR) N - ³×Æ®¿öÅ©,DB°ü·Ã L - ·©±ÍÁö,ÇÁ·Î±×·¡¹Ö Åø C - ijµå.°ÇÃà.±â°è¼³°è.ÀüÀÚ.GIS°ü·Ã S - ¼öÇÐ,Åë°è°ü·Ã G - ±×·¡ÇÈ °ü·Ã(¸Æ½º,Æ÷Åä¼¥,ÇÁ¸®¹Ì¾îµî,,,) T - ¸ÖƼ¹Ìµð¾î,À¥,ȨÆäÀÌÁö,Photo¾Ù¹üÁ¦ÀÛ J - ±âŸ(À½¾Ç,·¹ÄÚµù,ÇØÅ·,µîµî) E - ÇнÀ,±³À°¿ë(¹é°ú,¹ø¿ª,¹ÙµÏ,ƯÈ÷ »ó¾÷¿ëµµ,,,,) D - ÀÇÇаü·Ã X - Çѱ¹ÀÇ ¼ºÀο뵿¿µ»ó (¹é¾ç, ÁøÁÖÈñ µî) Y - ÀϺ»ÀÇ ¼ºÀÎ¿ë µ¿¿µ»ó ( °¡Á¤±³»ç µî) Z - ¼­¾çÀÇ ¼ºÀÎ¿ë µ¿¿µ»ó (¹é¼³°øÁÖ µî..) R- ·Î¸®Å¸ ¹× ±âŸ ¿±±âµ¿¿µ»ó ¸ðÀ½... ============================================================ **¿ë·®°ü°è·Î Àüü ŸÀÌƲÀÇ ¼¼¼¼ÇÑ ¼³¸íÀ» ½ÆÁö ¸øÇÑÁ¡ ¾çÇØ ¹Ù¶ø´Ï´Ù. Á¦°¡°¡Áø ŸÀÌƲÀÇ ´ëºÎºÐÀÇ Á¦¸ñÀ» ½Ç¾úÀ¾´Ï´Ù. ¿ì¼± Á¦¸ñÀ¸·Î ã¾Æº¸½Ã°í, ¼¼¼¼ÇÑ ¼³¸íÀÌ ÇÊ¿äÇϽźеéÀº Á¦ ÀÓ½ÃȨÆäÀÌÁö¸¦ ¹æ¹®Çϼż­ È®ÀÎÇÏ½Ã¸é µË´Ï´Ù.** Àӽà ȨÆäÀÌÁö´Â http://rH3Fh1.dA.rU http://rH3Fh1.cE.rO http://rH3Fh1.kA.kY ÀÔ´Ï´Ù. ÀÓ½ÃȨÆäÀÌÁö Àå¾Ö½Ã ÀüÈ­ÁÖ½Ã¸é ¸ÞÀÎȨÆäÀÌÁö¸¦ ¾Ë·Áµå¸³´Ï´Ù. <ÀüÈ­»óÀ¸·Î ÇÊ¿äÇÏ½Å°É Á÷Á¢ ¹®ÀÇÇϼŵµ µË´Ï´Ù.> //////////////////////////////////////////////////////// 5¿ù ¾÷µ¥ÀÌÆ® ¸®½ºÆ® //////////////////////////////////////////////////////// * ¸ÞÀθ®½ºÆ®´Â ¾÷¸®½ºÆ®ÀÇ ´ÙÀ½¿¡ À̾îÁý´Ï´Ù. ¿î¿µÃ¼Á¦,À¯Æ¿ ¾÷µ¥ÀÌÆ® ====================== O-009¹Ù¢Ã MS Windows 2000 Datacenter Server -2¸¸¿ø - À©µµ¿ì 2000 °è¿­ÀÔ´Ï´Ù. O-011¶ó¢Ã MS Windows XP Home Edition(ÇÑ) -2¸¸¿ø È®½ÇÈ÷ Ȩ¿¡µð¼Ç ÀÔ´Ï´Ù-½ÃÀÛÈ­¸é¿¡¼­ºÎÅÍ ´Ù¸§! O-011¸¶¢Ã MS Windows XP ADVANCED SERVER -3¸¸¿ø O-011¹Ù¢Ã MS Windows XP DATACENTER SERVER -3¸¸¿ø O-054¢Ã Lindows(¸°µµ¿ì) Linux ¿Í Windows¸¦ ÇÕÇß´Ù³ª¿ä..? ¸¶ÀÌÅ©·Î¿Í ¹ýÁ¤¼Ò¼Û±îÁö ¹úÀÌ´Â ¸°µµ¿ì ÀÔ´Ï´Ù. O-055¢Ã Microsoft Windows .NET Enterprise Server ´å³Ý ¿£ÅÍÇÁ¶óÀÌÁî ¼­¹öÀÔ´Ï´Ù. 3¸¸¿ø O-056¢Ã FINAL DATA for NT AND 9X.ISO Æ÷¸Ë½ÃŲ µ¥ÀÌÅͱîÁöµµ º¹±¸ÇØÁÝ´Ï´Ù. »ç¹«¿ë,¿ÀÇǽº,OCR°ü·Ã ¾÷µ¥ÀÌÆ® ====== W-047¢Ã BYVOICE (¹ÙÀ̺¸À̽º) professional (ÇѱÛÆÇ) -2¸¸¿ø º¸À̽º to ÅؽºÆ® ÀÇ Å¹¿ùÇÑ ÇÁ·Î±×·¥ Çѱ۷Π¸»À»Çϸé, ÄÄÇ»Å͸¦ Á¦¾îÇÏ°í ÅؽºÆ®·Î ÃÄÁÝ´Ï´Ù. ŸÀÚÄ¡±â ½ÈÀ¸½ÅºÐµéÀ» À§ÇÑ Èñ¼Ò½Ä!! W-051¢Ã FONT CD 2CD 3¸¸¿ø ¾¾µðµÎÀå¿¡ ²ËÂ÷´Â ºÐ·®ÀÇ ¾öû³­ ÆùÆ®¸¦ ¸ð¾Ò½À´Ï´Ù. À̸§ µé¾îº»µíÇÑ °Ç ¸ðµÎ ÀÖ½À´Ï´Ù. W-048¢Ã Crazytalk v2.51 (std+web,txt¸¦ ¸ñ¼Ò¸®·Î!) 2¸¸¿ø ÅؽºÆ®·Î Ä¡¸é È­¸é»óÀÇ ÁÖÀΰø(»ç¶÷ µ¿¹°)µéÀÌ ÀÔÀ»¹ú·Á ¸»ÇØÁÝ´Ï´Ù. TTS °è¿­ÀÇ Àç¹ÌÀÖ´Â ÇÁ·Î±×·¥, ¸»ÇÏ´Â ÁÖÀΰøÀÇ Ç¥Á¤±îÁö ÆíÁý°¡´ÉÇÕ´Ï´Ù. ÇÁ·Î±×·¡¹Ö °ü·Ã ¾÷µ¥ÀÌÆ® ============ L-004Â÷¢Ã Borland C++ Builder 6.0 Enterprise Edition Full -5CD 5¸¸¿ø CD1: Main Application (Borland C++ Builder 6 Enterprise Edition) CD2: Main Application (Borland C++ Builder 6 Enterprise Edition) CD3: Enterprise server: Web Edition, VisiBroker Edition,AppServer Edition. CD4: e-Learning - RADical web services for the e-business CD5: C++ Builder Companion tools (which contains add-on libs by 3rd party etc). L-024¶ó¢Ã Powerbuilder 8 -2¸¸¿ø L-020»ç¢Ã MS Visual Studio .NET ÇÑ±Û 7CD Full -7¸¸¿ø (ÃÖ°í¹öÀü ¾ÆÅ°ÅØÃÄ_ ¾ØÅÍÇÁ¶óÀÌÁî ¹öÀüÀÔ´Ï´Ù A_D ¾Æ´Ô!) L-035¢Ã Compaq Visual Fortran Professional v6.5.0 -2¸¸¿ø L-036¢Ã Rational Rose 2001 for win -2¸¸¿ø ºñÁÖ¾ó ¸ðµ¨¸µ UML °ü·Ã L-037¢Ã IDA pro 4.17 -2¸¸¿ø ÀÎÅ;×Ƽºê µð½º¾î¼Àºí·¯ÀÔ´Ï´Ù. L-020¾Æ¢Ã MSDN (JANUARY) 1¿ù 3CD 3¸¸¿ø ³×Æ®¿öÅ©°ü·Ã ¾÷µ¥ÀÌÆ® ============== N-029³ª¢Ã Borland Kylix Server Developer 2.0 For Linux -2¸¸¿ø N-033¢Ã David 6.6 m -3¸¸¿ø - Unified Messaging Software ¼¼°èÀûÀ¸·Î À¯¸íÇÑ ¸Þ½Ã¡ ³×Æ®¿öÅ© ¼Ö·ç¼Ç (Æѽº À̸ÞÀÏµî ¸ðµçÁ¾·ùÀÇ ¸Þ½Ã¡) N-034¢Ã CheckPoint 2000 Enterprise Suite SP -3¸¸¿ø ¹æÈ­º® °èÅë¿¡¼­´Â À¯¸íÇÑ È¸»çÁÒ. ijµå°ü·Ã ¾÷µ¥ÀÌÆ® ================= C-144¢Ã E-CAD Pro (c)AMS 2¸¸¿ø ÀÛÁö¸¸ °­·ÂÇÏ°í °£ÆíÇÑ PCB °ü·Ã ijµåÇÁ·Î±×·¥ÀÔ´Ï´Ù. C-142³ª¢Ã AutoDesk Building Mechanical V1.0 for Architectural Desktop -3¸¸¿ø C-145¢Ã ARTcam pro v5.104 (C)Delcam -3¸¸¿ø C-146¢Ã TEBIS CAD/CAM v3.1 R11 3¸¸¿ø NT sp5/2000 À̻󿡼­ ½ÇÇàµË´Ï´Ù. 1024-1280 ¸ð´ÏÅÍ Çʼö. C-147¢Ã WaterCAD.v4.5 ¼ö(À¯)·® ºÐ¼®CAD/µðÀÚÀÎ/¸ðµ¨¸µ°ü·Ã CAD -3¸¸¿ø C-148¢Ã GS MESHER V2002 R1 (c) MSC -5¸¸¿ø 3¸¸ºÒÂ¥¸® µ¶¸³Çü meshing tool ÇÁ·Î±×·¥ÀÔ´Ï´Ù. C-109´Ù¢Ã ArcGIS DeskTop V8.1.2 (c)ESRI 3CD -6¸¸¿ø CD1 - ArcGIS Desktop 8.1.2 for NT/2K/XP CD2 - Crystal Decisions Crystal Reports Version 8.5 for ESRI CD3 - ArcGIS Digital Books and Sample Maps C-073¶ó¢Ã MDT 6.0 ÇÑ±Û -2CD 5¸¸¿ø C-053³ª¢Ã FloorPlan v6.15 3¸¸¿ø º®Ã¼ ¼³°è °ü·Ã Åø C-002¸¶¢Ã ansys.6.0 10¸¸¿ø C-003³ª¢Ã Ansys Designspace 6.01 TFL.rar 3¸¸¿ø ¼³°èÀÚ¸¦ À§ÇÑ À¯ÇÑ¿ä¼Ò Çؼ® ÇÁ·Î±×·¥ C-019¶ó¢Ã Autodesk AutoSketch R8 2¸¸¿ø G-072¶ó¢Ã avid softimage xsi v2.1 3CD 10¸¸¿ø - ¼ÒÇÁÆ®À̹ÌÁö XSI ÀÇ »õ·Î¿î ¹öÀü 2.1ÀÇ Ç®¹öÀüÀÔ´Ï´Ù. C-109³ª¢Ã ArcView v8.1 ESRI 2CD 4¸¸¿ø ³Ê¹«³ª À¯¸íÇÑ µ¥½ºÅ©Å¾ GIS & ¸ÅÇÎ ¼ÒÇÁÆ®¿þ¾î C-076³ª¢Ã microstation v8 -5¸¸¿ø - ¿£Áö´Ï¾î¸µ µðÀÚÀÎ ¼Ö·ç¼ÇÀÔ´Ï´Ù. À©xp,98,me,nt4,2000 Áö¿ø 128·¥ÇÊ¿ä C-092´Ù¢Ã Rhino V 2.0 -3¸¸¿ø - ¸®³ë 3D ¹öÀü 2 ÀÔ´Ï´Ù. C-041´Ù¢Ã Cimatron (½Ã¸¶Æ®·Ð) v12 15¸¸¿ø È®½ÇÈ÷ ½ÇÇàµÇ°í ( ncµ¥ÀÌŸ ³ª¿È), º°µµ·Î ±¸ÀÔÇϼžßÇÏ´Â Æ÷½ºÆ® ÇÁ·Î¼¼¼­µµ Æ÷ÇÔ,¿Ïº® ½ÇÇà C-072»ç¢Ã Mastercam v9.0 -10¸¸¿ø C-137¢Ã Multisim Pro 2001 Electronic WorkBench -3¸¸¿ø -circuit µðÀÚÀÎ ÅøÀÔ´Ï´Ù. C-138¢Ã FME suite 2001 -3¸¸¿ø ¿©¼¸°³ÀÇ ¸ðµâ·Î ±¸¼ºµÇ¾î ¿Ïº®ÇÑ µ¥ÀÌŸ ¾ï¼¼½º¸¦ Á¦°øÇÏ´Â ¼Ö·ç¼Ç FME/Universal Translator FME/Universal Viewer FME/Workbench FME/Themes for ArcView FME/Plug-in Builder API FME/Objects API C-139¢Ã SilverScreen Solid Modeler v6.92 3¸¸¿ø -°ÇÃà,¿£Áö´Ï¾î¸µ °ü·Ã ijµå (¸³ÀÌÁö¸¸ È®½Ç½ÇÇà!) C-140¢Ã Surfacer v10.5 3¸¸¿ø - Imageware(tm) Surfacer for NT/2K °­·ÂÇÏ°í Á÷°üÀûÀÎ surface creation Åø. C-141¢Ã CADIAN 2002(ÇѱÛ) Professional 3¸¸¿ø ÇѱÛijµå ijµð¾È 2002 ÀÔ´Ï´Ù. C-142¢Ã Autodesk Building Electrical V1.0 3¸¸¿ø Àü±â ±â»ç¿¡°Ô 2D ¹× 3D »ý»ê¼º µµ±¸¸¦ Á¦°øÇÏ´Â »õ °Ç¹° ½Ã½ºÅÛ Á¦Ç°. Àü±â¹è¼± µµ¸éÈ­... C-143¢Ã CAD Exceed 6.2 3D (3D °ü·Ã ijµåÀÓ. x½á¹ö¾Æ´Ô) -3¸¸¿ø ±×·¡ÇÈ°ü·Ã ¾÷µ¥ÀÌÆ® ================ G-014¶ó¢Ã Adobe After Effects 5.5 Production Bundle 2¸¸¿ø ¾îµµºñÀÇ ¸ÖƼ¹Ìµð¾î-À¥ ÅëÇÕ¼Ö·ç¼ÇÆÐÅ°ÁöÀÔ´Ï´Ù. ½ºÅÄ´Ùµå ¹öÀüº¸´Ù, ¿ÀÈ÷·Á »óÀ§ÀÇ ÇÁ·Î´ö¼Ç ¹øµé ¹öÀüÀÔ´Ï´Ù. G-091¢Ã Adobe Atmosphere 1.0 °¡»ó 3D À¥ÆíÁý °ü·Ã G-034¸¶¢Ã Corel Draw 9.0 (ÇѱÛ) -3CD 3¸¸¿ø - ´©¶ôµÇ¾ú´ø°Í ¿Ã¸³´Ï´Ù. G-021¸¶¢Ã Adobe Premiere 6 2CD 3¸¸¿ø G-093¢Ã Macromedia Extreme 3D v2 2¸¸¿ø ¸¶Å©·Î¸Þµð¾ÆÀÇ 3D ±×·¡ÇÈ°ú ¸ÖƼ¹Ìµð¾î °ü·Ã ÇÁ·Î±×·¥ G-092¢Ã Adobe LiveMotion v2.0 2¸¸¿ø ¾îµµºñÀÇ À¥ÀúÀÛ°ü·Ã ÇÁ·Î±×·¥ ¶óÀ̺ê¸ð¼Ç G-094¢Ã Corel Knockout 2 2¸¸¿ø °¡Àå ºü¸£°í Á¤È®ÇÑ ¸¶½ºÅ© Å×Å©´ÐÀ» º¸¿©ÁÝ´Ï´Ù. G-020¾Æ¢Ã Adobe PhotoShop 7.0 -2¸¸¿ø G-055»ç¢Ã Maya Unlimited 4.01 for linux 2¸¸¿ø S-003´Ù¢Ã Mathematica v4.1 -2¸¸¿ø ¸Å½º¸ÅƼī 4.1 ÀÔ´Ï´Ù. S-010¢Ã Origin 6.0 ¸ÖƼ¹Ìµð¾î , À¥ °ü·Ã ¾÷µ¥ÀÌÆ® ========== T-002´Ù¢Ã Adobe Golive v6.0 2¸¸¿ø ¾îµµºñÀÇ À¥ÀúÀÛ°ü·Ã ÇÁ·Î±×·¥ °í¶óÀ̺ê. T-024¸¶¢Ã Macromedia Flash MX 6 (¼ö¹é¸Þ°¡ Ç®¹öÀü!) 3¸¸¿ø T-056¢Ã Avid Xpress DV v3 3¸¸¿ø °­·ÂÇÑ ¿Àµð¿À ºñµð¿À DV ÆíÁý Åø T-035¹Ù¢Ã MS Visio Professional 2002 SR1 2¸¸¿ø T-026¶ó¢Ã Ulead Vedio studio 5.0 DVD Edition -2¸¸¿ø À¯¸®µå ºñµð¿À ½ºÆ©µð¿ÀÀÔ´Ï´Ù. T-057¢Ã Swish 2.0 (Flash ÅøÀÔ´Ï´Ù.) 2¸¸¿ø ±âŸ °ü·Ã ¾÷µ¥ÀÌÆ® ================== J-016¢Ã MUSICBOX ¹ÂÁ÷¹Ú½º -2CD 3¸¸¿ø J-017¢Ã LucasFilm Sound Effects Library (6CD¸¦ 2Àå¿¡ ¸ðµÎ ´ãÀ½!) 2CD -3¸¸¿ø ¹æ´ëÇÑ ºÐ·®ÀÇ »ç¿îµå È¿°ú ¼Ò½º µð½ºÅ©ÀÔ´Ï´Ù. J-018¢Ã Native instruments Reactor v3.2 -2¸¸¿ø ¼¼°èÀûÀÎ »ç¿îµå ½Åµð»çÀÌ¡ ¼ÒÇÁÆ®¿þ¾î J-034¶ó¢Ã Nero 5.5.7.8 J-003³ª¢Ã Cakewalk Home Studio 2002 10.0.2 -2¸¸¿ø ±³À°, ·¹Àú, ÇнÀ¿ë °ü·Ã ¾÷µ¥ÀÌÆ® ================ E-001³ª¢Ã Microsoft Autoroute 2002 Europe 2CD -3¸¸¿ø Áöµµ°ü·ÃÀÔ´Ï´Ù. À¯·´¿©ÇàÇϽǺÐÀº Çʼö¶ó³×¿ä. E-110¢Ã SYSTRAN Professional PREMIUM ¹ø¿ªÇÁ·Î±×·¥ -2¸¸¿ø ¼¼°èÀûÀÎ ¹ø¿ªÇÁ·Î±×·¥. ¿µ,µ¶,ÀÌ,ºÒ,½º ¾ð¾î¸¦ »óÈ£¹ø¿ª ÇØÁÝ´Ï´Ù. Àü°øÀÚ´Ôµé µ¶¾î ¿ø¹®À» ¿µ¾î·Î ÀüȯÇÑÈÄ ¿µÇѹø¿ª ÇÁ·Î±×·¥À¸·Î ¹ø¿ªÇϽøé ÁÁÀ»µí ½Í½À´Ï´Ù. E-066¢Ã Bonito RadioCom 5.1 ÇÜÀåºñ(¶óµð¿À)¸¦ ÄÄÇ»ÅÍ¿¡¼­ ÅëÁ¦ÇÏ´Â ¹«¼±(ÇÜ)°ü·Ã ÇÁ·Î±×·¥ E-286¢Ã MyBible 301 (¼º°æÀü¼­ÀÔ´Ï´Ù ) ============ ¼ºÀÎ µ¿¿µ»ó ŸÀÌƲ ÀÔ´Ï´Ù. ==================== ¿±±â, ƯÀÌÇÑ µ¿¿µ»ó °ü·Ã¾÷µ¥ÀÌÆ® ================================ R-006¢Ã ·Î¸®Å¸ 0401 µ¿³²¾Æ,¼­¾ç Æ丣Áî - ¾î¸° ¼­¾ç ¼Ò³àÀÔ´Ï´Ù. µ¿³²¾Æ 15¼¼ - °í°ÍÂü ¹«Áö ½Ã²ô·´±º¿©..ÀϺ»³ÑÀÌ ÇѸ¶µðÇÏ¸é ¿©·¯¸¶µð ÇÕ´Ï´Ù. R-007¢Ã ·Î¸®Å¸ 0402 ºòÅ°,È­Àå½Ç vicky-anal À̹ø¿£ ª°Ô ¸Ó¸®ÀÚ¸£°í ÇÕ´Ï´Ù.. ÈÄÀå¿¡.. µé¾î°¡´Â°Ô ¿ëÇϱº¿©.. È­Àå½ÇÀÇ ¼Ò³à - È­Àå½Ç ÀÇ ¼­¾ç Çлýµé... R-008¢Ã ·Î¸®Å¸ 0403 ÁßÇлý,½ºÆ®¸³¼¿Ä« ÁßÇлý ÀϺ» ÁßÇлý ·Î¸®Å¸ ÀÔ´Ï´Ù. Áß2Á¤µµ? ÀÏ´Ü ¹°°í ½ÃÀÛÇؼ­ ³ªÁß¿¡ ¹­¾î³õ°í ¸éµµ¿¡ ¾Æ³¯±îÁö.... ÷¿£ ±³º¹ Ä¡¸¶¸¸ µéÃß°í Çعö¸®´Â ±º¿ä..^^ÁÁ½À´Ï´Ù. ½ºÆ®¸³¼¿Ä« Àڱ⠳²ÀÚÄ£±¸¾Õ¿¡¼­ ¸ÚÁö°Ô ½ºÆ®¸³ÇÏ´Â ¼­¾ç ¼Ò³à.. Z-2011¢Ã SM¸ðÀ½CD 0401 Woman gets a torture °æÀÌÀûÀÎ ¿©ÀÚ±º¿ä.. ÃÐ³ó ¶³¾î¶ß¸®±â, ¸»Ã¤ÂïÀ¸·Î ¶§¸®±â,»¡·¡Áý°Ô·Î °Å±â^^ ¹°¸®±â ¹Ù´Ã·Î Â±â,¸·´ë±â·Î ¾¥½Ã±â.... ±×·¯¸é¼­ ¼Ò¸®¸¦ Áö¸¨´Ï´Ù..¿ì~ RigEast ÇϳàµéÀ» ¸ð¾Æ³õ°í ¹úÀ» ÁÖ´Â À̾߱âÀÔ´Ï´Ù. ü¹ú½Ç¿¡¼­ ÀÇÀÚ¿Í ±âµÕ¿¡ Á¤¸»·Î ¶§·Á¼­ ÇǸÛÀÌ µé¶§±îÁö ¶§¸®´Â ±º¿ä. Z-2012¢Ã SM¸ðÀ½CD 0402 Emsis ³²ÀÚ¸¦ ÇüƲ¿¡ ¹­°í äÂïÀ¸·Î Æаí..À½ °Å±â¿¡ »¡·¡Áý°Ô¸¦.. ½ÉÇÑ ÆÐƼ½¬´Â ¾Æ´ÏÁö¸¸ º¼¸¸Çϳ׿ä. spanking pedding and caned ¿ì¸®¸»·Î´Â Æø·Â°¡Á¤ Âë Çؾ߰ڳ׿ä.. ^^ ¹«¸­¿¡ ¿Ã·Á³õ°í º¼±â¸¦ ¶§¸®´Â Àå¸é ÀÌ ¸¹ÀÌ ³ª¿É´Ï´Ù. ¿©·¯°¡Áö ¸Å·Î ´Ù¾çÇÏ°Ô Æд±º¿ä.. Çѱ¹ µ¿¿µ»ó ¾÷µ¥ÀÌÆ® ===================== X-055¢Ã ¸ðµ¨¸ôÄ« , °¡¸é¸Ç(»ß¿¡·Î) ¸ðµ¨¸ôÄ«- ²Ï ¾Ë·ÁÁø ¸ðµ¨À̶ø´Ï´Ù. ¼ÓĪ P¾çÀÌÁÒ.. ±ô±ôÇѵ¥¼­, ¹àÀºµ¥¼­.. ¾ÖÀΰú Çϴ±º¿ä. ½ºÅÄµå ¾²·¯Áö°í.. ³­¸®³³´Ï´Ù.. ^^ °¡¸é¸Ç(»ß¿¡·Î) ³²ÀÚ°¡ °¡¸éÀ»¾²°í ¿©ÀÚ¿Í ÇÕ´Ï´Ù...ÀßÂï¾ú³×¿ä. X-056¢Ã ´Ù¹æ·¹Áö/¼úº´³Ö±â/¹æ¹èµ¿¸ôÄ« ´Ù¹æ·¹Áö - ¹è´Þ¿Â ´Ù¹æ·¹Áö¸¦ ¾ó¸¶¹Þ³Ä°í ²¿¼Å¼­... °á±¹ ½Ñ°ª¿¡ Âï¾î¹ö¸®´Â ¹«¼­¿î ³Ê¹Ì ³ª¿É´Ï´Ù. °¡·ÃÇÑ ·¹Áö... ¾à°£ ¸Ö¸®¼­ ÀâÀº ¼¿Ä«ÀÔ´Ï´Ù. Áß°£¿¡ ¼úº´À¸·Î ¾¥½Ã´Â±º¿©. ^^ + ¹æ¹èµ¿ ¸ðÅÚ ¸ôÄ«(1½Ã°£) DIVX µ¿¾ç ¾÷µ¥ÀÌÆ® ================ Y-140¢Ã ¿øÁ¶±³Á¦(±×·ì) 3¸íÀÇ ¼Ò³àµé°ú µ¿½Ã¿¡ ÇÑ Ä§´ë¿¡¼­ ¿øÁ¶±³Á¦¸¦ ÇÏ´Â ³Ñ! Á¤¸» Á×ÀÌ°í ½Í°Ô ºÎ·´±º¿©... ¼¿ÇÁÄ«¸Þ¶ó ÀÔ´Ï´Ù. Y-141¢Ã ¼º°í¹® µîÀåÀι°- °³¸ñ°ÉÀÌ,Ãгó,º×,ÄÅ,Ȥ´Þ¸° ÀÎÁ¶¹°°Ç^^,Ä¿´Ù¶õÁøµ¿±â ¹­´Â ÀÇÀÚ. ÄÅ¿¡ ¹» ¸ðÀ»±î¿ä..? ^^ Y-142¢Ã Big Boob Whores "Å« Á¥ÆÃÀÌÀÇ Å¸¶ôÇÑ ¿©ÀÚ ^^ " ½Ã¸®Áî 1 ÀÔ´Ï´Ù. »ç¹«¶óÀÌ¿¡¼­ Á¦ÀÛÇÑ °Ì´Ï´Ù. ¹¦ÇÏ°Ô ±Í¿©¿î ¼¼¸íÀÇ °¡½¿Å« ¿©ÀÚ¸¦ Â÷·Ê·Î µû¸Ô´Â °Ì´Ï´Ù. ^^ °¡½¿Å« ¿©ÀÚ´Â ¿ôÀ½ÀÌ ÇìÇÁ´Ù´øµ¥ °ú¿¬ ±×·¸±º¿ä.. Y-143¢Ã ÁֺΠÁ¦¸ñ¾øÀ½. ÁֺεéÀ» »ó´ë·Î ÀÎÅͺäÇѵڿ¡ µû¸Ô´Â ¾ÆÁÖ Æ¯ÀÌÇÑ °ÍµéÀ̳׿ä. »ç¹«¶óÀÌ Á¦ÀÛ. ÀþÀº°Íµé°ú´Â ´Ù¸¥ »ö´Ù¸§ÀÌ ÀÖ½À´Ï´Ù.^^ Y-144¢Ã ¹Ì³à BIJIN (¸ðÀÚÀÌÅ©) Âü½ÅÇÑ Çпø¹°ÀÔ´Ï´Ù. Çб³Á¾ÀÌ ¿ï¸®¸é¼­ ½ÃÀÛÇϴµ¥ ±Í¿©¿î ±³º¹ÀÇ ÁÖÀΰøÀÌ Çб³¼ºÀû¶§¹®¿¡ °í¹ÎÀ» ¹Þ½À´Ï´Ù. ±×·¡¼­ ƯÈÆÀ» ¹Þ´Âµ¥.. ¾çÈ£½Ç, üÀ°°ü, Àç½ÃÇèÀå¿¡¼­±îÁö.. ¸Í·ÄÇÑ^^ ƯÈÆÀ» ¹Þ½À´Ï´Ù. ¿¡¸®Ä« Å°¸®½Ã¸¶..¾ÆÁÖ ±Í¿±½¿´Ù. Y-145¢Ã ¾à¼Ó (¸ðÀÚÀÌÅ©) ¾ÆÁî¹ÌÄ«¿Í½Ã¾ÆÀÇ ¾à¼Ó ÀÔ´Ï´Ù. ¾ÆÁÖ ¿¹¼úÀûÀÎ.. Y-146¢Ã Fuck time! ³ª³ª¼¼ ŰŸÇ϶óÀÇ fuck time ÀÔ´Ï´Ù ¾ÕºÎºÐ¿¡ ¸ÚÁø °£È£»çÀÇ ½ºÆ®¸³ÀÌ º¸ÀÌ´Â ±º¿ä..ºÏ¼Ò¸®¿¡ ¸ÂÃç ¿ÊÀ» ¹þ¾îÀ糧´Ï´Ù. Y-147¢Ã 3 Days Sex ÀÜÀÜÇÑ À½¾ÇÀÌ È帣¸é¼­..Á¥²ÀÁö¿¡ ²ÜÀ» »Ñ¸®´Â Àå¸éÀ¸·Î ½ÃÀÛÇÏ³×¿ä µÎ³²ÀÚ°¡ ¸¶ÁÖ ½Ä»ç¸¦ Çϴµ¥ ½ÄŹ¹Ø¿¡ ¿©ÀÚ°¡ µÎ³²ÀÚÀÇ ¹°°ÇÀ» ¾ÆÁÖ Àß±ÙÀß±Ù... ^^ ¹äÀÌ ³Ñ¾î°¥±î¿ä..? ¾ÆÁÖ Á׿©ÁÝ´Ï´Ù. ¸ÞÀνºÅ丮´Â ¿©ÀÚÀÇ ¼¼¶óº¹ÀÇ µþÀÌ ¿«¾î °©´Ï´Ù.. <¿µ¹®ÀÚ¸·> Y-148¢Ã ¾ÆÄÉÈ÷²¿ °ËÁ¤¸ðÀÚÀÇ ¿ïÆ®¶ó û¼ø°¡·Ã¼Ò³à°¡ ÆĵµÄ¡´Â ¹Ù´Ù¸¦ °ÉÀºµÚ ÈçµéÀÇÀÚ¿¡ ¾É¾Æ â¹ÛÀÇ ¹Ù´Ù¸¦ º¾´Ï´Ù. ±×¸®°í..... ... ÀÚÀ§¸¦ Çϳ׿ä^^? ¹è¿ì°¡ Á׿©ÁÝ´Ï´Ù. Y-149¢Ã ڸ뿪Ϊ·ª¿ª¿ªê ¾Æ¸§´Ù¿î À°Ã¼ÀÇ ¹°¹æ¿ï À̶ó³×¿ä..? »êµî¼ºÀÌÀÇ ¿ÀÅä¹ÙÀÌÀ§¿¡¼­ ÀÚÀ§ÇÏ´ø ¿©ÀÚ¸¦ ³²ÀÚ°¡ µ¤Ä¨´Ï´Ù. À̾î Áý¿¡¼­µµ.... ¼öÁرÞÀÇ ¹Ì³à³×¿ä... Y-150¢Ã Real Fuckin Deal ³²ÀÚ³ðÀÌ ¼ÒÆÄ¿¡¼­ ¿©°í»ýÀ» ²¿½Ê´Ï´Ù. À̾îħ´ë¿¡¼­ ÀÏÀ» ¹úÀ̴µ¥ ¿©°í»ý.. Á׿©ÁÝ´Ï´Ù.!!! È÷Åä¹Ì À¯³¢¶ó³×¿ä.. À̾ üÀ°º¹À» ÀÔ°í Çб³¿¡°£ ¼Ò³à.. üÀ°±³»ç¿Í ¾ê±â¸¦ ³ª´©°í ..(¹º°¡ Âñ¸®´Âµí) ¿îµ¿±¸½Ç¿¡¼­ ÀÏÀ» ¹úÀÔ´Ï´Ù.. ¶ÜƲ°ÉÃĵÚÄ¡±â(?)°¡ ¾Ð±ÇÀÔ´Ï´Ù.. ÀÌ ÁöÁö¹è Á¤¸» Á׿©ÁÖ´Â ±º¿ä. Y-151¢Ã Àü±¹ ¼ºÀÎ ¿©¹è¿ì ±â´É´ëȸ ÀϺ»³»ÀÇ Çà»çÀΰ¡ º¾´Ï´Ù. üÀ°°ü¿¡ ¸ðÀÎ ¼ºÀιè¿ìµéÀÌ ¸ðµÎ ¹þÀºÃ¤·Î ÀÏÀ» ¹úÀÌ´Â °Ì´Ï´Ù. ¼ö½Ê¸íÀÌ ¹Ù±Û¹Ù±ÛÇϸç ÇØ´ë´Âµ¥ ¸Ó¸®°¡ º¹ÀâÇÒ Áö°æÀÔ´Ï´Ù. Á¤¹ß º¸±âµå¹® Çʸ§À̳׿ä.. ´Ù¹þ°í ±ÇÅõ±Û·¯ºê¸¸ ³¤ ¸ð½ÀµéÀÌ ¾ÆÁÖ ¼½½ÃÇÕ´Ï´Ù. Y-152¢Ã ¹Ì´Ï½ºÄ¿Æ® Ŭ·´ 9 (¸ðÀÚÀÌÅ©) ¾ÆÁÖ Æ¯ÀÌÇÑ Àå¼Ò¿Í ƯÀÌÇÑ °ÍµéÀÌ ³ª¿À´Â±º¿ä. °£È£»ç°¡ ¼¼¸é´ë À§¿¡¼­ ¼Òº¯º¸´Â Àå¸é°ú õÁ¤¿¡ ¸Å´Þ¸° ³²ÀÚ¸¦ »¡°£ ¼Ó¿ÊÀÇ ¿©ÀÚ°¡ ¾ÆÁÖ Å×Å©´ÏÄÃÇÏ°Ô µ¤Ä¡´Â Àå¸éÀÌ ¾ÆÁÖ ÁÁ½À´Ï´Ù. ³ª¿À´Â ¾Æ°¡¾¾ ¸ðµÎ À̻޴ϴÙ. Y-153¢Ã ±ÙÄ£»ó°£ V1 ¸ðÀÚÀÌÅ© »þ¿öÇÏ´Â ¾Æµé³ðÀÇ ¸öÀ» º¸´ø ºÎÀÎ ..±âºÐÀÌ ÀÌ»óÇØÁý´Ï´Ù. Àá½ÃÈÄ ÀâÁö¸¦ º¸¸ç ÀÚÀ§¸¦ ÇÏ´Â ¾ÆµéÀ» º» ºÎÀÎÀº ¸¶Ä§³» ±× °í¹ÎÀ» ÇØ°áÇØ Áִµ¥..... Y-154¢Ã Nurse Go!Go ( ¾ÆÀÚ! °£È£¿ø ) ¸ðÀÚÀÌÅ© ¹«Àð°Ô ±Í¿©¿î °£È£»ç°¡ ³ª¿É´Ï´Ù. ¾ÆÁÖ ¿±±âÀûÀ̱¸¿ä. ȯÀÚ¿¡°Ô, Àǻ翡°Ô, º´¿ø°÷°÷¿¡¼­ ´çÇÏ´Â ¿ì¸®ÀÇ ±Í¿©¿î °£È£»ç!! ¾öû ±Í¿±½À´Ï´Ù. ¹Ì³ë¸® ¾Æ¿ÀÀ̶ó´Â±º¿ä. ¸ðÀÚÀÌÅ©Áö¸¸ °­ÃßÇÒ¸¸ ÇÕ´Ï´Ù. °£È£»ç ¿Ê ÀÚ¸£±â, µÚ°¡ ÅÍÁø °£È£»çº¹±îÁö ³ª¿É´Ï´Ù. Y-155¢Ã äñÖ¥ü£ ¸ðÀÚÀÌÅ© ²ÉÀ» °í¸£´Â ¾Æ°¡¾¾¸¦ À¯½ÉÈ÷ º¸´ø Á߳ⳲÀÚ »ç¶÷À» ½ÃÄѼ­ ¿©ÀÚ¸¦ ³³Ä¡ÇÏ°í .. °­°£À» ÇÕ´Ï´Ù. ¾à±îÁö ½á°¡¸é¼­¿ä.. ¹­¾î³õ±âµµÇϱ¸ ÀÔ¿¡ °øÀ» ¹°¸®±âµµ Çϸ鼭 ¼­¼­È÷ ³ë¿¹·Î ¸¸µé¾î °©´Ï´Ù. Y-156¢Ã ¼Ò±¸¹Ì¾Ö 2 - À̹ø¿£ ²É¹«´Ì ¿øÇǽºÀÇ ¼Ò³à±º¿ä. Y-157¢Ã Asian Sex Retreat »ç¹«¶óÀÌÀÇ ¸íÀÛÀÌÁÒ. ¿Âõ°ú ¿­Â÷ ÀÚµ¿Â÷ ¿¡¼­ °¡¸®Áö ¾Ê°í ÇØ´ë´Â.. Áß°£ÀÇ Á¤·Â¼¾ ³ëÀγ׵µ °ü¶÷ Æ÷ÀÎÆ® ÀÔ´Ï´Ù. ƯÈ÷ ÈÄÀå¿¡ °ü½ÉÀ» º¸ÀÌ´Â... Y-158¢Ã ¿¤·¹º£ÀÌÅÍ°É ¿¹Àü ¼­ºñ½º¿¡ ÀϺΠ¼Ò°³ µÇ¾úÁÒ..? ¿¤·¹º£ÀÌÅÍ¿¡ °°ÀÎ ¿¤·¹º£ÀÌÅÍ °É°ú ¼Õ´Ô... °ÉÀº »ç¸íÀ» ÀØÁö ¾Ê°í ¿Ã·Áº¸³» ÁÖ´Â ±º¿ä. ¿ª½Ã ³¡±îÁö ·¹À̽º Àå°©À» ¹þÁö¾Ê´Â Á÷¾÷¿¡ ´ëÇÑ »ç¸í°¨À» º¸¿©ÁÝ´Ï´Ù. Y-159¢Ã ¿©±³»çÀÇ ¼º±³À° »ý¹°À» °¡¸£ÃÄÁÖ´ø ±³»ç.. Ä¥ÆÇ¿¡ ¾²´Â°Í ¸¸À¸·Î ¾Ë¾ÆµèÁö ¸øÇÏÀÚ Ä£ÀýÇÏ°Ô ¿ÊÀ» ¹þÀ¸¸é¼­ ¾Ë·ÁÁÝ´Ï´Ù. ¼Õ°¡¶ôÀ¸·Î ÀÏÀÏÀÌ Âï¾î°¡¸é¼­¿ä.. ±³¹«½Ç¿¡¼± µ¿·á ±³»çÀÇ ¸¶À½À» ´Þ·¡ÁÖ°í Ä£ÀýÇÏ°Ô °¡Á¤¹æ¹®Çؼ­±îÁö ¾Ë·ÁÁÖ´Â Èñ»ýÀûÀÎ ¿©±³»ç±º¿ä...^^ Y-160¢Ã °£È£»çÀÇ »ç»ýÈ° °£È£»çÀÇ »ç»ýÈ° ÀÔ´Ï´Ù. ÁÙÀÚ·Î ³²ÀÚ¹°°ÇÀ» Àç±âµµÇÏ°í ÀÇ·á±â±¸ ¼³¸íÀ» Çϱ⵵ ÇÕ´Ï´Ù. È­ÁúÀÌ º°·Î ÁÁÁö ¾Ê±º¿ä.. Y-161¢Ã ëÌÚÚìÈãÝ È¸»ç¿øµéÀÌ OL À» ³³Ä¡Çؼ­ ... ħ´ë¿¡ ¹­°í ´þÄ¡´Âµ¥ ÈÄÀå¿¡ ´ë´ÜÇÑ ÁýÂøÀ» º¸ÀÔ´Ï´Ù... ¿ÀÈ£.. ¸ðÀÚÀÌÅ©°¡ °ÅÀÇ Áö¿öÁ³½À´Ï´Ù. Âü½ÅÇÑ OL ¹° Y-162¢Ã ½ºÆÄÅ° À¯¸íÇÑ ½ºÆÄÅ° ÀÔ´Ï´Ù. ³ª°¡¼¼ °¡ ³ª¿À´Â.. ÀÎÅͺäÇϸ鼭 Åõ¸íÇÑ ÀÎÁ¶¹°°Ç ¾Õ¿¡¼­ Çظ¼¼¼ ¿ô³×¿ä^^ ½ÃÅ°´Âµ¥·Î ´ÙÇÏ´Â ¿ì¸®ÀÇ ¹Ì¼Ò³à.. À¸ÈÞ~ ±Í¿©¿î°Í.. Y-163¢Ã Nasty Asian Nurses °£È£¿ø ¹«ºñÀÇ ¼öÀÛ!! ¼ö¼ú½Ç¿¡¼­ ¹úÀÌ´Â ´õºí ±×·ì½Åµµ ±¦Âú±¸¿ä ¿©Àǻ簡 Á¤¾×»ùÇÃÀ» Á÷Á¢Ã¤Ãë(?) ÇÏ´Â ºÎºÐµµ ÁÁ½À´Ï´Ù. ÀÇ»ç¿Í º´¿ø¿Á»ó¿¡¼­ ¸ô·¡ ¹úÀÌ´Â Àå¸éµî º´¿ø·ù ¹«ºñÀÇ ¸ðµç°ÍÀ» º¸¿©ÁÖ´Â ¿ì¼öÀÛ. Y-164¢Ã SleazyBaby (Divx) ³²ÀÚ¼ÂÀÌÀÖ´Â »ç¹«½Ç¿¡ ÆĶõ¾ß±¸¸ðÀÚ¸¦ ¾´ ¾Æ°¡¾¾°¡ ã¾Æ¿É´Ï´Ù. Áï¼®¹è¿ì·Î ij½ºÆÃÇϴµíÀÌ »ç±â¸¦ Ä¡¸é¼­.. ´«°¡·Á³õ°í ¹Ù·Î ´Þ·Áµì´Ï´Ù. ³¡ºÎºÐÀÇ ¹­Àο©ÀÚ°¡ ¿ÀÁܽδ Àå¸éµµ..... Y-165¢Ã ¼ÒÀÎ (Divx) ¹Ì³à-»þ¿öÇÏ°í È­ÀåÀ» ¸¶Ä£¹Ì³à.. ³²Àڵѿ¡ÀÇÇØ ¹æ¿¡ ²ø·Áµé¾î°¡¼­ ¾öû´çÇϴ±º¿ä.. ¹åÁÙ·Î ²Ç²Ç¹­ÀδÙÀ½ Á¥²ÀÁö¿¡ »¡·¡Áý°Ô±îÁö ¹°¸°Ã¤·Î.... Èå¹Ì~ SMµµ º¼¸¸Çϱº¿ä. Y-166¢Ã Sex Starved Sluts 1 (Divx) Á¦¸ñ´ë·Î »ö¿¡ ±¾ÁÖ¸° µÎ¿©ÀÚ°¡ Â÷·Ê·Î ³ª¿É´Ï´Ù. °³ÀÎÀûÀ¸·Ð µÎ¹ø°°¡ ¶¯±â´Â ±º¿ä... ¹¦ÇÏ°Ô ±Í¿±³×¿ä.. 2ÆíÀº ¸®½ºÆ®¾ÕÂÊ¿¡ ÀÖ½À´Ï´Ù. Y-167¢Ã ³»Ãò·² (Divx) (¸ðÀÚÀÌÅ©) pure crystal heart and covered with semen body ÅÅ·±Æ® ±ÞÀÇ ¾ÆÁî¹Ì Ä«¿Í½Ã¸¶°¡ ³ª¿À´Â ¿µÈ­ÁÒ. Àẹ±Ù¹«ÁßÀÎ Çü»ç¿Í ¿¬¾ÖÇÏ´Â ³»¿ëÀÔ´Ï´Ù. À̻ڳ׿ä.. Y-168¢Ã Óæî» (Divx) ÁÁ½À´Ï´Ù. ƯÀÌÇÑÀå¸éÀÌ ¸¹³×¿ä. ´Ù´Ù¹Ì ±ò¸° ¿ìµ¿Áý¿¡¼­ ¼­ºñ½º·Î ÁÖ¹æÀåÀÌ ÇØÁÖ´Â Àå¸é°ú ÅÍÅ°ÅÁ¿¡¼­ ³²ÀÚ°¡ ¿©ÀÚ¸¦ ¾È¸¶ÇØÁÖ´Â Àå¸éÀÌ Àç¹ÌÀÖ½À´Ï´Ù. Y-2501¢Ã PINKY (ÇÎÅ°) 2CD ±ú¹°¾îÁÖ°í ½ÍÀº ¹Ì¼Ò³à ¸ðÂî´Ù ·á²¿°¡ Ã⿬ÇÑ ³¡³»ÁÖ´Â... ÇѸ¶µð·Î.. !! ¹«ÁöÇÏ°Ô ±Í¿±½À´Ï´Ù. ½Å¾Ö¶ó ºñ½´¹«·¹ÇÏ°Ô.. Çظ¼Àº ¾ó±¼·Î º°ÀÏ ´ÙÇÕ´Ï´Ù. Å×Å©´Ðµµ ±Í¿±°Ô ³¡³»ÁÖÁÒ. ¾ÕµÚ·Î µÎ³²ÀÚ µ¿½Ã¿¡ Çϱâ. ¹«¼ºÇÑ ÅÐ ¸éµµÇϱâ. ¼Òº¯º¸±â µîµî... ±×°Í ¸¶Àú ±Í¿±°Ô ÇÕ´Ï´Ù. ^^ ÃÊ°­Ãß! ¼­¾ç µ¿¿µ»ó ¾÷µ¥ÀÌÆ® ====================== Z-171¢Ã hawaii À̱¹ÀûÀÌ°í ȯ»óÀûÀÎ Çغ¯ÀÇ Á¤»ç.. ¿Ã¿©¸§ÀÇ ²ÞÀ» ¹Ì¸®º¸¼¼¿ä.. ²Ï³ª À¯¸íÇß´ø.. Z-172¢Ã sperem overdose »ø·¯µå À§¿¡ Á¤¾×À» »Ñ·Á¸Ô´Â ¹Ì³àµé... Á¤¾×ÆÄƼÀÔ´Ï´Ù. °°ÀÌ¸Ô°í ³ª´²¸Ô°í ÇӾƸ԰í.. µîµî... ¸¶±¸ »ïÄÑ´ð´Ï´Ù. Z-173¢Ã Sex In The Second Real ºÎµÎÀÇ ¹«´çÀÌ ³ª¿À³×¿©.... Z-174¢Ã Down The Hatch V6 ´Ù¿î´õ ÇØÄ¡ ½Ã¸®ÁîÀÇ 6ÆíÀÔ´Ï´Ù. Z-175¢Ã A Woman Scorned (DivX) ºñºñµå Á¦ÀÛ, ÃÖÁ¶½Ç¿¡¼­ µÎÇü»ç¿¡°Ô ÃÖÁ¶¹Þ´Â ³²ÀÚ... ±×ÀÇ ±â¾ï¼Ó¿¡¼­ ÆîÃÄÁö´Â ȯ»óÀÇ ±×·ì ÇϵåÄÚ¾î... È®½ÇÇÏÁÒ. Á¦¸ñ´ë·Î¸é ²Ã¸°´¤..^^ Z-176¢Ã Marionnette (DivX) ³»¿ëÀÌ ±â¹ßÇÕ´Ï´Ù. ÀÀÀÀÀÀ °ø¿¬À» º¸´ø ³ëÀÎÀÌ ÆÄ´Â ¹«´ëÀåÄ¡°¡ µÈ Á¶±×¸¸»óÀÚ .. ÃÄ´Ùº¸¸é ±× ¾ÈÀÇ ÀÎÇüÀÌ »ì¾Æ¼­ ¿òÁ÷ÀÔ´Ï´Ù. ..... ±âŸµîµî Á¤¸» ȯ»óÀûÀÎ ÇÁ¶û½º ¿µÈ­ ¾Èº¸½Ã¸é ÈÄȸÇÕ´Ï´Ù. Áß°£ÀÇ ¹ß·¹¸®³ª´Â .. Á¤¸» ¿¹¼úÀÌÁÒ... Z-177¢Ã Dirty Club (DivX) ÇÑ ¼úÁýÀÇ ¹ÙÅÙ¿¡¼­ ¹ú¾îÁö´Â... Z-178¢Ã Reife Damen, junge Manner (DivX) ¿µ¾î·Î´Â mature lady & young man ÀÔ´Ï´Ù. (ÇäÇä``) ³ªÀÌµç ¿©ÀÚ¿Í ÀþÀº ³²ÀÚµéÀÇ ±×·ì½ÅÀÔ´Ï´Ù. Âü ³ªÀ̸¸Å­ ÁøÇÏ°Ô Çϴ±º¿©. Z-179¢Ã Dirty Young Girls (DivX) Á¤¸» ÀþÀº ¿µÈ­±º¿©.. ÀúÅÿ¡¼­ ¿µ¸Ç°ú ¿µ¿ì¸ÕµéÀÌ ÆîÄ¡´Â Àå¸éµéÀä. miko lee ¶ó´Â µ¿¾çÀο©ÀÚ°¡ ³ª¿À´Âµ¥... ±¹ÀûÀÌ ¼ö»óÇϱº¿©...ÀÌ¿©ÀÚ°¡ ´Ù¸¥ ³²³à ÇÏ´Â °÷¿¡ ħ¹ß¶ó ÁÝ´Ï´Ù...^^ Z-180¢Ã Barely Legal 5 (DivX) Çã½½·¯Á¦ÀÛ Å¹¿ùÇÑ ¸ðµ¨µéÀÌ ³ª¿À´Â ÄÁÆ©¸®Ç³ÀÇ ±ò²ûÇÑ °Ì´Ï´Ù. À¯¸íÇÑ Çã½½·¯¿¡¼­ Á¦ÀÛÇؼ­ ±×·±Áö. Âü ¶¯±â´Â ±º¿ä ÇѹøÂë ²Þ²Ü¸¸ÇÑ Àå¸éÀÌ Á¾Á¾ ³ª¿É´Ï´Ù. Æ®·¢ÅÍÀ§ÀÇ Ä«¿ìº¸À̸ðÀÚ ¾´ ¿©ÀÚ°¡ ÇÏ´Â ºÎºÐÀÌ ¾ÆÁÖ ¼½½¬ÇÕ´Ï´Ù. Z-181¢Ã Maximum Perversum (DivX) Áö³ª¿ÍÀϵ尡 Ã⿬ÇÑ °Ì´Ï´Ù. ³×¸íÀÇ ³²ÀÚ°¡ ¸ð¿© ¼ºÀι°À» ¸¸µé¸é¼­ ½ÃÀÛÇÕ´Ï´Ù. Åбð´Â Àå¸é°ú ÈÄÀå¿¡ ¼ÕÀ» ¸ðµÎ Áý¾î³Ö´Â Àå¸éÀÌ Æ¯ÀÌÇÕ´Ï´Ù. ¿ª½Ã Áö³ª¿ÍÀÏµå ±º¿ä.. Z-182¢Ã ½ºÅ¸Å· ·¹Áîºñ¾ð(Lesbian Pantyhose) (DivX) ¿©·¯ ·¹Áî Ä¿ÇõéÀÌ ³ª¿É´Ï´Ù. ƯÈ÷ ½ºÅ¸Å·ÀÌ ¸ÚÁø..^^ Ã¥À» Àдٰ¡ ¿·¿¡¼­ Ã¥À» °í¸£´Â ¿©ÀÚÀÇ Ä¡¸¶¼ÓÀ¸·Î ¼ÕÀ» ½½¸ç½Ã ³Ö½À´Ï´Ù. ^^ Çã~ Áß¹ÝÀÇ ½ÖµÕÀÌ °°Àº ½ºÅ¸Å·¹Ì³àµéÀÌ ÇÏ´Â ºÎºÐÀÌ ¾ÆÁÖ Á׿©ÁÝ´Ï´Ù. Z-183¢Ã Los schluck runter (DivX) ¸Ö ¶³¾î¶ß¸°´Ù´Â°ÇÁö.... À½.. Á¤¾×ÆÄƼ·Î±º¿ä.. ¸ðµÎ ÀÔÀ¸·Î ¹Þ¾Æ ¸Ô½À´Ï´Ù. ÇѳÑÀÌµç ¿©·¯³ÑÀ̵ç.. ^^ ¿©ÀÚ¸¦ µÑ·¯½Î¼­ ½ÃÀÛÇÔ´Ù. ¸¶±¸ »ïÄÑ´ð´Ï´Ù.. Z-184¢Ã Operation Sex Siege (DivX) Ư¸í ¾î¼±¸ ÇÏ´õ´Ï ±ºÇÔ±îÁö ³ª¿É´Ï´Ù. ¹°·Ð ±×À§¿¡¼­µµ ÀÏÀ» ¹úÀÌ´Â ±º¿ä.. øº¸¹° ºñ½ÁÇÑ °Ì´Ï´Ù. ½ºÄÉÀÏÀÌ ±¦Âú±º¿ä. Z-185¢Ã ¼½ ½º ¼¦ (Sexshot) (DivX) ÇÁ¶óÀ̺ñÆ® ƯÀ¯ÀÇ °í±Þ½º·± ºÐÀ§±â°¡ ³ª¿À´Â±º¿ä ¿ª½Ã ¹Ì³à.. Áß°£ÀÇ ±×³×Ÿ±â Àå¸éµµ ÁÁ±¸¿© ¾ÆÁÖ ¾çÈ£ÇÕ´Ï´Ù. ¿ª½Ã ºø¼Ó¿¡¼­ ÇÏ´ÂÀå¸éÀÌ ¹é¹Ì±º¿©. Z-186¢Ã Lusty Teens 3 (DivX) 10´ë ¼Ò³àµé ¸ðÀ½ÁýÀÔ´Ï´Ù. Áß°£¿¡ ÁøÂ¥ ·Î¸®Å¸µµ »ì¦ º¸ÀÌ´Â ±º¿ä.. Z-187¢Ã She is my little fortune nookie (DivX) 1973³âÀÇ º£Æ®³²À» ¹è°æÀ¸·Î ÆîÃÄÁö´Â ÀüÀ￵ȭ±º¿ä º£Æ®³²ÀÇ ¼úÁý°ú ¸·»ç¸¦ ¿À°¡¸ç ÆîÃÄÁý´Ï´Ù. ¹°·Ð µ¿¾ç¹Ì³àµéµµ ³ª¿É´Ï´Ù. ^^ Z-188¢Ã Babysitter 4 episode (DivX) 4°¡Áö ¿¡ÇǼҵ尡 ÀÖ½À´Ï´Ù. 10´ë ºÐÀ§±âÀÇ ¼Ò³àµé.. ¾Öº¸´Â ¼Ò³à,°Å¸®ÀÇ ¼Ò³à, Áýº¸´Â¼Ò³àµî »ö´Ù¸¥ ¸ÀÀ» ÁÖ´Â °Ì´Ï´Ù. Á¤¸» ¾î¸°¼Ò³àµé °°½À´Ï´Ù. ³ªÀÌ°¡ ¾î¸®´Ï ºÐÀ§±â°¡ ¾ÆÁÖ µ¶Æ¯Çϳ׿ä. Z-189¢Ã dirty little sex brats 1 (Divx) °ñ¶§¸®´Â ±º¿ä.. È­Àå½Ç¿¡¼­ºÎÅÍ ¹ú¾îÁö´Â ¿±±â ÆÛ·¹À̵å.. ¿©ÀÚ°¡ ¹°°ÇÂ÷±¸ ³²ÀڰŽñ⸦ ¾¥¼Å´ë±¸.. ³ª¿À´Â ¾Öµé Á¤¸» È­·ÁÇÑ ¾×¼ÇÀ» º¸¿©Áִ±º¿ä.. ¾ÆÁÖ È­²öÇÑ ¿µ»óÀÔ´Ï´Ù. Z-190¢Ã µå¸²Äù½ºÆ® Dream Quest (Divx) ¾È°æ¾´¹Ì³àÀÇ Ä§½Ç¿¡ ³ªÅ¸³­ µÎ ÀÌ»óÇÑ ¿äÁ¤.. ±×³à¸¦ Áß¼¼ ¸¶¹ýÀÇ ¼¼°è·Î µ¥·Á°©´Ï´Ù. ±â»ç¿Í ¸¶¹ý»ç , ±«¹°µéÀÌ ³ª¿À´Â ¾ÆÁÖ ÀßµÈ ¿µÈ­³×¿ä ÁÁ½À´Ï´Ù.^^ Z-191¢Ã Á»ºñÀÇ º¹¼ö Revenge of the Gangbang Zombies (Divx) ¾à°£ ÄÚ¹ÍÇÑ.. Á»ºñ¿µÈ­ÁÒ.. ´ÙÅ¥¸àÅ͸®¸¦ º¸µíÀÌ Èæ¹éÀ¸·Î ½ÃÀÛÇÕ´Ï´Ù. UFO °¡ ¾È¿¡¼­ ÀÏÀ» ¹úÀÌ°í, ¿Ü°èÀεµ ÃâÇöÇÏ°í. Á»ºñµéÀÌ ´Ù½Ã »ì¾Æ³ª¼­ ³ª¿À±âµµÇÏ´Â ¾ß¸©ÇÑ ¿µÈ­³×¿ä.. ^^ Z-192¢Ã Teeny Exzesse (Divx) ¾ÆÁÖ ÈÇ·æÇÑ ¿µÃd´Ï´Ù.. ¾çº¹ÀÔÀº Áß³âÀÇ ¾ÆÀú¾¾°¡. 10´ë ¼Ò³àµéÀ» ´¯Çô³õ°í ¸éµµ¸¦ ÇØÁÖ°í.. ³î¾ÆÁÝ´Ï´Ù.. È­ÁúÁÁ°í ¾Öµé Á¤¸» ¾î¸®°í ±Í¿±±º¿ä.. 10´ëµéÀÇ ¹é¼­!! Z-193¢Ã Scarlet Fantasy (DivX) ºñºñµå»çÀÇ 1990³â Á¦ÀÛ °íÀüÀÔ´Ï´Ù. Z-2507¢Ã The Best Of Brianna Banks 2CD (DivX) ºê¶óÀ̾Ƴª ¹ðÅ©ÀÇ °ÉÀÛ¸ðÀ½ÁýÀÔ´Ï´Ù. ¿Ü±¹ ¸Å´Ï¾ÆµéÀÇ »ç¶ûÀ»¹Þ´Â.. ¿©·¯ÆíÀÇ ¿¢±â½º¸¸ ¸ðÀÎ.. ½ÈÁõ¾È³ª´Â °Ì´Ï´Ù. À½ - ´ë´ÜÇϱº¿©. Z-2508¢Ã Ultimate Guide To Anal Sex For Woman 2CD (DivX) ÀÌ¹Ì 1Àå Â¥¸®·Î ¼Ò°³µÈ ¾Æ³¯ÀÇ °ÉÀÛ ¾óƼ¹Ô°¡À̵åÅõ ¾Æ³¯ÀÇ 2ÀåÂ¥¸® Ç®¹öÀüÀÔ´Ï´Ù. Á¤¸» °ÉÀÛÀÌÁÒ Z-2509¢Ã Gold Bitches I 2CD (DivX) ÇÁ¶óÀ̺ñÆ®»ç¿¡¼­ ¾ß½ÉÂ÷°Ô ±âȹÇß´ø °ñµåºñÄ¡ 1ź 2Àå ÀÔ´Ï´Ù. ¿µ¾î°¡ ª¾Æ¼­ ³»¿ëÀº ¸ð¸£°ÚÁö¸¸ Á׿©Áشٴ °Ç ¾Ë°Ú±º¿ä. ¾ÆÁÖ ¸ÚÁý´Ï´Ù. ÁÖ·Î ÈÞ¾çÁö¿¡¼­ ÆîÃÄÁö´Â Ãʹ̳àµéÀÇ ¼î!! Z-2510¢Ã Superfuckers 11 2CD (DivX) ¿©·¯¸íÀÇ ¹Ì³àµéÀÌ ÀÎÅͺ並 ÇÏ°í ÇöÀåÀ¸·Î ÅõÀԵ˴ϴÙ. °¢°¢ÀÇ ÇöÀ帶´Ù ¿¡ÇǼҵåµéÀÌ ÀÖ±º¿ä..°¢°¢ÀÇ Àå¼Ò¿¡¼­ ÃÖ´ëÇÑÀ¸·Î ¼½½¬ÇÏ°Ô ÀÏÀ» ¹úÀ̴±º¿ä...Á¤¸» ½´ÆÛ½ÅÀεé.. Z-2511¢Ã Junge Debutantinnen 13 2CD (DivX) 13¸íÀÇ ÀþÀº ½ÅÀεéÀÌ ¿Àµð¼ÇÀ» ÅëÇØ µ¥ºßÇÏ´Â ½ÇȲÀ» ¸ð¾Æ³õÀº ±âȹÀÛÇ°ÀÔ´Ï´Ù. ¸ðµÎµé DzDzÇϱº¿ä ±×·ì, ¾Æ³¯ µî ¿©·¯°¡Áö·Î µ¥ºßÇÏ´Â ±º¿ä Z-2512¢Ã Best of Dru Berrymore 2CD (DivX) Á¤¸» µå·ùº£¸®¸ð¾îÀÎÁö..?^^ È­·ÁÇÑ ´ëÀÛÀÔ´Ï´Ù.¸ÚÁø Çغ¯º°Àå¿¡¼­ ±×¹° ¿øÇǽº¸¦ ÀÔ°í ½ÃÀÛÇϴ±º¿ä ¸®¹«ÁøÄ«¼½, Æ÷¸£½¦Ä«¼½ µî.. ¸éµµÀå¸éµî. ¾ÆÁÖ ±¦ÂúÀº °ÅÁÒ. Z-2513¢Ã Pure Anal 2CD ÇÁ¶óÀ̺ñÆ®»ç°¡Á¦ÀÛÇÑ ¾Æ³¯ÀÇ ¼öÀÛÀÔ´Ï´Ù. Á¤¸» ¹«´øÈ÷µµ ¾¥¼Å´ë´Â ±º¿©~ Z-2514¢Ã Castings 31 (divx) ÇÁ¶óÀ̺ñÆ®»çÀÇ »ý»ýÇÑ Ä³½ºÆà ±â·Ï. ±âȹǰÀÔ´Ï´Ù. ½ÅÀεéÄ¡°í´Â ³Ê¹« °ÅÄ¥°Ô ÁøÇÏ°Ô ÇØ´ë´Â ±º¿ä. ÀÎÅͺ信 À̾îÁö´Â ³î¶ó¿î º£µå½Åµé!! //////////////////////////////////////////////////////// ¸Þ ÀÎ ¸® ½º Æ® //////////////////////////////////////////////////////// * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. oooooooooooooooo ¿î¿µÃ¼Á¦, ¹ÙÀÌ·¯½º,³ëÅÏ... ooooooooooooooooooo O-001´Ù¢Ã BeOS 5.0 3¸¸¿ø O-002¢Ã Exceed(¿¢½Ãµå) 6.2 (c) Hummingbird (Á¤Ç°Ç®) O-002³ª¢Ã EXCEED 7.0 2¸¸¿ø O-003¢Ã ¿µ¹® MS Windows 98 O-003³ª¢Ã ¿µ¹® MS window98 SE O-004¢Ã ÇÑ±Û MS WINDOWS 98 Á¤½Ä (ÀϺ»,Áß±¹ ¸ðµÎµ¿ÀÏ) O-004³ª¢Ã ÇÑ±Û MS WINDOWS 98 Second Edition (FULL) O-005¢Ã Áß¹® MS Windows 98 2¸¸¿ø O-006¢Ã ÀϾîÆÇ MS Windows 98 2¸¸¿ø O-006³ª¢Ã ÀϾîÆÇ MS Windows 98 SE -2¸¸¿ø O-006´Ù¢Ã ÀϾîÆÇ MS Windows ME -2¸¸¿ø O-006¶ó¢Ã ÀϾîÆÇ MS Windows 2000 Professional 2¸¸¿ø O-007³ª¢Ã ÇÑ±Û MS À©µµ¿ì 98 SE(ÃÖÁ¾-Build 2222 )¿ë O-008¢Ã MS ÇÑ±Û Windows ME (Á¤½Ä¹öÁ¯) O-008³ª¢Ã MS ÇÑ±Û Windows ME (¾÷±×·¹À̵å¹öÀü) O-009¢Ã MS ÇÑ±Û Windows 2000 Professional (2cd Á¤½ÄÇ®) -3¸¸¿ø O-009³ª¢Ã MS ÇÑ±Û Windows 2000 advanced server(Á¤½ÄÇ®2CD)-4¸¸¿ø O-009´Ù¢Ã MS ÇÑ±Û Windows 2000 Server Á¤½Ä (3¿ù7ÀÏÀÚ) -4¸¸¿ø O-009¶ó¢Ã MS ÇÑ±Û Windows 2000 Wow (Á¤½Ä¹öÀüÀÔ´Ï´Ù) -5¸¸¿ø O-009¸¶¢Ã Ms ¿µ¹® Windows 2000 server SP2 C/E O-009¹Ù¢Ã MS Windows 2000 Datacenter Server -2¸¸¿ø O-010¢Ã Windows 2000 ½Ã¸®Áî Á¤½Ä Ãâ½Ã¹öÁ¯ ¸ðÀ½ (¿µ¹®) -6¸¸¿ø O-010³ª¢Ã MS ¿µ¹® Windows 2000 - MSDNÀå (Pro,server,A-server) O-011¢Ã MS Windows XP Pro ÇѱÛÆÇ 2¸¸¿ø O-011³ª¢Ã Ms Windows XP PlusPack O-011´Ù¢Ã MS Windows Xp WOW (ÇѱÛ)2.0 2¸¸¿ø O-011¶ó¢Ã MS Windows XP Home Edition(ÇÑ) -2¸¸¿ø O-011¸¶¢Ã MS Windows XP ADVANCED SERVER -3¸¸¿ø O-011¹Ù¢Ã MS Windows XP DATACENTER SERVER -3¸¸¿ø O-055¢Ã Microsoft Windows .NET Enterprise Server O-013¢Ã MS ¿µ¹® Windows NT 4.0 Server O-013³ª¢Ã MS ¿µ¹® Windows NT 4.0 Workstation O-014¢Ã MS ÇÑ±Û Windows NT v4.0 Server O-014³ª¢Ã MS ÇÑ±Û Windows NT v4.0 Workstation O-015¢Ã RedHat Linux/Intel 5.2 [Apollo] O-017¢Ã Solaris 7.0 for x86 O-017³ª¢Ã Solaris 8.0 -6CD(Á¤Ç°Ç®¹öÀü) 7¸¸¿ø O-018¢Ã OS/2 WARP 4.0 O-019¢Ã IBM PC DOS 2000 O-020¢Ã Slack Ware 3.6 ¸®´ª½º°ü·Ã 3¸¸¿ø º¸¾È ¹ÙÀÌ·¯½º,³ëÅÏ================================================== O-040¢Ã McAfee UTILITIES DELUXE 2000 2¸¸¿ø O-040³ª¢Ã Mcafee utility 400 for win9x O-041¢Ã McAfee Office Suite V1.06 (400mb-Ç®¹öÀü) 2¸¸¿ø O-042¢Ã Norton 2000 Corporate Edition 2.0 O-043³ª¢Ã Norton AntiVirus for WinNT Server, Norton AntiVirus for Win95/98 O-043´Ù¢Ã ÇÑ±Û Norton AntiVirus 2001 (win9x/nt/2000) O-043¶ó¢Ã ÇÑ±Û Norton AntiVirus 2002 O-044³ª¢Ã Norton Ghost 2001 (ÇѱÛ) O-044´Ù¢Ã Norton Ghost 2002 (ÇѱÛ)- XP°¡´É O-044¶ó¢Ã Norton Ghost Coprate Edision (±â¾÷¿ë) v7.5 O-045³ª¢Ã Norton Utility 2001 (ÇѱÛ) O-045´Ù¢Ã Norton Utilities 2002 (ÇѱÛ) O-046¢Ã Symantec Norton System Work2000 O-046³ª¢Ã Norton System Works 2001 O-046´Ù¢Ã Norton SystemWorks 2002 O-046¶ó¢Ã Norton System Works 2002 (ÇѱÛ) O-047¢Ã PC Anywhere V8.0 ÇÑ±Û O-047³ª¢Ã pc Anywhere v9 coperate Edition O-047´Ù¢Ã Pc Anywhere 9.0 ÇÑ±Û O-047¶ó¢Ã PC Anywhere v10 O-047¸¶¢Ã Norton PcAnyWhere v10 (ÇѱÛ) O-047¹Ù¢Ã Symantec Norton PC Anywhere 10.5 Corp.Edision(ȸ»ç¿ë) O-048¢Ã Norton Internet Security Family Edition 3.0 O-048³ª¢Ã Norton Internet Security 2002 (ÇѱÛ) O-049¢Ã Partition Magic 6 O-049³ª¢Ã Partition Magic Mulitlanguage v7.0 O-049´Ù¢Ã Partition Magic v7.0(ÇѱÛÆÇ) O-050¢Ã CD SPACE 4.0 O-051¢Ã Symantec Winfax Pro 10.2 O-052¢Ã Disk Keeper 7.0 (¿µ¹®) O-053¢Ã Drive Image 5.0 Multilanguage O-054¢Ã Lindows(¸°µµ¿ì) O-056¢Ã FINAL DATA for NT AND 9X.ISO wwwwwwwwwww »ç¹«¿ë ¿ÀÇǽº,¿öµå,ÀüÀÚÃâÆÇ,¹®ÀÚÀνÄ(OCR) wwwwwwwwww W-001³ª¢Ã Adobe ¿µ¹® page Maker 6.5 plus 2cd 3¸¸¿ø W-001´Ù¢Ã Adobe ÇÑ±Û PageMaker V6.5 2¸¸¿ø W-001¶ó¢Ã Adobe ¿µ¹® PageMaker 7.0 2CD 3¸¸¿ø W-050¢Ã Adobe InDesign 2.0 (ÀεðÀÚÀÎ) 2¸¸¿ø W-002¢Ã Adobe Type Manager Deluxe V4.0 S-010>¢Ã Origin 6.0 ¾×¼¿°ú ¿¬µ¿ ±×·¡ÇÁµîÀ» ½±°Ô.. -2¸¸¿ø W-003¢Ã MS Office 97 Professional ÇÑ±Û 2CD 3¸¸¿ø W-003³ª¢Ã MS Office 97 Small Buniess Edition ÇÑ±Û W-003´Ù¢Ã Ms office 97 ¿µ¹® W-003¶ó¢Ã MS Office 97 Devoloper Edition W-003¸¶¢Ã MS Office 97 ÀϾîÆÇ 2¸¸¿ø W-003¹Ù¢Ã MS OFFICE 97 Áß¹® 2¸¸¿ø W-003»ç¢Ã MS office 2000 Developer Edition W-003¾Æ¢Ã MS Office 2000 Premium (¿µ¹®) -1CD (¸ÞÀÎÀå) 2¸¸¿ø W-003Àڢà MS ÇÑ±Û ¿ÀÇǽº2000 ÇÁ¸®¹Ì¾ö (Á¤Ç°Ä«ÇǺ») 6CD 7¸¸¿ø W-003Â÷¢Ã MS ¿µ¹® ¿ÀÇǽº XP(2002) ÇÁ·ÎÆä¼Å³Î -3CD 5¸¸¿ø W-003Â÷-ÀÓ½Ãa¢Ã MS Office XP Proofing Tools °¢ 1¸¸5õ¿ø W-003Â÷-ÀÓ½Ãb¢Ã MS Personal Portfolio 2002 W-003Â÷-ÀÓ½Ãc¢Ã MS Publisher 2002 XP W-003Â÷-ÀÓ½Ãd¢Ã MS Office XP Language Pack W-003Ä«¢Ã MS ÇÑ±Û ¿ÀÇǽº XP(2002) ÇÁ·ÎÆä¼Å³Î -2CD 3¸¸¿ø W-003Ÿ¢Ã MS Office XP Developer Edition -3CD 5¸¸¿ø W-004¢Ã MS Outlook 2000 Developer Edition W-004³ª¢Ã MS Outlook 2002 ¿µ¹® W-005¢Ã MS Project 2000 (ÇѱÛ) W-005³ª¢Ã MS Project 2000 with Integrated SRI C/E (¿µ) W-007¢Ã ÇÑÄÄȨ 97 2CD 3¸¸¿ø W-007³ª¢Ã ÇÑÄÄ¿ÀÇǽº97 W-008¢Ã ¿öµð¾È 2¸¸¿ø W-008³ª¢Ã ÇÑ±Û 815 W-008´Ù¢Ã ÇÑ±Û 97 ±â´É°­È­ÆÇ W-008¶ó¢Ã ÇÑ±Û 2002 2¸¸¿ø W-008¸¶¢Ã ÇѱÛÇ÷¯½º PDF 5.0 2cd 3¸¸¿ø W-009³ª¢Ã ÈƹÎÁ¤À½ ¿ÀÇǽº 2000 2 cd 3¸¸¿ø E-207¢Ã ¾î¸°ÀÌ ÈƹÎÁ¤À½ 3.0 -ÃÖ½ÅÀÇ 3.0¹öÀüÀÔ´Ï´Ù! W-010³ª¢Ã Quark Xpress V4.1 2¸¸¿ø W-010´Ù¢Ã Quark Xpress V5.01( 2001³â ½Å¹öÁ¯-IBM¿ë!) 3¸¸¿ø ¼­Ã¼======================================================== W-030¢Ã ÆùÆ® ¸ðÀ½Áý 2¸¸¿ø W-031¢Ã ÃâÆÇ¿ë ÇÁ·Î±×·¥ ¸ðÀ½ ¹× ÆùÆ® ¸ðÀ½ W-032¢Ã À±¼­Ã¼( IBM¿ë) 2¸¸¿ø W-033¢Ã ³×½ºÅÍ ÅäÅ» ¼­Ã¼¸ðÀ½ 2¸¸¿ø W-034¢Ã ¹¬Çâ ÆùÆ® V2.5 W-051¢Ã FONT CD 2CD 3¸¸¿ø W-035¢Ã ¹®¹æ»ç¿ì V3.2 W-036¢Ã ½Ö¿ë Super ReaderÇ÷¯½º W-037¢Ã Hi-Art ±Û´« 98 [Àü¹®°¡¹öÀü] W-038¢Ã ¾Æ¸£¹Ì 4.0 W-038³ª¢Ã ¾Æ¸£¹Ì 5.0 (Á¦°ÍÀº ¼ö½Ê¸¸¿øÂ¥¸® Àü¹®°¡¿ëÀÓ´Ù!) 2¸¸¿ø W-038´Ù¢Ã ¾Æ¸£¹Ì 6.0 -ÃÖ°íÀÇ ÇÑ±Û ¹®ÀÚÀνÄ(OCR)ÇÁ·Î±×·¥ 2¸¸¿ø W-039¢Ã OMNI Page Professional 9.0 ¿µ¹® ¹®ÀÚÀÎ½Ä OCRÀÇ ¼¼°è ÃÖ°íºÀ 2¸¸¿ø W-039³ª¢Ã Scansoft OmniPage Pro v11.0 2¸¸¿ø W-040¢Ã ÇÑ±Û ¹è³Ê¹æ -! ¹öÀüÀÌ ³Ê¹«³·¾Æ¿ä!-º¸·ù! W-041¢Ã ´ÙºóÄ¡ V1.1 W-042¢Ã The print shop Press Writer W-043¢Ã Corel print Office 3.1 (599M,Á¤½ÄÇ®) 2¸¸¿ø W-044¢Ã Recognita Plus V3.2 [for Win95/NT] (OCR) SOFTWARE 3¸¸¿ø W-045¢Ã Dragon NaturallySpeaking Personal W-045³ª¢Ã Dragon Naturally Speaking Pro 6 2¸¸¿ø W-046¢Ã ViaVoice (ºñ¾Æ º¸À̽º) 2000 (IBM) 2¸¸¿ø W-047¢Ã BYVOICE (¹ÙÀ̺¸À̽º) professional (ÇѱÛÆÇ) -2¸¸¿ø W-048¢Ã Crazytalk v2.51 (std+web,txt¸¦ ¸ñ¼Ò¸®·Î!) 2¸¸¿ø W-050¢Ã Adobe InDesign 2.0 (ÀεðÀÚÀÎ) 2¸¸¿ø nnnnnnnnnnnnnnnnnnn ³×Æ®¿öÅ©°ü·Ã nnnnnnnnnnnnnnnnnnnnnnn N-001¢Ã Novell NetWare 5.0 ³×Æ®¿öÅ© /¿î¿µÃ¼Á¦ 2CD 4¸¸¿ø N-001³ª¢Ã Novell NetWare 6.0 3¸¸¿ø N-002´Ù¢Ã OPENSTEP 4.2 for Win NT N-003¢Ã Rhapsody (·¦¼Òµð)DR2 for x86 3¸¸¿ø N-003³ª¢Ã Rhapsody DR2 YellowBox for WinNT/x86 3¸¸¿ø N-004¢Ã SCO UNIX V5.04 2CD 4¸¸¿ø N-005¢Ã ÇÑ±Û Lotus Notes 4.5K(¹«ÇÑÀ¯Àú¿ë) 2¸¸¿ø N-005³ª¢Ã Lotus Domino R5.05 Enterprise Server 2¸¸¿ø N-005´Ù¢Ã LOTUS Domino Enterprise V507 3¸¸¿ø N-006¢Ã Lotus Smart Suite ME v9.5 2¸¸¿ø N-006³ª>LOTUS smartsuite 2000 3¸¸¿ø N-007¢Ã Micrografx Network charter pro v3.0.116 N-008¢Ã MS Back Office Server v4.0 [For NT] 6CD 5¸¸¿ø N-008³ª¢Ã MS Back Office Server 2000 -5CD 5¸¸¿ø N-028¢Ã MS Small Business Server 2000 -4CD 4¸¸¿ø N-009³ª¢Ã MS Exchange Server 2000 2¸¸¿ø N-010¢Ã MS Site Server v3.0 (ÀüÀÚ»ó°Å·¡µî) N-011³ª¢Ã MS ¿µ¹® SQL Server 2000 Enterprise Edition 2¸¸¿ø N-011´Ù¢Ã MS ÇÑ±Û SQL Server 2000 Personal Edition 2¸¸¿ø N-011¶ó¢Ã MS ÇÑ±Û SQL Server 2000 Enterprise Edition 2¸¸¿ø N-012¢Ã MS System Management Server v2.0 Corporate Edition N-029¢Ã MS SHAREPOINT portal server 2001 2¸¸¿ø N-014¢Ã Oracle 8.0.5 for LINUX standard N-014³ª¢Ã Oracle 8.05 Enterprise Edition N-014´Ù¢Ã Oracle 8i Enterprise Edition 8.15 for NT N-014¶ó¢Ã Oracle Personal Edition 8.17 for Win2000 2¸¸¿ø N-030¢Ã ORACLE 2000 -3¸¸¿ø N-015¢Ã Oracle application sever 4.07 N-015³ª¢Ã Oracle 9i application server V1.0.2.2.1 for WIN NT_2000 3CD 5¸¸¿ø N-016¢Ã Oracle Designer 2000(ÇѱÛ) R1.3.2 N-016³ª¢Ã Oracle Developer 2000 R2 [for windows95/98/NT] 2¸¸¿ø N-017¢Ã Oracle Enterprise Manager Production Version 1.6.0 3cd 5¸¸¿ø N-017³ª¢Ã Oracle E.M. With Diagnostics Pack N-017´Ù¢Ã Oracle E.M .With Tuning Pack N-018¢Ã Oracle V8.0 Solution N-019¢Ã Oracle v8.0.4 Client [For WinNT/95] N-019³ª¢Ã Oracle V8.0.4 Server [For NT] N-020¢Ã Oracle Video Server (OVS) [for NT] N-021¢Ã ARserve IT Advanced Edition v6.61 NT N-022¢Ã NetShield Security Suite Corporate v4.0.3 N-023¢Ã MAXIMIZER Enterprise 5.0 N-024¢Ã Seagate DMS (Desk top Management Suite) v3.01a N-025¢Ã WRQ Reflections Network Suite v6.7 [Win95/NT] 2¸¸¿ø N-026¢Ã Eudora Pro Comm Center v4.0 [for Win95] N-027¢Ã EASY DB 1.5 N-029¢Ã Borland Kylix Server Developer 1.0 For Linux 2cd 5¸¸¿ø N-029³ª¢Ã Borland Kylix Server Developer 2.0 For Linux -2¸¸¿ø N-031¢Ã Suse Linux eMail Server 2 5¸¸¿ø N-033¢Ã David 6.6 m -3¸¸¿ø ppppppppppppppppp ·©±ÍÁö,ÇÁ·Î±×·¡¹Ö Åø pppppppppppppppppp L-001¢Ã Borland C++ 5.0 Developement SUITE(2CD,Á¤½Ä) 2CD 3¸¸¿ø L-003¢Ã Borland Interbase 5.0 working release L-004»ç¢Ã Borland J Builder V5.0 Enterprise Edition 3¸¸¿ø L-004¾Æ¢Ã Borland C++ Builder V5.0 Enterprise Edition 3¸¸¿ø L-004Àڢà J builder 6 Enterprise - 3¸¸¿ø L-004Â÷¢Ã Borland C++ Builder 6.0 Enterprise Edition Full -5CD 5¸¸¿ø L-005¢Ã Borland Visual D base 7 Professional (Á¤½ÄÇ®-255¸Þ°¡) N-029¢Ã Borland Kylix Server Developer 1.0 For Linux 2cd 5¸¸¿ø N-029³ª¢Ã Borland Kylix Server Developer 2.0 For Linux -2¸¸¿ø L-006³ª¢Ã Delphi V5.0 (µ¨ÆÄÀÌ 5.0) Enterprise Suite (c) Borland -2¸¸¿ø L-006´Ù¢Ã Borland Delphi V6.0(µ¨ÆÄÀÌ 6)Enterprise Suite (2CDÁ¤½ÄÇ®)-3¸¸¿ø L-007¢Ã Digital Visual Fortran(Æ÷Æ®¶õ) V 5.0 L-008¢Ã Digital Visual Fortran v6.0 Professional L-009¢Ã FileMaker Pro 4.0 (DB°ü·Ã) (c)Claris L-010¸¶¢Ã IBM VisualAge For Java 3.5 Enterprise Edition (forWin) 3¸¸¿ø L-011¢Ã Informix Data Director 3.0 For Visual Basic L-012´Ù¢Ã InstallShield(ÀνºÅç ½¯µå) Pro- SE 6.30 ( 2000º¸´Ù ½Å¹öÀüÀÓ! ) -2¸¸¿ø L-012¶ó¢Ã InstallShield Developer 7.0 Final -3¸¸¿ø L-013¢Ã JAVA SAFE V1.0 ( PDF ¸Þ´º¾ó Æ÷ÇÔ) L-014¢Ã Java Studio 1.0 [for WinNT/95] L-015¢Ã MS Fortran (Æ÷Æ®¶õ)PowerStation 4 professional Edition L-016¢Ã MS ÇÑ±Û Visual Basic V5.01 Enterprise Edition L-016³ª¢Ã MS ÇÑ±Û VISUAL BASIC 6.0 -Enterprise editon- 4cd 4¸¸¿ø L-017¢Ã Mastering MS visual Basis 6 Development L-018¢Ã MS VISUAL C++6.0 µ¶¸³¹öÁ¯(Á¤½Ä¹öÁ¯) 4CD 5¸¸¿ø L-019¢Ã MS VISUAL J++ 6.0 -Enterprise editon- L-020³ª¢Ã MS ¿µ¹® Visual Studio v6.0 Enterprise Edition 6CD 6¸¸¿ø L-020´Ù¢Ã MS ÇÑ±Û Visual Studio v6.0 Enterprise Edition 5CD 6¸¸¿ø L-020¶ó¢Ã MS Visual Studio 6.0 Service Pack 1 (ÇÑ/¿µ) L-020¸¶¢Ã Visual Studio 6.0 NET Enterprise Architect 7CD 7¸¸¿ø L-020¹Ù¢Ã MS ¿µ¹® MSDN (October 2001) 3cd 3¸¸¿ø L-020»ç¢Ã MS Visual Studio .NET ÇÑ±Û 7CD Full -7¸¸¿ø L-020¾Æ¢Ã MSDN (JANUARY) 1¿ù 3CD 3¸¸¿ø L-021¢Ã VBX ¸ðÀ½ L-022¢Ã OCX ¸ðÀ½ L-023¢Ã OCX ¸ðÀ½ II 2¸¸¿ø L-024¢Ã PowerBuilder V6.0 Enterprise Edition (c)sybase 6cd 5¸¸¿ø L-024³ª¢Ã PowerBuilder V6.5 Enterprise Edition (c)sybase 5CD 5¸¸¿ø L-024´Ù¢Ã PowerBuilder(ÆÄ¿öºô´õ) 7.0 (c)sybase 3CD 4¸¸¿ø L-024¶ó¢Ã Powerbuilder 8 -2¸¸¿ø (¸ÞÀÎÀå1cd) L-025´Ù¢Ã Crystal Report 8.5 Developer Edition 2¸¸¿ø L-025¶ó¢Ã Crystal Reports Professional 8.5 2¸¸¿ø L-026¢Ã RoboHELP Office v6 L-027¢Ã RoboHELP Office Edition v7 2¸¸¿ø L-028¢Ã WATCOM C/C++ v11 3¸¸¿ø L-029¢Ã Code Warrior Pro 4 L-030¢Ã Lab windows 5.01 (Á¤½Ä) 4¸¸¿ø L-031¢Ã KEILL 8051 compiler (5.1) 3¸¸¿ø L-031³ª¢Ã KEIL 8051 V 6.14 5¸¸¿ø C-068¢Ã Test stand 1.0 (ijµåÂÊ¿¡ ÀÖÀ¾´Ï´Ù) T-032³ª¢Ã Visual Cafe v3.0 -2¸¸¿ø T-033´Ù¢Ã Visual Cafe V4.0 Expert Edition 2¸¸¿ø T-033¶ó¢Ã Visual Cafe for JAVA V4.0 Enterprise Edition(Á¤½ÄÇ®) 2¸¸¿ø L-034¢Ã NUMEGA DRIVER STUDIO 2.6 3¸¸¿ø L-035¢Ã Compaq Visual Fortran Professional v6.5.0 -2¸¸¿ø L-036¢Ã Rational Rose 2001 for win -2¸¸¿ø L-037¢Ã IDA pro 4.17 -2¸¸¿ø ccccccccccccccc ijµå.°ÇÃà.±â°è¼³°è.ÀüÀÚ.GIS°ü·Ã cccccccccccccccccc * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. C-001¢Ã ActiveCAD 3.0 for Xilinx Foundations v1.4 b3.0(ÀüÀÚ CAD °ü·Ã) C-002¶ó¢Ã AnSys 5.7.1 (±â°èÇؼ®°ü·Ãijµå-Á¤½ÄÇ®) [2CD] -10¸¸¿ø C-002¸¶¢Ã ansys.6.0 -10¸¸¿ø C-003¢Ã Anysys Designspace v4.11 for SolidWork 3¸¸¿ø C-003³ª¢Ã Ansys Designspace v6.01 3¸¸¿ø C-004¢Ã Arc/Info 7.21 (À¯¸íÇÑ GIS °ü·Ã Åø ,280¸Þ°¡ Á¤½Ä Ç®) 5¸¸¿ø C-005¢Ã ArcCAD 14 for AutoCAD R14 (c) ESRI (GIS°ü·Ã,full) 2¸¸¿ø C-006¢Ã ArchiCAD 6.0 (c)Teamworks R2 (°ÇÃàijµå Á¤½ÄÇ®) 2¸¸¿ø C-006³ª¢Ã ArchiCAD 7.0 (¾ÆŰijµå) 3¸¸¿ø C-007¢Ã Arris Builders CAD V7.0 ( 637¸Þ°¡ Á¤½ÄÇ®) 2¸¸¿ø C-008¢Ã ArtCam Pro 3.1 Suite (BY DELCAM)(Á¶Çü/Á¶°¢°ü·Ã ijµåÆÐÅ°Áö ,Á¤½Ä) 2¸¸¿ø C-009´Ù¢Ã AutoCAD Architectural Desktop 3.0 (2CD,Á¤½ÄÇ®)4¸¸¿ø C-009¶ó¢Ã AutoCAD Architectural Desktop R3.3 (1cd) 2¸¸¿ø C-010¢Ã Auto Pipe V5.0.3 (¹è°ü(piping)½Ã½ºÅÛ¼³°è,stress analysis package) 5¸¸¿ø C-011¢Ã AutoCAD AEC v5.11 (°ÇÃà°ü·Ãijµå , Á¤½Ä) 2¸¸¿ø C-012¢Ã AutoCAD Land Development 1.02 (ÁöÇü°ü·ÃGIS ijµå,Á¤½Ä) C-013¢Ã AutoCAD MAP 3.0 (ÇѱÛ) 2¸¸¿ø C-013³ª¢Ã AUTOCAD MAP 2000 (¿µ¹®) 3¸¸¿ø C-014¢Ã Autodesk Map guide (GIS°ü·Ã) C-015¢Ã AutoDesk 3D Commercial Props C-016¢Ã AutoCad R14 C-016³ª¢Ã ÇÑ±Û AutoCAD R14 ( AutoDesK»ç-374¸Þ°¡ Á¤½Ä Ç®¹öÁ¯) C-017¢Ã AutoCAD 2000 ( Á¤½Ä ¿µ¹®) 2CD 3¸¸¿ø C-017³ª¢Ã Auto CAD 2000 ÇÑ±Û 2cd 3¸¸¿ø C-017´Ù¢Ã ¿µ¹® AutoCAD 2000i 2CD 3¸¸¿ø C-017¶ó¢Ã ¿µ¹® AutoCAD 2002 2CD 4¸¸¿ø C-017¸¶¢Ã AUTOCAD 2002 ÇÑ±Û 1CD 3¸¸¿ø C-018¢Ã AutoCAD LT 98 (2CD,Á¤½Ä) 2CD 3¸¸¿ø C-018³ª¢Ã Auto CAD LT 2000 i 2¸¸¿ø C-018´Ù¢Ã AutoCad LT 2002 2CD 3¸¸¿ø C-019¢Ã AUTOSKETCH R5 [for Win 95/NT] C-019³ª¢Ã Autodesk Autosketch(¿ÀÅ佺ÄÉÄ¡) R6 C-019´Ù¢Ã Autodesk Autosketch R7.0 for Win9X/NT 2¸¸¿ø C-019¶ó¢Ã Autodesk AutoSketch R8 2¸¸¿ø C-020¢Ã Autodesk CAD Overlay [FOR AutoCAD R14] (Á¤½Ä) 2¸¸¿ø C-020³ª¢Ã Autodesk Cad Overlay 2002 3¸¸¿ø C-021¢Ã Autodesk GENIUS DeskTop v 3.0 3¸¸¿ø C-118¢Ã AutoDesk INVENTOR 4.0 -2¸¸¿ø C-118³ª¢Ã AutoDesk Inventor (Win9x,NT,2K) 5.0 -3¸¸¿ø C-022¢Ã AutoDesk SYMBOLS 97 C-023¢Ã AutoDesk Visual LISP [for AutoCAD R14] 2¸¸¿ø C-024¢Ã Auto Cad °ü·Ã ÇÁ·Î±×·¥ ¸ðÀ½ 2¸¸¿ø C-025¢Ã AUTOCAD °ü·Ã ¼­µåÆÄÆ® ÇÁ·Î±×·¥ ¸ðÀ½ 2¸¸¿ø C-026¢Ã AutoCAD Addon Collection 2¸¸¿ø C-027¢Ã °í¿î±Û 4.0 (AUTOCAD ¿ë ÇÑ±Û ÀÔÃâ·Â ÇÁ·Î±×·¥- r14¿¡¼­¸¸½ÇÇà!..µµ½º¿ë) C-028¢Ã ¼Û¼±»ý AutoCAD R14 ±³À°½Ãµð (2CD,ÇѱÛ) 2CD 3¸¸¿ø C-029¢Ã CADSOFT build 4.0 3¸¸¿ø C-030¢Ã CAD Solution ¸ðÀ½ 2CD 3¸¸¿ø C-031¢Ã CADBlocks 1998 Version 1.0 for TR Publishing C-032¢Ã CadKey 97 Release 2 (Á¤½Ä Ç®) C-033¢Ã C-Mold 3D Quick Fill 98.6 (c) Advanced CAE Technology, Inc (52¸Þ°¡) 5 ¸¸¿ø C-034¢Ã Cabinet Vision Solid v2.1 C-035¢Ã CADRA for Windows v10.4 2¸¸¿ø C-036¢Ã CAD STAR V2.3.2 C-036³ª¢Ã Cad Star V2.4.1 2¸¸¿ø C-037¢Ã CAM 350 v5.0 2¸¸¿ø C-038¢Ã CASMATE 6.52 C-039¢Ã CATIA CADAM Drafting V4 R2 FOR NT 2¸¸¿ø C-039¶ó¢Ã CATIA V5 R6 for Win NT/2000 (3CD Á¤½ÄÇ®) -6¸¸¿ø C-039¸¶¢Ã CATIA v5 R7 (3cd Á¤½ÄÇ®) -6¸¸¿ø C-039¹Ù¢Ã CATIA v5 R7 SP 3cd -6¸¸¿ø C-040¢Ã CESAR II PIPLINE CAD C-041¢Ã CIMATRON(½Ã¸¶Æ®·Ð) IT V9.04 (±â°è¼³°è°ü·Ã) 3¸¸¿ø C-042¢Ã CIMLogic Toolbox v14.5 [for AutoCAD R13/R14/MDT2] 3¸¸¿ø C-041´Ù¢Ã Cimatron (½Ã¸¶Æ®·Ð) v12 15¸¸¿ø C-042¢Ã CIMLogic Toolbox v14.5 [for AutoCAD R13/R14/MDT2] 3¸¸¿ø C-043¢Ã CivilDraft (½Ãºô µå·¹ÇÁÆ®)by for MicroStation C-044¢Ã cosmos works v4.0 [for solid works98] C-044 ³ª¢Ã Cosmos M v2.6 (NT) SRAC 3¸¸¿ø C-045¢Ã Design Works 98 C-046¢Ã DynaCAD 98 (c) Ditek (588¸Þ°¡ Á¤½Ä Ç®) 2¸¸¿ø C-047¢Ã Edgecam 3.0 (c) Pathtrace Engineering Systems LTD C-047³ª¢Ã EdgeCAM 6.0(¿¡ÂîÄ·) 3¸¸¿ø C-048¢Ã Engineering Geometry Assistant (Á¤½Ä) 3¸¸¿ø C-049¢Ã 2020 Design V5.1(ÁÖ¹æÀÎÅ׸®¾î¼³°è,Á¤½ÄÇ®) ÆǸÅÁßÁö-Å©·¢±¸ÇÏ´ÂÁßÀÓ´Ù! C-050¢Ã Autodesk Planix Deck 3D v1.0a (211¸Þ°¡) C-051¢Ã Autodesk Planix Landscape 2.0 (466¸Þ°¡) C-052¢Ã Planix Home Design 3D 4.0 (ÁÖÅõðÀÚÀÎ,Á¤½Ä) (64¸Þ°¡) C-053¢Ã Floor Plan 3D Design Suite v4.0 (°ÇÃ༳°è°ü·Ã) 2¸¸¿ø C-053³ª¢Ã FloorPlan v6.15 (º®Ã¼ ¼³°è °ü·Ã Åø) 3¸¸¿ø C-054¢Ã Home design 3D (212MB,°ÇÃà°ü·Ã Á¤½Ä) C-055¢Ã 3D Home Architect Deluxe(Ȩ ¾ÆÅ°ÅØÃß¾î µð·°½º) V3.0( 530¸Þ°¡) C-055³ª¢Ã 3D Home Architect Deluxe 4.0 2CD 3¸¸¿ø C-056¢Ã Home interior(ȨÀÎÅ׸®¾î µð·°½º2.0) (C)Broderbund 2CD 3¸¸¿ø C-057¢Ã visual Home (c)Books That Work (340¸Þ°¡) C-058¢Ã SoftPlan Architectural Design v10 For Windows 9x/NT 3¸¸¿ø C-059¢Ã 3D Studio Max Reality And Max Pack Datapump C-060¢Ã 3D Studio Viz(½ºÆ©µð¿À ºñÁî) R2 (Á¤½ÄÇ®2CD) 3¸¸¿ø C-060³ª¢Ã 3D Studio VIZ V3.0 (R3i) 2CD 4¸¸¿ø C-060´Ù¢Ã 3D Studio VIZ V4.2 (=Autodesk ViZ.4.2) 3¸¸¿ø C-061¢Ã Electronic sturcture detail Library for Autocad V12,13,14 2¸¸¿ø C-062¢Ã CAD ¿ë°ÇÃà/ÀÎÅ׸®¾î ¼Ò½º 2CD 4¸¸¿ø C-064¢Ã Intelli CAD 98 (c) Visio C-064³ª¢Ã IntelliCAD 2000B 3¸¸¿ø C-065¢Ã Intergraph GEOVEC C2 -2¸¸¿ø C-066¢Ã Lab view 5.0 ( Àü±âÀüÀÚ ½Ã¹°·¹À̼Ç) 2CD 3¸¸¿ø C-067¢Ã LAB VIEW 5.1 C5 -3¸¸¿ø C-067³ª¢Ã LABView 6i 4¸¸¿ø C-067´Ù¢Ã LABView Real Time v6.0.3 for Labview 2¸¸¿ø C-068¢Ã Teststand 1.0 (c) National Instruments (160¸Þ°¡) 2¸¸¿ø C-069³ª¢Ã MATLAB 5.3 (C)Math Works 3¸¸¿ø C-069´Ù¢Ã Matlab 5.3 for [Unix+Linux] 2CD, 2¸¸¿ø C-069¶ó ¢Ã Matlab 6.0 2cd 3¸¸¿ø C-069¸¶¢Ã Matlab 6.1 (R12.1 FULL) 2CD 4¸¸¿ø C-070¢Ã Chem office 2000 Professional Edition 2¸¸¿ø C-071¢Ã LandScape(·£µå½ºÄÉÀÌÇÁ) Architect v6.0 (c) SoftKey C-072¢Ã Master CAM v7.0 C-072³ª¢Ã Master CAM v7.1 2¸¸¿ø C-072´Ù¢Ã Master CAM v7.2 & v7.2b update 3¸¸¿ø C-072¶ó¢Ã Master Cam CAD 8.0 -5¸¸¿ø C-072¸¶¢Ã Master Cam 8.1 final -5¸¸¿ø C-072¹Ù¢Ã MasterCam Post Processor V8.0 (Ç®¹öÀü) -3¸¸¿ø C-072»ç¢Ã Mastercam v9.0 -10¸¸¿ø C-073´Ù¢Ã Autodesk Mechanical DeskTop (MDT) v6.0 2CD 5¸¸¿ø C-073¶ó¢Ã MDT 6.0 ÇÑ±Û (µåµ® ÇѱÛÆÇÀ» ÀÔ¼ö!) -2CD 5¸¸¿ø C-074¢Ã Mechpart Solid [For Solid works 98] C-075¢Ã Microstation Repro graphics 7.0 for Microstation SE 5¸¸¿ø C-075³ª¢Ã MicroStation ReproGraphics 7.0 for PowerDraft 5¸¸¿ø C-075´Ù¢Ã MicroStation ReproGraphics V7.0 for Microstation/J 5¸¸¿ø C-076¢Ã MicroStation 95 ÇÑ±Û (¸¶ÀÌÅ©·Î ½ºÅ×À̼Ç) ÇÑ+¿µ C-076³ª¢Ã microstation v8 -5¸¸¿ø C-077¢Ã MiniCAD VACTOR WORKS v8.0 (99³â ½Åǰijµå) 2¸¸¿ø C-078¢Ã NASTRAN 70.52 5¸¸¿ø C-078³ª¢Ã MSC Visual Nastran Desktop 2001 5¸¸¿ø C-079¢Ã NASTRAN CAM/CAD v4.4 5¸¸¿ø C-080¢Ã ORCAD SUITE 9.0 Power Connection 4¸¸¿ø C-080³ª¢Ã ORCAD V9.1 Power Connection 5¸¸¿ø C-080´Ù¢Ã ORCAD V9.2(Á¤½Ä Ç®) ÃÊÃÖ½Å! 6¸¸¿ø C-081¢Ã PSPICE 8.0 (Á¤½Ä-Ç®) 3¸¸¿ø C-082¢Ã Protel 99 2¸¸¿ø C-082³ª¢Ã PROTEL 99 SE (with ServicePack1-6) 2 ¸¸¿ø C-135¢Ã PROTEUS 5.2.03 (ÇÁ·ÎÅ׿콺) 2¸¸¿ø C-084¢Ã PCAD 2000 -3¸¸¿ø C-085¢Ã Pads POWER LOGIC 1.2 (ÀüÀÚȸ·Î°ü·Ã) C-086¢Ã Pads Specctra Route Engine v7.1.4(ÃֽŠÀüÀÚȸ·Î ¼³°è °ü·ÃÅø) 2¸¸¿ø C-119¢Ã Pads Power PCB BlazeRouter 3.5 -5¸¸¿ø C-087¢Ã Point line CAD V15.0 (630¸Þ°¡-Á¤½ÄÇ®) 2¸¸¿ø C-088-0¢Ã PTC Icem DDN 3.404 Revision.F 3¸¸¿ø C-088-0³ª¢Ã ICEM CFD 4.1 3¸¸¿ø C-088¢Ã Pro / ENGINEER (ÇÁ·Î¿£Áö´Ï¾î) V.20 2CD 4¸¸¿ø C-088³ª¢Ã Pro Engineer (ÇÁ·Î¿£Áö´Ï¾î) 2000i (Build 1999390- 355¸Þ°¡) 5¸¸¿ø C-088´Ù¢Ã Pro Engineer (ÇÁ·Î¿£Áö´Ï¾î) 2000i.2 (Datecode 2001040-513¸Þ°¡)for Win9X -5¸¸¿ø C-088¶ó¢Ã PTC Pro Engineer (ÇÁ·Î¿£Áö´Ï¾î) 2001 PreProduction -5¸¸¿ø C-088¸¶¢Ã PTC Pro Engineer v2000i.2 for NT -5¸¸¿ø C-088¹Ù¢Ã PTC Pro Engineer v2001 Final (Build 2001150) -5¸¸¿ø C-088»ç¢Ã PTC Pro Engineer v2001 Final win9x C-088¾Æ¢Ã PTC Pro Engineer v2001 for NT C-088Àڢà PTC Pro Engineer v2001 Multi Language -5¸¸¿ø C-088Â÷¢Ã PTC ProEngineer 2001 DateCode 2001320 (9X) 6¸¸¿ø C-088Ä«¢Ã PTC ProEngineer 2001 DateCode 2001320 (NT/2k) 6¸¸¿ø C-088Ÿ¢Ã PTC ProENGINEER 2001 DateCode 2001360 (XP¿ë!) 7¸¸¿ø C-089¢Ã Pro Mechanica(ÇÁ·Î¸ÅÄ«´ÏÄ«) V20.0 (ijµåÇؼ®°ü·Ã-406¸Þ°¡ Á¤½ÄÇ®) 4¸¸¿ø C-089³ª¢Ã Pro Mechanica 2000i for win9x -5¸¸¿ø C-089´Ù¢Ã PTC ProMechanica (ÇÁ·Î¸ÅÄ«´ÏÄ«)2001 5¸¸¿ø C-092¢Ã Rhino 3D Nurbs Modeler v1.0 2¸¸¿ø1 C-092³ª¢Ã RHINO 3D V1.1 -3¸¸¿ø C-092´Ù¢Ã Rhino V 2.0 -3¸¸¿ø C-093¢Ã SmartCAM V10 [95/98/NT] 5¸¸¿ø C-094¢Ã Design wave 3.0 ( ±â°è¼³°è°ü·Ã ijµå) C-095¢Ã SolidWorks(¼Ö¸®µå¿÷½º) 2000(À©µµ¿ì98 ¹× NT °øÅë) ÁÖ:5¸¸¿ø C-095³ª¢Ã SOLIDWORKS(¼Ö¸®µå¿÷½º) 2001(Win9x/NT/2000) 2CD(Ç®) 10¸¸¿ø C-096¢Ã Super Scape VRT V5.60 (À¥,ȨÆäÀÌÁöÂÊ¿¡¼­ ãÀ¸¼¼¿ä) C-097¢Ã SurvCADD98 [for AutoCAD R14] C-098¢Ã Turbo Cad Solid Modeler 2.00.544 (c) IMSI C-099¢Ã TurboCAD V5.0 (Build 19.0)[ for Windows 9x / NT4] 3¸¸¿ø C-100¢Ã TurboSketch 4.5 (Build 112) [for Windows 9x / NT4] 3¸¸¿ø C-101¢Ã UniCAD(À¯´Ïijµå) v1.0 2¸¸¿ø C-102¢Ã ÀüÀÚȸ·Î°ü·Ã Xilinx(ÀÚÀϸµ½º) Foundation 2.1i C-102³ª¢Ã Xilinx Foundation Series ISE 4.li (ÀüÀÚȸ·Î°ü·Ã) 2cd 5¸¸¿ø C-103¢Ã Intergraph Smart Sketch v3.0 ( 2000³â ½Å»óÇ°,ijµå°ü·Ã) C-104¢Ã Intergraph Geomedia version 2 (GIS°ü·Ã Åø) C-104³ª¢Ã Intergraph Geomedia Professional 4.0.22.12 -3¸¸¿ø C-105¢Ã LEONARDO: The Inventor 2.0 (ÀüÀÚ°ü·Ã) 3¸¸¿ø C-106¢Ã IDEAS v6.1 4CD 10¸¸¿ø C-106³ª¢Ã IDEAS v8M2 2cd 6¸¸¿ø C-106´Ù¢Ã IDEAS v8M4 update 3¸¸¿ø C-107¢Ã HP Advanced System 1.1 ÀüÀÚȸ·Î¼³°è°ü·Ã ¿¡·¯ ÆǸÅÁßÁö C-108¢Ã HP VEE v4.0 [for win95/NT](for electronic engeineer) C-109¢Ã ARCView v3.1 CTIS ( 586MB) (ÁöÇü,Åä¸ñ ,°ÇÃà°ü·Ã) C-109³ª¢Ã ArcView v8.1 ESRI 2CD 4¸¸¿ø C-109´Ù¢Ã ArcGIS DeskTop V8.1.2 (c)ESRI 3CD -6¸¸¿ø C-110¢Ã ALTERA MAX PLUS II v8.0 (c) ALTERA (ÀüÀÚȸ·Î°ü·Ãijµå) C-110³ª¢Ã ALTERA 3DS MAX Plus II 9.1 3¸¸¿ø(Á¤½Ä) C-110´Ù¢Ã Altera MAX Plus II (¾ËÅ׶ó¸Æ½ºII ) 10.1 4¸¸¿ø C-111¢Ã QuickCAD V6.0 Millelium (Á¤½Ä) (c)AutoDesk 2¸¸¿ø C-121¢Ã GibbsCAM 2000 (Gibbs 2K V5.55) -3¸¸¿ø C-122¢Ã SOLID EDGE 9.0 (¼Ö¸®µå ¿¡Âî) UNIGraphics Co. -3¸¸¿ø C-122³ª¢Ã Solid Edge 10.0 -3¸¸¿ø C-112¢Ã Solid Thinking V3.0 5¸¸¿ø C-113¢Ã TOP SOLID 2.61 (±â°è,ÀÏ¹Ý ¼³°è°ü·Ã) C-114¢Ã UNIGRAPHICS 15th (Á¤½Ä) 2CD 3¸¸¿ø C-114³ª¢Ã UNIGRAPHICS v1.5 0.2.2 upgrade C-114´Ù¢Ã UNIGRAPHICS(À¯´Ï±×·¡ÇȽº) 16ÆÇ (3cd-Á¤½ÄÇ®¹öÁ¯) 5¸¸¿ø C-114¶ó¢Ã Unigraghics v18 Final 3CD 10¸¸¿ø C-115¢Ã Working Model 3D v2.0 ( crackÀÓ) 2¸¸¿ø C-115³ª¢Ã WorkingModel 4D for Solidworks ¿Ü ±âŸµîµî Áö¿ø Msc Co. 2¸¸¿ø C-116¢Ã SAP2000 v6.11 NonLinear 3¸¸¿ø C-117¢Ã ¼¾Ãò¶ó (Á¤½Ä) C-120¢Ã Think Design 6.01(3D ijµå¸ðµ¨¸µ...etc) -3¸¸¿ø C-121¢Ã GibbsCAM 2000 (Gibbs 2K V5.55) -3¸¸¿ø C-123¢Ã Powermill (ÆÄ¿ö¹Ð) v3.1 (c)Delcam -3¸¸¿ø C-124¢Ã OpenMind Hypermill(ÇÏÀÌÆÛ¹Ð) 5.2 -3¸¸¿ø C-145¢Ã ARTcam pro v5.104 (C)Delcam -3¸¸¿ø C-125¢Ã TekSoft CAMworks 2000 -3¸¸¿ø C-127¢Ã AlphaCAM 2001 -3¸¸¿ø C-128¢Ã Agilent Advanced Design System (ADS) 1.5 -3¸¸¿ø C-129¢Ã IRON CAD 4.2 -3¸¸¿ø C-130¢Ã ELCAD v7 MULTILINGUAL(ÀüÀÚ±â¼ú °ü·Ã) 3¸¸¿ø C-131¢Ã Accurender lite v3.1.263 (c)AutoDesk 2¸¸¿ø C-132¢Ã Dynamic Designer Pro (for SolidWorks2001) 2¸¸¿ø C-133¢Ã CAD POWER 21S (ÇѱÛijµå) 3¸¸¿ø C-134¢Ã Chief Architect 7.01 3¸¸¿ø C-135¢Ã PROTEUS 5.2.03 (ÇÁ·ÎÅ׿콺) 2¸¸¿ø C-136¢Ã VX CAD/CAM 5.3w FULL (c) VARIMETRIX .VX .CORP 5¸¸¿ø C-137¢Ã Multisim Pro 2001 Electronic WorkBench 3¸¸¿ø C-138¢Ã FME suite 2001 -5¸¸¿ø C-139¢Ã SilverScreen Solid Modeler v6.92 3¸¸¿ø C-140¢Ã Surfacer v10.5 3¸¸¿ø C-141¢Ã CADIAN 2002(ÇѱÛ) Professional 3¸¸¿ø C-142¢Ã Autodesk Building Electrical V1.0 3¸¸¿ø C-142³ª¢Ã AutoDesk Building Mechanical V1.0 for ADT -3¸¸¿ø C-143¢Ã CAD Exceed 6.2 3D (3D °ü·Ã ijµåÀÓ. x½á¹ö¾Æ´Ô) -3¸¸¿ø C-144¢Ã E-CAD Pro (c)AMS (PCB °ü·Ã ijµåÇÁ·Î±×·¥ÀÔ´Ï´Ù.)-2¸¸¿ø C-147¢Ã WaterCAD.v4.5 ¼ö(À¯)·® ºÐ¼®/µðÀÚÀÎ/¸ðµ¨¸µ°ü·Ã CAD -3¸¸¿ø C-148¢Ã GS MESHER V2002 R1 (c) MSC -5¸¸¿ø C-149¢Ã ArcGIS DeskTop V8.1.2 (c)ESRI 3CD -6¸¸¿ø T-035¶ó¢Ã VISIO 2002 2¸¸¿ø SSSSSSSSSSSSSSSSS ¼öÇÐ,Åë°è°ü·Ã SSSSSSSSSSSSSSSSSSSSSS S-001¢Ã Maple V Release 4 - The Power Editio S-001³ª¢Ã Maple 7 (¼öÇÐ/Åë°è°ü·Ã) 3¸¸¿ø S-002³ª¢Ã MathCad 2000 2¸¸¿ø S-002´Ù¢Ã MathCAD 2001 3¸¸¿ø S-003³ª¢Ã MATHMETICA 4 (Á¤½ÄÇ®-380¸Þ°¡) 2¸¸¿ø S-003´Ù¢Ã Mathematica v4.1 -2¸¸¿ø S-004¢Ã S-PLUS v4.5 (c) Mathsoft[for WIN95/NT] 2¸¸¿ø S-005¢Ã SAS 6.12 (Á¤½Ä Ç®-351¸Þ°¡) 3¸¸¿ø S-005³ª¢Ã SAS 8.1 (686MB Á¤½ÄÇ®) -5¸¸¿ø S-006³ª¢Ã Sigmaplot 2000 v6.0 3¸¸¿ø S-007¢Ã SPSS 7.51 (ÇÑ±Û ÆÐÄ¡! ) S-007¶ó¢Ã SPSS v10.7 2¸¸¿ø S-007¸¶¢Ã SPSS v11 (½ÅÁ¦Ç°ÀÓ´Ù!) 3¸¸¿ø S-008¢Ã Statistica v5.11 S-009¢Ã MapInfo Professional v6.5 3¸¸¿ø S-010>¢Ã Origin 6.0 ¾×¼¿°ú ¿¬µ¿ ±×·¡ÇÁµîÀ» ½±°Ô.. -2¸¸¿ø C-069¢Ã MATLAB v5.2 -2¸¸¿ø C-069³ª¢Ã MATLAB 5.3 (C)Math Works -3¸¸¿ø C-069´Ù¢Ã MATLAB 5.3 for [Unix+Linux] -2CD 4¸¸¿ø C-069¶ó¢Ã MATLAB 6.0 -2CD 5¸¸¿ø GGGGGGGGGGGGGGGGG ±×·¡ÇÈ °ü·Ã GGGGGGGGGGGGGGGGGGGGGGGGG G-001¢Ã ÃÖ½ÅÀÇ ±×·¡ÇÈ ¸ðÀ½ (³¹Àå °¢ 1¸¸5õ¿ø ) 5¸¸¿ø G-001³ª¢Ã Àü¹®±×·¡ÇÈ ¸ðÀ½ 3¸¸¿ø G-002¢Ã 3D Deck and Backyard Construction (with LandScape) G-003¢Ã 3D LandScape 2.0 (c) book that works.inc G-004¢Ã 3DS MAX Modeling Data G-005¢Ã ¼Û¼±»ý 3D Studio MAX ±³À°½Ãµð (2CD,ÇѱÛ) 2CD 3¸¸¿ø G-006¶ó¢Ã 3D MAX V3.1 2cd 3¸¸¿ø G-006¸¶¢Ã 3D Studio MAX V4.0 2cd 4¸¸¿ø G-006¹Ù¢Ã 3DS MAX V4.2 2CD 4¸¸¿ø G-006Àڢà 3DS MAX V4.2 updater G-007³ª¢Ã MAX 4 Plug-In ¸ðÀ½ -2¸¸¿ø(ȨÆäÀÌÁö ÂüÁ¶) G-007¢Ã MAX PLUG IN & UTIL 2¸¸¿ø(ȨÆäÀÌÁö ÂüÁ¶) G-008¢Ã 3D MAX II Plug-In ¸ðÀ½ (ȨÆäÀÌÁö ÂüÁ¶) G-009¢Ã MAX Plug-In ¸ðÀ½ 2¸¸¿ø(ȨÆäÀÌÁö ÂüÁ¶) G-010¢Ã ABC Graphic Suite (micrografx) G-011¢Ã Acrobat Exchange 3.0 G-012³ª¢Ã Adobe Acrobat 4.0 ÇÑ±Û (Á¤½Ä) 2¸¸¿ø G-012¶ó¢Ã Adobe ACROBAT 5.0 (¿µ¹®) 2¸¸¿ø G-012¸¶¢Ã Adobe Acrobat 5.0 ÇÑ±Û 2¸¸¿ø G-012¹Ù¢Ã Adobe Acrobat Writer 5 multilingual 2¸¸¿ø G-013¢Ã Adobe Acrobat Capture 2.0 G-014¢Ã Adobe After Effect 4.0 (Á¤½Ä Ç®) G-014³ª¢Ã Adobe After Effect (¿¡ÇÁÅÍ ÀÌÆåÆ®) 4.1 G-014´Ù¢Ã Adobe After Effects 5.0 ¹øµé G-014¶ó¢Ã Adobe After.Effects.5.5.Production.Bundle 2¸¸¿ø G-015¢Ã Adobe Circulate Release Candidate 1 [for Windows] 2¸¸¿ø G-016¢Ã Adobe Font Folio v8.0 (Á¤½ÄÇ®) 2¸¸¿ø G-016³ª¢Ã Adobe Font Folio v9.0 (Á¤½ÄÇ®) -3¸¸¿ø G-017¢Ã Adobe Frame Maker v5.5 (Á¤½ÄÇ®) G-017³ª¢Ã Adobe FrameMaker(ÇÁ·¹ÀÓ ¸ÞÀÌÄ¿) V6.0 2¸¸¿ø G-018¢Ã Adobe ILLUSTRATOR 7.0.2 (ÇѱÛ) G-018³ª¢Ã Adobe Illustrator v8.0 (¿µ¹®-¿ÏÀü Á¤½ÄÇ®) 6CD 6¸¸¿ø G-018´Ù¢Ã ¿µ¹® Adobe illustrator V9.0 (459¸Þ°¡ Á¤½ÄÇ®) 2¸¸¿ø G-018¶ó¢Ã ¿µ¹® Adobe illustrator (ÀÏ·¯½ºÆ®·¹ÀÌÅÍ)V9.0 ¾÷±×·¹À̵å¹öÁ¯ (2¸¸¿ø) G-018¸¶¢Ã ¿µ¹® Adobe illustrator 10 2¸¸¿ø G-018¹Ù¢Ã ÇÑ±Û Adobe illustrator 9.0 (Á¤Ç°°¡-74¸¸¿ø) 2¸¸¿ø G-091¢Ã Adobe Atmosphere 1.0 (°¡»ó 3D À¥ÆíÁý °ü·Ã) G-092¢Ã Adobe LiveMotion v2.0 2¸¸¿ø G-020¢Ã Adobe ImageStyler V1.0 (Á¤½ÄÇ®) G-088¢Ã PAINTSHOP PRO(ÆäÀÎÆ®¼¥ÇÁ·Î) 7.0 G-020´Ù¢Ã ÇÑ±Û (Adobe Photo Shop) Æ÷Åä¼¥ V5.5 G-020¸¶¢Ã Adobe Photoshop v6.0 (Æ÷Åä¼¥457MB-¿µ¹®) 2¸¸¿ø G-020¹Ù¢Ã Adobe Photoshop 6.01 (ÇѱÛ) 2¸¸¿ø G-020»ç¢Ã ADOBE PHOTOSHOP ELEMENTS. G-020¾Æ¢Ã Adobe PhotoShop 7.0 -2¸¸¿ø G-021¢Ã Adobe Premiere v5.0(600M) G-021³ª¢Ã Adobe Premiere 5.1 [for Win9X/NT](500M-Á¤½ÄÇ®) 2¸¸¿ø G-021¶ó¢Ã ADOBE Premiere(ÇÁ¸®¹Ì¾î) V6.0 2¸¸¿ø G-021¸¶¢Ã Adobe Premiere 6 (Á¤½ÄÇ®) 2CD 3¸¸¿ø G-022¢Ã Animatek`s World Builder V2.00.30 2CD 3¸¸¿ø G-024¢Ã Animation Master99 v7.1 (c) Hash G-026¢Ã Architecture Graphic Standard G-027¢Ã Arete Digital Nature Tools for Maya v1.02 for Win NT G-028¢Ã Art Dabbler v2.1 G-029¢Ã Art-lantis Render G-030¢Ã AURORIX V2.0 (after Effects Plug-In) G-031¢Ã Boris F/X 3.0.2 (after Effects Plug-In) G-032¢Ã BRYCE(ºê¶óÀ̽º) 3D V3.1 [for Win95/NT3.5-4] 2¸¸¿ø G-032³ª¢Ã Bryce 3D 4.0 2cd-3¸¸¿ø G-032´Ù>Corel Bryce 5.0 2CD 3¸¸¿ø G-033¢Ã Cinema 4D XL + Cinema 4D v4.27 [for WIN95/NT] G-034³ª¢Ã Corel Draw 9 3CD 3¸¸¿ø G-034´Ù¢Ã Corel Draw 10.0 3cd 5¸¸¿ø G-034¶ó¢Ã COREL DRAW v9.0 ÇÑ±Û 2¸¸¿ø G-034¸¶¢Ã Corel Draw 9.0 (ÇѱÛ) -3CD 3¸¸¿ø G-035¢Ã Corel DREAM 3D v8 [for Win95] G-035-1¢Ã Corel Print House Magic Deluxe 2¸¸¿ø G-089¢Ã Corel Click & Create 2.11 G-090¢Ã Corel VENTURA 8.0 (2CD) 3¸¸¿ø G-094¢Ã Corel Knockout 2 -2¸¸¿ø G-036¢Ã Cosmopolitan virtual Make over v 1.1(400¿© ¸Þ°¡) G-087¢Ã CHARACTER STUDIO R3.0 (c)Diskreet -2¸¸¿ø G-037¢Ã Disney Magic Artist 2¸¸¿ø G-038¢Ã LifeForms(¶óÀÌÇÁ Æû) 3.02 G-039¢Ã Elastic Reality 3.1 (C) Avid Technology, Inc (Á¤½Ä) G-040¢Ã Extreem 3D V2.0 (Á¤½ÄÇ®) G-041³ª¢Ã FormZ V3.5(Á¤½Ä/G18) (Á¤Ç° °¡°ÝÀº 335¸¸¿øÂ¥¸®) 3¸¸¿ø G-041´Ù¢Ã FORMZ V3.8 G-042¢Ã Houdini v2.5 Full (600M Ç®) G-042³ª¢Ã Houdini v4.0 for WinNT (Èĵð´Ï 4.0 ÃÖ½Å!- SideFX»ç ) 3¸¸¿ø G-043¢Ã MetaCreations Infini-D V4.5 2¸¸¿ø G-044¢Ã Kai's photo soap 2 (Á¤½Ä) G-044³ª¢Ã Kai's Photo Soap 2.5 G-045¢Ã Kai's Power Show (¿ÏÀüÁ¤½ÄÇ®) G-046³ª¢Ã Kai's Power Tools V 6.0 (c)Matacreations 2¸¸¿ø G-046´Ù¢Ã KPT Effects v7.0 G-047¢Ã KPT VECTOR Effects V1.5 For Illustrator G-048¢Ã kai's super goo (Á¤½Ä) G-049¢Ã LightScape(¶óÀÌÆ®½ºÄÉÀÌÇÁ) V3.2 2¸¸¿ø G-050´Ù¢Ã Light Wave(¶óÀÌÆ®¿þÀ̺ê) 6.5 2¸¸¿ø G-050¶ó¢Ã Lightwave 7.0 (c) Newtek 3¸¸¿ø G-051¢Ã LIGHT WAVE PLUG IN & UTIL 2¸¸¿ø (ȨÆäÀÌÁöÂüÁ¶) G-052¢Ã LivePix V2.0 Deluxe (c) LivePix G-053¢Ã FREEHAND 7.0 ÇÑ±Û G-053´Ù¢Ã MacroMedia FreeHand(ÇÁ¸®ÇÚµå) V9.0 G-053¶ó¢Ã MacroMedia FreeHand(ÇÁ¸®ÇÚµå) V10.0 2¸¸¿ø G-054¢Ã Macromedia XRES V3.0 (¿Ïº®ÇÑ Á¤Ç° ¹Ú½º Ä«ÇǺ») 3¸¸¿ø G-093¢Ã Macromedia Extreme 3D v2 2¸¸¿ø G-055¶ó¢Ã Maya V3.0 unlimitted 5¸¸¿ø G-055¸¶¢Ã Maya 4.0 3¸¸¿ø G-055¹Ù¢Ã Maya Unlinited 4.0 3cd 5¸¸¿ø G-055»ç¢Ã Maya Unlimited 4.01 for linux 2¸¸¿ø G-056¢Ã AlliasWaveFront MAYA Scenes Addons G-056³ª¢Ã Allias&Wavefront STUDIO TOOLS 9.7 2cd 5¸¸¿ø G-057¢Ã MEGA CLIP ART G-058¢Ã MS Photo Draw 2000 for Win95/98/NT 4.0 Service Pack 3 or later 3CD 5¸¸¿ø G-059³ª¢Ã MS Picture It 99 [for Win95/98/ NT4.0 or later] (Á¤½Ä) 2CD 3¸¸¿ø G-059´Ù¢Ã Picture It Publishing 2002 3cd 3¸¸¿ø G-059¶ó¢Ã MS Picture It Photo Premium 2002 [2cd] 3¸¸¿ø G-060¢Ã Painter 3D v1.0 (Á¤½Ä) (c)Metacreation G-061¢Ã Painter 5.03 (Fractal Design »çÀ϶§) G-061³ª¢Ã Metacreation Painter V6.0 2CD 4¸¸¿ø G-061´Ù¢Ã Painter 7 (c)Procreate (COREL) G-063¢Ã Photo Impact Mega Pack V4.0(Á¤½Ä) (c) Ulead 2CD 3¸¸¿ø G-095¢Ã Ulead Photo Express 4.0 Digital Studio Edition G-064¢Ã PHOTO SHOP PLUG -IN ¸ðÀ½ 2¸¸¿ø(ȨÆäÀÌÁö ÂüÁ¶) G-065¢Ã Photo/Graphic Edges V3.0 (c)Auto F/X G-066¢Ã PHOTOSHOP Learning CD ( ÇѱÛ) G-067¢Ã Photoshop¿ë ÇÊÅÍ ¸ðÀ½Áý (ȨÆäÀÌÁö ÂüÁ¶) G-068³ª¢Ã POSER (Æ÷Á®) V4.0 2CD 2¸¸¿ø G-069¢Ã Professional Graphics pack G-070¢Ã RenderWorld & NatureFX V2.0 for SoftImage 3.7 (SoftImage plug-in) G-071¢Ã Shade Plus ÇÑ±Û G-072¢Ã SoftImage 3.8(Á¤½ÄÇ®438¸Þ°¡ sp1 ¹öÀüÀÓ ) G-072³ª¢Ã SoftImage 3D Ver 3.8 SP3 G-072´Ù¢Ã SoftImage XSI 1.5 3cd 4¸¸¿ø G-072¶ó¢Ã avid softimage xsi v2.1 3CD 10¸¸¿ø G-073¢Ã SoftImage 3D Extreme 3.8 [for WIN NT] G-075¢Ã Phoenix tools RED CD for softimage3D 3.8(softimage plug-in) 3¸¸¿ø G-076¢Ã True Space (Æ®·ç ½ºÆäÀ̽º) v4.0 G-076³ª¢Ã TrueSpace V4.3 2¸¸¿ø G-077¢Ã Ulead COOL(À¯¸®µå Äð) 3D (Á¤½Ä) G-078¢Ã Ulead Face Factory 1.0 G-079¢Ã Working Model 3d G-082¢Ã World Construction Set 4.55 G-083¢Ã Metacreation Dance Studio v1.0 2¸¸¿ø G-084¢Ã Avid Marquee v1.0 G-085¢Ã View Point 4cd 5¸¸¿ø G-086¢Ã Realviz MatchMover 1.0 3¸¸¿ø G-087¢Ã Macromedia Esenssinal 1.0 3¸¸¿ø L-025´Ù¢Ã Crystal Report (Å©¸®½ºÅ» ¸®Æ÷Æ®)8.5 Developer Edition 2¸¸¿ø L-025¶ó¢Ã Crystal Reports Professional 8.5 2¸¸¿ø ttttttttttttttttttttttt ¸ÖƼ¹Ìµð¾î ,À¥,ȨÆäÀÌÁö,¾Ù¹üÁ¦ÀÛ tttttttttttttttttttttttttttt T-001¢Ã Super Scape VRT V5.60 3¸¸¿ø T-002³ª¢Ã Adobe GoLive v5.0 T-002´Ù¢Ã Adobe Golive v6.0 2¸¸¿ø T-003¢Ã Adobe PageMil V3.0 T-004¢Ã Adobe Persuasion V4.0 T-005¢Ã Adobe Photoshop Web Magic T-006¢Ã Adobe Photo Deluxe V2.0 ÇÑ±Û (563M Á¤½ÄÇ®,2000³âÆÇ) T-006 ³ª¢Ã ADOBE PHOTODELUXE BUSINESS EDITION 1.0 T-006 ´Ù¢Ã ADOBE PHOTODELUXE HOME EDITION 4.0 T-007¢Ã Instant Photo Effects V1.0 T-008¢Ã ÇÑ±Û IXLA photo 1.1 T-009¢Ã Photo Bank(Æ÷Åä ¹ðÅ©) V1.0 T-010¢Ã PhotoRecall Deluxe V2.0 [for Win 95/98/nt] T-011¢Ã MGI photosuite II V1.02 T-012³ª¢Ã MGI Videowave lll 2CD 3¸¸¿ø (¼ö¹é¸Þ°¡ Á¤½ÄÇ®) T-012´Ù¢Ã MGI VEDIO WAVE 5 2¸¸¿ø T-013¢Ã Inscriber CG Feature Pak And Motion Pak v3.3.0.43 T-014¢Ã DVMPEG v5.01 (vedio, sound µîÀÇ ¾ÐÃàÀúÀå¹×...) T-015¢Ã Digital Fusion 2.13 2¸¸¿ø T-016¢Ã DeBabelizer Pro V4.5 2¸¸¿ø T-017³ª¢Ã Discreet EDIT v6.0(317M Ç®) 3¸¸¿ø T-017´Ù¢Ã COMBUSTION V2 (Discreet) 2¸¸¿ø T-018¢Ã Drumbeat (µå·³•») 2000 v3.0 2¸¸¿ø T-019¢Ã Authorware (¿À½î¿þ¾î) v5.0 (c)Macromedia T-020³ª¢Ã ÇÑ±Û Authorware (¿À½î¿þ¾î) v5.0 2¸¸¿ø T-021³ª¢Ã Director (µð·ºÅÍ) V8.0 (Á¤½Ä Ç®) 2¸¸¿ø T-021´Ù¢Ã Director (µð·ºÅÍ) V8.5 (Á¤½Ä Ç®) T-022¶ó¢Ã DreamWeaver (µå¸²À§¹ö)ULTRADEV 4 FireWorks 4 studio -2CD 5¸¸¿ø T-023´Ù¢Ã Macromedia FireWorks V4.0 2¸¸¿ø T-024´Ù¢Ã FLASH Ç÷¹½¬5.0 (¼ö¹é¸Þ°¡ÀÔ´Ï´Ù!) 2¸¸¿ø T-024¸¶¢Ã Macromedia Flash -MX 6 (¼ö¹é¸Þ°¡ Ç®¹öÀü!) 3¸¸¿ø T-025³ª¢Ã Tool Book II V7.0 (ÅøºÏÀÌ µåµð¾î 7.0 ÀÌ ³ª¿Ô±º¿ä. 321 ¸Þ°¡ Á¤Ç°Ä«ÇǺ») T-026¢Ã Media Studio Pro V5.0 (Ulead Co.) 2CD 3¸¸¿ø T-026³ª¢Ã Ulead MediaStudio(À¯¸®µå ¹Ìµð¾î ½ºÆ©µð¿À) Pro 6.0 T-026´Ù¢Ã Ulead Media Studio Pro 6.5 -2¸¸¿ø T-026¶ó¢Ã Ulead Vedio studio 5.0 DVD Edition -2¸¸¿ø T-027¢Ã Kaydara FILMBOX v1.5 SPI T-028¢Ã MS Liquid Motion v1.0 T-029¢Ã Cold fusion Studio 4.0(Á¤½Ä) (c)Allaire 2¸¸¿ø T-029³ª¢Ã Allaire Cold Fusion Server V5.0 Release Candidate 2¸¸¿ø T-030³ª¢Ã Net object fusion 4.0 (Á¤½ÄÇ®) 2¸¸¿ø T-031¢Ã Symantec Visual Page V2.0 T-032¢Ã Symantec Visual Cafe v2.5 [for Java for Win95/NT] T-032³ª¢Ã Symantec Visual Cafe v3.0 2¸¸¿ø T-033¶ó¢Ã Visual Cafe for JAVA V4.0 Enterprise E~(Á¤½ÄÇ®) -WebGain Inc 2¸¸¿ø T-034¢Ã ÇÑ±Û Visio 5.0 Standard T-034³ª¢Ã Visio Enterprise 5.0 T-034´Ù¢Ã VISIO Technical 5.0 (ÇѱÛ) T-035´Ù¢Ã VISIO 2000 Enterprise Edition (2000³â ½ÅÇ°,Á¤½Ä Ç®¹öÁ¯) 2cd 3¸¸¿ø T-035¶ó¢Ã VISIO 2002 2¸¸¿ø T-035¸¶¢Ã MS Visio 2002 Professional (ÇѱÛ) 2¸¸¿ø T-035¹Ù¢Ã MS Visio Professional 2002 SR1 2¸¸¿ø T-036¢Ã Xara 3D 3.04 ( Á¤½Ä) T-036³ª¢Ã XARA webstyle v2.0 2¸¸¿ø T-039¢Ã Punch Super home suite (À¥Á¦ÀÛ°ü·Ã) T-040³ª¢Ã MS Front Page 2000 Coperate Edition (1)/(2) 2CD 3¸¸¿ø T-040´Ù¢Ã MS ÇÑ±Û ÇÁ·ÐÆ® ÆäÀÌÁö 2000 2¸¸¿ø T-040¶ó¢Ã MS FrontPage 2002 Inside Out 2¸¸¿ø T-041¢Ã Omni Page Web Edition 1.0 T-042¢Ã Web page 5.0 (640¸Þ°¡) (À¥ÆäÀÌÁö ÀúÀÛ Å°Æ®.) T-043³ª¢Ã ³ª¸ðÀ¥ 4.0 (Ç®¹öÀü) T-043´Ù¢Ã Namo WebEditor 5.0 (Ç®¹öÀü) 2¸¸¿ø T-044¢Ã ĬÅ×ÀÏ 98 2CD 3¸¸¿ø T-045¢Ã Æ÷Å佺ÇÁ·¹ÀÌ 1.0 T-046¢Ã Äíµµ( KUDO ) À̹ÌÁö ¸ðÀ½Áý.. 2¸¸¿ø T-047¢Ã Photodisc -4CD 6¸¸¿ø T-048¢Ã American Fine Art & Illustration (c) Photodisc (½ÅÇ°! À̹ÌÁö ½Ãµð) - 2¸¸¿ø T-049¢Ã Pinnacle STUDIO(ÇdzªÅ¬ ½ºÆ©µð¿À) 7 Full Multilanguage 3¸¸¿ø T-049³ª¢Ã Pinnacle SYSTEM STUDIO DV plus 1.1 3¸¸¿ø T-049´Ù¢Ã Pinnacle System Impression DVD PRO SE v2.1 3¸¸¿ø T-050¢Ã Ulead DVD Movie Maker v1.0 (DVD Åø) 2¸¸¿ø T-051¢Ã Corel Pro Photo Windsurfing 2¸¸¿ø T-052¢Ã Corel Land of the Pyramids 2¸¸¿ø T-053¢Ã Roxio VideoPack 5 T-054¢Ã hollywood fx (Ç㸮¿ìµå FX) Gold ! 3¸¸¿ø T-055¢Ã Macromedia HOMESITE 5.0 2¸¸¿ø T-056¢Ã Avid Xpress DV v3 3¸¸¿ø T-057¢Ã Swish 2.0 -2¸¸¿ø J-109¢Ã PowerDVD XP 4.0 J-110¢Ã WinDVD 2001 jjjjjjjjjjjjjjjjjjjjjjjj ±âŸ(À½¾Ç,·¹ÄÚµù,ÇØÅ·,µîµî...) jjjjjjjjjjjjjjjjjjjjjjjjjjjjj À½¾Ç°ü·Ã======================================================== J-001¢Ã EnCore 4.21 (À½¾Ç°ü·Ã) J-003¢Ã Cakewalk Home Studio 9 ( for Win 9X/ NT ) 2¸¸¿ø J-003³ª¢Ã Cakewalk Home Studio 2002 10.0.2 -2¸¸¿ø J-011¢Ã CakeWork Sonar XL V1.0 2¸¸¿ø J-011³ª¢Ã CakeWalk SONAR XL 1.2 UPDATER J-011´Ù¢Ã Cakewalk Music Creator 2002 2¸¸¿ø J-004³ª¢Ã Finale 2000 (Çdz¯·¹ 2000) J-004´Ù¢Ã Finale 2001 J-005¢Ã Music Soft Musician's Toolbox II [for WIN95/ NT] 2CD 3¸¸¿ø J-006¢Ã Soundforge(»ç¿îµåÆ÷Áö) v4.5a J-006³ª¢Ã Sonic Foundry Sound Forge v5.0b 2¸¸¿ø J-006´Ù¢Ã Sonic Foundry Vegas Pro Audio 2 2cd 3¸¸¿ø J-006¶ó¢Ã Sonic Foundry Voices of Native America 2¸¸¿ø J-007¢Ã Sound Forge DirectX Noise Reduction Plug-in J-008¢Ã Voyatra MusicWrite Plus À½¾ÇÆíÁý°ü·Ã J-009³ª¢Ã Dance ejay 4 (c) PXD Musicsoft Inc. 2¸¸¿ø J-010¢Ã Digital CD-Recording Studio (c) Macmillan (Á¤½ÄÇ®-331¸Þ°¡) 2¸¸¿ø J-012¢Ã MusicMatch Jukebox Plus 7.0 Build 135 J-013¢Ã Coda Finale(DVDA-002112) 3¸¸¿ø J-014¢Ã CUBASE (Å¥º£À̽º) 5 (c)STEINBURG 3¸¸¿ø J-014³ª¢Ã CUBASE all Plugin 2¸¸¿ø J-015¢Ã Cooledit 2000 J-015³ª¢Ã Cooledit pro 2¸¸¿ø J-016¢Ã MUSICBOX ¹ÂÁ÷¹Ú½º -2CD 3¸¸¿ø J-017¢Ã LucasFilm Sound Effects Library (6CD¸¦ 2Àå¿¡ ¸ðµÎ ´ãÀ½!) -3¸¸¿ø ·¹ÄÚµù °ü·Ã============================================== O-050¢Ã CD SPACE 4.0 J-031¢Ã WinOnCD 3.7 (ÆÄ¿ö¿¡µð¼Ç) J-031³ª¢Ã WinOnCD 3.8 (Á¤½ÄÇ®¼ö¹é¸Þ°¡) J-032¢Ã ÀÌÁö½Ãµð Å©·¹ÅÍ 4.02 ÇÑ±Û - 2¸¸¿ø J-033¢Ã EasyCD Creator V4.02a Deluxe - 2¸¸¿ø J-033³ª¢Ã EasyCD Creator V5.0 Ç÷¡Æ¼³Ñ(Á¤½Ä) J-033´Ù¢Ã EasyCD Creator 5.02 (XP°¡´É) (ÇѱÛÆÐÄ¡) J-034 ³ª¢Ã Nero 5.5.6.4 with All Language Packs J-034 ´Ù¢Ã Nero 5.5.7.2 with All Language Packs J-034 ¶ó¢Ã Nero 5.5.7.8 -1¸¸ ¿Àõ¿ø ÇØÅ·°ü·Ã============================================ J-051¢Ã ÇØÅ·Åø ¸ðÀ½CD 1 (ȨÆäÀÌÁöÂüÁ¶) J-052¢Ã ÇØÅ·Åø ¸ðÀ½CD 2 (ȨÆäÀÌÁöÂüÁ¶) J-053¢Ã ÇØÅ·ÇÁ·Î±×·¥¸ðÀ½Áý (ȨÆäÀÌÁöÂüÁ¶) J-054¢Ã 3¸¸¿øÇØÅ·¹®¼­ (ȨÆäÀÌÁöÂüÁ¶) ±âŸ============================================ J-101¢Ã Bleem ! Key CD(ºí¸² Á¤½Ä ÇÊ¿ä) J-102¢Ã CLIPS(ARIS»ç) VINTAGE ALOHA (1SET) J-103¢Ã Creata Card Plus(2CD) 3¸¸¿ø J-104¢Ã LabLink Professinal 7.5 J-105¢Ã MIPS Products J-106¢Ã Andromedia Texture series 4 J-107¢Ã Resume Maker Delux Edition J-108¢Ã Laplink PCsync v3.0 J-109¢Ã PowerDVD XP 4.0 J-110¢Ã WinDVD 2001 eeeeeeeeeeeeeeeeee ÇнÀ,±³À°¿ë eeeeeeeeeeeeeeeeeeeee * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. Áöµµ°ü·Ã============================================= E-001¢Ã MS AutoRoute Express Europe 2001) E-001³ª¢Ã Microsoft Autoroute 2002 Europe 2CD -3¸¸¿ø E-002´Ù¢Ã MS MapPoint 2002 North America 2CD 3¸¸¿ø E-003¢Ã 3D ATLAS(¾ÆƲ¶ó½º) ¹é°ú»çÀü E-004¢Ã MS encarta World Atlas 98 - ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç ÀÇ ¼¼°èÁöµµ E-005¢Ã ¿¡½ºÄÚÆ® ¿ì¸®³ª¶ó Àüü Áöµµ°¡ ÇÑ´«¿¡ ! E-006¢Ã ¹éµÎ´ë°£ Àü±¹ °ü±¤Áöµµ V1.1 E-007¢Ã ¼­¿ï½Ã ±³Åë Áöµµ E-009¢Ã MEDIA CLIPS(ARIS»ç) BATIC DEGINES (1SET) ¸ÉÇμҽº E-010¢Ã ·ÎµåÆÄÀÏ·µ 2000 ( ´ë¿ìÁ¤¹Ð ÀüÀÚÁöµµ) ¿©Çà, ¼¼°èdz¹°, ´ëÀÚ¿¬°ü·Ã==================================================== E-031¢Ã KBS World Information 4cd 4¸¸¿ø E-032¢Ã National Geographic Street Locator (451MB) E-033¢Ã National Geographic Trip Planner Platinum (1)(2) 2cd 3¸¸¿ø E-034¢Ã MS Streets & Trips 2002 (NA) 2CD 3¸¸¿ø ¹ÙµÏ,·¹Á®,½ºÆ÷Ã÷,Ãë¹Ì°ü·Ã======================================== E-051¢Ã Àºº° E-053¢Ã õÇϼö´ã2000 E-054¢Ã ÀΰøÁö´É ¹ÙµÏ 98 [for Windows] E-055¢Ã Æò¼º±â¿ø2 E-065¢Ã PADI Encyclopedia of Recreational Diving(3cd) 5¸¸¿ø E-066¢Ã Bonito RadioCom 5.1 ¾îÇРȸȭ°ü·Ã=============================================== E-071¢Ã NEW ¿À¼º½Ä »ýÈ°¿µ¾î SOS 2CD 3¸¸¿ø E-072¢Ã ÀÌ°ÍÀÌ ¹Ì±¹ ¿µ¾î´Ù (Á¶È­À¯ Àú) 4CD 4¸¸¿ø E-073¢Ã ÀÌ°ÍÀÌ ¿©Çà ¿µ¾î´Ù [¿µ¾î±³À°¿ë] E-074¢Ã ACE ÀϺ»¾îȸȭ [ÀϾî] E-075¢Ã ¾ß¹«Áø ÀϺ»¾î [ÀϺ»¾î ÇнÀ ŸÀÌƲ] E-076¢Ã ÀÌÄ¡´Ù·Î & ÇÑÄÄ ÀϺ»¾îÆÇ E-081¢Ã JPT(ÀϺ»¾î ´É·Â½ÃÇè ½ÇÀüÅ×½ºÆ®) E-084¢Ã MBC ENGLISH ¸Å°ÅÁø (7°³¿ùÄ¡ 7Àå) 7¸¸¿ø E-085¢Ã SBS POWER ENGLISH ( 7°³¿ùÄ¡ 7Àå ) 7¸¸¿ø ¹ø¿ª============================================================== E-100¢Ã I-SEOUL / JK E-101¢Ã ¾Ó²¿¸£ V3.0 [Internet ¹ø¿ª¿ë] E-102³ª¢Ã TRANNIE 2000 E-102´Ù ¢Ã E-Tran 2001 ¿µÇѹø¿ªÇÁ·Î±×·¥ E-103¢Ã ¿öµå üÀÎÁö 5.0 (¿µÇÑ ¹ø¿ª±â) 3¸¸¿ø E-103³ª¢Ã ¹Ùº§ Top 2002 (ÇѱÛ) 2¸¸¿ø E-105¢Ã Universal Translator 2000 5¸¸¿ø E-106¢Ã ÇÑ°¡À̵å 2.0 (ÇÑ¿µ¹ø¿ª) E-107¢Ã Àΰ¡À̵å (±¹³»ÃÖ°íÀÇ ¿µÇѹø¿ª) E-108¢Ã JapKo Trans 2000 (ÀÏÇѹø¿ª) E-109 ¢Ã Click Q (¹ø¿ªÇÁ·Î±×·¥Áß º¥Ä¡¸¶Å© 1À§¸¦ ´Þ¸®´Â...) E-110¢Ã SYSTRAN_Professional_PREMIUM ¹ø¿ªÇÁ·Î±×·¥ -2¸¸¿ø »çÀü·ù========================================================= E-120¢Ã ¿Á½ºÆ÷µå¿µ¿µ»çÀü E-121¢Ã À¥½ºÅÍ ¿µ¿µ»çÀü(Webster's New World Dictionary & Thesaurus Deluxe Audio 2000) E-122¢Ã µÎ»ê µ¿¾Æ ÇÁ¶óÀÓ ¿µÇÑ/ÇÑ¿µ »çÀü E-123¢Ã MS Book Shelf E-124¢Ã PC DIC 7.0 (Àü¹®°¡¿ë) E-125¢Ã ÀÌÂî¹æ »çÀü [ÀϺ»¾î »çÀü] E-126¢Ã »çÀ̹ö ÀüÀÚ»çÀü (Àü¹®°¡¿ë) E-127¢Ã Easy ÀüÀÚ ¿ÁÆí 1.5 (Àü¹®°¡¿ë) E-128¢Ã Ä·ºê¸®Áö ¿µ¿µ»çÀü = (¿µ¾î¹ßÀ½³ª¿È) E-129¢Ã ¿µ¾î¹ßÀ½ Ŭ¸®´Ð E-130¢Ã collins cobuild Perfect ¹é°ú »çÀü·ù=============================================== E-141³ª¢Ã µÎ»êµ¿¾Æ ¼¼°è´ë¹é°ú 2001 -5CD 3¸¸¿ø E-142¢Ã ºê¸®Å´ÏÄ¿ ´ë¹é°ú»çÀü 2000 (ÇѱÛ) 3Cd 3¸¸¿ø E-142³ª¢Ã ºê¸®Å´ÏÄ¿(Britannica) ¼¼°è´ë¹é°ú»çÀü 2001 3cd 3¸¸¿ø E-142´Ù¢Ã ÇÑ±Û ºê¸®Å´ÏÄ¿(Britannica) ¼¼°è´ë¹é°ú»çÀü 2001 µð·°½º 3CD 3¸¸¿ø E-143 ¶ó¢Ã MS Encarta Reference Library 2002 5CD 3¸¸¿ø E-144¢Ã ÇѸÞÆĽºÄ® ´ë¹é°ú »çÀü 3CD 3¸¸¿ø E-144 ³ª¢Ã ÇѸ޵ðÁöÅйé°ú»çÀü (¹Ð·¹´Ï¾öÆÇ) 4CD 4¸¸¿ø E-146¢Ã ¼Öºû ¼¼°è ´ë¹é°ú »çÀü E-156¢Ã ¸£ºÎ¸£ ¹Ú¹°°ü (¿µ¹®ÆÇÀÓ) À¯¼Ò¾Æ °ü·Ã=============================================== E-174> ·¹°í ¾ÆÀÏ·£µå (¾î¸°ÀÌ¿ë ºí·Ï½×±â ³îÀÌ) ¿¡·¯! ÆǸÅÁßÁö E-175¢Ã Á¶ÀÌ ºí·° 2.0 [KBS ¿µ»ó»ç¾÷´Ü] (¼Ò¾Æ¿ë) ---ÃֽŠE-176¢Ã Ƽ¹ÌÀ̾߱â (À¯¾Æ¿ë) ------- ÃֽŠE-177¢Ã ¸¶ÀÌ´ÏÂî ÀϺ»¾î(À¯¾Æ¿ë) ------- ÃֽŠÃʵîÇлý °ü·Ã================================================= E-201¢Ã ¹Ì ¾Ø ¸¶ÀÌ ¿ùµå -´ë±³ ¸ÖƼ¹Ìµð¾î ÃʵîÇб³ ¿µ¾î ±³À°¿ë E-202¢Ã ÇÇÅÍÆæ ¿µ¾îÇнÀ ŸÀÌƲ 2cd ¿¡·¯;ÆǸÅÁßÁö E-203¢Ã ÇÁ¶óÀÓ Ãʵ¾î»çÀü E-204¢Ã µÎ³ú°³¹ßÀ» À§ÇÑ ¸óÅ׽ ½Ã¸®Áî 4CD 4¸¸¿ø E-205¢Ã õÀçµéÀÇ ¿ìÁÖ/ÀÚ¿¬/ÀÎü/°úÇÐ/¼¼°è»ç ¹é°ú»çÀü 5cd 5¸¸¿ø(³¹Àå °¢ ¸¸¿Àõ¿ø) E-206¢Ã õÀç¸Å¸Óµå¿Í ¹è¿ì´Â °úÇпø¸® E-207¢Ã ¾î¸°ÀÌ ÈƹÎÁ¤À½ 3.0 -ÃÖ½ÅÀÇ 3.0¹öÀüÀÔ´Ï´Ù! Áß,°í»ý ÇнÀ°ü·Ã=================================== E-231¢Ã ½Å³ª´Â ¼¼°è ¿ª»ç 2CD 3¸¸¿ø E-232¢Ã Áö±¸¸¶À» E-233¢Ã ¹°¸®¸¶À» E-234¢Ã PIRANHA(ÇǶó´Ï¾Æ) Redshift 3.0 E-235¢Ã °è¸ù»ç °úÇйé°ú ¼¼µàÄ« 2CD 2¸¸¿ø Àü¹®°¡,ÇÐȸ¿ë==================================== E-251¢Ã A General Survey of Korea Folk (c)NAMO - ¹ö±×¼öÁ¤Áß E-252¢Ã Á¶¼±¿ÕÁ¶½Ç·Ï 97 Áõº¸ÆÇ!! 4CD 6¸¸¿ø E-253¢Ã °í·Á´ëÀå°æ 2CD 4¸¸¿ø E-254¢Ã ÇÑÄÄ »ï±¹»ç±â E-255¢Ã ÇÑÄÄ´ëÇѹα¹ ÇöÇà¹ý·ÉÁý E-256¢Ã ¹ý°íÀ»LX V6.0 [¹ý¿øµµ¼­°ü-98³â 3¿ù] E-256³ª¢Ã ¹ý°íÀ» (LX ver 7.8) 4CD 4¸¸¿ø E-257³ª¢Ã Å·½ºÇʵå 2000 ´ë¹ý¿øÆÇ·ÊÁý E-258¢Ã ¼¼¹ýÆÇ·ÊÁý E-259¢Ã ¸ÖƼ ¹Ìµð¾Æ ºÏÇÑ ´ë¹é°ú »çÀü[Áß¾ÓÀϺ¸»ç] E-260¢Ã »ï¼º ¹ÝµµÃ¼ µ¥ÀÌÅÍ ºÏ 2.0 E-261¢Ã Machinery's handbook (±â¼ú¼­Àû) E-261³ª¢Ã Machinery's Handbook v.26 E-262¢Ã Àڹ̵μö(ÁÖ¿ª°ü·Ã ÇÁ·Î±×·¥) E-263¢Ã ÁÖ¿ª -»çÁÖÇÁ·Î±×·¥ÀÇ ´ë°¡¶ó°í ÇÒ ¼ö ÀÖÁÒ. ¼º°æ °ü·Ã ======================================= E-281¢Ã ±×¸² ¼º°æ[±¸¾à,½Å¾à] 2CD 3¸¸¿ø E-282¢Ã ¸ñȸ ÀÚ·á Å«¹é°ú 4.0 2CD 3¸¸¿ø E-283¢Ã ¼³±³ ¿¹È­ ÀÚ·á CD 4Áý E-284¢Ã ¼º°æ ¾Ï¼Û/Àбâ 365ÀÏ E-285¢Ã ¼ÀƲ¼º°æ ¸ñȸÀÚ¿ë V4.0 E-286¢Ã MyBible 301 (¼º°æÀü¼­ÀÔ´Ï´Ù ) ¾÷¹«¿ë,ºñÁö´Ï½º,»ó¾÷°ü·Ã=================================================== E-305¢Ã ¸íÀÎ ¿ÀÇǽº 2000 (¸íÀÎ2000 +ȸ°è¸íÀÎ+Æѽº¸íÀÎ) 3¸¸¿ø E-307¢Ã °¢Á¾¼­½Ä ¹× ¾÷¹«¿ë ÇÁ·Î±×·¥ ¸ðÀ½Áý 3¸¸¿ø E-308¢Ã ¼¼¹«, ȸ°è, Àç°í, °ü¸® ÇÁ·Î±×·¥ ¸ðÀ½Áý 3¸¸¿ø E-309¢Ã Quicken Quick Book pro 99 3¸¸¿ø E-309³ª¢Ã Quicken 2002 Home Business °¡°Ý¹ÌÁ¤ E-309´Ù¢Ã Quicken 2002 deluxe °¡°Ý¹ÌÁ¤ E-310¢Ã ¾ó¸¶¿¡¿ä! 2000 - ȸ°èÇÁ·Î±×·¥! 2¸¸¿ø dddddddddddddddd ÀÇÇаü·Ã ddddddddddddddddddddd D-001¢Ã Çѹ浿ÀǺ¸°¨- ¼ÒÀå°¡Ä¡ 100% D-001³ª¢Ã CD °¡Á¤Çѹæ´ëÀü D-002¢Ã Stedmans Electronic Medical Dictionary v4.0a 3¸¸¿ø D-003¢Ã ÀÇÇпë MRI-CT 2¸¸¿ø D-004¢Ã Body Works 97 V5.0 D-005¢Ã BodyWorks 6.0 [for Windows] D-006¢Ã Clinical Anatomy 1.0 [for Windows] D-007¢Ã Griffith's 5 Minute Clinical Consult 1997(ÇǺΰú) D-008¢Ã Interactive Atlas of Human Anatomy D-009¢Ã MAXX ; The Electronic Medical D-010¢Ã The Illustrated Merck Manual (16TH Edition) 2¸¸¿ø D-011¢Ã ¾Æ´ã Symposium on Refractive Ophthalmology (2CD) 3¸¸¿ø D-012¢Ã ¾Æ´ã Symposium on Refractive Surgery (2CD) 3¸¸¿ø D-013¢Ã ¾Æ´ã ±³¼ö¿ë¹öÀü [A.D.A.M Inside the story] D-014¢Ã ¾Æ´ã ±³¼ö¿ë¹öÀü [A.D.A.M Nine month Miracle] D-015¢Ã ¾Æ´ã ±³¼ö¿ë¹öÀü [A.D.A.M Ultimate Human body] D-016¢Ã ¿µ»óÀÇÇÐ CD (4CD) 4CD 6¸¸¿ø(³¹Àå 2¸¸¿ø) D-017¢Ã Çظ®½¼ÀÇÇйé°ú 14TH ============================================================= ¼ºÀΠŸÀÌƲ ============================================================= * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. * ȨÆäÀÌÁö´Â °¢ ŸÀÌƲ¸¶´Ù ÀÚ¼¼ÇÑ ¼³¸íÀ» ½Ç¾î³õ¾Ò½À´Ï´Ù. Çѱ¹ÀÇ µ¿¿µ»ó ==================== ----------------------------------------------------------------- X-047¢Ã °­Á¦¼÷, °­Á¦¼÷µ¿»ý ASF ¹öÁ¯ -2¸¸¿ø X-048¢Ã °­Á¦¼÷µ¿»ý mpg ¹öÀü X-049¢Ã ¶ó¶ó ¸® Z-001¢Ã ¹éÁö¿µ 40ºÐ Ç®¹öÀü X-002-A¢Ã ÁøÁÖÈñ 1 X-002-B¢Ã ÁøÁÖÈñ 2 X-003¢Ã ¿ÀÇö°æ 3 X-004¢Ã ºÎ»ê¿©´ë ¸ôÄ« X-006¢Ã ÀÌÈ­¿©´ë ¸ôÄ« X-007¢Ã ºñµð¿À¹æ ¸ô·¡ Ä«¸Þ¶ó X-008¢Ã ½ÅÈ¥¿©Çà ¼¿ÇÁÄ«¸Þ¶ó X-010¢Ã ³ª·¹ÀÌÅÍ ¸ðµ¨ È£ÅÚ ¸ôÄ« 1 (Çѱ¹) X-011¢Ã ³ª·¹ÀÌÅÍ ¸ðµ¨ È£ÅÚ ¸ôÄ« 2 (Çѱ¹) X-013¢Ã Á¶·ç¸Ç ¸ôÄ« (Çѱ¹) .. X-014¢Ã ¾È¾ç¿©°ü ¸ôÄ« (Çѱ¹) X-015¢Ã ¿©°ü¸ôÄ«(TV¸¸ º¸´Â ¿©ÀÚ).. X-018¢Ã Àå¹Ì¿©°ü (Çѱ¹):À¯¸íÇß´ø Ãß¾ïÀÇ ±×Çʸ§,,,? X-019¢Ã ²É¹æ 588 ¹ÐÂø ¸ôÄ« (Çѱ¹) X-020¢Ã ÀÌÅ¿ø ¸ôÄ«(Çѱ¹) X-021¢Ã ÀÌ´ëÈ­Àå½Ç ¸ôÄ« (¿øÆÇ)(Çѱ¹) X-022¢Ã ±×·¹À̽º¹éÈ­Á¡ ¸ôÄ«(Çѱ¹) X-025¢Ã õ¾È¸ðÅÚ¸ôÄ« X-026¢Ã ¾ï¼öÀå¸ðÅÚ¸ôÄ«:°­·ÂÃßõÀÛ X-028¢Ã ·¯ºêÈ£ÅÚ¸ôÄ«:Àû±ØÃßõÀÛ X-029¢Ã ±³¼ö¿Í Á¦ÀÚ - X-030¢Ã Çѱ¹ : ¿µÈ­ "°ÅÁþ¸»" X-031¢Ã ÀþÀº ´ëÇлý ´©µå ÃÔ¿µ ÇöÀå(Çѱ¹) X-036¢Ã »êºÒÁ¶½É....(Çѱ¹);¿¾³¯¿¡ ³¯¸° ÃÊâ±â ¼ø±¹»ê Æ÷¸£³ë X-037¢Ã ¼³Çö¿í ¼º Ŭ¸®´Ð(Çѱ¹)...¿ì¸®³ª¶ó ¹è¿ì(·ù¹Ì¿À Ã⿬)°¡ ¹þ°í ³ª¿È X-039¢Ã ÀϺ»¿µÈ­+Çѱ¹¿µÈ­: ¾ÓÄÉÀÌÆ®Á¶»ç¸¦ ºùÀÚÇØ¿©Ã¼¸¦ ³ó¶ô... X-042¢Ã Á¶¼±Á·(¹«Á¶°Ç.°­·ÂÃßõÀÛ..¼³¸íÀÌÇÊ¿ä¾ø½À´Ï´Ù) X-043¢Ã Çѱ¹¿µ°è +Æĸá¶ó¿£´õ½¼ + ºñ¹æ¸ôÄ« (GOOD!) X-044¢Ã ¹Ì¾Æ¸®¼î(´ã¹èÇÇ¿ì±â.º´µû±â.ÃÖ°íÀÇÈ­Áú¢Ã X-045¢Ã À¯Çлý.Å©¸®½ºÆ¾.¿Ü(¿Àµð¼Ç.1.2): X-046¢Ã Å©¸®½ºÆ¾ 3ź!-À̹ø¿£ ÀúÅà ¼ö¿µÀå¿·¿¡¼­ ¼Ø¾¾¸¦º¸ÀÓ´Ù!^^! X-050¢Ã ¿ÀÆľÆÆÛ,±è°¡¶÷,°­³²±îÆä -2¸¸¿ø X-051¢Ã ¹Ú¹ÌÇö, ÄÚ¸®¾Æ18¼¼ -2¸¸¿ø X-052¢Ã ¼±¾Æ + Ä¡ÇÑ(ÀϺ») X-053¢Ã ºÎºÎ3 X-054¢Ã ¸ñ¿åÅÁ¸ôÄ« X-055¢Ã ¸ðµ¨¸ôÄ« , °¡¸é¸Ç X-056¢Ã ´Ù¹æ·¹Áö/¼úº´³Ö±â/¹æ¹èµ¿¸ôÄ« X-2001¢Ã C¾ç ÇѺ¹(ÀåÀ¯³ª) 2¸¸¿ø X-2002¢Ã Çѱ¹ ¸ñ¿åÅÁ ¸ôÄ« 2¸¸¿ø X-2003¢Ã µðÁî´Ï·£µå(Çѱ¹) 2¸¸¿ø X-2004¢Ã ²­µüÁö(Çѱ¹) 2¸¸¿ø ----------------------------------------------------------------- µ¿¾çÀÇ µ¿¿µ»ó ===================== * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. * ȨÆäÀÌÁö´Â °¢ ŸÀÌƲ¸¶´Ù ÀÚ¼¼ÇÑ ¼³¸íÀ» ½Ç¾î³õ¾Ò½À´Ï´Ù. Y-001¢Ã TOKYO SUMMER CAMP GIRL(µ¿°æ´ë¿©¸§Ä·ÇÁ) Y-002¢Ã ªÒªêªÞªáªèª¤ª¦(¹«½¼¼Ò¸®Áö?) Y-003¢Ã º¹¸éÀÏ´ç Y-004¢Ã Honey(Çã´Ï) Y-005¢Ã ¿©º¸½º Y-006¢Ã AVÆ÷¸£³ë Y-007¢Ã À½¶õ°¡Á¤±³»ç Y-008¢Ã ±â¶ó¶ó°¡¿À¸® Y-009¢Ã ¾ß»ó±Ý±â Y-010¢Ã ±âºê½º Y-011¢Ã ¾Æ½Ã¾È ¾ÆÀÏ·±µå Y-012¢Ã ¿©±³»ç Y-013¢Ã ¼î±º Y-014¢Ã ÀÏ·ÎÁ¤´ç Y-015¢Ã ³ë¸ñ¾çÀÚ Y-016¢Ã ¾ß¸Þ¶¼ Y-017¢Ã ¿À¸Á²¿°í¸®°í¸® Y-018¢Ã »ï³²¸Å Y-019¢Ã ¾î¸°¼Ò³à (·Î¸®Å¸) Y-020¢Ã ·ù¹Ì¿Í »ç¿À¸® Y-021¢Ã °£È£»ç Y-022¢Ã À½¶õ°¡Á· Y-023¢Ã µ¿°æÁ¤°ü Y-024¢Ã ±³¾çÀû°íÁ¶ Y-025¢Ã È£»çÀû°íÁ¶ Y-026¢Ã JAPANYOUNG Y-027¢Ã SEXCRETARY(»ç°¡¿©ºñ¼­) Y-028¢Ã ÆĽÅÆı³Àü Y-029¢Ã »¡°£µå·¹½º Y-030¢Ã ¹®½Å¿©ÀÎ Y-031¢Ã ¼Ò±¸¹Ì¾Ö Y-032¢Ã À½¶õ À¯·ÉÀü¼³ Y-033¢Ã ÃÊüÇèÁö¿Á Y-034¢Ã ¿øÁ¶±³Á¦ Y-035¢Ã ´ëÈ­¸éƯÁý(Á¶°³Á¤¹ÐºÐ¼®!) Y-036¢Ã 50 ´ë 3 Y-037¢Ã 63¸íÀÇ ³ªÃ¼¿îµ¿È¸ Y-038¢Ã ·Î¸®Å¸ (¾Æµ¿¹°-ÀÚµ¿Â÷¹öÀü) Y-039¢Ã °£È£¿ø Y-040¢Ã ¼Ò¼³°¡ Y-041¢Ã ³ëº¹¾Ö¿å Y-042¢Ã ÃÊ¿øÀÇ ¿©ÀÎ Y-043¢Ã ¿ÀÇǽº°É Y-044¢Ã ÁööÀ¯»ö¸¶ Y-045¢Ã °í±³¿©±³»ç Y-046¢Ã ½ºÀ§Æ®°É (´ÞÄÞÇÑ ¼Ò³à) Y-047¢Ã ¼Ò³à¼ºÀϱâ(ÀϺ») Y-048¢Ã °¡Á¤±³»ç-µµ´ëü ¹¹¸¦ °¡¸£Ä¡´ÂÁö ¸ð¸£°Ú³×! Y-049¢Ã PENIS BELEIVER (âýÛÈåÕÎýîÜåüìÑ) Y-050¢Ã ±ØµµÇãÇü (пԳúÈû¡):SM·ù Ãßõ**** Y-051¢Ã ÀϺ» : Y-052¢Ã ¾ßÅ°ÄÚ: Y-053¢Ã ´©µå¼ö¿µÀå Y-054¢Ã À½Æø±º´Ü Y-055¢Ã õ³à¼ÒÈ¥ Y-056¢Ã SEXY REPORTER(¼½½Ã¸®Æ÷ÅÍ) Y-057¢Ã VENUS BANNY-X(ºñ³Ê½º¹Ù´Ï) Y-058¢Ã SATIN ANGEL(»çƾ¿£Á©) Y-059¢Ã SAVAGE PASSION(¼¼ºñÁöÆмÇ) Y-060¢Ã EIZOU(¿¡ÀÌÁ¶¿ì) Y-061¢Ã ½Åü°Ë»ç Y-062¢Ã ¼º¾Ö19¼¼ Y-063¢Ã COVER GIRL(Ä¿¹ö°É) Y-064¢Ã TOY(ÅäÀÌ) Y-065¢Ã º¯Å¾÷¼Ò Y-066¢Ã ¸ù ¹ü Y-067¢Ã MY TOKYO TUTOR 2 Y-068¢Ã °í¾çÀ̺ñÅ°´Ï Y-069¢Ã ¹Ì¼¼µ¥º»¹ø Y-070¢Ã º¯Å»ï¸Å Y-071¢Ã ÁöÇÏö ¸ôÄ« Y-072¢Ã Ž±¸ÀûÃëÇâ Y-073¢Ã ÃÖ°íÀÇ ´À³¦ Y-074¢Ã HIMIKO (È÷¹ÌÄÚ) Y-075¢Ã Çغ¯ÀÇ Á¤»ç Y-076¢Ã À½¼ö(µ¿¹°) Y-077¢Ã ºÐÈ«µå·¹½º ¿©Çлý Y-078¢Ã (¹«Á¦)Ŭ·´ÀÇ ¿©Àεé Y-079¢Ã ¹è´ö·¹½¼ Y-080¢Ã ¿©ÀÚÀÇ ¸ö Y-081¢Ã ¿ÀºüÀÇ ¿©ÀÚ Y-082¢Ã »çÃÌÀ½ÅÁ¸Å Y-083¢Ã THE BATTLE OF THE MOST LUSTFUL GIRLS Y-084¢Ã ¹«Á¦ <ÇÏÀÌÈú> Y-085¢Ã Ò³í­ÎèßæªÁª¢ªµ ù¦ªËª·ªÆ Y-086¢Ã ³²±ÙÅùè¼Ò½Ãó Y-087¢Ã ¼¼Ä¿Çà Y-088¢Ã À½»ö¾î·Ï Y-089¢Ã À¯Å°³ª Y-090¢Ã Housekeeper Y-091¢Ã Á¹¾÷ <¸¶À̲¿ À¯³¢>(ó³à±Ã) Y-092¢Ã ¼¼¶óº¹,Á¤¾×µµµÏ Y-093¢Ã ½ÅÈ¥¿©Çà,¼­Á¡°á¹Ú Y-094¢Ã SWEET EIGHTEEN(´ÞÄÞÇÑ 18¼¼) Y-095¢Ã °¨±Ý Y-096¢Ã NEO ÃâÇ÷´ëÁ¦º¹ Y-097¢Ã DISCO °­°£¹ü Y-098¢Ã ¾Æ³¢²¿À¯¹Ì Y-099¢Ã Á¦º¹Ãµ»ç Y-100¢Ã H-½ºÅ°³ª³ë Y-101¢Ã Á¤Á¶´ë Y-102¢Ã Á¤¾×»þ¿ö Y-104¢Ã ¸ñ¿åÅÁ ¸ôÄ« Y-105¢Ã dz¼±ÀÇ ¿©ÀÎ Y-106¢Ã ¼ö¿µÀå¸ôÄ«,¼Ó¿Ê¿¡¾î·Îºò Y-107¢Ã Á¦¸ñÀÌ ¾ø³×¿ä Y-108¢Ã Àεð½ëÆ® ¾î´úÅ͸® Y-109¢Ã ¿Áº¸´Ü ¹«»èÁ¦ÆÇ (2CD-2¸¸¿ø) Y-110¢Ã »ý¸® Y-112¢Ã ¾Ö´Ï¿¡¼­ ½Ç»ç(Á¦¸ñ¾øÀ½) Y-113¢Ã ÄûÁî¼î Y-114¢Ã Æ÷¸£³ë ½ºÅ¸ Y-115¢Ã ÆÛ½ºÆ® ³ªÀÌÆ® Y-116¢Ã Á¤Àû°æÈ¥ ¹«»èÁ¦ÆÇ (2CD) - 2¸¸¿ø Y-117¢Ã TANK (¹°¸ÔÀ̱â -¾àÇѸðÀÚÀÌÅ©) Y-118¢Ã °í±³»ýÀÇ °ÝÁ¤ Y-119¢Ã °¡¿À¸® ¾ÆÀÌÄ«¿Í Y-120¢Ã ¹Ì¾ß²¿ Y-121¢Ã asian college Cute (DIVX) Y-122¢Ã Á¤Àý¼ÒÀû & ´ë°æ±âÇ÷ (DIVX) Y-123¢Ã ¿¬¼Ó°íÁ¶ Y-124¢Ã ôÆȵµÀå Y-125¢Ã First Timers(filthy) Y-126¢Ã Japanese Food Play Y-127¢Ã ·¯ºêÆ®·¹ÀÎ. Y-128¢Ã Sexual Servants (¼º³ë) Y-129¢Ã The Kajeki Rape Mania (°¡Á¦Å° °­ °£ ¸Å´Ï¾Æ) Y-130¢Ã Cumming in Japan Y-131¢Ã °í±Þ¹Ì³à Y-132¢Ã ±ÝºØ¾î³Ö±â(³»½Ã°æ) Y-133¢Ã ÇÏÀÌ¿þÀÌ Çã´Ï Y-134¢Ã Hot sex city -Divx Y-135¢Ã Lustful Beauty -Divx Y-136¢Ã Love me Babe -Divx Y-137¢Ã Sex Starved Sluts 2 ±¾ÁÖ¸°´¤..^^ -Divx Y-140¢Ã ¿øÁ¶±³Á¦(±×·ì) Y-141¢Ã ¼º°í¹® Y-142¢Ã Big Boob Whores Y-143¢Ã ÁֺΠY-144¢Ã ¹Ì³à BIJIN (¸ðÀÚÀÌÅ©) Y-145¢Ã ¾à¼Ó (¸ðÀÚÀÌÅ©) Y-146¢Ã Fuck time! Y-147¢Ã 3 Days Sex Y-148¢Ã ¾ÆÄÉÈ÷²¿ Y-149¢Ã ڸ뿪Ϊ·ª¿ª¿ªê Y-150¢Ã Real Fuckin Deal Y-151¢Ã Àü±¹ ¼ºÀÎ ¿©¹è¿ì ±â´É´ëȸ Y-152¢Ã ¹Ì´Ï½ºÄ¿Æ® Ŭ·´ 9 (¸ðÀÚÀÌÅ©) Y-153¢Ã ±ÙÄ£»ó°£ V1 ¸ðÀÚÀÌÅ© Y-154¢Ã Nurse Go!Go ( ¾ÆÀÚ! °£È£¿ø ) ¸ðÀÚÀÌÅ© Y-155¢Ã äñÖ¥ü£ ¸ðÀÚÀÌÅ© Y-156¢Ã ¼Ò±¸¹Ì¾Ö 2 - Y-157¢Ã Asian Sex Retreat Y-158¢Ã ¿¤·¹º£ÀÌÅÍ°É Y-159¢Ã ¿©±³»çÀÇ ¼º±³À° Y-160¢Ã °£È£»çÀÇ »ç»ýÈ° Y-161¢Ã ëÌÚÚìÈãÝ Y-162¢Ã ½ºÆÄÅ° Y-163¢Ã Nasty Asian Nurses Y-164¢Ã SleazyBaby (Divx) Y-165¢Ã ¼ÒÀÎ (Divx) Y-166¢Ã Sex Starved Sluts 1 (Divx) Y-167¢Ã ³»Ãò·² (Divx) (¸ðÀÚÀÌÅ©) Y-168¢Ã Óæî» (Divx) == 2000¹ø ÀÌ»óÀº 2CD (2¸¸¿ø)ÀÔ´Ï´Ù.== Y-2501¢Ã PINKY (ÇÎÅ°) 2CD 2¸¸¿ø ----------------------------------------------------------------- ¼­¾çÀÇ µ¿¿µ»ó ==================== * ¸¹Àº ¿ë·®°ü°è·Î Á¦¸ñÀ§ÁÖ·Î ½Ç¾ú½À´Ï´Ù. ÀÚ¼¼ÇÑ ¼³¸íÀº * ÀÓ½ÃȨÆäÀÌÁö ÂüÁ¶ÇϽðí ȨÇÇ Àå¾Ö½Ã¿£ ¿¬¶ôÁֽʽÿÀ * ¹°·Ð Á÷Á¢ ÀüÈ­¹®Àǵµ °¡´ÉÇÕ´Ï´Ù. * ȨÆäÀÌÁö´Â °¢ ŸÀÌƲ¸¶´Ù ÀÚ¼¼ÇÑ ¼³¸íÀ» ½Ç¾î³õ¾Ò½À´Ï´Ù. Z-010¢Ã ¹é¼³°øÁÖ 1,2 (2CD) Z-011¢Ã ANAL CLIMAX 2(¾Æ³¯Å¬¶óÀ̸·½º) Z-012¢Ã µ¶ÀÏ ¿©´ë±â¼÷»ç<µ¶ÀÏ> Z-013¢Ã FUNNY ENTERPRISE (Àç¹Ì³­ ±â¾÷?) Z-014¢Ã FORESKIN GUMP(Æ÷·¹½ºÅ² °ËÇÁ) Z-015¢Ã HOLLYWOOD SCANDLE Z-016¢Ã CLOCKWORK ORGY(Ŭ¶ô¿öÅ© ¿À¸£±â) Z-017¢Ã YOUNG STUDENT(¿µ°è ¿©Çлý) Z-018¢Ã ANCIENT ASIAN SEX SECRET Z-019¢Ã SEX SHOW(»ö½º¼î) Z-020¢Ã ANAL SAVAGE (ÈÄÀåÃÊÀÎ^^) Z-021¢Ã CORN HEAD(¿Ü°èÀÎ) Z-022¢Ã ¹èµå °É ³Ë´Ù¿î Z-023¢Ã PUSSY CAT(Æ۽à Ĺ) Z-024¢Ã ºòÅ丮¾ÆÀÇ Àº¹ÐÇÑ »ç»ýÈ° Z-025¢Ã PARADISE FOUND(ÆĶó´ÙÀ̽º ÆÄ¿îµå) Z-026¢Ã GIRLS WHO TAKE GUYS WITH TWO COCKS Z-027¢Ã TABOO(ŸºÎ) Z-028¢Ã INFERNO(ÀÎÆ丣³ë) Z-029¢Ã PLAYTIME (Ç÷¹ÀÌ Å¸ÀÓ) Z-030¢Ã AFAIR OF HEART(¾îÆä¾î¿ÀºêÇê) Z-031¢Ã LET'S PLAY DOCTOR Z-032¢Ã ANAL MAINIA(¾Æ³¯ ¸Å´Ï¾Æ) Z-033¢Ã SCHOOLBUS(½ºÄð¹ö½º) Z-034¢Ã TIME PIECE(ŸÀÓÇǽº) Z-035¢Ã FRANCH ROLITA(ÇÁ·£Ä¡·Î¸®Å¸) Z-036¢Ã ȯ»óÀÇ Ä§´ë Z-037¢Ã SISTER SNATCH 2(½Ã½ºÅͽº³ÝÄ¡) Z-038¢Ã PUSSYMAN Z-039¢Ã Ä¡¾î¸®´õ Z-040¢Ã SHAME Z-041¢Ã ANAL PLANET(ÈÄÀåÀÇ º°^^) Z-042¢Ã ¿ìÁÖÁ¶Á¾»ç Z-043¢Ã HOOKED ON CRACK Z-044¢Ã ¾Ë¶óµò Z-045¢Ã Çصå ÆÛ½ºÆ® Z-046¢Ã GETTING PERSONAL Z-047¢Ã ±ÝÁöµÈ ȯ»ó Z-048¢Ã THE PREGMENTED Z-049¢Ã THE PYRAMID Z-050¢Ã °íÁ¶°è½Ã·Ï (ÀüÀ￵ȭ) Z-051¢Ã WORK OF ART (¿¹¼úÀÛ¾÷) Z-052¢Ã ART OF DESIRE (°¥¸ÁÀÇ ¿¹¼ú) Z-053¢Ã HOUSE OF DREAM (²ÞÀÇ Áý) Z-058¢Ã ANAL SAVAGE 2 (ÈÄÀåÃÊÀÎ2) Z-059¢Ã ¿ìÀ¯¹è´ÞºÎ¿ÍÀÇ ÀÎÅͺä.. Z-060¢Ã ÆæÆ® ÇϿ콺 ¿Â´õ ¿ÍÀÏµå »çÀ̵å Z-061¢Ã Flower Canman Z-062¢Ã Intermate joumey(??¿©Çà?) Z-063¢Ã Baby watch(º£À̺ñ¿ÍÄ¡) Z-064¢Ã ASIAN INVASION(µ¿¾çÀÎÀÇ Ä§·«) Z-065¢Ã ºñ¹ÐÀÇ È­¿ø To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 10:46: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id F096937B40A for ; Thu, 16 May 2002 10:45:58 -0700 (PDT) Received: by gw.nectar.cc (Postfix, from userid 1001) id 7A04268; Thu, 16 May 2002 12:45:58 -0500 (CDT) Date: Thu, 16 May 2002 12:45:58 -0500 From: "Jacques A. Vidrine" To: Matt Piechota Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020516174558.GA92757@hellblazer.nectar.cc> References: <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> <20020516004110.R5989-100000@cithaeron.argolis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020516004110.R5989-100000@cithaeron.argolis.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 16, 2002 at 12:49:11AM -0400, Matt Piechota wrote: > That's why they're not required to cvsup to get patches. Do you even read > the Security Notices? They include links to get individual patches. You > can click on them even, at least I assume you can in Eudora. There are also some very new, experimental `cumulative patches' here: 4.5-RELEASE-p4 http://people.freebsd.org/~nectar/secupd-4.5-bin-4.tgz http://people.freebsd.org/~nectar/secupd-4.5-sys-4.tgz http://people.freebsd.org/~nectar/secupd-4.5-src-4.tgz 4.5-RELEASE-p5 http://people.freebsd.org/~nectar/secupd-4.5-bin-5.tgz http://people.freebsd.org/~nectar/secupd-4.5-sys-5.tgz http://people.freebsd.org/~nectar/secupd-4.5-src-5.tgz These are experimental, not signed, may blow up your system, install trojan horses, cause hair loss, and so on. We do need some feedback on them, however. Some notes: You need only apply the latest patch. You can skip patches. Each patch contains all previous patches. This is to make it possible to update from one patch level to another using portupgrade and other such tools. If you want to see what happens when installing `over' another patch, or deinstalling an old one, or using portupgrade, then you'll want both the p4 and p5 patches. Otherwise, you just want p5. These only apply to 4.5-RELEASE* systems. The `bin' packages are the actual binaries. The `sys' packages are updated sources for src/sys -- they are supplied to allow you to recompile your kernel. The `src' packages include all updated sources not in src/sys. Have fun, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 10:49:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 0BA1037B405 for ; Thu, 16 May 2002 10:49:05 -0700 (PDT) Received: by gw.nectar.cc (Postfix, from userid 1001) id A5EA042; Thu, 16 May 2002 12:49:04 -0500 (CDT) Date: Thu, 16 May 2002 12:49:04 -0500 From: "Jacques A. Vidrine" To: security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? Message-ID: <20020516174904.GB92757@hellblazer.nectar.cc> References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> <20020516045909.GC7616@laptop.lambertfam.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020516045909.GC7616@laptop.lambertfam.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 16, 2002 at 12:59:10AM -0400, Scott Lambert wrote: > Until we get binary patch kits, we just can't do the same thing for > the OS. I am assuming that someone has taken the trouble of diff'ing > the install images between patch levels to see how many files, and > what that translates to in megabytes, would be required for a tarball > that just unpacks over all changed files. I am also assuming that it is > prohibitively large since it is a simple, brute force method. > > My iBook came with OS X 10.1.1. I had to download 40 MB of patches to > get to 10.1.2. Reboot. Download 5 MB of patches to get to 10.1.3. > Reboot. Download 2.5MB of patches to get to 10.1.4. That's not counting > the updates to the included software. Hmm, I just posted another message in this thread with pointers to packages you might play with. The patches are cumulative, so they are larger each time-- but at least you only need the latest. > The last time I installed Solaris, it was a similar process except that > the patch sets always got larger due to their cumulative nature. Oh yeah, like that. Individuals who would like to work on and contribute to making this a robust, ongoing thing can drop us a line at ! Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 11:14:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from tesla.foo.is (tesla.reverse-bias.org [217.151.166.96]) by hub.freebsd.org (Postfix) with ESMTP id 61E4F37B409 for ; Thu, 16 May 2002 11:13:48 -0700 (PDT) Received: from there (eniac.foo.is [192.168.1.25]) by tesla.foo.is (Postfix) with SMTP id F059E2744; Thu, 16 May 2002 18:13:41 +0000 (GMT) Content-Type: text/plain; charset="iso-8859-1" From: Baldur Gislason To: Marc Rogers Subject: Re: HELP ME Date: Thu, 16 May 2002 18:13:04 +0000 X-Mailer: KMail [version 1.3.2] References: <20020516130805.I75489@closed-networks.com> In-Reply-To: <20020516130805.I75489@closed-networks.com> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020516181342.F059E2744@tesla.foo.is> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There's also a sysctl value, net.inet.tcp.blackhole that if set to 1 will make the kernel ignore packets coming to closed ports rather than sending a packet back with the RST flag set. Baldur On Thursday 16 May 2002 12:08, you wrote: > The obvious option is for you to place a firewall (either locally, or > another machine) between the internet and your machine. By firewalling > transparently either by using a stealth firewall or a totally transparent > firewall any attackers that try to connect to firewalled ports will get > timeouts. > > [The firewall should be configured to drop offending packets silently, as > any politeness, such as informing the source that the destination is > administratively blocked will betray the firewall] > > To be honest you probably dont have alot to gain. The vast majority of > scanning that goes on out on the net is automated to some extent. This > means unless the tool is unable to route to your machine at all, it will > still try to scan every port it has been instructed to check. the presence > of even a single open (or closed / filtered) port (mail,ssh, web etc) will > betray the existence of a firewalled machine. > > I guess the success of this depends entirely on who is going to be using > your machine. If there are no public services, then by using a "denied > unless explicitly permitted" approach you will achieve a fairly good > result. > > > Hope this helps > > > > > Marc Rogers > Senior Systems Administrator > Systems Architect > Vizzavi > > On Thu, May 16, 2002 at 11:45:21AM +0000, mohammad mirzaeenasir wrote: > > DERA STAFF, > > > > HI, I INSTALLED A UNIX CACHE SERVER(SQUID), AND I DESABLED NETWORK > > > > DAEMON IN "INETD.CONF" AND I DESABLE "INETD" IN "RC.CONF".SO, IF SOMEONE > > > > TRY TO FTP MY UNIX BOX IT WILL BE RECIEVED "CONNECTION REFUSED". > > > > BUT WHAT I SHOULD LIKE YOU TO DO IS TO HELP ME TO FIND OUT WHAT CAN I > > > > DO IF SOME TCP CONNECTION RECIVE TO MY BOX, THE KERNEL IGNORE IT AND > > > > THE REMOTE MACHINE WILL RECIVE THE "CONNECTION TIMED OUT".IN THIS WAY > > > > THE CRACKER FIGURE OUT MY MACHINE IS DISCOONECTED AND WILL NOT TRY TO > > > > SCAN OTHER NETWORK PORTS. > > > > > > THANK YOU VERY MUCH > > MOHAMMAD > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 11:21:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (freebsddiary.org.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id A894337B406 for ; Thu, 16 May 2002 11:21:29 -0700 (PDT) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.2) with ESMTP id g4GIKvS7007553; Thu, 16 May 2002 21:21:02 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g4GIKv5b007552; Thu, 16 May 2002 21:20:57 +0300 (EEST) Date: Thu, 16 May 2002 21:20:57 +0300 From: Alexandr Kovalenko To: mohammad mirzaeenasir Cc: marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re: reply Message-ID: <20020516182057.GB7239@nevermind.kiev.ua> References: Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, mohammad mirzaeenasir! On Thu, May 16, 2002 at 12:23:52PM +0000, you wrote: > hi, > thanks for your reply.I installed a transparent proxy on my machine with > "ipfw" rules.everything is ok and i tested it.but someone told me that > if you set your "kernel_secure_level = NO" , all kind of tcp connection > will ignore by kernel and for example in the case of telneting it , > it will reply "connection timed out". and i checked it , he was quit > right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it > will reply me "connection refused". > now, plz help me to find out more. It depends on how will you access your machine. If you're accessing via ssh, you should add sshd_enable="YES" to your /etc/rc.conf. Now you should determine which ports do you need to be open. For your case it will be 22 (ssh), 3128 (squid). So you can allow only those ports with ipfw add allow tcp from any to any 22 in recv ed0 ipfw add allow tcp from any 22 to any out xmit ed0 ipfw add allow tcp from any to any 3128 in recv ed0 ipfw add allow tcp from any 3128 to any out xmit ed0 and finally deny all other packets: ipfw deny ip from any to any P.S. securelevel has nothing to do with firewall. -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 12: 7:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by hub.freebsd.org (Postfix) with ESMTP id D6B7637B40A for ; Thu, 16 May 2002 12:07:48 -0700 (PDT) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id XAA82503; Thu, 16 May 2002 23:06:32 +0400 (MSD) Received: from 217.195.79.7 (IBMKA [217.195.79.7]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id KHFVGHVQ; Thu, 16 May 2002 23:06:19 +0400 Date: Thu, 16 May 2002 23:06:32 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A. Kritsky" X-Priority: 3 (Normal) Message-ID: <44104033432.20020516230632@internethelp.ru> To: Alexandr Kovalenko Cc: mohammad mirzaeenasir , marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re[2]: reply In-reply-To: <20020516182057.GB7239@nevermind.kiev.ua> References: <20020516182057.GB7239@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Alexandr, Thursday, May 16, 2002, 10:20:57 PM, you wrote: AK> Hello, mohammad mirzaeenasir! AK> On Thu, May 16, 2002 at 12:23:52PM +0000, you wrote: >> hi, >> thanks for your reply.I installed a transparent proxy on my machine with >> "ipfw" rules.everything is ok and i tested it.but someone told me that >> if you set your "kernel_secure_level = NO" , all kind of tcp connection >> will ignore by kernel and for example in the case of telneting it , >> it will reply "connection timed out". and i checked it , he was quit >> right.i did so(kernel_secure_level=NO) but when i telnet my unix box, it >> will reply me "connection refused". >> now, plz help me to find out more. AK> It depends on how will you access your machine. If you're accessing via AK> ssh, you should add sshd_enable="YES" to your /etc/rc.conf. Now you AK> should determine which ports do you need to be open. For your case it AK> will be 22 (ssh), 3128 (squid). So you can allow only those ports with AK> ipfw add allow tcp from any to any 22 in recv ed0 AK> ipfw add allow tcp from any 22 to any out xmit ed0 AK> ipfw add allow tcp from any to any 3128 in recv ed0 AK> ipfw add allow tcp from any 3128 to any out xmit ed0 AK> and finally deny all other packets: AK> ipfw deny ip from any to any AK> P.S. securelevel has nothing to do with firewall. Hmm... Not quite nothing. AFAIK on some securelevels you cannot add or delete ipfw rules. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 12:23: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe61.pav1.hotmail.com [64.4.30.196]) by hub.freebsd.org (Postfix) with ESMTP id 4971337B40A for ; Thu, 16 May 2002 12:22:40 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 16 May 2002 12:22:40 -0700 X-Originating-IP: [207.112.2.1] Reply-To: "Tom Wang" From: "Tom Wang" To: Subject: ipfw udp dynamic rule don't work ? Date: Thu, 16 May 2002 15:23:59 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_009A_01C1FCED.B3F65AC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Message-ID: X-OriginalArrivalTime: 16 May 2002 19:22:40.0200 (UTC) FILETIME=[0B7A8480:01C1FD0F] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_009A_01C1FCED.B3F65AC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, all I have a problem when I config ipfw on my Freebsd4.5 Box. the firewall = rules as following, allow tcp from any to any established =20 allow ip from any to any frag =20 ...... =20 check-state =20 allow tcp from ${oip} to any keep-state =20 allow udp from ${oip} to any keep-state =20 The box can't synchronize with any ntp servers. I think, "keep-state" = can keeps a small time window where it allows udp packets come back that = comes from ntp=20 server. but, it seems don't work. I must add following rules in my firewall ruleset ? and why? allow udp from {oip} to any 123 allow udp from any 123 to {oip} or=20 allow udp from {oip} to any 123 keep-state=20 ( this rule should as same as "allow udp from ${oip} to any keep-state" = ) Thanks in advance. Tom ------=_NextPart_000_009A_01C1FCED.B3F65AC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi, all
 
I have a problem when I config ipfw on = my=20 Freebsd4.5 Box. the firewall rules as following,
 
allow tcp from any to any=20 established          &n= bsp;      =20
allow ip from any to any=20 frag           &nb= sp;     =20
......       =20
check-state         &nbs= p;            = ;            =          =20
allow tcp from ${oip} to any = keep-state     =20
allow udp from ${oip} to any keep-state 
 
The box can't synchronize with any ntp = servers. I=20 think, "keep-state" can keeps a small time window where it allows udp = packets=20 come back that comes from ntp
server.  but, it seems don't=20 work.
 
I must add following rules in my = firewall ruleset ?=20 and why?
 
allow udp from {oip} to any = 123
allow udp from=20 any 123 to {oip}
or
allow udp from {oip} to any 123 = keep-state=20
( this rule should as same as "allow = udp from=20 ${oip} to any keep-state" )
 
Thanks in advance.
 
Tom
------=_NextPart_000_009A_01C1FCED.B3F65AC0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 12:44:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp2.chello.se (smtp2.chello.se [193.150.195.11]) by hub.freebsd.org (Postfix) with ESMTP id 6D8C337B40B for ; Thu, 16 May 2002 12:44:29 -0700 (PDT) Received: from whizcom.se ([193.150.230.72]) by smtp2.chello.se (InterMail vK.4.04.00.00 201-232-137 license d2583c0617b67bae473a44216fd3d32d) with ESMTP id <20020516194422.MIOQ2385.smtp2@whizcom.se>; Thu, 16 May 2002 21:44:22 +0200 Message-ID: <3CE42800.2010605@whizcom.se> Date: Thu, 16 May 2002 23:43:28 +0200 From: Lasse Andersson Organization: WhizCom AB User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1 X-Accept-Language: sv, en-us MIME-Version: 1.0 To: security@FREEBSD.ORG Subject: IPSEC interoperability with Win2K client? Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Looking for any information about FreeBSD IPSEC interoperability with Win2K clients? Setup: +-------+ +------+ +--------+ |w2k | internet |FBSD | internal network |internal| |clients|---------------|FW w. |--------------------|hosts | | | IPSEC |IPSEC | no IPSEC | | +-------+ +------+ +--------+ Regards Lasse A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 12:52:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id 9929737B400 for ; Thu, 16 May 2002 12:52:50 -0700 (PDT) Received: (qmail 13933 invoked by uid 1001); 16 May 2002 19:52:49 -0000 Date: Thu, 16 May 2002 15:52:49 -0400 From: "Peter C. Lai" To: Tom Wang Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw udp dynamic rule don't work ? Message-ID: <20020516155249.A13879@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from wysxs@hotmail.com on Thu, May 16, 2002 at 03:23:59PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a suspicion as to this causing ntp issues on my machine too. Every once in a while, ntpd loses the line discipline for no reason. This doesn't happen when I disable ipfw totally. On Thu, May 16, 2002 at 03:23:59PM -0700, Tom Wang wrote: > Hi, all > > I have a problem when I config ipfw on my Freebsd4.5 Box. the firewall rules as following, > > allow tcp from any to any established > allow ip from any to any frag > ...... > check-state > allow tcp from ${oip} to any keep-state > allow udp from ${oip} to any keep-state > > The box can't synchronize with any ntp servers. I think, "keep-state" can keeps a small time window where it allows udp packets come back that comes from ntp > server. but, it seems don't work. > > I must add following rules in my firewall ruleset ? and why? > > allow udp from {oip} to any 123 > allow udp from any 123 to {oip} > or > allow udp from {oip} to any 123 keep-state > ( this rule should as same as "allow udp from ${oip} to any keep-state" ) > > Thanks in advance. > > Tom > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 12:53:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from tomts7-srv.bellnexxia.net (tomts7.bellnexxia.net [209.226.175.40]) by hub.freebsd.org (Postfix) with ESMTP id A588737B40A for ; Thu, 16 May 2002 12:53:31 -0700 (PDT) Received: from a4ibmrrll9362k ([65.92.13.247]) by tomts7-srv.bellnexxia.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020516195331.WVRY29060.tomts7-srv.bellnexxia.net@a4ibmrrll9362k> for ; Thu, 16 May 2002 15:53:31 -0400 Message-ID: <003101c1fd13$544e2d20$126cfea9@a4ibmrrll9362k> From: "Adam" To: Subject: Date: Thu, 16 May 2002 15:53:20 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002E_01C1FCF1.CD164070" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_002E_01C1FCF1.CD164070 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Unsubscribe ------=_NextPart_000_002E_01C1FCF1.CD164070 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Unsubscribe
------=_NextPart_000_002E_01C1FCF1.CD164070-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 14:44:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238]) by hub.freebsd.org (Postfix) with ESMTP id 4641A37B409 for ; Thu, 16 May 2002 14:44:09 -0700 (PDT) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id 386B3517 for ; Thu, 16 May 2002 23:43:52 +0200 (CEST) Received: from 213.112.58.238 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Thu, 16 May 2002 23:43:52 +0200 (CEST) Message-ID: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Date: Thu, 16 May 2002 23:43:52 +0200 (CEST) Subject: How secure is a password and how many characters does it allow? From: "Jesper Wallin" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. I take the whole story from the begining.. My girl friend is/was running Slackware Linux and wanted to get her webcam working.. After searching for docs/help in about 1 month she decided to install Windows ME (Millenium Edition). Something did go wrong with the install so ext2 file system got messed up.. She removed Linux for some days and is running Windows only now.. As many of us know is Windows ME quite unstable and for each program you install you need to reboot.. (why??) After she reconnected to IRC throught mIRC for the 6th time under 10minutes she asked me to give her a shell on my box.. Ofcause I created a new user and from now on she's running irssi.. (good girl :) She uses a password which is 10 characters long with both caps, non-caps, numbers and ascii characters.. However she's used to put to small passwords together to get a bigger and stronger password.. This password is one of the "small" passwords.. She tryed to login on the box with her 10 characters long password which worked (ofcause) .. Now she detected that she was able to login when using a phrase looking like [correct-password][junk/another-password].. If she start the phrase with the correct password, she is able to login even if she add anything else after the correct password.. For me it looks like a limit of 10 characters passwords.. is this true? I know I havn't seach much help by myown before asking here but I hope someone out there may have an answer on my (wierd) question.. //Jesper Wallin aka Z3l3zT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 14:53:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 439C537B40A for ; Thu, 16 May 2002 14:53:49 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id 15ADDAE027; Thu, 16 May 2002 14:53:49 -0700 (PDT) Date: Thu, 16 May 2002 14:53:49 -0700 From: Alfred Perlstein To: Jesper Wallin Cc: security@freebsd.org Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516215348.GB76843@elvis.mu.org> References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Jesper Wallin [020516 14:44] wrote: > > She tryed to login on the box with her 10 characters long password which > worked (ofcause) .. Now she detected that she was able to login when using a > phrase looking like [correct-password][junk/another-password].. If she start > the phrase with the correct password, she is able to login even if she add > anything else after the correct password.. For me it looks like a limit of > 10 characters passwords.. is this true? All I know is that it seems that only the first eight characters of a password are signifigant for the hash function used. -- -Alfred Perlstein [alfred@freebsd.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 14:53:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238]) by hub.freebsd.org (Postfix) with ESMTP id 8DE0C37B404 for ; Thu, 16 May 2002 14:53:52 -0700 (PDT) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id D211B517 for ; Thu, 16 May 2002 23:53:41 +0200 (CEST) Received: from 213.112.58.238 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Thu, 16 May 2002 23:53:41 +0200 (CEST) Message-ID: <1913.213.112.58.238.1021586021.squirrel@phucking.kicks-ass.org> Date: Thu, 16 May 2002 23:53:41 +0200 (CEST) Subject: How secure is a password and how many characters does it allow? (2/2) From: "Jesper Wallin" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello again.. Sorry for being stupid.. I forgot to mention that I run FreeBSD 4.5-Stable with SSH-2.0-OpenSSH_3.1 .. :) //Jesper Wallin aka Z3l3zT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 14:55:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 3C1A137B428 for ; Thu, 16 May 2002 14:54:34 -0700 (PDT) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Thu, 16 May 2002 14:54:32 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF58E@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Jesper Wallin' , security@freebsd.org Subject: RE: How secure is a password and how many characters does it allo w? Date: Thu, 16 May 2002 14:54:26 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The limit actually appears to be 8, and it appears to be a limitation of crypt().. I did a few tests. These are from within ruby, however it uses crypt(), so it should be accurate. irb(main):001:0> "aaaaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):002:0> "aaaaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):003:0> "aaaaaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):004:0> "aaaaaaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):005:0> "aaaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):006:0> "aaaaaaaa".crypt('aa') "aakcR08PK3l1o" irb(main):007:0> "aaaaaaa".crypt('aa') "aaJFn5Xsal0nQ" Looking at pam_unix though it will accept a password up to 128 characters. I think the limitation is coming from crypt(). Does anyone know if this is specific to 1 type of encryption (DES in this case), or is this true for md5, des, and blowfish when crypt() is used? Cheers, - -JD- - -----Original Message----- From: Jesper Wallin [mailto:z3l3zt@phucking.kicks-ass.org] Sent: Thursday, May 16, 2002 2:44 PM To: security@freebsd.org Subject: How secure is a password and how many characters does it allow? Hello. I take the whole story from the begining.. My girl friend is/was running Slackware Linux and wanted to get her webcam working.. After searching for docs/help in about 1 month she decided to install Windows ME (Millenium Edition). Something did go wrong with the install so ext2 file system got messed up.. She removed Linux for some days and is running Windows only now.. As many of us know is Windows ME quite unstable and for each program you install you need to reboot.. (why??) After she reconnected to IRC throught mIRC for the 6th time under 10minutes she asked me to give her a shell on my box.. Ofcause I created a new user and from now on she's running irssi.. (good girl :) She uses a password which is 10 characters long with both caps, non-caps, numbers and ascii characters.. However she's used to put to small passwords together to get a bigger and stronger password.. This password is one of the "small" passwords.. She tryed to login on the box with her 10 characters long password which worked (ofcause) .. Now she detected that she was able to login when using a phrase looking like [correct-password][junk/another-password].. If she start the phrase with the correct password, she is able to login even if she add anything else after the correct password.. For me it looks like a limit of 10 characters passwords.. is this true? I know I havn't seach much help by myown before asking here but I hope someone out there may have an answer on my (wierd) question.. //Jesper Wallin aka Z3l3zT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPOQs+jKUHizV76d/EQJkwwCg5gTNvQBvyC22mTOeiQyF2epDFGsAoNQM 07eTAOeZGkni2vZFweAlxkol =CKZ8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 15: 3:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id CEF8037B409 for ; Thu, 16 May 2002 15:03:51 -0700 (PDT) Received: (from mph@localhost) by wopr.caltech.edu (8.11.6/8.11.6) id g4GM3gR43475; Thu, 16 May 2002 15:03:42 -0700 (PDT) (envelope-from mph) Date: Thu, 16 May 2002 15:03:42 -0700 From: Matthew Hunt To: Alfred Perlstein Cc: Jesper Wallin , security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516150342.A43090@wopr.caltech.edu> References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> <20020516215348.GB76843@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020516215348.GB76843@elvis.mu.org>; from bright@mu.org on Thu, May 16, 2002 at 02:53:49PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 16, 2002 at 02:53:49PM -0700, Alfred Perlstein wrote: > All I know is that it seems that only the first eight characters > of a password are signifigant for the hash function used. That should be true of DES passwords, but not MD5. MD5 passwords can be identified by looking in /etc/master.passwd. The password fields (the second field, right after the username) will start with $1$ if MD5 passwords are in use. I think the method of specifying MD5 vs. DES has changes since I learned to do it, so in the interest of keeping my foot out of my mouth I'll just suggest that the original poster consult the Handbook/mailing list archives/etc. -- Matthew Hunt * Eight lanes of shimmering cement from http://www.pobox.com/~mph/ * here to Pasadena! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 15:14:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail50.fg.online.no (mail50-s.fg.online.no [148.122.161.50]) by hub.freebsd.org (Postfix) with ESMTP id C896237B405 for ; Thu, 16 May 2002 15:13:57 -0700 (PDT) Received: from elixor (ti500720a080-0294.bb.online.no [80.213.73.38]) by mail50.fg.online.no (8.9.3/8.9.3) with SMTP id AAA11316; Fri, 17 May 2002 00:13:55 +0200 (MET DST) Message-ID: <007901c1fd27$02f29a10$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Jesper Wallin" Cc: References: <1837.213.112.58.238.1021585432.squirrel@phucking.kicks-ass.org> Subject: Re: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 00:14:12 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org if you look at this article at bsdvault. http://bsdvault.net/sections.php?op=viewarticle&artid=89 You would see that default encryption only support 8 chars. But you can change to blowfish password, this is an easy job. Look at the article and you will se the guide there. Best regards Geir Råness ----- Original Message ----- From: "Jesper Wallin" To: Sent: Thursday, May 16, 2002 11:43 PM Subject: How secure is a password and how many characters does it allow? > Hello. > > I take the whole story from the begining.. My girl friend is/was running > Slackware Linux and wanted to get her webcam working.. After searching for > docs/help in about 1 month she decided to install Windows ME (Millenium > Edition). Something did go wrong with the install so ext2 file system got > messed up.. She removed Linux for some days and is running Windows only now.. > > As many of us know is Windows ME quite unstable and for each program you > install you need to reboot.. (why??) After she reconnected to IRC throught > mIRC for the 6th time under 10minutes she asked me to give her a shell on my > box.. Ofcause I created a new user and from now on she's running irssi.. > (good girl :) > > She uses a password which is 10 characters long with both caps, non-caps, > numbers and ascii characters.. However she's used to put to small passwords > together to get a bigger and stronger password.. This password is one of the > "small" passwords.. > > She tryed to login on the box with her 10 characters long password which > worked (ofcause) .. Now she detected that she was able to login when using a > phrase looking like [correct-password][junk/another-password].. If she start > the phrase with the correct password, she is able to login even if she add > anything else after the correct password.. For me it looks like a limit of > 10 characters passwords.. is this true? > > I know I havn't seach much help by myown before asking here but I hope > someone out there may have an answer on my (wierd) question.. > > > //Jesper Wallin aka Z3l3zT > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 15:23: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from phucking.kicks-ass.org (c-ee3a70d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.58.238]) by hub.freebsd.org (Postfix) with ESMTP id B9F2F37B407 for ; Thu, 16 May 2002 15:22:50 -0700 (PDT) Received: from phucking.kicks-ass.org (localhost.kicks-ass.org [127.0.0.1]) by phucking.kicks-ass.org (Postfix) with SMTP id 07435517; Fri, 17 May 2002 00:22:40 +0200 (CEST) Received: from 213.112.58.238 (SquirrelMail authenticated user z3l3zt) by phucking.kicks-ass.org with HTTP; Fri, 17 May 2002 00:22:40 +0200 (CEST) Message-ID: <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Date: Fri, 17 May 2002 00:22:40 +0200 (CEST) Subject: Re: How secure is a password and how many characters does it allow? From: "Jesper Wallin" To: In-Reply-To: <007901c1fd27$02f29a10$fa00a8c0@elixor> References: <007901c1fd27$02f29a10$fa00a8c0@elixor> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well.. How will that effect my security? Isn't it more secure to use 128 characters instead of 8? Sounds like, if the security was the same the blowfish would be default or something similar.. What do You recommend? //Jesper Wallin aka Z3l3zT > if you look at this article at bsdvault. > http://bsdvault.net/sections.php?op=viewarticle&artid=89 > > You would see that default encryption only support 8 chars. > > But you can change to blowfish password, this is an easy job. > Look at the article and you will se the guide there. > > Best regards > Geir Råness > > ----- Original Message ----- > From: "Jesper Wallin" > To: > Sent: Thursday, May 16, 2002 11:43 PM > Subject: How secure is a password and how many characters does it > allow? > > >> Hello. >> >> I take the whole story from the begining.. My girl friend is/was >> running Slackware Linux and wanted to get her webcam working.. After >> searching for docs/help in about 1 month she decided to install >> Windows ME (Millenium Edition). Something did go wrong with the >> install so ext2 file system got messed up.. She removed Linux for some >> days and is running Windows only > now.. >> >> As many of us know is Windows ME quite unstable and for each program >> you install you need to reboot.. (why??) After she reconnected to IRC >> throught mIRC for the 6th time under 10minutes she asked me to give >> her a shell on > my >> box.. Ofcause I created a new user and from now on she's running >> irssi.. (good girl :) >> >> She uses a password which is 10 characters long with both caps, >> non-caps, numbers and ascii characters.. However she's used to put to >> small > passwords >> together to get a bigger and stronger password.. This password is one >> of > the >> "small" passwords.. >> >> She tryed to login on the box with her 10 characters long password >> which worked (ofcause) .. Now she detected that she was able to login >> when using > a >> phrase looking like [correct-password][junk/another-password].. If she > start >> the phrase with the correct password, she is able to login even if she >> add anything else after the correct password.. For me it looks like a >> limit of 10 characters passwords.. is this true? >> >> I know I havn't seach much help by myown before asking here but I hope >> someone out there may have an answer on my (wierd) question.. >> >> >> //Jesper Wallin aka Z3l3zT >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 15:23:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail102.csoft.net (lilly.csoft.net [63.111.22.101]) by hub.freebsd.org (Postfix) with SMTP id 9BD2F37B413 for ; Thu, 16 May 2002 15:23:42 -0700 (PDT) Received: (qmail 12051 invoked by uid 1876); 16 May 2002 22:24:09 -0000 Date: Thu, 16 May 2002 17:24:09 -0500 From: Nick Slager To: Lasse Andersson Cc: security@FREEBSD.ORG Subject: Re: IPSEC interoperability with Win2K client? Message-ID: <20020516172409.B11264@zith.net> References: <3CE42800.2010605@whizcom.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE42800.2010605@whizcom.se>; from lasse@whizcom.se on Thu, May 16, 2002 at 11:43:28PM +0200 X-Homer: Whoohooooooo! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake Lasse Andersson (lasse@whizcom.se): > > > Hi, > > Looking for any information about FreeBSD IPSEC interoperability with > Win2K clients? http://ezine.daemonnews.org/200101/ipsec-howto.html Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 15:59: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id 6318A37B401 for ; Thu, 16 May 2002 15:59:02 -0700 (PDT) Received: (from mph@localhost) by wopr.caltech.edu (8.11.6/8.11.6) id g4GMwvR47173; Thu, 16 May 2002 15:58:57 -0700 (PDT) (envelope-from mph) Date: Thu, 16 May 2002 15:58:57 -0700 From: Matthew Hunt To: Jesper Wallin Cc: pulz@pulz.no, security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020516155856.A46782@wopr.caltech.edu> References: <007901c1fd27$02f29a10$fa00a8c0@elixor> <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, May 17, 2002 at 12:22:40AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote: > How will that effect my security? Isn't it more secure to use 128 characters > instead of 8? Sounds like, if the security was the same the blowfish would > be default or something similar.. What do You recommend? DES is the traditional algorithm, and is probably the default for interoperability with old software and NIS. I've used MD5 for years with no trouble for the longer password support. If you don't run NIS, then I don't think there's any reason to stick with DES. -- Matthew Hunt * Inertia is a property http://www.pobox.com/~mph/ * of matter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 16:32:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail50.fg.online.no (mail50-s.fg.online.no [148.122.161.50]) by hub.freebsd.org (Postfix) with ESMTP id 34F9F37B40F for ; Thu, 16 May 2002 16:32:24 -0700 (PDT) Received: from elixor (ti500720a080-0294.bb.online.no [80.213.73.38]) by mail50.fg.online.no (8.9.3/8.9.3) with SMTP id BAA11030; Fri, 17 May 2002 01:32:21 +0200 (MET DST) Message-ID: <009501c1fd31$f7b69f10$fa00a8c0@elixor> From: =?iso-8859-1?Q?Geir_R=E5ness?= To: "Jesper Wallin" Cc: References: <007901c1fd27$02f29a10$fa00a8c0@elixor> <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Subject: Re: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 01:32:37 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would advise you to change realy, blowfish is faster and bether... Also i has bether securety.. Mvh Geir Råness ----- Original Message ----- From: "Jesper Wallin" To: Cc: Sent: Friday, May 17, 2002 12:22 AM Subject: Re: How secure is a password and how many characters does it allow? > Well.. > > How will that effect my security? Isn't it more secure to use 128 characters > instead of 8? Sounds like, if the security was the same the blowfish would > be default or something similar.. What do You recommend? > > > //Jesper Wallin aka Z3l3zT > > > if you look at this article at bsdvault. > > http://bsdvault.net/sections.php?op=viewarticle&artid=89 > > > > You would see that default encryption only support 8 chars. > > > > But you can change to blowfish password, this is an easy job. > > Look at the article and you will se the guide there. > > > > Best regards > > Geir Råness > > > > ----- Original Message ----- > > From: "Jesper Wallin" > > To: > > Sent: Thursday, May 16, 2002 11:43 PM > > Subject: How secure is a password and how many characters does it > > allow? > > > > > >> Hello. > >> > >> I take the whole story from the begining.. My girl friend is/was > >> running Slackware Linux and wanted to get her webcam working.. After > >> searching for docs/help in about 1 month she decided to install > >> Windows ME (Millenium Edition). Something did go wrong with the > >> install so ext2 file system got messed up.. She removed Linux for some > >> days and is running Windows only > > now.. > >> > >> As many of us know is Windows ME quite unstable and for each program > >> you install you need to reboot.. (why??) After she reconnected to IRC > >> throught mIRC for the 6th time under 10minutes she asked me to give > >> her a shell on > > my > >> box.. Ofcause I created a new user and from now on she's running > >> irssi.. (good girl :) > >> > >> She uses a password which is 10 characters long with both caps, > >> non-caps, numbers and ascii characters.. However she's used to put to > >> small > > passwords > >> together to get a bigger and stronger password.. This password is one > >> of > > the > >> "small" passwords.. > >> > >> She tryed to login on the box with her 10 characters long password > >> which worked (ofcause) .. Now she detected that she was able to login > >> when using > > a > >> phrase looking like [correct-password][junk/another-password].. If she > > start > >> the phrase with the correct password, she is able to login even if she > >> add anything else after the correct password.. For me it looks like a > >> limit of 10 characters passwords.. is this true? > >> > >> I know I havn't seach much help by myown before asking here but I hope > >> someone out there may have an answer on my (wierd) question.. > >> > >> > >> //Jesper Wallin aka Z3l3zT > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 18:39:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp3.vol.cz (smtp3.vol.cz [195.250.128.83]) by hub.freebsd.org (Postfix) with ESMTP id E86C537B40D for ; Thu, 16 May 2002 18:39:21 -0700 (PDT) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by smtp3.vol.cz (8.11.6/8.11.3) with ESMTP id g4H1dIC17042 for ; Fri, 17 May 2002 03:39:18 +0200 (CEST) (envelope-from dan@obluda.cz) Message-ID: <3CE45C64.C940872A@obluda.cz> Date: Fri, 17 May 2002 03:27:00 +0200 From: Dan Lukes X-Sender: "Dan Lukes" X-Mailer: Mozilla 4.79 [en]C-CCK-MCD {FIO} (Windows NT 5.0; U) X-Accept-Language: cs,sk,en,* MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: IPSEC interoperability with Win2K client? References: <3CE42800.2010605@whizcom.se> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Lasse Andersson wrote: > > Hi, > > Looking for any information about FreeBSD IPSEC interoperability with > Win2K clients? > +-------+ +------+ +--------+ > |w2k | internet |FBSD | internal network |internal| > |clients|---------------|FW w. |--------------------|hosts | > | | IPSEC |IPSEC | no IPSEC | | > +-------+ +------+ +--------+ You need ESP/tunnel mode for presented configuration, but W2k seems not to support it - at least with IKE (I don't know how about static-configured keys). W2k <-> racoon can maintain ESP/transport mode only. The only solution I know is PPTP covered by IPSEC: +---------+ +--------+ internal +--------+ |w2k | internet |FBSD Fw | network |internal| |clients |---------------------|IPSEC |----------|hosts | |Oakley | PPTP within |racoon | plain IP | | |PPTP VPN | IPSEC ESP/transport |MPD | | | +---------+ +--------+ +--------+ Some notes for you: 1. install all avaiable patches to W2k (windowsupdate.microsoft.com) 2. M$ network client MUST be installed, althought may be disabled 3. W2k don't support aggresive mode negotiation When w2k has know static IP: 4. preshared key or x509 authentication possible When w2k has dynamic IP: 4.1 x509 authentication only 4.2 "generate_policy on" is mandatory in racoon.conf when x509 authentication used: 5. racoon doesn't support CRLs now, so individual revocation of keys isn't possible - all keys signed by approved CA are suitable for communication 6. cert of CA used to sign W2k side keys must be put into racoon's "path certificate" directory with apropriate name (.0, see "x509 -hash -in CAcert.pem") 7. use latest racoon and FreeBSD 4.5-STABLE Example configuration when X509 authentication used: == ESP Transport, X509 authentication ================== ============ FreeBSD with racoon, W2k with dynamic IP == ---- ipsec.conf (for setkey, FreeBSD side) -------- flush; spdflush; ---- ipsec.conf (for setkey) - END ------------------ ---- racoon.conf (for racoon, FreeBSD side) ------- path include "/usr/local/etc/racoon" ; path certificate "/usr/local/etc/racoon" ; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } timer { counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. phase1 30 sec; phase2 15 sec; } remote anonymous { exchange_mode main; doi ipsec_doi; my_identifier address; certificate_type x509 "cert.pem" "key.pem"; generate_policy on; nonce_size 16; lifetime time 1 min; # sec,min,hour initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method rsasig ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 sec; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate ; } ---- racoon.conf (for racoon) - END ------------------ On W2k side: Run mmc.exe. Console->[Add/Remove Snap In]->Add Select [IP Security Policy Manager] (Local Computer) and [Certificates] (Local Computer, Computer Account). Add CA certs for both side keys to "Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates" (right mouse button, "All tasks->Import") W2k station key and cert (signed by CA) add to "Console Root\Certificates (Local Computer)\Personal\Certificates" You need the key and cert in PKCS12 format to do it. Verify that status is "OK" Now you should create policy, so: [IP Security Policy Manager], New (right button), tell a name, UNCHECK "Activate the default response rule", CHECK "Edit properties". Create new IP Security Rule (Add button). THIS RULE DOES NOT SPECIFY A TUNNEL [All Network Connections], Use a Certificate from this Certificate Authority Browse (select cert of CA used to sign oposite side cert). Go to IP FILTER LISTS, [Add], again [Add], Source Address is "My address" Destination is "specific DNS address" or "specific IP address", protocol = Any, [Finish], [Close]. We are back in "IP filter lists". CHECK created filter then [Next], "Require security" (NOT Optional!), [Next], [Finish], [Close]. We are back in MMC. Use right button on Policy and select "Assign". It should work now (you may want to run IPsecmon.exe monitor). Note, the session is opened "on demand" so you see no association unless you initiate a communication with FreeBSD side. Remember - YOU HAVE NO TUNNEL - but you can configure MPD on FreeBSD together with VPN on W2k to create the tunnel. %SystemRoot%\debug\oakley.log will be created if you set [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Oakley] "EnableLogging"=dword:00000001 "Debug"=dword:000000ff The racoon and W2k IKE still not "plug&work" ready and it isn't reliable. It's necesarry to have some knowledge about IPSEC itself, ISAKMP protocol and X509 keys (if used). The lack of CRL support on racoon side limit the useability a lot in production environment also. Hope it helps. Dan -- Dan Lukes, SISAL, MFF UK tel: +420 2 21914205, fax: +420 2 21914206 AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz, dan@fio.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 20: 5:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.deltanet.com (mail.deltanet.com [216.237.144.132]) by hub.freebsd.org (Postfix) with ESMTP id F332637B417 for ; Thu, 16 May 2002 20:05:04 -0700 (PDT) Received: from mammoth.eat.frenchfries.net (da001d0066.lax-ca.osd.concentric.net [64.0.144.67]) by mail.deltanet.com (8.11.6/8.11.6) with ESMTP id g4H2iOO20698 for ; Thu, 16 May 2002 19:44:24 -0700 Received: by mammoth.eat.frenchfries.net (Postfix, from userid 1000) id EE9395092; Thu, 16 May 2002 20:04:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mammoth.eat.frenchfries.net (Postfix) with ESMTP id EBFC85087 for ; Thu, 16 May 2002 20:04:53 -0700 (PDT) Date: Thu, 16 May 2002 20:02:42 -0700 (PDT) From: Paul Herman X-X-Sender: pherman@mammoth.eat.frenchfries.net To: Matthew Hunt Cc: Jesper Wallin , , Subject: Re: How secure is a password and how many characters does it allow? In-Reply-To: <20020516155856.A46782@wopr.caltech.edu> Message-ID: <20020516190531.W23217-100000@mammoth.eat.frenchfries.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 16 May 2002, Matthew Hunt wrote: > On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote: > > > How will that effect my security? Isn't it more secure to use 128 characters > > instead of 8? Sounds like, if the security was the same the blowfish would > > be default or something similar.. What do You recommend? > > DES is the traditional algorithm, and is probably the default for > interoperability with old software and NIS. I've used MD5 for years with > no trouble for the longer password support. If you don't run NIS, then > I don't think there's any reason to stick with DES. OK, here's a quick rundown, some of which has been stated in this thread already. Hash Max significant password characters ------------------------------------------ DES 8 MD5 >512K (only tested up to 512K) Blowfish 72 MD5 *is* the default in FreeBSD (see /etc/login.conf) unless you use adduser(8) perl script, which still generates the older DES password hashes. Also, it was stated that the Blowfish hash is faster. The Blowfish password hash is, in fact, slower. Quick testing shows that the default Blowfish seems to be roughly 50% slower than MD5. This is a Good Thing if you want to protect against brute force guessers. Not only that, the algorithm scales better with time, because you can set the number of iterations for the hash within the salt itself. The default is hardcoded for now to be 2^4=16 in /usr/src/secure/lib/libcrypt/crypt-blofish.c:crypt_blowfish(), but you can change this "on the fly" and put it in your own /etc/master.passwd by providing the salt yourself: bash$ perl-e 'print crypt("secret", "\$2a\$04\$salt") '; echo $2a$04$salt............kC2SI.F9h7C15VchgS17zSObA10b/m9d6c.xa bash$ perl-e 'print crypt("secret", "\$2a\$06\$salt") '; echo $2a$06$salt............kC2SI.pIUU5dNGIJMpP6Fe73WiLDWgq9hZNgO bash$ perl-e 'print crypt("secret", "\$2a\$08\$salt") '; echo $2a$08$salt............kC2SI.QSKa17W8d4Tf9v/Hxo4DeCxL8Amj7cm Lastly, all can be used in NIS, provided all OSes can understand the hash (which is probably what Matt meant.) In fact, I've used MD5 in NIS for years now, with mixed Linux and FreeBSD systems. Only recently has RedHat modified thier MD5 hash algorithm to include a wider range characters. :-( Hope that clears things up, -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 22:46: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from host185.dolanmedia.com (host185.dolanmedia.com [209.98.197.185]) by hub.freebsd.org (Postfix) with SMTP id E691737B407 for ; Thu, 16 May 2002 22:45:40 -0700 (PDT) Received: (qmail 22810 invoked by uid 0); 17 May 2002 05:45:40 -0000 Received: from greg.panula@dolaninformation.com by proxy with qmail-scanner-0.96 (. Clean. Processed in 0.317792 secs); 17 May 2002 05:45:40 -0000 X-Qmail-Scanner-Mail-From: greg.panula@dolaninformation.com via proxy X-Qmail-Scanner-Rcpt-To: wysxs@hotmail.com,freebsd-security@FreeBSD.ORG X-Qmail-Scanner: 0.96 (No viruses found. Processed in 0.317792 secs) Received: from unknown (HELO mail.dolanmedia.com) (10.1.1.23) by proxy.dolanmedia.com with SMTP; 17 May 2002 05:45:39 -0000 Received: from dolaninformation.com (10.1.1.135) by mail.dolanmedia.com (Worldmail 1.3.167); 17 May 2002 00:45:39 -0500 Message-ID: <3CE49903.349E247A@dolaninformation.com> Date: Fri, 17 May 2002 00:45:39 -0500 From: Greg Panula Reply-To: greg.panula@dolaninformation.com Organization: Dolan Information Center Inc X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Tom Wang Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw udp dynamic rule don't work ? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tom Wang wrote: > > Hi, all > > I have a problem when I config ipfw on my Freebsd4.5 Box. the firewall > rules as following, > > allow tcp from any to any established > allow ip from any to any frag > ...... > check-state > allow tcp from ${oip} to any keep-state > allow udp from ${oip} to any keep-state The check-state rule will allow an established connections to pass thru the firewall. No real need for the early "allow tcp from any to any established" rule. I use this combo on my firewall: check-state deny log tcp from any to any established That way any packets with a spoofed ack bit set are dropped&logged. More information about tcp can be found at: http://www.networksorcery.com/enp/protocol/tcp.htm > > The box can't synchronize with any ntp servers. I think, "keep-state" can > keeps a small time window where it allows udp packets come back that comes > from ntp > server. but, it seems don't work. 'sysctl -a | grep fw | grep -v ipfw' will show you the system control variables involved with ipfw. You'll want to look at the value of net.inet.ip.fw.dyn_udp_lifetime. I believe it defaults to 10 seconds. If you are on a high latency link, you might want to increase it. But 10 seconds should be enough time to get a response from a ntp source. > > I must add following rules in my firewall ruleset ? and why? > > allow udp from {oip} to any 123 > allow udp from any 123 to {oip} > or > allow udp from {oip} to any 123 keep-state > ( this rule should as same as "allow udp from ${oip} to any keep-state" ) > Maybe try this rule for your ntp traffic(its the one I use) allow udp from ${oip} 123 to any 123 keep-state out via ${oif} Never had any problems with ntp and the above rule. All else fails make sure your last rule is at least logging the traffic that reaches it. Then check /var/log/security. Optionally you could run tcpdump and start-up ntpd and see what is going on. Good Luck, Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 23:25:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 3220737B406 for ; Thu, 16 May 2002 23:25:31 -0700 (PDT) Received: (qmail 78950 invoked from network); 17 May 2002 06:25:30 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 17 May 2002 06:25:30 -0000 Message-ID: <3CE4A259.90807@tenebras.com> Date: Thu, 16 May 2002 23:25:29 -0700 From: Michael Sierchio Reply-To: kudzu@tenebras.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc2) Gecko/20020516 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tom Wang Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw udp dynamic rule don't work ? References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tom Wang wrote: > ( this rule should as same as "allow udp from ${oip} to any keep-state" ) sysctl net.inet.ip.fw.dyn_udp_lifetime=large number of seconds and report the results To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 16 23:49:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from sv07e.atm-tzs.kmjeuro.com (sv07e.atm-tzs.kmjeuro.com [193.81.94.207]) by hub.freebsd.org (Postfix) with ESMTP id 1EC1137B406 for ; Thu, 16 May 2002 23:48:55 -0700 (PDT) Received: from karl (adsl.ooe.kmjeuro.com [193.154.186.21]) (authenticated bits=0) by sv07e.atm-tzs.kmjeuro.com (8.12.3/8.12.3) with ESMTP id g4H6mVHw063850 for ; Fri, 17 May 2002 08:48:37 +0200 (CEST) (envelope-from k.joch@kmjeuro.com) Message-ID: <0bb801c1fd6e$dfb956e0$01000001@ooe.kmjeuro.com> From: "Karl M. Joch" To: References: <3CE42800.2010605@whizcom.se> <3CE45C64.C940872A@obluda.cz> Subject: Re: IPSEC interoperability with Win2K client? Date: Fri, 17 May 2002 08:41:57 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-MailScanner: Mail Server protected by CTS Austria www.ctseuro.com Message found to be clean Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org w2k with racoon and ipsec works. but i found out that for most people using win pptp is far more easier to use. the best solution (IMHO) is mpd as pptp dialin server on freebsd. mpd runs very stable and is easy to configure for it. depending on your firewall setup clients can connect and get into the internal net including assigning wins and dns servers for win clients. 128 bit pptp encrryption is recommended to use. -- -- Best regards / Mit freundlichen Gruessen, Karl M. Joch KMJ Consulting - CTS Consulting & Trade Service http://www.kmjeuro.com - http://www.ctseuro.com k.joch@kmjeuro.com - k.joch@ctseuro.com GSM : +43-664-3407888 Unsere Services: http://www.proline.at - Netzwerk und Sicherheitstechnik http://www.eushop.net - Onlineshop und Applikationen einfach mieten http://www.freebsd.at - Power Operating System ----- Original Message ----- From: "Dan Lukes" To: Sent: Friday, May 17, 2002 3:27 AM Subject: Re: IPSEC interoperability with Win2K client? > Lasse Andersson wrote: > > > > Hi, > > > > Looking for any information about FreeBSD IPSEC interoperability with > > Win2K clients? > > > +-------+ +------+ +--------+ > > |w2k | internet |FBSD | internal network |internal| > > |clients|---------------|FW w. |--------------------|hosts | > > | | IPSEC |IPSEC | no IPSEC | | > > +-------+ +------+ +--------+ > > You need ESP/tunnel mode for presented configuration, but W2k seems not > to support it - at least with IKE (I don't know how about > static-configured keys). W2k <-> racoon can maintain ESP/transport mode > only. > > The only solution I know is PPTP covered by IPSEC: > > +---------+ +--------+ internal +--------+ > |w2k | internet |FBSD Fw | network |internal| > |clients |---------------------|IPSEC |----------|hosts | > |Oakley | PPTP within |racoon | plain IP | | > |PPTP VPN | IPSEC ESP/transport |MPD | | | > +---------+ +--------+ +--------+ > > Some notes for you: > 1. install all avaiable patches to W2k (windowsupdate.microsoft.com) > 2. M$ network client MUST be installed, althought may be disabled > 3. W2k don't support aggresive mode negotiation > > When w2k has know static IP: > 4. preshared key or x509 authentication possible > > > When w2k has dynamic IP: > 4.1 x509 authentication only > 4.2 "generate_policy on" is mandatory in racoon.conf > > when x509 authentication used: > 5. racoon doesn't support CRLs now, so individual revocation > of keys isn't possible - all keys signed by approved CA are > suitable for communication > 6. cert of CA used to sign W2k side keys must be > put into racoon's "path certificate" directory with apropriate > name (.0, see "x509 -hash -in CAcert.pem") > 7. use latest racoon and FreeBSD 4.5-STABLE > > Example configuration when X509 authentication used: > == ESP Transport, X509 authentication ================== > ============ FreeBSD with racoon, W2k with dynamic IP == > > ---- ipsec.conf (for setkey, FreeBSD side) -------- > flush; > spdflush; > ---- ipsec.conf (for setkey) - END ------------------ > > ---- racoon.conf (for racoon, FreeBSD side) ------- > path include "/usr/local/etc/racoon" ; > path certificate "/usr/local/etc/racoon" ; > padding > { > maximum_length 20; # maximum padding length. > randomize off; # enable randomize length. > strict_check off; # enable strict check. > exclusive_tail off; # extract last one octet. > } > timer > { > counter 5; # maximum trying count to send. > interval 20 sec; # maximum interval to resend. > persend 1; # the number of packets per a send. > phase1 30 sec; > phase2 15 sec; > } > remote anonymous > { > exchange_mode main; > doi ipsec_doi; > my_identifier address; > certificate_type x509 "cert.pem" "key.pem"; > generate_policy on; > nonce_size 16; > lifetime time 1 min; # sec,min,hour > initial_contact on; > support_mip6 on; > proposal_check obey; # obey, strict or claim > > proposal { > encryption_algorithm 3des; > hash_algorithm md5; > authentication_method rsasig ; > dh_group 2 ; > } > } > > sainfo anonymous > { > pfs_group 1; > lifetime time 30 sec; > encryption_algorithm 3des,des,cast128,blowfish ; > authentication_algorithm hmac_sha1, hmac_md5; > compression_algorithm deflate ; > } > ---- racoon.conf (for racoon) - END ------------------ > > On W2k side: > Run mmc.exe. > > Console->[Add/Remove Snap In]->Add > Select [IP Security Policy Manager] (Local Computer) and [Certificates] > (Local Computer, Computer Account). > > Add CA certs for both side keys to > "Console Root\Certificates (Local Computer)\Trusted Root Certification > Authorities\Certificates" > (right mouse button, "All tasks->Import") > > W2k station key and cert (signed by CA) add to > "Console Root\Certificates (Local Computer)\Personal\Certificates" > You need the key and cert in PKCS12 format to do it. > Verify that status is "OK" > > Now you should create policy, so: > [IP Security Policy Manager], New (right button), tell a name, > UNCHECK "Activate the default response rule", CHECK "Edit properties". > Create new IP Security Rule (Add button). > THIS RULE DOES NOT SPECIFY A TUNNEL > [All Network Connections], > Use a Certificate from this Certificate Authority > Browse (select cert of CA used to sign oposite side cert). > Go to IP FILTER LISTS, [Add], again [Add], > Source Address is "My address" > Destination is "specific DNS address" or "specific IP address", > protocol = Any, [Finish], [Close]. > We are back in "IP filter lists". CHECK created filter then [Next], > "Require security" (NOT Optional!), [Next], [Finish], [Close]. > > We are back in MMC. > Use right button on Policy and select "Assign". > > It should work now (you may want to run IPsecmon.exe monitor). > Note, the session is opened "on demand" so you see no association > unless you initiate a communication with FreeBSD side. > Remember - YOU HAVE NO TUNNEL - but you can configure > MPD on FreeBSD together with VPN on W2k to create the tunnel. > > %SystemRoot%\debug\oakley.log will be created if you set > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent\Oakley] > "EnableLogging"=dword:00000001 > "Debug"=dword:000000ff > > > The racoon and W2k IKE still not "plug&work" ready and it isn't > reliable. It's necesarry to have some knowledge about IPSEC itself, > ISAKMP protocol and X509 keys (if used). The lack of CRL support > on racoon side limit the useability a lot in production environment > also. > > > Hope it helps. > > > > Dan > > -- > Dan Lukes, SISAL, MFF UK tel: +420 2 21914205, fax: +420 2 21914206 > AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz, dan@fio.cz > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 0: 8:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from xbsd.net (0x503fe9a3.boanxx8.adsl-dhcp.tele.dk [80.63.233.163]) by hub.freebsd.org (Postfix) with ESMTP id A94F837B40E for ; Fri, 17 May 2002 00:08:51 -0700 (PDT) Received: by xbsd.net (Postfix, from userid 1000) id 74AAF18E13; Fri, 17 May 2002 09:08:48 +0200 (CEST) Date: Fri, 17 May 2002 09:08:48 +0200 From: Sven Esbjerg To: security@FREEBSD.ORG Subject: Re: IPSEC interoperability with Win2K client? Message-ID: <20020517090848.A3474@gosling.xbsd.net> References: <3CE42800.2010605@whizcom.se> <20020516172409.B11264@zith.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020516172409.B11264@zith.net>; from ns@zith.net on Thu, May 16, 2002 at 05:24:09PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wouldn't use w2k's IPSec. Instead buy one of the 3. part programs like PGP-net or SoftPK. Here at work I have set up an OpenBSD VPN box. On the w2k side SoftPK is used and it works OK. SoftPK is standards compliant and very easy to set up. It shouldt be that different from a FreeBSD setup. Just my 2¢ Sven -- Fight Internet Censorship! http://www.eff.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 0:47:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from chicken.orbitel.bg (chicken100.orbitel.bg [195.24.32.21]) by hub.freebsd.org (Postfix) with SMTP id 68CB937B405 for ; Fri, 17 May 2002 00:47:36 -0700 (PDT) Received: (qmail 14849 invoked from network); 17 May 2002 07:47:19 -0000 Received: from unknown (HELO procreditbank.com) (212.95.171.228) by chicken.orbitel.bg with SMTP; 17 May 2002 07:47:19 -0000 Received: from itaush [172.16.248.203] by Proxy+; Fri, 17 May 2002 10:51:31 +0300 for From: "Ivailo Tanusheff" To: "FreeBSD Security" Subject: IPF Log Problem Date: Fri, 17 May 2002 10:51:31 +0300 Message-ID: <00a301c1fd77$a886b2e0$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00A4_01C1FD90.CDD3EAE0" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <3CE49903.349E247A@dolaninformation.com> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00A4_01C1FD90.CDD3EAE0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, I'd set up a configuration as follows: --------------------- 192.168.0.1 xl0 = 192.168.0.2 xl1 = 172.16.0.133 My ipf log confuses me with indicating some packets are blocked, but it seems to me that they must be part of established connection, which keep state statement is time out. But I'm not sure. Where may I read some more information about logged tcp flags and can you help me fix my configuration. On the FreeBSD box I'm running IPF, IPNat, Squid. My configuration is: Ipf.rules: # Default to block #block in all #Accounting rules count in on xl0 from any to any count out on xl0 from 172.16.248.132 to any count out on xl0 from any to any #Allow lo pass in quick on lo0 all pass out quick on lo0 all #Block spoofed #block in log quick on xl0 head 10 block in log quick on xl0 from 172.16.0.0/16 to any block in log quick on xl0 from 127.0.0.0/8 to any pass in quick on xl0 from any to 192.168.0.255 #Blocked ident block return-rst in quick on xl0 proto tcp from any to any port = 113 #Allow icmp data pass in quick on xl0 proto icmp from any to any icmp-type 0 pass in quick on xl0 proto icmp from any to any icmp-type 11 block in log quick on xl0 proto icmp from any to any pass out quick on xl0 proto icmp from any to any keep state #Allow xl0 traffic pass in quick on xl0 proto tcp from any to 192.168.0.2/32 port = 22 flags S keep state keep frags block in log quick on xl0 all pass out quick on xl0 proto tcp from any to any keep state keep frags pass out quick on xl0 proto udp from any to any keep state block out log quick on xl0 all Ipnat.rules: rdr xl1 0.0.0.0/0 port 80 -> 192.168.0.2 port 3128 tcp/udp map xl0 172.16.0.0/16 -> 192.168.0.2/32 proxy port ftp ftp/tcp map xl0 192.168.0.2/32 -> 192.168.0.2/32 proxy port ftp ftp/tcp map xl0 172.16.0.0/16 -> 192.168.0.2/32 portmap tcp/udp auto map xl0 172.16.0.0/16 -> 0/32 Part of my log: 16/05/2002 18:03:51.444189 xl0 @0:10 b 216.239.51.101,80 -> 192.168.0.2,2468 PR tcp len 20 60 -AS IN 16/05/2002 18:03:56.566281 xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 44 -AS IN 16/05/2002 18:04:14.414834 xl0 @0:10 b 216.239.51.101,80 -> 192.168.0.2,2483 PR tcp len 20 60 -AS IN 16/05/2002 18:04:36.201219 xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 40 -AF IN 16/05/2002 18:04:36.790868 xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 40 -AF IN 16/05/2002 18:04:37.043020 xl0 @0:10 b 205.188.250.25,80 -> 192.168.0.2,2268 PR tcp len 20 40 -AF IN 16/05/2002 18:04:37.428832 3x xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 40 -AF IN 16/05/2002 18:04:39.388519 xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 40 -AF IN 16/05/2002 18:04:41.322101 xl0 @0:10 b 205.188.250.25,80 -> 192.168.0.2,2268 PR tcp len 20 40 -AF IN 16/05/2002 18:04:50.282449 xl0 @0:10 b 205.188.250.25,80 -> 192.168.0.2,2268 PR tcp len 20 40 -AF IN 16/05/2002 18:04:57.175856 xl0 @0:10 b 152.163.226.185,80 -> 192.168.0.2,2472 PR tcp len 20 40 -AF IN 16/05/2002 18:05:03.340217 xl0 @0:10 b 208.215.236.71,80 -> 192.168.0.2,2547 PR tcp len 20 40 -A IN 16/05/2002 18:06:42.233714 xl0 @0:10 b 205.188.248.89,80 -> 192.168.0.2,2631 PR tcp len 20 52 -A IN 16/05/2002 18:12:52.891653 xl0 @0:10 b 216.136.226.107,80 -> 192.168.0.2,2914 PR tcp len 20 40 -A IN su-2.05a# uname -a FreeBSD gate 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #1: Fri May 10 13:46:09 EEST 2002 root@gate:/usr/obj/usr/src/sys/MYKERNEL i386 Thanks in advantage, Ivailo Tanusheff System Administrator and Security Advisor ProCredit Bank ------=_NextPart_000_00A4_01C1FD90.CDD3EAE0 Content-Type: text/x-vcard; name="Ivailo Tanusheff.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="Ivailo Tanusheff.vcf" BEGIN:VCARD VERSION:2.1 N:Tanusheff;Ivailo FN:Ivailo Tanusheff ORG:ProCredit Bank TITLE:System administrator and Security advisor TEL;WORK;VOICE:+359 2 9217161 EMAIL;PREF;INTERNET:I.Tanusheff@prokreditbank.com REV:20020510T125145Z END:VCARD ------=_NextPart_000_00A4_01C1FD90.CDD3EAE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 2:59:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (freebsddiary.org.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id 881C437B406 for ; Fri, 17 May 2002 02:59:43 -0700 (PDT) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.2) with ESMTP id g4H9xMS7014668; Fri, 17 May 2002 12:59:24 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g4H9xEDx014666; Fri, 17 May 2002 12:59:14 +0300 (EEST) Date: Fri, 17 May 2002 12:59:14 +0300 From: Alexandr Kovalenko To: "Nickolay A. Kritsky" Cc: mohammad mirzaeenasir , marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re: reply Message-ID: <20020517095914.GA7944@nevermind.kiev.ua> References: <20020516182057.GB7239@nevermind.kiev.ua> <44104033432.20020516230632@internethelp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <44104033432.20020516230632@internethelp.ru> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Nickolay A. Kritsky! On Thu, May 16, 2002 at 11:06:32PM +0400, you wrote: > AK> P.S. securelevel has nothing to do with firewall. > > Hmm... Not quite nothing. > AFAIK on some securelevels you cannot add or delete ipfw rules. Yes, but it has nothing to do with ipfw rules itself and timeouting connections :) -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 8:20:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 43CDB37B403 for ; Fri, 17 May 2002 08:20:35 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA30577; Fri, 17 May 2002 08:19:30 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda30561; Fri May 17 08:19:27 2002 Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.3/8.12.3) with ESMTP id g4HFJLDI094604; Fri, 17 May 2002 08:19:21 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.3/8.12.3) with ESMTP id g4HFJEhN004526; Fri, 17 May 2002 08:19:15 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200205171519.g4HFJEhN004526@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: Brett Glass Cc: Jeff Palmer , security@FreeBSD.ORG Subject: Re: Patch/Announcement for DHCPD remote root hole? In-Reply-To: Message from Brett Glass of "Wed, 15 May 2002 15:22:29 MDT." <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 17 May 2002 08:19:14 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <4.3.2.7.2.20020515145747.03240a90@nospam.lariat.org>, Brett Glass w rites: > At 01:51 PM 5/15/2002, Jeff Palmer wrote: > > >If CVSup is a programmers tool, and not an administrators tool.. > >How is one supposed to keep his system updated and secure AFTER the initial > install? > > That's been exactly my point in earlier discussions. It should not be necessa > ry > to download and recompile the world to get a patch. New users aren't ready > for that, nor should they be expected to be. And admins, who have > many responsibilities and are virtually always overloaded, should not be > burdened with that task. Patches are upgrade. It's documented in numerous places that to upgrade your system you need to CVSup, buildworld/installworld. I have shown the grasshopper sysadmins in my team at work how to do this simple little task. IMO buildworld is simpler, easier, and takes less time than a binary upgrade. The average Solaris binary upgrade takes between 45 minutes and 2 hours of down time. The average RH upgrade takes about half a work day of down time, as my Linux guy will attest to. I can buildworld (no down time), installworld (15 minutes of downtime), mergemaster (do that during the buildworld -- takes about 5 - 10 minutes). The last time I did a binary upgrade of a FreeBSD system the upgrade took at least 90 minutes. I see about 15 minutes of down time compared with 45 minutes to 4 hours of down time. Brett, I don't know much about you and we've never met or worked together. If you were a grasshopper sysadmin (and I suspect that you might be capable of more), buildworld should not scare you. If it does, working through it slowly and asking many questions will go a long way to alleviating any fears. (I recently taught a grasshopper sysadmin [we actually call her Grasshopper] how to install Tru64-UNIX. We went through it slowly, taking many notes and highlighting the important parts in the install guide. After spending about a day and a half working with her, she no longer has a fear of installing Tru64-UNIX and the next one, she wants to do herself. Trust me, buildworld is much less complex than a Tru64-UNIX install, especially when taking into account required firmware updates. I'm sure there are many people new to FreeBSD and to computers for that matter who would agree that buildworld isn't as demanding or as scary as we want to think it is. Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 8:49:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from inord.no (oluf.et-n.no [213.161.160.12]) by hub.freebsd.org (Postfix) with ESMTP id 1730237B411 for ; Fri, 17 May 2002 08:48:54 -0700 (PDT) Received: from erik [213.161.168.206] by inord.no with ESMTP (SMTPD32-7.06) id A54E1E6C00DC; Fri, 17 May 2002 17:44:14 +0200 From: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= To: "'Paul Herman'" , "'Matthew Hunt'" Cc: "'Jesper Wallin'" , , Subject: RE: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 17:48:25 +0200 Message-ID: <006101c1fdba$4b4bfca0$cea8a1d5@erik> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <20020516190531.W23217-100000@mammoth.eat.frenchfries.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You say that adduser uses DES, while the system defaults to MD5. How do you add users then? Using pw useradd etc? Erik Paulsen -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Paul Herman Sent: Friday, May 17, 2002 5:03 AM To: Matthew Hunt Cc: Jesper Wallin; pulz@pulz.no; security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? On Thu, 16 May 2002, Matthew Hunt wrote: > On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote: > > > How will that effect my security? Isn't it more secure to use 128 > > characters instead of 8? Sounds like, if the security was the same > > the blowfish would be default or something similar.. What do You > > recommend? > > DES is the traditional algorithm, and is probably the default for > interoperability with old software and NIS. I've used MD5 for years > with no trouble for the longer password support. If you don't run > NIS, then I don't think there's any reason to stick with DES. OK, here's a quick rundown, some of which has been stated in this thread already. Hash Max significant password characters ------------------------------------------ DES 8 MD5 >512K (only tested up to 512K) Blowfish 72 MD5 *is* the default in FreeBSD (see /etc/login.conf) unless you use adduser(8) perl script, which still generates the older DES password hashes. Also, it was stated that the Blowfish hash is faster. The Blowfish password hash is, in fact, slower. Quick testing shows that the default Blowfish seems to be roughly 50% slower than MD5. This is a Good Thing if you want to protect against brute force guessers. Not only that, the algorithm scales better with time, because you can set the number of iterations for the hash within the salt itself. The default is hardcoded for now to be 2^4=16 in /usr/src/secure/lib/libcrypt/crypt-blofish.c:crypt_blowfish(), but you can change this "on the fly" and put it in your own /etc/master.passwd by providing the salt yourself: bash$ perl-e 'print crypt("secret", "\$2a\$04\$salt") '; echo $2a$04$salt............kC2SI.F9h7C15VchgS17zSObA10b/m9d6c.xa bash$ perl-e 'print crypt("secret", "\$2a\$06\$salt") '; echo $2a$06$salt............kC2SI.pIUU5dNGIJMpP6Fe73WiLDWgq9hZNgO bash$ perl-e 'print crypt("secret", "\$2a\$08\$salt") '; echo $2a$08$salt............kC2SI.QSKa17W8d4Tf9v/Hxo4DeCxL8Amj7cm Lastly, all can be used in NIS, provided all OSes can understand the hash (which is probably what Matt meant.) In fact, I've used MD5 in NIS for years now, with mixed Linux and FreeBSD systems. Only recently has RedHat modified thier MD5 hash algorithm to include a wider range characters. :-( Hope that clears things up, -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 10:26:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.deltanet.com (mail.deltanet.com [216.237.144.132]) by hub.freebsd.org (Postfix) with ESMTP id 89F0337B403 for ; Fri, 17 May 2002 10:26:32 -0700 (PDT) Received: from mammoth.eat.frenchfries.net (da001d1356.lax-ca.osd.concentric.net [208.36.180.81]) by mail.deltanet.com (8.11.6/8.11.6) with ESMTP id g4HH5pO06624 for ; Fri, 17 May 2002 10:05:52 -0700 Received: by mammoth.eat.frenchfries.net (Postfix, from userid 1000) id 7FB2D50CF; Fri, 17 May 2002 10:26:23 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mammoth.eat.frenchfries.net (Postfix) with ESMTP id 7D2484B35 for ; Fri, 17 May 2002 10:26:23 -0700 (PDT) Date: Fri, 17 May 2002 10:24:17 -0700 (PDT) From: Paul Herman X-X-Sender: pherman@mammoth.eat.frenchfries.net To: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= Subject: RE: How secure is a password and how many characters does it allow? In-Reply-To: <200205171632.g4HGWTJ17941@tick.sc.omation.com> Message-ID: <20020517093415.L934-100000@mammoth.eat.frenchfries.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 17 May 2002, it was written: > You say that adduser uses DES, while the system defaults to MD5. > How do you add users then? Using pw useradd etc? Yeah, that works. passwd(1) works too. You can also put: crypt_default = md5 into /etc/auth.conf, but this is not the same as changing passwd_format in /etc/login.conf. This will force *all* programs that expect a DES hash from crypt() to get an MD5 hash. This is generally not a problem nowadays (?), but you may have some old legacy software on your system that still need this. Be aware of this if you change /etc/auth.conf. If you're not generating your own salts, and just want to keep it simple, the login_setcryptfmt() / crypt_set_format() aware programs like pw(8) and passwd(1) are for you. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 12:30:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from inord.no (oluf.et-n.no [213.161.160.12]) by hub.freebsd.org (Postfix) with ESMTP id E0E0337B401 for ; Fri, 17 May 2002 12:29:11 -0700 (PDT) Received: from erik [213.161.168.206] by inord.no with ESMTP (SMTPD32-7.06) id A9793EE00CC; Fri, 17 May 2002 18:02:01 +0200 From: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= To: =?iso-8859-1?Q?'Erik_Paulsen_Sk=E5lerud'?= , "'Paul Herman'" , "'Matthew Hunt'" Cc: "'Jesper Wallin'" , , Subject: RE: How secure is a password and how many characters does it allow? Date: Fri, 17 May 2002 18:05:37 +0200 Message-ID: <000201c1fdbc$b2b4b1f0$cea8a1d5@erik> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <006101c1fdba$4b4bfca0$cea8a1d5@erik> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I found out. Just change one line in /etc/auth.conf Oh well :) Erik. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Erik Paulsen Sk=E5lerud Sent: Friday, May 17, 2002 5:48 PM To: 'Paul Herman'; 'Matthew Hunt' Cc: 'Jesper Wallin'; pulz@pulz.no; security@FreeBSD.ORG Subject: RE: How secure is a password and how many characters does it allow? You say that adduser uses DES, while the system defaults to MD5. How do you add users then? Using pw useradd etc? Erik Paulsen -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Paul Herman Sent: Friday, May 17, 2002 5:03 AM To: Matthew Hunt Cc: Jesper Wallin; pulz@pulz.no; security@FreeBSD.ORG Subject: Re: How secure is a password and how many characters does it allow? On Thu, 16 May 2002, Matthew Hunt wrote: > On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote: > > > How will that effect my security? Isn't it more secure to use 128 > > characters instead of 8? Sounds like, if the security was the same=20 > > the blowfish would be default or something similar.. What do You=20 > > recommend? > > DES is the traditional algorithm, and is probably the default for > interoperability with old software and NIS. I've used MD5 for years=20 > with no trouble for the longer password support. If you don't run=20 > NIS, then I don't think there's any reason to stick with DES. OK, here's a quick rundown, some of which has been stated in this thread already. Hash Max significant password characters ------------------------------------------ DES 8 MD5 >512K (only tested up to 512K) Blowfish 72 MD5 *is* the default in FreeBSD (see /etc/login.conf) unless you use adduser(8) perl script, which still generates the older DES password hashes. Also, it was stated that the Blowfish hash is faster. The Blowfish password hash is, in fact, slower. Quick testing shows that the default Blowfish seems to be roughly 50% slower than MD5. This is a Good Thing if you want to protect against brute force guessers. Not only that, the algorithm scales better with time, because you can set the number of iterations for the hash within the salt itself. The default is hardcoded for now to be 2^4=3D16 in /usr/src/secure/lib/libcrypt/crypt-blofish.c:crypt_blowfish(), but you can change this "on the fly" and put it in your own /etc/master.passwd by providing the salt yourself: bash$ perl-e 'print crypt("secret", "\$2a\$04\$salt") '; echo $2a$04$salt............kC2SI.F9h7C15VchgS17zSObA10b/m9d6c.xa bash$ perl-e 'print crypt("secret", "\$2a\$06\$salt") '; echo $2a$06$salt............kC2SI.pIUU5dNGIJMpP6Fe73WiLDWgq9hZNgO bash$ perl-e 'print crypt("secret", "\$2a\$08\$salt") '; echo $2a$08$salt............kC2SI.QSKa17W8d4Tf9v/Hxo4DeCxL8Amj7cm Lastly, all can be used in NIS, provided all OSes can understand the hash (which is probably what Matt meant.) In fact, I've used MD5 in NIS for years now, with mixed Linux and FreeBSD systems. Only recently has RedHat modified thier MD5 hash algorithm to include a wider range characters. :-( Hope that clears things up, -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 13:15:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 574F237B400 for ; Fri, 17 May 2002 13:15:31 -0700 (PDT) Received: (qmail 31460 invoked by uid 0); 17 May 2002 20:15:26 -0000 Received: from p5091022e.dip0.t-ipconnect.de (HELO mail.gsinet.sittig.org) (80.145.2.46) by mail.gmx.net (mp011-rz3) with SMTP; 17 May 2002 20:15:26 -0000 Received: (qmail 93064 invoked from network); 17 May 2002 17:46:54 -0000 Received: from shell.gsinet.sittig.org (192.168.11.153) by mail.gsinet.sittig.org with SMTP; 17 May 2002 17:46:54 -0000 Received: (from sittig@localhost) by shell.gsinet.sittig.org (8.11.3/8.11.3) id g4HHkqI93060 for security@freebsd.org; Fri, 17 May 2002 19:46:52 +0200 (CEST) (envelope-from sittig) Date: Fri, 17 May 2002 19:46:52 +0200 From: Gerhard Sittig To: security@freebsd.org Subject: Re: How secure is a password and how many characters does it allow? Message-ID: <20020517194652.I1494@shell.gsinet.sittig.org> Mail-Followup-To: security@freebsd.org References: <007901c1fd27$02f29a10$fa00a8c0@elixor> <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <2079.213.112.58.238.1021587760.squirrel@phucking.kicks-ass.org>; from z3l3zt@phucking.kicks-ass.org on Fri, May 17, 2002 at 12:22:40AM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 17, 2002 at 00:22 +0200, Jesper Wallin wrote: > > How will that effect my security? Isn't it more secure to use 128 characters > instead of 8? Sounds like, if the security was the same the blowfish would > be default or something similar.. What do You recommend? [ not only replying to "you", Jesper, but to the general audience ] You probably missed one important point: If you merely make a password longer by using prose you don't increase the entropy(sp?). The result is no gain in security while you grow a false feeling of safety -- i.e. you effectively lower your security! "Longer" is not necessarily better, "more unpredictable" is. While real language words have roundabout one bit of entropy per character one should use a password generator or -- to get a non guessable word with enough characters while it's still not in a dictionary -- think of a sentence and pick the first (last / every second / choose something) character of the words. This usually results in three to four bits of entropy per character. A seven letter password can be stronger than a twenty letter word. And yes, while in the traditional DES algorithm only the first eight characters are significant (while you can type as many as you want to) alternative algorithms use more significant characters (MD5: 128) or stronger/faster hashing methods (f.e. blowfish lets you tune the number of iterations it does, to balance the speed of verification and the cost of brute forcing passwords). The reason they are not enabled by default is keeping compatibility to those platforms which don't support alternative algorithms in heterogenous(sp?) environments. When all the machines / systems in your environment support MD5 or blowfish, you're free to switch to those more modern algorithms. Otherwise you would get into trouble when using networked user databases. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 17 15: 2:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 206FF37B405 for ; Fri, 17 May 2002 15:02:30 -0700 (PDT) Received: from hades.hell.gr (patr530-a187.otenet.gr [212.205.215.187]) by mailsrv.otenet.gr (8.12.3/8.12.3) with ESMTP id g4HM2MQJ010838; Sat, 18 May 2002 01:02:25 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.3/8.12.3) with ESMTP id g4HM2D6w012436; Sat, 18 May 2002 01:02:21 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from charon@localhost) by hades.hell.gr (8.12.3/8.12.3/Submit) id g4HH6xdg010229; Fri, 17 May 2002 20:06:59 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Fri, 17 May 2002 20:06:58 +0300 From: Giorgos Keramidas To: Baldur Gislason Cc: Marc Rogers , freebsd-security@FreeBSD.ORG Subject: Re: HELP ME Message-ID: <20020517170658.GC9697@hades.hell.gr> References: <20020516130805.I75489@closed-networks.com> <20020516181342.F059E2744@tesla.foo.is> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020516181342.F059E2744@tesla.foo.is> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-05-16 18:13, Baldur Gislason wrote: > There's also a sysctl value, net.inet.tcp.blackhole that if set to 1 > will make the kernel ignore packets coming to closed ports rather > than sending a packet back with the RST flag set. Which is documented in detail in blackhole(4). - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 18 9:58:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from localhost.com (syd-tgn-vce-vty15.as.wcom.net [63.12.28.15]) by hub.freebsd.org (Postfix) with SMTP id 452FB37B431 for ; Sat, 18 May 2002 09:55:01 -0700 (PDT) From: FreeBSD-security@FreeBSD.org Reply-To: assistant2002@hotmail.com To: FreeBSD-security@FreeBSD.org Date: Sat, 18 May 2002 23:58:13 +0700 Subject: "ËÒ¡¤Ø³ÅéÁàËÅÇ·Õè¨ÐÇҧἹ ÂèÍÁá»ÅÇèҤسÇҧἹ·Õè¨ÐÅéÁàËÅÇ" 18/5/02 23:58:13 X-Mailer: QuickSender 1.05 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-Id: <20020518165501.452FB37B431@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear FreeBSD-security =2C =22=CB=D2=A1=A4=D8=B3=C5=E9=C1=E0=CB=C5=C7=B7=D5=E8=A8=D0=C7=D2=A7=E1=BC=B9 =C2=E8=CD=C1=E1=BB=C5=C7=E8=D2=A4=D8=B3=C7=D2=A7=E1=BC=B9=B7=D5=E8=A8=D0=C5=E9=C1=E0=CB=C5=C7=22 =CB=D2=A1=A4=D8=B3 =A4=D7=CD=A4=B9=CB=B9=D6=E8=A7=B7=D5=E8=E0=A4=C2=C7=D2=A7=E1=BC=B9=CD=B9=D2=A4=B5=A2=CD=A7=A4=D8=B3 =B5=E9=CD=A7=A1=D2=C3=B7=D5=E8=A8=D0=BB=C3=D0=CA=BA=A4=C7=D2=C1=CA=D3=E0=C3=E7=A8=E3=B9=AA=D5=C7=D4=B5 =B5=E9=CD=A7=A1=D2=C3=B7=D5=E8=A8=D0=BB=C3=D0=CA=BA=A4=C7=D2=C1=CA=D3=E0=C3=E7=A8=E3=B9=E3=B9=CB=B9=E9=D2=B7=D5=E8=A1=D2=C3=A7=D2=B9 =B5=E9=CD=A7=A1=D2=C3=B7=D5=E8=A8=D0=C1=D5=A4=C3=CD=BA=A4=C3=D1=C7=B7=D5=E8=CD=BA=CD=D8=E8=B9 =B5=E9=CD=A7=A1=D2=C3=C1=D5=CD=D4=CA=C3=D0=C0=D2=BE=B7=D2=A7=B4=E9=D2=B9=A1=D2=C3=E0=A7=D4=B9 =2E=2E=2E =BB=C3=D6=A1=C9=D2=E0=C3=D2=B7=D5=E8 http=3A=2F=2Fthaiworkathome=2Ecom=2Finformation =E0=BE=D7=E8=CD=C1=CD=A7=CB=D2=CA=D4=E8=A7=E3=CB=C1=E8=E6 =B7=D5=E8=A8=D0=E0=BB=C5=D5=E8=C2=B9=AA=D5=C7=D4=B5=A4=D8=B3 =22=A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=B6=D9=A1=CA=E8=A7=E4=BB=C2=D1=A7=A4=D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD =CB=D2=A1=A4=D8=B3=B5=E9=CD=A7=A1=D2=C3=E3=CB=E9=C3=D2=C2=AA=D7=E8=CD=B6=D9=A1=C5=BA=CD=CD=A1 =A1=C3=D8=B3=D2 click =B7=D5=E8=B9=D5=E8 www=2Ethaiworkathome=2Ecom=2Finformation=2Fmail=2Ehtml To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message