From owner-freebsd-isp Sun Nov 26 11:45:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.prod.itd.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id 7A64737B479; Sun, 26 Nov 2000 11:45:21 -0800 (PST) Received: from veager.siteplus.net (1Cust216.tnt2.chattanooga.tn.da.uu.net [63.26.98.216]) by gull.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id LAA15189; Sun, 26 Nov 2000 11:45:18 -0800 (PST) Date: Sun, 26 Nov 2000 14:44:46 -0500 (EST) From: Jim Weeks To: freebsd-isp@freebsd.org Cc: freebsd-ports@freebsd.org Subject: apache-ssl-php4-fp solution Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I will preface this by saying I am no authority in this field, but I have seen a few posts on this subject and hope this may help someone else in a simular situation. To the matter at hand. I had several production servers running 3.X-stable. All of these were running apache-ssl-php3-frontpage with php3 and frontpage compiled into the binary and ssl as DSO. This presented a problem in upgrading to php4. You may have noticed that there are a lot of new DSO modules in /usr/ports/www. The problem is that some, such as mod_ssl, are only available from RELENG_4, and seem to be 4.X dependent. After building Apache a *lot* of different ways, including from source, I have come to this conclusion. This task can be done easily with the ports collection, even for the 3.X platform. First, you must download and install the FreeBSD version of frontpage extensions into /usr/local. They may be found at, http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp Now, we can easily adapt /usr/ports/www/apache13-modssl. This can be done by copying two files already present on the machine and making one entry in the Makefile. Php4 "/usr/ports/www/mod_php4" can be added after apache has been compiled. The first file: Copy the apache frontpage patch "fp-patch-apache_1.3.12" from /usr/local/frontpage/version4.0/apache-fp/ to /usr/ports/www/apache13-modssl/files/ and rename it patch-aj The second file: $ cd /usr/ports/www/apache13-modssl $ cp ../apache13-fp/files/mod_frontpage.c \ > files/mod_frontpage.c Edit the Makefile: Place "--add-module=mod_frontpage.c" near the bottom of the CONFIGURE_ARGS section. Mine looks like this. CONFIGURE_ARGS= --prefix=${PREFIX} \ --server-gid=nogroup \ --with-perl=${PERL} \ --with-layout=${FILESDIR}/FreeBSD.layout:FreeBSD \ --suexec-docroot=${PREFIX}/www/data \ --without-confadjust \ --enable-module=most \ --enable-module=auth_db \ --enable-module=mmap_static \ --disable-module=auth_dbm \ --enable-shared=max \ --enable-module=ssl \ --add-module=mod_frontpage.c \ --enable-module=define Finish up: $ make $ make certificate $ make install $ make clean $ cd ../mod_php4 $ make $ make install $ make clean Appropriate entries for enabling mod_php4 will automatically be added to httpd.conf when the module is built. You may need to add frontpage yourself. Just add "AddModule mod_frontpage.c" to the AddModule list. Good luck, -- Jim Weeks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 26 23:44:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.psknet.com (orion.psknet.com [63.171.251.4]) by hub.freebsd.org (Postfix) with SMTP id 451BA37B4C5 for ; Sun, 26 Nov 2000 23:44:02 -0800 (PST) Received: (qmail 47657 invoked from network); 27 Nov 2000 07:43:59 -0000 Received: from abyss.dashit.net (HELO ABYSS) (209.100.22.250) by orion.psknet.com with SMTP; 27 Nov 2000 07:43:59 -0000 From: "Troy Settle" To: "Jim Weeks" , Cc: Subject: RE: apache-ssl-php4-fp solution Date: Mon, 27 Nov 2000 02:43:59 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-AntiVirus: scanned for viruses by Pulaski Networks (http://www.psknet.com) using AMaViS (http://www.amavis.org) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jim, Excellent job on the homework. I'm going to be rebuilding a box this week, and greatly appreciate your pointers. I was going to see what the heck I needed to do to accomplish this. Perhaps you could contact the apache13-fp maintainer and help him/her turn it into apache13-fp-modssl, which would be a very nice thing to have, since those 2 mods require patches to the source. Honestly though, I don't understand why the FP patches haven't been integrated into the apache code-base. An option to configure could easily enable/disable the feature (or bug for some :). My $.02, -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short. ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jim Weeks ** Sent: Sunday, November 26, 2000 2:45 PM ** To: freebsd-isp@freebsd.org ** Cc: freebsd-ports@freebsd.org ** Subject: apache-ssl-php4-fp solution ** ** ** I will preface this by saying I am no authority in this field, but I ** have seen a few posts on this subject and hope this may help someone ** else in a simular situation. ** ** To the matter at hand. I had several production servers running ** 3.X-stable. All of these were running apache-ssl-php3-frontpage with php3 ** and frontpage compiled into the binary and ssl as DSO. This presented a ** problem in upgrading to php4. You may have noticed that there are a lot ** of new DSO modules in /usr/ports/www. The problem is that some, such as ** mod_ssl, are only available from RELENG_4, and seem to be 4.X dependent. ** ** After building Apache a *lot* of different ways, including from ** source, I have come to this conclusion. This task can be done ** easily with ** the ports collection, even for the 3.X platform. ** ** First, you must download and install the FreeBSD version of frontpage ** extensions into /usr/local. They may be found at, ** http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp ** ** Now, we can easily adapt /usr/ports/www/apache13-modssl. This ** can be done ** by copying two files already present on the machine and making one entry ** in the Makefile. Php4 "/usr/ports/www/mod_php4" can be added ** after apache ** has been compiled. ** ** The first file: ** ** Copy the apache frontpage patch "fp-patch-apache_1.3.12" from ** /usr/local/frontpage/version4.0/apache-fp/ to ** /usr/ports/www/apache13-modssl/files/ and rename it patch-aj ** ** The second file: ** ** $ cd /usr/ports/www/apache13-modssl ** $ cp ../apache13-fp/files/mod_frontpage.c \ ** > files/mod_frontpage.c ** ** Edit the Makefile: ** ** Place "--add-module=mod_frontpage.c" near the bottom of the ** CONFIGURE_ARGS ** section. ** ** Mine looks like this. ** ** CONFIGURE_ARGS= --prefix=${PREFIX} \ ** --server-gid=nogroup \ ** --with-perl=${PERL} \ ** --with-layout=${FILESDIR}/FreeBSD.layout:FreeBSD \ ** --suexec-docroot=${PREFIX}/www/data \ ** --without-confadjust \ ** --enable-module=most \ ** --enable-module=auth_db \ ** --enable-module=mmap_static \ ** --disable-module=auth_dbm \ ** --enable-shared=max \ ** --enable-module=ssl \ ** --add-module=mod_frontpage.c \ ** --enable-module=define ** ** Finish up: ** ** $ make ** $ make certificate ** $ make install ** $ make clean ** ** $ cd ../mod_php4 ** $ make ** $ make install ** $ make clean ** ** Appropriate entries for enabling mod_php4 will automatically be added to ** httpd.conf when the module is built. You may need to add frontpage ** yourself. Just add "AddModule mod_frontpage.c" to the AddModule list. ** ** Good luck, ** ** -- ** Jim Weeks ** ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Nov 26 23:55:58 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.psknet.com (orion.psknet.com [63.171.251.4]) by hub.freebsd.org (Postfix) with SMTP id BB5C637B479 for ; Sun, 26 Nov 2000 23:55:54 -0800 (PST) Received: (qmail 48479 invoked from network); 27 Nov 2000 07:55:52 -0000 Received: from abyss.dashit.net (HELO ABYSS) (209.100.22.250) by orion.psknet.com with SMTP; 27 Nov 2000 07:55:52 -0000 From: "Troy Settle" To: "Jim Weeks" , Subject: RE: LoadModule not adding to list. Date: Mon, 27 Nov 2000 02:55:52 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-AntiVirus: scanned for viruses by Pulaski Networks (http://www.psknet.com) using AMaViS (http://www.amavis.org) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm speculating here, but I got caught by a shortcoming in apxs a while back. After building apache-modssl, the default config had an tag surrounding the directives to load and add the ssl module. Later, while building php and modperl, I noticed that apxs stuck those directives into the conditional created for SSL. Very odd. Anyways, cleaning this up fixed it, but a SIGHUP didn't get those modules loaded and working. I had to completely stop/restart Apache. G'luck, -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short. ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jim Weeks ** Sent: Friday, November 24, 2000 4:48 PM ** To: freebsd-isp@freebsd.org ** Subject: LoadModule not adding to list. ** ** ** I have apache 1.3.9 with php3 compiled in running on a 3.4-stable ** machine. I am trying to upgrade to php4 with /usr/ports/wwwmod_php4. ** ** I have added the line ** ** LoadModule php4_module libexec/apache/libphp4.so ** ** to httpd.conf. I also have a ClearModuleList directive directly followed ** by an appropriate AddModule list. ** ** This is the error I get when HUPing the server. ** ** [Fri Nov 24 16:18:16 2000] [notice] SIGHUP received. Attempting ** to restart ** [Fri Nov 24 16:18:16 2000] [error] Cannot remove module mod_php4.c: not ** found in module list ** [Fri Nov 24 16:18:17 2000] [notice] Apache/1.3.9 (Unix) PHP/3.0.12 ** FrontPage/4.0.4.3 mod_ssl/2.4.8 OpenSSL/0.9.4 configured -- ** resuming normal operations ** ** I am confused as to how the ClearModuleList is even aware of the ** mod if it ** is not loading. What am I missing here? I wanted to run it past a few ** gurus before rebuilding apache. ** ** Thanks, ** ** -- ** Jim Weeks ** ** ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 0:36:22 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.prod.itd.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id 1339937B479 for ; Mon, 27 Nov 2000 00:36:20 -0800 (PST) Received: from veager.siteplus.net (user-38lc8tq.dialup.mindspring.com [209.86.35.186]) by gull.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id AAA18791; Mon, 27 Nov 2000 00:36:13 -0800 (PST) Date: Mon, 27 Nov 2000 03:36:07 -0500 (EST) From: Jim Weeks To: Troy Settle Cc: freebsd-isp@FreeBSD.ORG Subject: RE: LoadModule not adding to list. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 27 Nov 2000, Troy Settle wrote: > > I'm speculating here, but I got caught by a shortcoming in apxs a while > back. > > After building apache-modssl, the default config had an tag > surrounding the directives to load and add the ssl module. Later, while > building php and modperl, I noticed that apxs stuck those directives into > the conditional created for SSL. Very odd. > > Anyways, cleaning this up fixed it, but a SIGHUP didn't get those modules > loaded and working. I had to completely stop/restart Apache. Troy, I never did get this one to work. I finally did the rebuild as I stated in the "apache-ssl-php4-fp solution" thread. Stoping the server completely did not work either. It should have been pretty straight forward. LoadModule, ClearModuleList, AddModule, but always the same error. Can't clear because the module was not in the list. If it was not in the list, how was apache aware that it should clear it? ;/ Any way, thanks for the kind words. I am fortunate enough to have a server that I can test things before trying it on one of my productions machines. It is an old 486DX66 that I affectionately call Genesis. It stands at the gate, serves files, runs crons and uploads the results to my other servers, keeps time, and never complains. Even though it is on a 56k dial up, it sends its current IP up to one of my remotes so I can check in when out of town. I really would hate to replace it. Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 0:44: 3 2000 Delivered-To: freebsd-isp@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.prod.itd.earthlink.net [207.217.121.50]) by hub.freebsd.org (Postfix) with ESMTP id 0F8A437B479; Mon, 27 Nov 2000 00:43:54 -0800 (PST) Received: from veager.siteplus.net (user-38lc8tq.dialup.mindspring.com [209.86.35.186]) by avocet.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id AAA27333; Mon, 27 Nov 2000 00:43:48 -0800 (PST) Date: Mon, 27 Nov 2000 03:43:46 -0500 (EST) From: Jim Weeks To: Troy Settle Cc: freebsd-isp@freebsd.org, freebsd-ports@freebsd.org Subject: RE: apache-ssl-php4-fp solution In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks Troy, One other note on this subject. Before trying to build apache13-modssl, be sure Openssl is up to date. -- Jim Weeks On Mon, 27 Nov 2000, Troy Settle wrote: > > Jim, > > Excellent job on the homework. I'm going to be rebuilding a box this week, > and greatly appreciate your pointers. I was going to see what the heck I > needed to do to accomplish this. > > Perhaps you could contact the apache13-fp maintainer and help him/her turn > it into apache13-fp-modssl, which would be a very nice thing to have, since > those 2 mods require patches to the source. > > Honestly though, I don't understand why the FP patches haven't been > integrated into the apache code-base. An option to configure could easily > enable/disable the feature (or bug for some :). > > My $.02, > > -- > Troy Settle > Pulaski Networks > 540.994.4254 > > It's always a long day, 86400 doesn't fit into a short. > > > ** -----Original Message----- > ** From: owner-freebsd-isp@FreeBSD.ORG > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jim Weeks > ** Sent: Sunday, November 26, 2000 2:45 PM > ** To: freebsd-isp@freebsd.org > ** Cc: freebsd-ports@freebsd.org > ** Subject: apache-ssl-php4-fp solution > ** > ** > ** I will preface this by saying I am no authority in this field, but I > ** have seen a few posts on this subject and hope this may help someone > ** else in a simular situation. > ** > ** To the matter at hand. I had several production servers running > ** 3.X-stable. All of these were running apache-ssl-php3-frontpage with php3 > ** and frontpage compiled into the binary and ssl as DSO. This presented a > ** problem in upgrading to php4. You may have noticed that there are a lot > ** of new DSO modules in /usr/ports/www. The problem is that some, such as > ** mod_ssl, are only available from RELENG_4, and seem to be 4.X dependent. > ** > ** After building Apache a *lot* of different ways, including from > ** source, I have come to this conclusion. This task can be done > ** easily with > ** the ports collection, even for the 3.X platform. > ** > ** First, you must download and install the FreeBSD version of frontpage > ** extensions into /usr/local. They may be found at, > ** http://msdn.microsoft.com/workshop/languages/fp/2000/unixfpse.asp > ** > ** Now, we can easily adapt /usr/ports/www/apache13-modssl. This > ** can be done > ** by copying two files already present on the machine and making one entry > ** in the Makefile. Php4 "/usr/ports/www/mod_php4" can be added > ** after apache > ** has been compiled. > ** > ** The first file: > ** > ** Copy the apache frontpage patch "fp-patch-apache_1.3.12" from > ** /usr/local/frontpage/version4.0/apache-fp/ to > ** /usr/ports/www/apache13-modssl/files/ and rename it patch-aj > ** > ** The second file: > ** > ** $ cd /usr/ports/www/apache13-modssl > ** $ cp ../apache13-fp/files/mod_frontpage.c \ > ** > files/mod_frontpage.c > ** > ** Edit the Makefile: > ** > ** Place "--add-module=mod_frontpage.c" near the bottom of the > ** CONFIGURE_ARGS > ** section. > ** > ** Mine looks like this. > ** > ** CONFIGURE_ARGS= --prefix=${PREFIX} \ > ** --server-gid=nogroup \ > ** --with-perl=${PERL} \ > ** --with-layout=${FILESDIR}/FreeBSD.layout:FreeBSD \ > ** --suexec-docroot=${PREFIX}/www/data \ > ** --without-confadjust \ > ** --enable-module=most \ > ** --enable-module=auth_db \ > ** --enable-module=mmap_static \ > ** --disable-module=auth_dbm \ > ** --enable-shared=max \ > ** --enable-module=ssl \ > ** --add-module=mod_frontpage.c \ > ** --enable-module=define > ** > ** Finish up: > ** > ** $ make > ** $ make certificate > ** $ make install > ** $ make clean > ** > ** $ cd ../mod_php4 > ** $ make > ** $ make install > ** $ make clean > ** > ** Appropriate entries for enabling mod_php4 will automatically be added to > ** httpd.conf when the module is built. You may need to add frontpage > ** yourself. Just add "AddModule mod_frontpage.c" to the AddModule list. > ** > ** Good luck, > ** > ** -- > ** Jim Weeks > ** > ** > ** > ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org > ** with "unsubscribe freebsd-isp" in the body of the message > ** > ** > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 1:25:51 2000 Delivered-To: freebsd-isp@freebsd.org Received: from backend2.aha.ru (terra.zenon.net [213.189.198.210]) by hub.freebsd.org (Postfix) with ESMTP id 82B8B37B479; Mon, 27 Nov 2000 01:25:39 -0800 (PST) Received: from [213.189.200.112] (HELO sunny.aha.ru) by backend2.aha.ru (CommuniGate Pro SMTP 3.3.1) with ESMTP id 64534182; Mon, 27 Nov 2000 12:25:34 +0300 Received: from AMARKELO (focus.futures.msk.ru [195.2.76.180]) by sunny.aha.ru (8.9.3/8.9.3) with ESMTP id MAA49088; Mon, 27 Nov 2000 12:25:00 +0300 (MSK) Date: Mon, 27 Nov 2000 12:24:43 +0300 From: "Alex N. Markelov" X-Mailer: The Bat! (v1.45) Personal Reply-To: "Alex N. Markelov" Organization: Folium Ltd. X-Priority: 3 (Normal) Message-ID: <1771564079.20001127122443@futures.msk.ru> To: "Will Mitayai Keeso Rowe" Cc: "Steve Reid" , "Vladimir I. Kulakov" , , Subject: Re[2]: DOS atack of hardware problem? In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Will, Friday, November 24, 2000, 11:30:54 AM, you wrote: WMKR> has this been known to happen with xl0/3Com 3C509TX? Yes, I saw the effect with 3Com network card and 3Com switch :(. Without manual configuration it haven't worked properly. WMKR> On Fri, Nov 24, 2000 at 09:21:32AM +0300, Vladimir I. Kulakov wrote: >> It seems the network card in our server unpedicably swithes from 100 >> to 10 Mbits and from half-duplex to full duplex. Best regards, Alex N. Markelov ---------------------------- System administrator. Folium Ltd., Moscow, Russia. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 7:43:48 2000 Delivered-To: freebsd-isp@freebsd.org Received: from hitline.ch (unknown [195.129.74.66]) by hub.freebsd.org (Postfix) with ESMTP id 2256237B479 for ; Mon, 27 Nov 2000 07:43:42 -0800 (PST) Received: from [195.129.74.2] (HELO [10.10.14.36]) by hitline.ch (CommuniGate Pro SMTP 3.3.2) with ESMTP id 2817449 for freebsd-isp@FreeBSD.ORG; Mon, 27 Nov 2000 16:47:54 +0100 Mime-Version: 1.0 X-Sender: moshea%tronic-group.com@mail.com4u.ch Message-Id: In-Reply-To: <1771564079.20001127122443@futures.msk.ru> References: <1771564079.20001127122443@futures.msk.ru> Date: Mon, 27 Nov 2000 16:40:20 +0100 To: freebsd-isp@FreeBSD.ORG From: Michael O Shea Subject: OffTopic Win4Lin Content-Type: text/plain; charset="iso-8859-1" ; format="flowed" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, I asked the guys at http://www.netraverse.com if they had any plans to port their win4lin product which runs Windows on top of Linux to =46reeBSD. His reply is detailed below if anybody wants to contact them to register their interest in such a port. " We have not scheduled a port to FreeBSD at this time. We have had very few request (<100) from FreeBSD folks to port the product. We would be more than interested in porting our product if we could establish there was a big enough market for the product. If you can point at some hard market data for FreeBSD users, we would appreciate it. Thanks, Tom Gordon tgordon@netraverse.com" -- Micheal O Shea ----------------------------------------------------- com-o-tronic ag Micheal O Shea, Systems Engineer Gewerbepark CH-5506 M=E4genwil E-Mail micheal@com4u.ch Voice: +41 62 887 3734 =46ax: +41 62 896 1133 Internet: http://www.com4u.ch http://www.ehitline.ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 9:48:22 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ajax1.sovam.com (ajax1.sovam.com [194.67.1.172]) by hub.freebsd.org (Postfix) with ESMTP id D2C3C37B479; Mon, 27 Nov 2000 09:48:14 -0800 (PST) Received: from ts8-a150.dial.sovam.com ([195.239.2.150]:1086 "EHLO ts8-a150.dial.sovam.com" ident: "NO-IDENT-SERVICE[2]" whoson: "-unregistered-" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax1.sovam.com with ESMTP id ; Mon, 27 Nov 2000 20:48:03 +0300 Date: Mon, 27 Nov 2000 20:47:48 +0300 From: "Vladimir I. Kulakov" X-Mailer: The Bat! (v1.47 Halloween Edition) Reply-To: "Vladimir I. Kulakov" Organization: Kudesniki JSC X-Priority: 3 (Normal) Message-ID: <15940795775.20001127204748@kudesniki.ru> To: "Alex N. Markelov" Cc: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re[3]: DOS atack or hardware problem? In-reply-To: <1771564079.20001127122443@futures.msk.ru> References: <1771564079.20001127122443@futures.msk.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Alex, ANM> Friday, November 24, 2000, 11:30:54 AM, you wrote: WMKR>> has this been known to happen with xl0/3Com 3C509TX? ANM> Yes, I saw the effect with 3Com network card and 3Com switch :(. ANM> Without manual configuration it haven't worked properly. How to lock fxp0 to 100BASE/TX half-duplex? There is only an option to set the full-duplex ('mediaopt full-duplex'). Is it implied half-duplex by default, of by default it's set to "autodetect"? Thanks -- Best regards, Vladimir mailto:kulakov@kudesniki.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 10:26: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from pro.fais.net (unknown [208.249.141.254]) by hub.freebsd.org (Postfix) with ESMTP id 072CD37B479; Mon, 27 Nov 2000 10:25:57 -0800 (PST) Received: from drnet.fais.net (root@drnet.fais.net [208.249.141.31]) by pro.fais.net (8.9.3/8.9.3/Debian/GNU) with ESMTP id NAA01866; Mon, 27 Nov 2000 13:12:20 -0600 Received: from wks01 (wks01.drnet.fais.net [10.64.80.10]) by drnet.fais.net (8.11.0/8.11.0) with SMTP id eARCMT731704; Mon, 27 Nov 2000 12:22:33 GMT (envelope-from jwpauler@jwpages.com) Message-ID: <003b01c0589e$a6683c60$0a50400a@drnet.fais.net> From: "Justin W. Pauler" To: "Vladimir I. Kulakov" , "Alex N. Markelov" Cc: , References: <1771564079.20001127122443@futures.msk.ru> <15940795775.20001127204748@kudesniki.ru> Subject: Re: Re[3]: DOS atack or hardware problem? Date: Mon, 27 Nov 2000 12:19:48 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I believe by default they usually go to 'autodetect'. but to lock it in at 100BASE/TX half-duplex, I would try: ifconfig fxp0 media 100baseTX mediaopt half-duplex I have come to find that if you are going to be running a FreeBSD server in ANY type of production environment, you should not be using 'autodetect'. Justin W. Pauler (drnet) E-Mail: jwpauler@jwpages.com ICQ: 95989631 IRC: Undernet IRC Network ----- Original Message ----- From: "Vladimir I. Kulakov" To: "Alex N. Markelov" Cc: ; Sent: Monday, November 27, 2000 11:47 AM Subject: Re[3]: DOS atack or hardware problem? > Hello Alex, > > ANM> Friday, November 24, 2000, 11:30:54 AM, you wrote: > WMKR>> has this been known to happen with xl0/3Com 3C509TX? > ANM> Yes, I saw the effect with 3Com network card and 3Com switch :(. > ANM> Without manual configuration it haven't worked properly. > > How to lock fxp0 to 100BASE/TX half-duplex? > There is only an option to set the full-duplex ('mediaopt full-duplex'). > Is it implied half-duplex by default, of by default it's set to > "autodetect"? > > Thanks > > -- > Best regards, > Vladimir mailto:kulakov@kudesniki.ru > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 10:29:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 657D937B479 for ; Mon, 27 Nov 2000 10:29:03 -0800 (PST) Received: from wkst ([10.10.1.70]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id NAA05580 for ; Mon, 27 Nov 2000 13:30:12 -0500 Reply-To: From: "Peter Brezny" To: Subject: pine alternative Date: Mon, 27 Nov 2000 13:28:50 -0800 Message-ID: <002501c058b9$09209c20$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org With all the security problems pine has had lately, what alternative are people using, that seems to be secure? ...elm? TIA Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 10:40:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from lunatic.oneinsane.net (lunatic.oneinsane.net [207.113.133.231]) by hub.freebsd.org (Postfix) with ESMTP id B7F2537B479 for ; Mon, 27 Nov 2000 10:40:17 -0800 (PST) Received: by lunatic.oneinsane.net (Postfix, from userid 1000) id A6C5A15551; Mon, 27 Nov 2000 10:40:16 -0800 (PST) Date: Mon, 27 Nov 2000 10:40:16 -0800 From: Ron 'The InSaNe One' Rosson To: freebsd-isp@freebsd.org Subject: Re: pine alternative Message-ID: <20001127104016.A80213@lunatic.oneinsane.net> Reply-To: Ron Rosson Mail-Followup-To: freebsd-isp@freebsd.org References: <002501c058b9$09209c20$46010a0a@sysadmininc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002501c058b9$09209c20$46010a0a@sysadmininc.com>; from peter@sysadmin-inc.com on Mon, Nov 27, 2000 at 01:28:50PM -0800 X-Operating-System: FreeBSD lunatic.oneinsane.net 4.1.1-STABLE X-Moon: The Moon is Waxing Crescent (4% of Full) X-Opinion: What you read here is my IMHO X-WWW: http://www.oneinsane.net X-GPG-FINGERPRINT: 3F11 DB43 F080 C037 96F0 F8D3 5BD2 652B 171C 86DB X-Uptime: 10:37AM up 29 days, 12:52, 1 user, load averages: 1.12, 1.08, 1.07 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peter Brezny (peter@sysadmin-inc.com) wrote: > With all the security problems pine has had lately, what alternative are > people using, that seems to be secure? ...elm? > > TIA > There is mutt (/usr/ports/mail/mutt) below is the contents of the pkg-descr for the port. Mutt -- "The Mongrel of Mail User Agents" (part Elm, part Pine, part mh, part slrn, part everything else) is an interactive screen-oriented mailer program that supersedes Elm, Pine, mail and mailx. Features include color support, message threading, MIME support (including RFC1522 support for encoded headers), customizable key bindings, POP3, Delivery Status Notification (DSN) support, and PGP/MIME. http://www.oneinsane.net: http://www.mutt.org/ Mutt User Information: http://www.math.fu-berlin.de/~guckes/mutt/ Hope this helps -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ You're only young once--after that you need another excuse. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 10:47:29 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id 1B10037B479 for ; Mon, 27 Nov 2000 10:47:22 -0800 (PST) Received: from opal.ccmr.cornell.edu (IDENT:0@opal.ccmr.cornell.edu [128.84.231.116]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA05627; Mon, 27 Nov 2000 13:47:11 -0500 Received: from localhost (mitch@localhost) by opal.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id NAA32705; Mon, 27 Nov 2000 13:47:09 -0500 X-Authentication-Warning: opal.ccmr.cornell.edu: mitch owned process doing -bs Date: Mon, 27 Nov 2000 13:47:09 -0500 (EST) From: Mitch Collinsworth To: Peter Brezny Cc: freebsd-isp@FreeBSD.ORG Subject: Re: pine alternative In-Reply-To: <002501c058b9$09209c20$46010a0a@sysadmininc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > With all the security problems pine has had lately, what alternative are > people using, that seems to be secure? ...elm? A lot of our users like mutt which is more or less a follow-on to elm. The real hackers seem to like either exmh or anything that runs under emacs. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 11:38:38 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ajax1.sovam.com (ajax1.sovam.com [194.67.1.172]) by hub.freebsd.org (Postfix) with ESMTP id 070D037B4C5; Mon, 27 Nov 2000 11:38:28 -0800 (PST) Received: from ts8-a150.dial.sovam.com ([195.239.2.150]:1196 "EHLO ts8-a150.dial.sovam.com" ident: "NO-IDENT-SERVICE[2]" whoson: "-unregistered-" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax1.sovam.com with ESMTP id ; Mon, 27 Nov 2000 22:38:12 +0300 Date: Mon, 27 Nov 2000 22:37:49 +0300 From: "Vladimir I. Kulakov" X-Mailer: The Bat! (v1.47 Halloween Edition) Reply-To: "Vladimir I. Kulakov" Organization: Kudesniki JSC X-Priority: 3 (Normal) Message-ID: <13447397719.20001127223749@kudesniki.ru> To: freebsd-isp@FreeBSD.ORG, security@FreeBSD.ORG, sean@stat.Duke.EDU Subject: Re[2]: DOS atack or hardware problem? In-reply-To: <20001127125635.M45407@stat.Duke.EDU> References: <1771564079.20001127122443@futures.msk.ru> <15940795775.20001127204748@kudesniki.ru> <20001127125635.M45407@stat.Duke.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Sean, Monday, November 27, 2000, 8:56:35 PM, you wrote: SOC> Vladimir I. Kulakov stated: SOC> : Hello Alex, SOC> : : ANM>> Friday, November 24, 2000, 11:30:54 AM, you wrote: : WMKR>>> has this been known to happen with xl0/3Com 3C509TX? : ANM>> Yes, I saw the effect with 3Com network card and 3Com switch :(. : ANM>> Without manual configuration it haven't worked properly. SOC> : SOC> : How to lock fxp0 to 100BASE/TX half-duplex? SOC> : There is only an option to set the full-duplex ('mediaopt full-duplex'). SOC> : Is it implied half-duplex by default, of by default it's set to SOC> : "autodetect"? SOC> : SOC> : Thanks SOC> : SOC> : -- SOC> : Best regards, SOC> Vladimir- SOC> I believe that if you just use: SOC> media 100baseTX SOC> it will be in half-duplex mode by default. The mediaopt flag SOC> is only helpful for full-duplex if you are hardcoding the media. SOC> The alternative is to try and let the driver autonegotiate--ie, SOC> do not pass any media/mediaopt flags to ifconfig_fxp0. Ok. Then how to set the mediaopt to autodetect half/full-duplex, in case it'l be needed? Is there an option "half-duplex"? Or this card can't autodetect half/full duplex? -- Best regards, Vladimir mailto:kulakov@kudesniki.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 21:31:29 2000 Delivered-To: freebsd-isp@freebsd.org Received: from keep.scn.ru (SCN-SibInet.sibinet.ru [213.24.217.138]) by hub.freebsd.org (Postfix) with ESMTP id A52CD37B4F9; Mon, 27 Nov 2000 21:31:22 -0800 (PST) Received: from scn.ru (alx.sc.ten [10.0.0.13]) by keep.scn.ru (8.9.3/8.9.3) with ESMTP id MAA14143; Tue, 28 Nov 2000 12:31:55 +0700 (KRAT) (envelope-from alx@scn.ru) Message-ID: <3A23437E.189E8C7B@scn.ru> Date: Tue, 28 Nov 2000 12:32:46 +0700 From: "Alex N. Zhuravlev" Organization: SCT X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Limiting script memory usage Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi ! I've recently got a proplem. I am running Apache on FreeBSD and maintaining virtual web-servers. For each server there is a specific user, and using apache suexec, cgi cripts are running from those specific users. One of them got a perl script with memory leak - so script gets all the memory, than swap and hangs all the host at final. Here is the question: is there any way to limit resourses via OS (memory, cpu) for that specific user or group/class of users ? I've tried to make a group in login.conf: ------------------------------------------------------------------------- webcl|Web clients:\ :cputime=30m:\ :datasize=8M:\ :stacksize=2M:\ :memorylocked=4M:\ :memoryuse=8M:\ ------------------------------------------------------------------------- and assigning those users to login class webcl. This doesn't help - again script tooks all the memory. Scripts are running from Apache, so using nice and limit, I guess, is unappliable. Maybe somebody has got a solution ??? Answer please direct, cause I am out of freebsd-questions now. Thanks for any help. Alex N. Zhuravlev. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 21:54: 6 2000 Delivered-To: freebsd-isp@freebsd.org Received: from www.i-sphere.com (www.i-sphere.com [207.126.121.224]) by hub.freebsd.org (Postfix) with ESMTP id 339C637B479 for ; Mon, 27 Nov 2000 21:54:04 -0800 (PST) Received: (from fasty@localhost) by www.i-sphere.com (8.11.0/8.11.0) id eAS5rBU29451; Mon, 27 Nov 2000 21:53:11 -0800 (PST) (envelope-from fasty) Date: Mon, 27 Nov 2000 21:53:11 -0800 From: faSty To: "Alex N. Zhuravlev" Cc: freebsd-isp@freebsd.org Subject: Re: Limiting script memory usage Message-ID: <20001127215311.I82395@i-sphere.com> References: <3A23437E.189E8C7B@scn.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A23437E.189E8C7B@scn.ru>; from alx@scn.ru on Tue, Nov 28, 2000 at 12:32:46PM +0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, the Apache webserver runs on nobody/nobody (uid/gid). try set up on nobody statement instead webcl. PS. excuse me Im brand new to this discussion forums :) -trev On Tue, Nov 28, 2000 at 12:32:46PM +0700, Alex N. Zhuravlev wrote: > Hi ! > I've recently got a proplem. I am running Apache on FreeBSD and > maintaining virtual web-servers. For each server there is a specific > user, and using apache suexec, cgi cripts are running from those > specific users. One of them got a perl script with memory leak - so > script gets all the memory, than swap and hangs all the host at final. > Here is the question: is there any way to limit resourses via OS > (memory, cpu) for that specific user or group/class of users ? > I've tried to make a group in login.conf: > ------------------------------------------------------------------------- > webcl|Web clients:\ > :cputime=30m:\ > :datasize=8M:\ > :stacksize=2M:\ > :memorylocked=4M:\ > :memoryuse=8M:\ > ------------------------------------------------------------------------- > and assigning those users to login class webcl. This doesn't help - > again script tooks all the memory. Scripts are running from Apache, so > using nice and limit, I guess, is unappliable. > > Maybe somebody has got a solution ??? > > Answer please direct, cause I am out of freebsd-questions now. > Thanks for any help. > > Alex N. Zhuravlev. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 22:43:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 49F4F37B403 for ; Mon, 27 Nov 2000 22:43:48 -0800 (PST) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id RAA50057 for ; Tue, 28 Nov 2000 17:43:34 +1100 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Tue, 28 Nov 2000 17:43:32 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: tcpdump & user-ppp/tunX Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, velvet# tcpdump -qenli tun0 tcpdump: listening on tun0 17:38:47.939979 203.20.114.243.1131 > 203.20.114.197.31488: udp 4 Has anyone else noticed that the -e option (show packet size) in tcpdump doesn't seem to work for tunX devices? Is this a bug, or not supported by that device? Actually, I just checked and a machine running 3.4R doesn't show it on pppX devices either, yet a 2.2.8R one does... has something major changed with the ppp/tun device structure, BPF, or tcpdump since 2.2.8R? Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 22:53:41 2000 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 3E4DC37B402 for ; Mon, 27 Nov 2000 22:53:38 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id RAA48285; Tue, 28 Nov 2000 17:52:44 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from disc-4-161.aipo.gov.au(10.0.4.161) by pericles.IPAustralia.gov.au via smap (V2.0) id xma048278; Tue, 28 Nov 00 17:52:39 +1100 Received: from localhost (anwsmh@localhost) by stan.aipo.gov.au (8.9.3/8.9.3) with ESMTP id RAA07301; Tue, 28 Nov 2000 17:52:39 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh owned process doing -bs Date: Tue, 28 Nov 2000 17:52:38 +1100 (EST) From: Stanley Hopcroft X-Sender: anwsmh@stan.aipo.gov.au To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: tcpdump & user-ppp/tunX In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, > Hi all, > > velvet# tcpdump -qenli tun0 > tcpdump: listening on tun0 > 17:38:47.939979 203.20.114.243.1131 > 203.20.114.197.31488: udp 4 > > Has anyone else noticed that the -e option (show packet size) in tcpdump > doesn't seem to work for tunX devices? Is this a bug, or not supported by > that device? I think that tcpdump does display larger than default packet sizes when used with a tunX device. (tcpdump -x -s1500 works fine for me with FreeBSD 4.1-RELEASE and the Brian Somers patches to make it work with a filter. See PR some time ago). I think you will find that the -e switch is the switch to display ethernet/MAC addresses. I don't know what it does for PPP. I am using user mode ppp (tunX). I can't comment about kernel mode. > > Actually, I just checked and a machine running 3.4R doesn't show it on > pppX devices either, yet a 2.2.8R one does... has something major changed > with the ppp/tun device structure, BPF, or tcpdump since 2.2.8R? > > Cheers. > > > -- > Rowan Crowe http://www.rowan.sensation.net.au/ > Sensation Internet Services http://info.sensation.net.au/ > Melbourne, Australia Phone: +61-3-9388-9260 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 23: 2:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id A041537B402 for ; Mon, 27 Nov 2000 23:02:21 -0800 (PST) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id SAA50136 for ; Tue, 28 Nov 2000 18:02:13 +1100 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Tue, 28 Nov 2000 18:02:11 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: tcpdump & user-ppp/tunX In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 28 Nov 2000, Stanley Hopcroft wrote: > > Has anyone else noticed that the -e option (show packet size) in tcpdump > > doesn't seem to work for tunX devices? Is this a bug, or not supported by > > that device? Hello Stanley, > I think you will find that the -e switch is the switch to display > ethernet/MAC addresses. I don't know what it does for PPP. You're spot on, I just checked the man page. I guess it's only "luck" in the past that meant it showed the size of a PPP packet. Unfortunately, size of packet is what I need, as well as the basic src/dest info! I guess I could use -x and count the output bytes, although this doesn't include the link level header... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 23:15: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 017BB37B401 for ; Mon, 27 Nov 2000 23:14:57 -0800 (PST) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 140eI2-0007Qm-00; Mon, 27 Nov 2000 22:30:54 -0800 Date: Mon, 27 Nov 2000 22:30:50 -0800 (PST) From: Tom Samplonius To: faSty Cc: "Alex N. Zhuravlev" , freebsd-isp@freebsd.org Subject: Re: Limiting script memory usage In-Reply-To: <20001127215311.I82395@i-sphere.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 27 Nov 2000, faSty wrote: > Hi, > > the Apache webserver runs on nobody/nobody (uid/gid). try set up on > nobody statement instead webcl. > > PS. excuse me Im brand new to this discussion forums :) > -trev Not really applicable when suexec is used. Basically, suexec is not applying the class resource limits when changing uids. I believe there are patches floating around that do this (actually the patches that I've seen apply a specific class to all suexec scripts). Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 23:17:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 4B1E737B400 for ; Mon, 27 Nov 2000 23:17:53 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id SAA48829; Tue, 28 Nov 2000 18:17:15 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from disc-4-161.aipo.gov.au(10.0.4.161) by pericles.IPAustralia.gov.au via smap (V2.0) id xma048826; Tue, 28 Nov 00 18:17:01 +1100 Received: from localhost (anwsmh@localhost) by stan.aipo.gov.au (8.9.3/8.9.3) with ESMTP id SAA07327; Tue, 28 Nov 2000 18:17:01 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh owned process doing -bs Date: Tue, 28 Nov 2000 18:17:00 +1100 (EST) From: Stanley Hopcroft X-Sender: anwsmh@stan.aipo.gov.au To: Rowan Crowe Cc: FreeBSD-ISP@FreeBSD.ORG Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I am writing to say that ethereal (http://www.zing.org aka http://www.ethereal.com/) is a very nice seven layer packet decoder that may be suitable if you need nasty link layer stuff. There is a FreeBSD port of it, and while for my moneys worth, tcpdump with ASCII decode patches (he he), is by far and way more convenient than a relatively sluggish X application, Ethereal decodes almost every protocol and his dog. The SMB decode (courtesy Richard Sharp of the Samba team) is particuarly good. We have an HP Internet advisor; the Ethereal decode is *much* better. Thank you. Yours sincerely, S Hopcroft Network Specialist IP Australia +61 2 6283 3189 +61 2 6281 1353 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Nov 27 23:31:43 2000 Delivered-To: freebsd-isp@freebsd.org Received: from backup.af.speednet.com.au (af.speednet.com.au [202.135.188.244]) by hub.freebsd.org (Postfix) with ESMTP id 171B437B69F for ; Mon, 27 Nov 2000 23:31:33 -0800 (PST) Received: from backup.af.speednet.com.au (backup.af.speednet.com.au [172.22.2.4]) by backup.af.speednet.com.au (8.11.1/8.11.1) with ESMTP id eAS7TaF18720; Tue, 28 Nov 2000 18:29:37 +1100 (EST) (envelope-from andyf@speednet.com.au) Date: Tue, 28 Nov 2000 18:29:36 +1100 (EST) From: Andy Farkas X-Sender: andyf@backup.af.speednet.com.au To: Tom Samplonius Cc: faSty , "Alex N. Zhuravlev" , freebsd-isp@FreeBSD.ORG Subject: Re: Limiting script memory usage In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org See PR 13606. I use this and it works fine :-) ps. its an old patch, so it won't apply cleanly. Let me know if you need more help.... Also, I use this cgi script to test: #!/bin/sh echo Content-type: text/html echo echo \ limits On Mon, 27 Nov 2000, Tom Samplonius wrote: > Not really applicable when suexec is used. > > Basically, suexec is not applying the class resource limits when > changing uids. I believe there are patches floating around that do this > (actually the patches that I've seen apply a specific class to all suexec > scripts). > > Tom > -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 2:51:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.intnet.com.cn (unknown [202.96.192.53]) by hub.freebsd.org (Postfix) with SMTP id BC6C637B401 for ; Tue, 28 Nov 2000 02:51:20 -0800 (PST) Received: (qmail 38506 invoked from network); 28 Nov 2000 11:44:44 -0000 Received: from unknown (HELO williams.intnet.com.cn) (61.129.102.37) by npc.haplink.com.cn with SMTP; 28 Nov 2000 11:44:44 -0000 Message-Id: <5.0.0.25.0.20001128185014.009e2190@202.96.192.53> X-Sender: williams@202.96.192.53 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 28 Nov 2000 18:53:05 +0800 To: freebsd-questions@freebsd.org From: williams wang Subject: callback Cc: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, does anyone know how to setup a callback connection to the isp. I have done it in the windows easily, it is little harder in Freebsd. Thanks a lot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 2:58:52 2000 Delivered-To: freebsd-isp@freebsd.org Received: from apollo2.waverider.net.uk (apollo2.waverider.net.uk [212.105.191.49]) by hub.freebsd.org (Postfix) with ESMTP id 535FB37B402 for ; Tue, 28 Nov 2000 02:58:49 -0800 (PST) Received: from bugs (bugs.office.waverider.net.uk [212.105.191.50]) by apollo2.waverider.net.uk (8.9.3/8.9.3) with SMTP id KAA21825 for ; Tue, 28 Nov 2000 10:51:21 GMT From: "Andy Cowan" To: Subject: Secondary DNS swap anyone? Date: Tue, 28 Nov 2000 10:58:44 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm looking to arrange a secondary DNS and backup MX swap with someone of a similar size to ourselves. We host around a thousand zones, increasing at around 5% per month. I envisage a fairly trivial script to synchronise the conf files over ssh or something similar, which we'll provide. Anyone interested? A. -- Andy Cowan Wave Rider Internet Ltd http://www.waverider.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 6:37:21 2000 Delivered-To: freebsd-isp@freebsd.org Received: from tomts8-srv.bellnexxia.net (tomts8.bellnexxia.net [209.226.175.52]) by hub.freebsd.org (Postfix) with ESMTP id B81DA37B400 for ; Tue, 28 Nov 2000 06:37:17 -0800 (PST) Received: from carotte ([64.229.230.108]) by tomts8-srv.bellnexxia.net (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001128143717.IEYA27329.tomts8-srv.bellnexxia.net@carotte> for ; Tue, 28 Nov 2000 09:37:17 -0500 Message-ID: <006e01c05948$ac946e60$bd78fea9@carotte> From: "Cedric Veilleux" To: Subject: Anonymous server Date: Tue, 28 Nov 2000 09:37:02 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_006B_01C0591E.C359B120" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_006B_01C0591E.C359B120 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, We are doing webhosting and we have resellers working for us. We = need to make the server as most anonymous as possible (We don't want our = hostname anywhere). The two main places I'd like it to disappear is at = the first line when you connect in telnet=20 FreeBSD/i386 (smashweb.com) (ttyp0) and at the prompt "smashweb:/usr/home>" we use CSH Thank you for any help, Cedric Veilleux, SmashWeb ------=_NextPart_000_006B_01C0591E.C359B120 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
    We are doing = webhosting and we=20 have resellers working for us. We need to make the server as most = anonymous as=20 possible (We don't want our hostname anywhere). The two main places I'd = like it=20 to disappear is at the first line when you connect in telnet =
FreeBSD/i386 (smashweb.com) = (ttyp0)
 
and at the prompt=20 "smashweb:/usr/home>"
we use CSH
 
Thank you for any help,
 
Cedric Veilleux,
SmashWeb
------=_NextPart_000_006B_01C0591E.C359B120-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 7:41: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id AB2DE37B400 for ; Tue, 28 Nov 2000 07:41:05 -0800 (PST) Received: (qmail 44853 invoked by uid 106); 28 Nov 2000 15:45:07 -0000 Received: from adsl-151-202-94-118.nyc.adsl.bellatlantic.net (HELO sharky) (151.202.94.118) by anaconda.acceleratedweb.net with SMTP; 28 Nov 2000 15:45:07 -0000 From: "Simon" To: "Cedric Veilleux" , "freebsd-isp@freebsd.org" Date: Tue, 28 Nov 2000 10:45:02 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: <006e01c05948$ac946e60$bd78fea9@carotte> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_=_=_=IMA.BOUNDARY.HTML_4963648=_=_=_" Subject: Re: Anonymous server Message-Id: <20001128154105.AB2DE37B400@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --_=_=_=IMA.BOUNDARY.HTML_4963648=_=_=_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, Edit your /etc/gettytab for the first one and /etc/profile to change the prompt -Simon --Original Message Text--- From: Cedric Veilleux Date: Tue, 28 Nov 2000 09:37:02 -0500 Hi, We are doing webhosting and we have resellers working for us. We need to make the server as most anonymous as possible (We don't want our hostname anywhere). The two main places I'd like it to disappear is at the first line when you connect in telnet FreeBSD/i386 (smashweb.com) (ttyp0) and at the prompt "smashweb:/usr/home>" we use CSH Thank you for any help, Cedric Veilleux, SmashWeb --_=_=_=IMA.BOUNDARY.HTML_4963648=_=_=_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi,

Edit your /etc/gettytab for the first one and /etc/profile to change the prompt

-Simon

--Original Message Text---
From: Cedric Veilleux
Date: Tue, 28 Nov 2000 09:37:02 -0500

Hi,

We are doing webhosting and we have resellers working for us. We need to make the server as most anonymous as possible (We don't want our hostname anywhere). The two main places I'd like it to disappear is at the first line when you connect in telnet
FreeBSD/i386 (smashweb.com) (ttyp0)

and at the prompt "smashweb:/usr/home>"
we use CSH

Thank you for any help,

Cedric Veilleux,
SmashWeb


--_=_=_=IMA.BOUNDARY.HTML_4963648=_=_=_-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 8:34:36 2000 Delivered-To: freebsd-isp@freebsd.org Received: from flux.c-zone.net (flux.c-zone.net [216.190.4.216]) by hub.freebsd.org (Postfix) with ESMTP id A7C4F37B400 for ; Tue, 28 Nov 2000 08:34:34 -0800 (PST) Received: from localhost (bdan@localhost) by flux.c-zone.net (8.11.1/8.11.1) with ESMTP id eASGYX448303 for ; Tue, 28 Nov 2000 08:34:33 -0800 (PST) Date: Tue, 28 Nov 2000 08:34:33 -0800 (PST) From: Dan Babb To: freebsd-isp@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe - Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 8:39:24 2000 Delivered-To: freebsd-isp@freebsd.org Received: from flux.c-zone.net (flux.c-zone.net [216.190.4.216]) by hub.freebsd.org (Postfix) with ESMTP id A907B37B400 for ; Tue, 28 Nov 2000 08:39:20 -0800 (PST) Received: from localhost (bdan@localhost) by flux.c-zone.net (8.11.1/8.11.1) with ESMTP id eASGdK348677 for ; Tue, 28 Nov 2000 08:39:20 -0800 (PST) Date: Tue, 28 Nov 2000 08:39:20 -0800 (PST) From: Dan Babb To: freebsd-isp@freebsd.org Subject: sendmail 8.11.1 and cyrus sasl Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i had sent this in under freebsd-questions orginally and also to the comp.mail.sendmail group under the post (ld link error) but maybe this will catch some more eyes and since i do work for an isp i thought i'd give it a shot here since its isp-related. current software and o/s FreeBSD 4.2-STABLE sendmail 8.11.1 cyrus-sasl 1.5.24_4 libtool-1.3.4_1 m4-1.4 db3-3.1.17 autoconf-2.13 automake-1.4 here is what my site.config.m4 looks like with the added cyrus sasl taken from http://www.sendmail.org/~ca/email/auth.html APPENDDEF(`confENVDEF', `-DSASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') APPENDDEF(`confINCDIRS', `-I/usr/local/include/') i've had a problem trying to configure sendmail with cyrus sasl .. i've tried installing two ways. one from the ports and modifying the ports site.config.m4 before building so i can add the paths to find cyrus-sasl or i manually configure and install sendmail and cyrus sasl. no matter which i do i always end up with this error: root@vacant:// cd /usr/ports/mail/sendmail/ root@vacant:// make build ===> Building for sendmail-8.11.1 Making all in: /usr/ports/mail/sendmail/work/sendmail-8.11.1/libsmutil Configuration: pfx=, os=FreeBSD, rel=4.2-STABLE, rbase=4, rroot=4.2-STABLE, arch=i386, sfx=, variant=optimized Making in ../obj.FreeBSD.4.2-STABLE.i386/libsmutil Making all in: /usr/ports/mail/sendmail/work/sendmail-8.11.1/libsmdb Configuration: pfx=, os=FreeBSD, rel=4.2-STABLE, rbase=4, rroot=4.2-STABLE, arch=i386, sfx=, variant=optimized Making in ../obj.FreeBSD.4.2-STABLE.i386/libsmdb Making all in: /usr/ports/mail/sendmail/work/sendmail-8.11.1/sendmail Configuration: pfx=, os=FreeBSD, rel=4.2-STABLE, rbase=4, rroot=4.2-STABLE, arch=i386, sfx=, variant=optimized Making in ../obj.FreeBSD.4.2-STABLE.i386/sendmail cc -o sendmail -L/usr/local/lib/sasl main.o alias.o arpadate.o bf_torek.o clock.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o map.o mci.o milter.o mime.o parseaddr.o queue.o readcf.o recipient.o savemail.o sfsasl.o shmticklib.o srvrsmtp.o stab.o stats.o sysexits.o timers.o trace.o udb.o usersmtp.o util.o version.o -lsasl ../libsmutil/libsmutil.a -lutil /usr/libexec/elf/ld: cannot find -lsasl *** Error code 1 Stop in /usr/ports/mail/sendmail/work/sendmail-8.11.1/obj.FreeBSD.4.2-STABLE.i386/sendmail. *** Error code 1 Stop in /usr/ports/mail/sendmail/work/sendmail-8.11.1. *** Error code 1 Stop in /usr/ports/mail/sendmail. *** Error code 1 Stop in /usr/ports/mail/sendmail. *** Error code 1 Stop in /usr/ports/mail/sendmail. i basically don't understand why its saying it can't find lsasl .. i ran the command /sbin/ldconfig -elf -m /usr/local/lib it should have updated that so it knows that sasl is there. anyway i'm stuck .. any help would be appreicated. - Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 8:50:57 2000 Delivered-To: freebsd-isp@freebsd.org Received: from christel.heitec.net (christel.heitec.net [193.101.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 287EA37B401 for ; Tue, 28 Nov 2000 08:50:55 -0800 (PST) Received: from tashi.admin.er.heitec.net (paladin.heitec.net [193.101.232.30]) by christel.heitec.net (Postfix) with ESMTP id 548E4354813 for ; Tue, 28 Nov 2000 17:56:43 +0100 (CET) Received: by tashi.admin.er.heitec.net (Postfix, from userid 1000) id 7DE9A1DE6; Tue, 28 Nov 2000 17:51:39 +0100 (CET) Date: Tue, 28 Nov 2000 17:51:39 +0100 To: freebsd-isp@freebsd.org Subject: Re: Anonymous server Message-ID: <20001128175139.E12020@heitec.net> Mail-Followup-To: freebsd-isp@freebsd.org References: <006e01c05948$ac946e60$bd78fea9@carotte> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <006e01c05948$ac946e60$bd78fea9@carotte>; from sales@smashweb.com on Tue, Nov 28, 2000 at 09:37:02 -0500 Organization: Heitec AG From: lenz@heitec.net (Lenz Gschwendtner) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Cedric, On Tue, 28 Nov 2000, Cedric Veilleux wrote: > Hi, > > We are doing webhosting and we have resellers working for us. We need to make the server as most anonymous as possible (We don't want our hostname anywhere). The two main places I'd like it to disappear is at the first line when you connect in telnet > FreeBSD/i386 (smashweb.com) (ttyp0) for me an entry in /etc/inetd.conf like this works fine telnet stream tcp nowait root /usr/libexec/telnetd telnetd -h the output is then only: Escape character is '^]'. login: cheers lenz -- (__) eat penguins instead, they start to (++)-----i\ spread around anyway! ~~| BSE | * |_|~|_| FreeBSD Systemadministrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 9:56:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gifw.genroco.com (genroco.com [205.254.195.202]) by hub.freebsd.org (Postfix) with ESMTP id CCEAF37B400 for ; Tue, 28 Nov 2000 09:56:49 -0800 (PST) Received: from gi2.genroco.com (IDENT:root@gi2.genroco.com [192.133.120.3]) by gifw.genroco.com (8.9.3/8.9.3) with ESMTP id LAA18386; Tue, 28 Nov 2000 11:56:44 -0600 Received: from scot.genroco.com (scot.genroco.com [192.133.120.125]) by gi2.genroco.com (8.9.3/8.9.3) with SMTP id LAA04677; Tue, 28 Nov 2000 11:56:33 -0600 Message-ID: <013c01c05964$91916340$7d7885c0@genroco.com> From: "Scot W. Hetzel" To: "Alex N. Zhuravlev" Cc: References: Subject: Re: Limiting script memory usage Date: Tue, 28 Nov 2000 11:56:31 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Tom Samplonius" > On Mon, 27 Nov 2000, faSty wrote: > > the Apache webserver runs on nobody/nobody (uid/gid). try set up on > > nobody statement instead webcl. > > > > PS. excuse me Im brand new to this discussion forums :) > > -trev > > Not really applicable when suexec is used. > > Basically, suexec is not applying the class resource limits when > changing uids. I believe there are patches floating around that do this > (actually the patches that I've seen apply a specific class to all suexec > scripts). > The apache13-fp port's suexec uses the logincap database to limit resources based on the logincap entry for the user. see patch-fd & patch-fe. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 10:21: 4 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gifw.genroco.com (genroco.com [205.254.195.202]) by hub.freebsd.org (Postfix) with ESMTP id A5C7637B400 for ; Tue, 28 Nov 2000 10:20:46 -0800 (PST) Received: from gi2.genroco.com (IDENT:root@gi2.genroco.com [192.133.120.3]) by gifw.genroco.com (8.9.3/8.9.3) with ESMTP id MAA18466; Tue, 28 Nov 2000 12:20:43 -0600 Received: from scot.genroco.com (scot.genroco.com [192.133.120.125]) by gi2.genroco.com (8.9.3/8.9.3) with SMTP id MAA04782; Tue, 28 Nov 2000 12:20:35 -0600 Message-ID: <016101c05967$eafb1180$7d7885c0@genroco.com> From: "Scot W. Hetzel" To: "Dan Babb" , References: Subject: Re: sendmail 8.11.1 and cyrus sasl Date: Tue, 28 Nov 2000 12:19:40 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Dan Babb" > > i had sent this in under freebsd-questions orginally and also to the > comp.mail.sendmail group under the post (ld link error) but maybe this > will catch some more eyes and since i do work for an isp i thought i'd > give it a shot here since its isp-related. > > current software and o/s > > FreeBSD 4.2-STABLE > sendmail 8.11.1 > cyrus-sasl 1.5.24_4 > libtool-1.3.4_1 > m4-1.4 > db3-3.1.17 > autoconf-2.13 > automake-1.4 > > here is what my site.config.m4 looks like with the added cyrus sasl taken > from http://www.sendmail.org/~ca/email/auth.html > > APPENDDEF(`confENVDEF', `-DSASL') > APPENDDEF(`conf_sendmail_LIBS', `-lsasl') > APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') > APPENDDEF(`confINCDIRS', `-I/usr/local/include/') This should be: APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') > > i've had a problem trying to configure sendmail with cyrus sasl .. i've > tried installing two ways. > > one from the ports and modifying the ports site.config.m4 before building > so i can add the paths to find cyrus-sasl > > or i manually configure and install sendmail and cyrus sasl. no matter > which i do i always end up with this error: > Have you tried enabling SASL with Sendmail 8.11.1 included in FreeBSD 4.2 sources? First CVSUP your FreeBSD 4.2 sources to the latest, and then use the following updated instructions to Sendmail.README (security/cyrus-sasl): 1) Add the following to /etc/make.conf: # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl 2) Rebuild FreeBSD (make buildworld, ...) 3) Create /usr/local/lib/sasl/Sendmail.conf with the following. pwcheck_method: pwcheck NOTE: security/cyrus-sasl port does this for you. 4) Add the following to your sendmail.mc file: TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl ---- You may also add LOGIN, PLAIN, GSSAPI, KERBEROS_V4 to TRUST_AUTH_MECH and confAUTH_MECHANISMS (space seperated list). You may want to restrict LOGIN, and PLAIN authentication methods for use with STARTTLS only as the password is not encrypted when passed to sendmail. LOGIN is required for Outlook Express users. "My server requires authentication" needs to be checked in the accounts properties to use SASL Authentication. PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with SASL. The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb database. Otherwise you could chown root the sasldb file. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 17:43:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.intnet.com.cn (unknown [202.96.192.53]) by hub.freebsd.org (Postfix) with SMTP id E276537B401 for ; Tue, 28 Nov 2000 17:43:42 -0800 (PST) Received: (qmail 9810 invoked from network); 29 Nov 2000 02:37:04 -0000 Received: from unknown (HELO williams.intnet.com.cn) (61.129.102.51) by npc.haplink.com.cn with SMTP; 29 Nov 2000 02:37:04 -0000 Message-Id: <5.0.0.25.0.20001129090122.009d5680@202.96.192.53> X-Sender: williams@202.96.192.53 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 29 Nov 2000 09:45:15 +0800 To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org From: williams wang Subject: RE:Callback Cc: laa@laa.zp.ua Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have done something like this, set callback cbcp set cbcp 12345678 the network access server know it is a cbcp call,and it call back to my freebsd, but the freebsd do not answer it. Is it necessary to set up a ppp server to answer the incoming call? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Nov 28 17:53:32 2000 Delivered-To: freebsd-isp@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 7859537B400; Tue, 28 Nov 2000 17:53:23 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.1/8.11.1) with ESMTP id eAT1oL805592; Wed, 29 Nov 2000 01:50:21 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eAT1qgD35945; Wed, 29 Nov 2000 01:52:42 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200011290152.eAT1qgD35945@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: williams wang Cc: freebsd-isp@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG, laa@laa.zp.ua, brian@Awfulhak.org Subject: Re: Callback In-Reply-To: Message from williams wang of "Wed, 29 Nov 2000 09:45:15 +0800." <5.0.0.25.0.20001129090122.009d5680@202.96.192.53> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 29 Nov 2000 01:52:42 +0000 From: Brian Somers Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I have done something like this, > > set callback cbcp > set cbcp 12345678 > > the network access server know it is a cbcp call,and it call back to my > freebsd, but the freebsd do not answer it. > Is it necessary to set up a ppp server to answer the incoming call? Yes, 'fraid so. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 4:38: 7 2000 Delivered-To: freebsd-isp@freebsd.org Received: from colossus.invictanet.co.uk (colossus.invictanet.co.uk [62.232.18.118]) by hub.freebsd.org (Postfix) with ESMTP id 3FE4E37B400 for ; Wed, 29 Nov 2000 04:38:02 -0800 (PST) Received: from harryhome (modem392.netkonect.net [194.164.14.138]) by colossus.invictanet.co.uk (8.9.3/8.9.3) with SMTP id MAA20919; Wed, 29 Nov 2000 12:37:59 GMT From: "InvictaNet Customer Support" To: "Freebsd-ISP" Cc: "Scot W. Hetzel" Subject: RE: sendmail 8.11.1 and cyrus sasl Date: Wed, 29 Nov 2000 12:37:56 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <016101c05967$eafb1180$7d7885c0@genroco.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've done all this (apart from the make world at the bottom) but still get relaying denied. I run FreeBSD 3.4 and Sendmail 8.11.1, I really do need to get SMTP AUTH running, can anyone offer any suggestions of where to look. Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk mailto:info@invictanet.co.uk phone: 0870 7402252 fax: +44 (0)1233 334001 ------------------------------------------------------ -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Scot W. Hetzel Sent: Tuesday, November 28, 2000 6:20 PM To: Dan Babb; freebsd-isp@FreeBSD.ORG Subject: Re: sendmail 8.11.1 and cyrus sasl From: "Dan Babb" > > i had sent this in under freebsd-questions orginally and also to the > comp.mail.sendmail group under the post (ld link error) but maybe this > will catch some more eyes and since i do work for an isp i thought i'd > give it a shot here since its isp-related. > > current software and o/s > > FreeBSD 4.2-STABLE > sendmail 8.11.1 > cyrus-sasl 1.5.24_4 > libtool-1.3.4_1 > m4-1.4 > db3-3.1.17 > autoconf-2.13 > automake-1.4 > > here is what my site.config.m4 looks like with the added cyrus sasl taken > from http://www.sendmail.org/~ca/email/auth.html > > APPENDDEF(`confENVDEF', `-DSASL') > APPENDDEF(`conf_sendmail_LIBS', `-lsasl') > APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') > APPENDDEF(`confINCDIRS', `-I/usr/local/include/') This should be: APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') > > i've had a problem trying to configure sendmail with cyrus sasl .. i've > tried installing two ways. > > one from the ports and modifying the ports site.config.m4 before building > so i can add the paths to find cyrus-sasl > > or i manually configure and install sendmail and cyrus sasl. no matter > which i do i always end up with this error: > Have you tried enabling SASL with Sendmail 8.11.1 included in FreeBSD 4.2 sources? First CVSUP your FreeBSD 4.2 sources to the latest, and then use the following updated instructions to Sendmail.README (security/cyrus-sasl): 1) Add the following to /etc/make.conf: # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl 2) Rebuild FreeBSD (make buildworld, ...) 3) Create /usr/local/lib/sasl/Sendmail.conf with the following. pwcheck_method: pwcheck NOTE: security/cyrus-sasl port does this for you. 4) Add the following to your sendmail.mc file: TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl ---- You may also add LOGIN, PLAIN, GSSAPI, KERBEROS_V4 to TRUST_AUTH_MECH and confAUTH_MECHANISMS (space seperated list). You may want to restrict LOGIN, and PLAIN authentication methods for use with STARTTLS only as the password is not encrypted when passed to sendmail. LOGIN is required for Outlook Express users. "My server requires authentication" needs to be checked in the accounts properties to use SASL Authentication. PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with SASL. The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb database. Otherwise you could chown root the sasldb file. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 4:53:24 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns1.i-p-d.nl (ns1.i-p-d.nl [208.239.240.129]) by hub.freebsd.org (Postfix) with ESMTP id 9B86937B401 for ; Wed, 29 Nov 2000 04:53:20 -0800 (PST) Received: from danny (xs02-056.support.nl [195.114.229.56]) by ns1.i-p-d.nl (8.9.3/8.9.3) with ESMTP id NAA05668 for ; Wed, 29 Nov 2000 13:49:29 +0100 (CET) (envelope-from danny@i-p-d.nl) From: danny@i-p-d.nl To: freebsd-isp@FreeBSD.ORG Date: Wed, 29 Nov 2000 13:52:16 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Drive Copy Message-ID: <3A250A10.23020.10C9A34@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am having a problem with copying a complete harddisk to another one. I have a running freebsd 4.1 machine, which harddisk I want to replace with another. I want to copy the harddisk, so that I can put the new harddisk in and continue working instantly without having to reinstall all the programs. I have tried some programs like Norton Ghost and Powerquest Drive Image, but neither will work. Ghost doesn't recognize Freebsd- partitions and Drive Image doesn't copy it in the right way. I can't boot and cannot change the partition to get it booting. Does anyone know a good program to really copy the harddisk 1- on-1? I am planning to try Powerquest Drive Copy, but I am unsure if that will work. Thanx for any help! Met vriendelijke groeten, Danny Zwegers Unix SysAdmin (Spec:Domains) IPD Hosting & Design BV ------------------- WWW Hosting --------------------- http://www.i-p-d.nl Tel: 0165-571675 http://www.ipdhosting.com Fax: 0165-571710 http://www.domeinhosting.com Email: danny@i-p-d.nl http://www.secure.nl ------------------- WWW Design --------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 5:27:23 2000 Delivered-To: freebsd-isp@freebsd.org Received: from christel.heitec.net (christel.heitec.net [193.101.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 28C5D37B400 for ; Wed, 29 Nov 2000 05:27:21 -0800 (PST) Received: from tashi.admin.er.heitec.net (paladin.heitec.net [193.101.232.30]) by christel.heitec.net (Postfix) with ESMTP id 314AA354813 for ; Wed, 29 Nov 2000 14:33:15 +0100 (CET) Received: by tashi.admin.er.heitec.net (Postfix, from userid 1000) id 249E21DE6; Wed, 29 Nov 2000 14:28:09 +0100 (CET) Date: Wed, 29 Nov 2000 14:28:09 +0100 To: freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy Message-ID: <20001129142809.H12020@heitec.net> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <3A250A10.23020.10C9A34@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A250A10.23020.10C9A34@localhost>; from danny@i-p-d.nl on Wed, Nov 29, 2000 at 13:52:16 +0100 Organization: Heitec AG From: lenz@heitec.net (Lenz Gschwendtner) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi danny, On Wed, 29 Nov 2000, danny@i-p-d.nl wrote: > I am having a problem with copying a complete harddisk to another > one. > try dd. man dd will tell you how to use it lenz -- (__) eat penguins instead, they start to (++)-----i\ spread around anyway! ~~| BSE | * |_|~|_| FreeBSD Systemadministrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 5:34:24 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.mclink.it (net128-053.mclink.it [195.110.128.53]) by hub.freebsd.org (Postfix) with ESMTP id DC08237B400 for ; Wed, 29 Nov 2000 05:34:20 -0800 (PST) Received: from net144-218.mclink.it (net144-218.mclink.it [195.110.144.218]) by mail.mclink.it (8.9.3/8.9.0) with ESMTP id OAA09987; Wed, 29 Nov 2000 14:33:55 +0100 (CET) Date: Wed, 29 Nov 2000 14:27:12 +0100 From: Massimo Fubini X-Mailer: telnet host 25 X-Priority: 3 (Normal) Message-ID: <767440343.20001129142712@aexis-telecom.it> To: danny@i-p-d.nl Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy In-reply-To: <3A250A10.23020.10C9A34@localhost> References: <3A250A10.23020.10C9A34@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello danny, First I have to warn you I am new to freebsd, but know other unices, and I think on freebsd it is like in the other unices. Wednesday, November 29, 2000, 1:52:16 PM, you wrote: dipdn> I am having a problem with copying a complete harddisk to another dipdn> one. Don't buy strange program, that do stuff without telling you exactly what they do. Use dd. For more information man dd. For example if you want to copy a single partition you do: dd if=/dev/origin_partiton of=/dev/destination_part It is easy and powerful. -- Best regards, Massimo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 7:38:42 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 13A9437B401 for ; Wed, 29 Nov 2000 07:38:40 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (2204 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Wed, 29 Nov 2000 09:37:59 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Wed, 29 Nov 2000 09:37:59 -0600 (CST) From: James Wyatt To: Massimo Fubini Cc: danny@i-p-d.nl, freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy In-Reply-To: <767440343.20001129142712@aexis-telecom.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Nov 2000, Massimo Fubini wrote: > Use dd. For more information man dd. > For example if you want to copy a single partition you do: > dd if=/dev/origin_partiton of=/dev/destination_part > > It is easy and powerful. And incomplete. I know you can connect the drive, boot, and use the /stand/sysinstall utility to carve the drive up into partitions for filesystems and swap areas. If you want, it can newfs partitions so you can mount the new partitions and user tar/cpio to transfer files. What do you do to init the swap and set the boot sector/MBR stuff? While this stuff is fairly "simple" in that it requires just a few steps, it is pretty arcane to many folks, especially new unix admins. The risk of toasting your "real" drive is very nonzero as well. Since new drives are almost always larger, just dd-ing things is wasteful. Using dd requires that you understand the various disk devices fairly well too. This stuff is easy for many folks on this list, but not so obvious to the original poster. I'm sure we can get together and help him (and other lurkers) more than a "RTFM for dd, and it's easy". I've included a few of the other steps (sysinstall) above, but don't have all the answers. Can someone point to more information or reply to the list with more detailed steps and techniques? I've usually had to install FreeBSD (usually a newer version) onto the new drive, hand-build the devs (MAKEDEV or *careful* use of sysinstall), redo local changes and rebuild ports, and tar/cpio-transfer data files. - Jy@ btw: Even dd is usually somewhat faster with a 'bs=100k' or so. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 7:45:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from lunatic.oneinsane.net (lunatic.oneinsane.net [207.113.133.231]) by hub.freebsd.org (Postfix) with ESMTP id 721D437B400 for ; Wed, 29 Nov 2000 07:45:41 -0800 (PST) Received: by lunatic.oneinsane.net (Postfix, from userid 1000) id C358415551; Wed, 29 Nov 2000 07:45:40 -0800 (PST) Date: Wed, 29 Nov 2000 07:45:40 -0800 From: Ron 'The InSaNe One' Rosson To: freebsd-isp@freebsd.org Subject: Re: Drive Copy Message-ID: <20001129074540.A33079@lunatic.oneinsane.net> Reply-To: Ron Rosson Mail-Followup-To: freebsd-isp@freebsd.org References: <767440343.20001129142712@aexis-telecom.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Wed, Nov 29, 2000 at 09:37:59AM -0600 X-Operating-System: FreeBSD lunatic.oneinsane.net 4.1.1-STABLE X-Moon: The Moon is Waxing Crescent (13% of Full) X-Opinion: What you read here is my IMHO X-WWW: http://www.oneinsane.net X-GPG-FINGERPRINT: 3F11 DB43 F080 C037 96F0 F8D3 5BD2 652B 171C 86DB X-Uptime: 7:43AM up 31 days, 9:58, 1 user, load averages: 1.08, 1.10, 1.03 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I hate adding a me too.. but I am lurking and hoping for an answer.. I have 2 identical machines getting ready to be deployed in two different places and I would love to only have to tweak one system and then just copy the drive over to the other systems drive. TIA James Wyatt (jwyatt@rwsystems.net) wrote: > On Wed, 29 Nov 2000, Massimo Fubini wrote: > > Use dd. For more information man dd. > > For example if you want to copy a single partition you do: > > dd if=/dev/origin_partiton of=/dev/destination_part > > > > It is easy and powerful. > > And incomplete. I know you can connect the drive, boot, and use the > /stand/sysinstall utility to carve the drive up into partitions for > filesystems and swap areas. If you want, it can newfs partitions so you > can mount the new partitions and user tar/cpio to transfer files. What do > you do to init the swap and set the boot sector/MBR stuff? > > While this stuff is fairly "simple" in that it requires just a few steps, > it is pretty arcane to many folks, especially new unix admins. The risk of > toasting your "real" drive is very nonzero as well. Since new drives are > almost always larger, just dd-ing things is wasteful. Using dd requires > that you understand the various disk devices fairly well too. > > This stuff is easy for many folks on this list, but not so obvious to the > original poster. I'm sure we can get together and help him (and other > lurkers) more than a "RTFM for dd, and it's easy". I've included a few of > the other steps (sysinstall) above, but don't have all the answers. Can > someone point to more information or reply to the list with more detailed > steps and techniques? > > I've usually had to install FreeBSD (usually a newer version) onto the new > drive, hand-build the devs (MAKEDEV or *careful* use of sysinstall), redo > local changes and rebuild ports, and tar/cpio-transfer data files. - Jy@ > > btw: Even dd is usually somewhat faster with a 'bs=100k' or so. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ Providing computer solutions for the mentally impaired. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 7:53:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from heorot.1nova.com (sub24-23.member.dsl-only.net [63.105.24.23]) by hub.freebsd.org (Postfix) with ESMTP id A872A37B402 for ; Wed, 29 Nov 2000 07:53:53 -0800 (PST) Received: by heorot.1nova.com (Postfix, from userid 1000) id AC77A18B2; Tue, 28 Nov 2000 08:17:30 +0000 (GMT) Received: from localhost (localhost [127.0.0.1]) by heorot.1nova.com (Postfix) with ESMTP id A3B0518B0; Tue, 28 Nov 2000 08:17:30 +0000 (GMT) Date: Tue, 28 Nov 2000 08:17:30 +0000 (GMT) From: Rick Hamell To: Ron 'The InSaNe One' Rosson Cc: freebsd-isp@freebsd.org Subject: Re: Drive Copy In-Reply-To: <20001129074540.A33079@lunatic.oneinsane.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I hate adding a me too.. but I am lurking and hoping for an answer.. I > have 2 identical machines getting ready to be deployed in two different > places and I would love to only have to tweak one system and then just > copy the drive over to the other systems drive. The newest version of Ghost is supposed to be Linux aware... I've not had a chance to test it on FreeBSD yet. Rick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 8:12:53 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.tcworks.net (ns.tcworks.net [216.61.218.2]) by hub.freebsd.org (Postfix) with ESMTP id F00B037B698 for ; Wed, 29 Nov 2000 08:12:49 -0800 (PST) Received: from tcworks.net (stuck.sticky.org [216.61.218.6]) by ns.tcworks.net (8.9.2/8.9.2) with ESMTP id KAA36438; Wed, 29 Nov 2000 10:05:04 -0600 (CST) (envelope-from ccook@tcworks.net) Message-ID: <3A252B38.9841E427@tcworks.net> Date: Wed, 29 Nov 2000 10:13:44 -0600 From: Chris Cook X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Rick Hamell Cc: "Ron 'The InSaNe One' Rosson" , freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ghost 7 does not support FFS. Rick Hamell wrote: > > > I hate adding a me too.. but I am lurking and hoping for an answer.. I > > have 2 identical machines getting ready to be deployed in two different > > places and I would love to only have to tweak one system and then just > > copy the drive over to the other systems drive. > > The newest version of Ghost is supposed to be Linux aware... I've > not had a chance to test it on FreeBSD yet. > > Rick > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 9:19:32 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.polytechnic.edu.na (mail.polytechnic.edu.na [196.31.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 48B8637B69B for ; Wed, 29 Nov 2000 09:19:21 -0800 (PST) Received: from ns1.horizon.na ([196.31.225.199] helo=polytechnic.edu.na) by mail.polytechnic.edu.na with esmtp (Exim 3.02 #2) id 141Dhd-000501-00; Wed, 29 Nov 2000 18:19:41 -0200 Message-ID: <3A253A67.C23665EC@polytechnic.edu.na> Date: Wed, 29 Nov 2000 19:18:31 +0200 From: Tim Priebe Reply-To: tim@iafrica.com.na X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Ron Rosson Cc: freebsd-isp@freebsd.org Subject: Re: Drive Copy References: <767440343.20001129142712@aexis-telecom.it> <20001129074540.A33079@lunatic.oneinsane.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ron 'The InSaNe One' Rosson wrote: > > I hate adding a me too.. but I am lurking and hoping for an answer.. I > have 2 identical machines getting ready to be deployed in two different > places and I would love to only have to tweak one system and then just > copy the drive over to the other systems drive. > If the systems are truly identical then dd will definitly work. eg. dd bs=10k if=ad1 of=ad2 I do this regularly even with systems that are not identical, even if the hard drives are not identical. To do this if the systems are not identical, I use dangerously dedicated disks. Note: dangerously dedicated disks do not work on some system, can not be used if you want to be able to dual boot (ever, without a reinstall), and the destination disk must be at least as big as the source disk. If the destination disk is bigger than the source, the extra space can be allocated and used after the copy. Tim. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 15:51: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.ruhr.de (in-ruhr3.ruhr.de [212.23.134.2]) by hub.freebsd.org (Postfix) with SMTP id 8884637B400 for ; Wed, 29 Nov 2000 15:51:06 -0800 (PST) Received: (qmail 19885 invoked by alias); 29 Nov 2000 23:53:00 -0000 Received: (from ue@localhost) by nathan.ruhr.de (8.11.0/8.11.0) id eATNmu860224 for freebsd-isp@FreeBSD.ORG; Thu, 30 Nov 2000 00:48:56 +0100 (CET) (envelope-from ue) Date: Thu, 30 Nov 2000 00:48:55 +0100 From: Udo Erdelhoff To: freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy Message-ID: <20001130004855.M30886@nathan.ruhr.de> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <767440343.20001129142712@aexis-telecom.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Wed, Nov 29, 2000 at 09:37:59AM -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > And incomplete. I know you can connect the drive, boot, and use the > /stand/sysinstall utility to carve the drive up into partitions for > filesystems and swap areas. exactly. > If you want, it can newfs partitions so you can mount the new partitions This is neccessary if you want to transfer your system onto a new disk. > and user tar/cpio to transfer files. These programs are the wrong tools to do it. They can be used to handle regular files and {hard,soft} links but they will fail for device nodes, sparse files and all the other nice features. Use dump, dump or dump: cd / mount /new-root-partition /mnt dump 0af - | (cd /mnt ; restore -rf -) umount /mnt Repeat this for all filesystems. I've used this technique several times to move my system to a newer drive or to rearrange the filesystems. > What do you do to init the swap and set the boot sector/MBR stuff? You don't have to initialize swap space. The boot code can be written by disklabel -B . > The risk of toasting your "real" drive is very nonzero as well. Murphy was an optimist. The first step is to create and verify a backup on a reliable and removable medium. /s/Udo -- I have learned over the years, that if it is the truth you seek, then honesty on your own part, is the best policy. That and torture. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 16:48:12 2000 Delivered-To: freebsd-isp@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 5A04737B401 for ; Wed, 29 Nov 2000 16:48:03 -0800 (PST) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id LAA12715; Thu, 30 Nov 2000 11:46:09 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-158.aipo.gov.au(192.168.1.158) by pericles.IPAustralia.gov.au via smap (V2.0) id xma012703; Thu, 30 Nov 00 11:45:39 +1100 Received: from localhost (anwsmh@localhost) by stan.aipo.gov.au (8.9.3/8.9.3) with ESMTP id LAA00370; Thu, 30 Nov 2000 11:47:41 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan.aipo.gov.au: anwsmh owned process doing -bs Date: Thu, 30 Nov 2000 11:47:40 +1100 (EST) From: Stanley Hopcroft X-Sender: anwsmh@stan.aipo.gov.au To: Rowan Crowe Cc: FreeBSD-ISP@FreeBSD.oRG Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I am writing to say that ethereal (http://www.zing.org aka http://www.ethereal.com/) is a very nice seven layer packet decoder that may be suitable if you need nasty link layer stuff. There is a FreeBSD port of it, and while for my moneys worth, tcpdump with ASCII decode patches (he he), is by far and way more convenient than a relatively sluggish X application, Ethereal decodes almost every protocol and his dog. The SMB decode (courtesy Richard Sharp of the Samba team) is particuarly good. We have an HP Internet advisor; the Ethereal decode is *much* better. Thank you. Yours sincerely, S Hopcroft Network Specialist IP Australia +61 2 6283 3189 +61 2 6281 1353 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 17:17:44 2000 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial1-2-velvet-brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id E6E6537B400 for ; Wed, 29 Nov 2000 17:17:12 -0800 (PST) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.9.3/8.9.3) with ESMTP id MAA58334 for ; Thu, 30 Nov 2000 12:16:39 +1100 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Thu, 30 Nov 2000 12:16:36 +1100 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, Stanley Hopcroft wrote: > > Dear Sir, > > I am writing to say that ethereal (http://www.zing.org aka > http://www.ethereal.com/) is a very nice seven layer packet decoder > that may be suitable if you need nasty link layer stuff. > > There is a FreeBSD port of it, and while for my moneys worth, tcpdump > with ASCII decode patches (he he), is by far and way more convenient > than a relatively sluggish X application, Ethereal decodes almost every > protocol and his dog. Thanks Stanley, I don't run X on any of my machines (especially the little 486dx2-66 I want to track traffic on!) so it's not really an option... Some time ago I wrote a program which accepted the output from tcpdump and generated 4 lists ordered by: source port destination port source IP destination IP In this way it was very easy to be able to see where content was coming from, how much HTTP or SMTP traffic was coming in, which customer is receiving the most traffic, etc. I've included a sample output below. This program makes use of the apparent -e "packet size" parameter which I later discovered is not guaranteed; it works fine on 2.2.8 systems but of course breaks on later versions of tcpdump which output things a little differently. Another limitation is that it only handles UDP and TCP packets, and quietly ignores anything else. I want to adapt this program to a 3.x system. Perhaps it's time to hack tcpdump. :-) Thanks for the suggestion. 288364 packets processed; 112,318,133 bytes total; 13,087 unique connections. *** Sorted by source IP address *** Total unique entries: 2746 First 40 entries: 18,730Kb 17% 205.188.137.185 11,043Kb 10% 203.36.1.129 5,493Kb 5% 203.1.20.10 4,073Kb 3% 139.134.5.197 3,018Kb 2% 64.41.227.225 2,594Kb 2% 203.20.114.7 2,580Kb 2% 203.36.1.147 2,576Kb 2% 64.29.207.228 1,961Kb 1% 211.45.27.151 1,854Kb 1% 212.227.109.212 1,778Kb 1% 63.209.83.91 1,576Kb 1% 216.34.24.207 1,100Kb 1% 128.32.18.166 1,071Kb 0% 64.4.8.250 1,054Kb 0% 203.2.192.84 1,049Kb 0% 128.177.243.61 848Kb 0% 216.65.106.242 751Kb 0% 216.240.130.101 591Kb 0% 192.68.228.132 586Kb 0% 151.196.93.7 552Kb 0% 209.132.192.13 551Kb 0% 209.117.195.200 508Kb 0% 209.50.252.43 499Kb 0% 209.25.129.115 494Kb 0% 24.0.0.200 492Kb 0% 209.185.128.158 489Kb 0% 208.48.218.205 481Kb 0% 209.198.49.161 479Kb 0% 207.246.159.76 456Kb 0% 216.223.198.226 452Kb 0% 209.207.146.160 445Kb 0% 204.85.35.52 439Kb 0% 207.230.127.4 413Kb 0% 202.2.59.40 408Kb 0% 207.192.97.52 406Kb 0% 216.247.86.46 396Kb 0% 203.20.114.4 390Kb 0% 204.71.200.180 383Kb 0% 216.74.73.62 368Kb 0% 130.80.29.3 352Kb 0% 209.226.29.11 *** Sorted by destination IP address *** Total unique entries: 580 First 40 entries: 36,547Kb 33% 203.55.253.20 16,209Kb 14% 203.20.114.7 12,443Kb 11% 203.25.86.4 11,043Kb 10% 203.20.114.4 9,982Kb 9% 216.226.215.2 3,963Kb 3% 203.20.114.91 2,406Kb 2% 203.55.253.17 2,149Kb 1% 203.36.1.147 2,102Kb 1% 203.20.114.105 1,816Kb 1% 203.25.86.210 1,646Kb 1% 203.25.86.55 1,450Kb 1% 216.226.215.1 954Kb 0% 203.25.86.106 837Kb 0% 203.25.86.100 749Kb 0% 203.20.114.92 599Kb 0% 203.20.114.241 528Kb 0% 203.20.114.242 462Kb 0% 203.20.114.148 445Kb 0% 216.226.193.195 413Kb 0% 203.25.86.105 396Kb 0% 203.36.1.129 387Kb 0% 203.20.114.90 262Kb 0% 203.44.3.130 262Kb 0% 203.44.3.129 172Kb 0% 203.20.114.24 158Kb 0% 203.20.114.214 146Kb 0% 203.20.114.3 138Kb 0% 203.55.253.16 128Kb 0% 203.20.114.253 127Kb 0% 203.20.114.89 91Kb 0% 203.20.114.109 77Kb 0% 203.20.114.1 67Kb 0% 203.20.114.81 65Kb 0% 203.20.114.19 51Kb 0% 203.20.114.195 18Kb 0% 203.25.86.213 12Kb 0% 203.25.86.101 11Kb 0% 203.20.114.23 8Kb 0% 64.38.223.44 5Kb 0% 203.25.86.107 4Kb 0% 203.25.86.108 *** Sorted by source TCP/UDP port *** Total unique entries: 2579 First 40 entries: 70,927Kb 64% 80 11,042Kb 10% 119 5,493Kb 5% 2359 4,073Kb 3% 4896 3,885Kb 3% 3130 2,702Kb 2% 53 1,056Kb 0% 8080 1,055Kb 0% 62626 543Kb 0% 443 505Kb 0% 1863 446Kb 0% 1044 444Kb 0% 1278 262Kb 0% 14591 262Kb 0% 179 231Kb 0% 137 225Kb 0% 6666 224Kb 0% 1063 224Kb 0% 1065 194Kb 0% 1068 157Kb 0% 6667 152Kb 0% 1609 124Kb 0% 63390 120Kb 0% 1064 108Kb 0% 2587 106Kb 0% 3674 97Kb 0% 47819 66Kb 0% 64661 52Kb 0% 3924 51Kb 0% 3874 46Kb 0% 3601 46Kb 0% 3682 45Kb 0% 3647 42Kb 0% 4000 40Kb 0% 1024 40Kb 0% 1033 40Kb 0% 1835 39Kb 0% 1031 39Kb 0% 1817 38Kb 0% 3838 38Kb 0% 3771 37Kb 0% 1030 *** Sorted by destination TCP/UDP port *** Total unique entries: 3581 First 40 entries: 11,826Kb 10% 25 6,795Kb 6% 3147 6,106Kb 5% 3324 5,640Kb 5% 4299 3,893Kb 3% 3130 3,362Kb 3% 53 3,001Kb 2% 1969 2,576Kb 2% 4667 2,405Kb 2% 80 1,855Kb 1% 2270 1,292Kb 1% 3682 1,278Kb 1% 1835 1,276Kb 1% 3924 1,266Kb 1% 1817 1,254Kb 1% 3647 1,241Kb 1% 3874 1,226Kb 1% 3771 1,144Kb 1% 3838 842Kb 0% 2477 655Kb 0% 1039 649Kb 0% 1121 585Kb 0% 2189 522Kb 0% 2002 508Kb 0% 1087 421Kb 0% 4999 399Kb 0% 4003 395Kb 0% 119 390Kb 0% 4406 363Kb 0% 1947 362Kb 0% 1997 347Kb 0% 2135 312Kb 0% 8080 278Kb 0% 1833 262Kb 0% 179 262Kb 0% 14591 255Kb 0% 1352 254Kb 0% 3668 250Kb 0% 1025 249Kb 0% 3908 246Kb 0% 3818 231Kb 0% 137 Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://info.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 17:23:51 2000 Delivered-To: freebsd-isp@freebsd.org Received: from alpha.simphost.com (alpha.simphost.com [216.253.163.10]) by hub.freebsd.org (Postfix) with ESMTP id B601E37B400; Wed, 29 Nov 2000 17:23:48 -0800 (PST) Received: by alpha.simphost.com (Postfix, from userid 1060) id 01A4D66B0A; Wed, 29 Nov 2000 18:23:54 -0700 (MST) Received: from localhost (localhost [127.0.0.1]) by alpha.simphost.com (Postfix) with ESMTP id EBCF662D03; Wed, 29 Nov 2000 18:23:54 -0700 (MST) Date: Wed, 29 Nov 2000 18:23:54 -0700 (MST) From: "Jonathan M. Slivko" To: freebsd-security@freebsd.org Cc: freebsd-isp@freebsd.org Subject: Danger Ports Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can someone tell me what are the "danger" ports on FreeBSD, ports that perhaps need to be blocked because they are insecure? I would like to know so in the future, I can prevent outside attacks and concentrate more on internal attacks, or "insider jobs" as they're called. ---- Jonathan M. Slivko Technical Support, CoreSync Corporation (http://www.coresync.net) Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) Pager/Voicemail: (917) 388-5304 ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 17:41:22 2000 Delivered-To: freebsd-isp@freebsd.org Received: from inago.swcp.com (inago.swcp.com [198.59.115.17]) by hub.freebsd.org (Postfix) with ESMTP id 2C75737B6AF for ; Wed, 29 Nov 2000 17:41:19 -0800 (PST) Received: from localhost (deichert@localhost) by inago.swcp.com (8.8.7/8.8.7) with ESMTP id SAA12815; Wed, 29 Nov 2000 18:39:31 -0700 (MST) X-Authentication-Warning: inago.swcp.com: deichert owned process doing -bs Date: Wed, 29 Nov 2000 18:39:30 -0700 (MST) From: Diana Eichert X-Sender: deichert@inago.swcp.com To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Since FreeBSD also support IP Filter you could look at: "IP Accounting Package for Darren Reed's IP Filter" from http://www2.empnet.com/ipacct/ BTW, you can now build a command line version of Ethereal called tethereal without having to build all of Ethereal. diana On Thu, 30 Nov 2000, Rowan Crowe wrote: > I don't run X on any of my machines (especially the little 486dx2-66 I > want to track traffic on!) so it's not really an option... > > Some time ago I wrote a program which accepted the output from tcpdump and > generated 4 lists ordered by: > > source port > destination port > source IP > destination IP > > In this way it was very easy to be able to see where content was coming > from, how much HTTP or SMTP traffic was coming in, which customer is > receiving the most traffic, etc. I've included a sample output below. > > This program makes use of the apparent -e "packet size" parameter which I > later discovered is not guaranteed; it works fine on 2.2.8 systems but of > course breaks on later versions of tcpdump which output things a little > differently. Another limitation is that it only handles UDP and TCP > packets, and quietly ignores anything else. > > I want to adapt this program to a 3.x system. Perhaps it's time to hack > tcpdump. :-) > > Thanks for the suggestion. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 18: 4:40 2000 Delivered-To: freebsd-isp@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 3447337B400; Wed, 29 Nov 2000 18:04:35 -0800 (PST) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Wed, 29 Nov 2000 18:04:34 -0800 Message-ID: <013b01c05a72$d1f96d10$fd01a8c0@pacbell.net> From: "John Howie" To: "Jonathan M. Slivko" , Cc: References: Subject: Re: Danger Ports Date: Wed, 29 Nov 2000 18:11:15 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1800 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jonathan, Rather than denying access to certain ports on your system, and allowing access to the rest, you might find it easier to think in the reverse - What ports do I need to leave open to outside (presumably Internet) users? The answer to that question depends on the needs of your outside users. You will probably need to allow SSH access, and I would suggest that you get users to use SCP instead of FTP (unless you have a public FTP site that allows anonymous connections). You might also need to open up access to SMTP and POP3 services for mail (while ensuring that your site can't be used as a mail relay). DNS is another service that you might need to provide access to. If users need access to so-called dangerous services such as X, printer, NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them into your network through the firewall and allows them to access these services as an internal user. O'Reilly does a good book on Firewall Security, I suggest that you get it and have a read. CERT also has a good document on packet filtering (http://www.cert.org). Also, check the FreeBSD handbook or The Complete FreeBSD for more information about setting up firewalls on FreeBSD systems. Hope this helps, john... ----- Original Message ----- From: "Jonathan M. Slivko" To: Cc: Sent: Wednesday, November 29, 2000 5:23 PM Subject: Danger Ports > Can someone tell me what are the "danger" ports on FreeBSD, ports that > perhaps need to be blocked because they are insecure? I would like to know > so in the future, I can prevent outside attacks and concentrate more on > internal attacks, or "insider jobs" as they're called. > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 18: 8: 5 2000 Delivered-To: freebsd-isp@freebsd.org Received: from alpha.simphost.com (alpha.simphost.com [216.253.163.10]) by hub.freebsd.org (Postfix) with ESMTP id B73C537B400; Wed, 29 Nov 2000 18:07:58 -0800 (PST) Received: by alpha.simphost.com (Postfix, from userid 1060) id CF05466B0A; Wed, 29 Nov 2000 19:08:09 -0700 (MST) Received: from localhost (localhost [127.0.0.1]) by alpha.simphost.com (Postfix) with ESMTP id C7A6D62D03; Wed, 29 Nov 2000 19:08:09 -0700 (MST) Date: Wed, 29 Nov 2000 19:08:09 -0700 (MST) From: "Jonathan M. Slivko" To: John Howie Cc: freebsd-security@freebsd.org, freebsd-isp@freebsd.org Subject: Re: Danger Ports In-Reply-To: <013b01c05a72$d1f96d10$fd01a8c0@pacbell.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am referring to the Back Orifice, Trinoo server ports, etc. Where can I get my hands on a list of those port #'s? or are there any utilities that act as those servers and log all attempts in hopes of catching those users who will no doubt try and take advantage of an open system? ---- Jonathan M. Slivko Technical Support, CoreSync Corporation (http://www.coresync.net) Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) Pager/Voicemail: (917) 388-5304 ---- On Wed, 29 Nov 2000, John Howie wrote: > Jonathan, > > Rather than denying access to certain ports on your system, and allowing > access to the rest, you might find it easier to think in the reverse - What > ports do I need to leave open to outside (presumably Internet) users? > > The answer to that question depends on the needs of your outside users. You > will probably need to allow SSH access, and I would suggest that you get > users to use SCP instead of FTP (unless you have a public FTP site that > allows anonymous connections). You might also need to open up access to SMTP > and POP3 services for mail (while ensuring that your site can't be used as a > mail relay). DNS is another service that you might need to provide access > to. > > If users need access to so-called dangerous services such as X, printer, > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > into your network through the firewall and allows them to access these > services as an internal user. > > O'Reilly does a good book on Firewall Security, I suggest that you get it > and have a read. CERT also has a good document on packet filtering > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > Hope this helps, > > john... > > ----- Original Message ----- > From: "Jonathan M. Slivko" > To: > Cc: > Sent: Wednesday, November 29, 2000 5:23 PM > Subject: Danger Ports > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > perhaps need to be blocked because they are insecure? I would like to know > > so in the future, I can prevent outside attacks and concentrate more on > > internal attacks, or "insider jobs" as they're called. > > > > ---- > > Jonathan M. Slivko > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > Pager/Voicemail: (917) 388-5304 > > ---- > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 18:57:59 2000 Delivered-To: freebsd-isp@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 78C5137B400 for ; Wed, 29 Nov 2000 18:57:58 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id 14E2B2B2C6; Wed, 29 Nov 2000 20:57:53 -0600 (CST) Date: Wed, 29 Nov 2000 20:57:52 -0600 From: Bill Fumerola To: Diana Eichert Cc: Rowan Crowe , freebsd-isp@FreeBSD.ORG Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? Message-ID: <20001129205752.F35924@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from deichert@wrench.com on Wed, Nov 29, 2000 at 06:39:30PM -0700 X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 29, 2000 at 06:39:30PM -0700, Diana Eichert wrote: > BTW, you can now build a command line version of Ethereal called tethereal > without having to build all of Ethereal. I'm going to add a slave port of tethereal to the ethereal port so we can build a non-X version. Granted, I'd list ethereal as a "reason to run X", but not everyone can. -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 18:59:39 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.unpar.ac.id (unknown [202.150.34.3]) by hub.freebsd.org (Postfix) with ESMTP id 8449537B402 for ; Wed, 29 Nov 2000 18:59:27 -0800 (PST) Received: from home.unpar.ac.id (root@home [202.150.34.12]) by mx1.unpar.ac.id (8.9.3/8.9.3) with ESMTP id KAA06209 for ; Thu, 30 Nov 2000 10:23:04 +0700 (JAVT) X-UNPAR-MX1-From: thomas@home.unpar.ac.id X-UNPAR-MX1-To: Received: from pelangi (h-041.bapsi [10.2.4.41] (may be forged)) by home.unpar.ac.id (8.9.3/8.9.3) with SMTP id JAA58328 for ; Thu, 30 Nov 2000 09:59:10 +0700 (JAVT) (envelope-from thomas@home.unpar.ac.id) Message-ID: <005d01c05a79$72e31040$2904020a@unpar.ac.id> From: "Thomas Wahyudi" To: References: Subject: Re: Drive Copy Date: Thu, 30 Nov 2000 09:58:40 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hmm may be this trick will work ? we use ghost to create 30 Freebsd Xwindows workstation we just create image 1 HD and ghost it to another computer using muticast session provided by ghost Best regards, Thomas Wahyudi ======== UIN 535778 ----- Original Message ----- From: "Rick Hamell" > > I hate adding a me too.. but I am lurking and hoping for an answer.. I > > have 2 identical machines getting ready to be deployed in two different > > places and I would love to only have to tweak one system and then just > > copy the drive over to the other systems drive. > > The newest version of Ghost is supposed to be Linux aware... I've > not had a chance to test it on FreeBSD yet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 19: 0:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 806B037B401; Wed, 29 Nov 2000 19:00:40 -0800 (PST) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Wed, 29 Nov 2000 19:00:39 -0800 Message-ID: <016801c05a7a$a7bac8c0$fd01a8c0@pacbell.net> From: "John Howie" To: , , "Jonathan M. Slivko" Subject: Re: Danger Ports Date: Wed, 29 Nov 2000 19:07:20 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0165_01C05A37.992C91F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1800 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0165_01C05A37.992C91F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Jonathon, My apologies - I see what you are after now. Yes, there is a list = floating around, but I usually head over to SANS and get theirs: http://www.sans.org/newlook/resources/IDFAQ/oddports.htm You will see that it is extensive! Regarding your followup on dummy applications acting as these rogue services/daemons I think you are after a Honeypot. There are a couple = but I'll need to check out the details as I don't have them off the top of = my head. Depending on the level of sophistication you are after it might = just be easier to have your firewall log any attempt to access one the ports = that you are interested in and deny access. Hope this helps, john... ----- Original Message ----- From: "Jonathan M. Slivko" To: "John Howie" Cc: ; Sent: Wednesday, November 29, 2000 6:08 PM Subject: Re: Danger Ports > I am referring to the Back Orifice, Trinoo server ports, etc. Where = can I > get my hands on a list of those port #'s? or are there any utilities = that > act as those servers and log all attempts in hopes of catching those = users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and = allowing > > access to the rest, you might find it easier to think in the reverse = - What > > ports do I need to leave open to outside (presumably Internet) = users? > > > > The answer to that question depends on the needs of your outside = users. You > > will probably need to allow SSH access, and I would suggest that you = get > > users to use SCP instead of FTP (unless you have a public FTP site = that > > allows anonymous connections). You might also need to open up access = to SMTP > > and POP3 services for mail (while ensuring that your site can't be = used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, = printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that = brings them > > into your network through the firewall and allows them to access = these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you = get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The = Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" > > To: > > Cc: > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports = that > > > perhaps need to be blocked because they are insecure? I would like = to know > > > so in the future, I can prevent outside attacks and concentrate = more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > ------=_NextPart_000_0165_01C05A37.992C91F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Jonathon,

My apologies - I see = what you=20 are after now. Yes, there is a list floating
around, but I usually = head over=20 to SANS and get theirs:

http://www.sans.org/newlook/resources/IDFAQ/oddports.htm<= /A>

You will see that it is extensive!

Regarding your = followup on=20 dummy applications acting as these rogue
services/daemons I think you = are=20 after a Honeypot. There are a couple but
I'll need to check out the = details=20 as I don't have them off the top of my
head. Depending on the level = of=20 sophistication you are after it might just
be easier to have your = firewall=20 log any attempt to access one the ports that
you are interested in = and deny=20 access.

Hope this helps,

john...

----- Original = Message=20 -----
From: "Jonathan M. Slivko" <jon_slivko@simphost.com>
To: = "John Howie"=20 <JHowie@msn.com>
Cc: = <freebsd-security@freebsd.org>; = <freebsd-isp@freebsd.org>
Sent: = Wednesday,=20 November 29, 2000 6:08 PM
Subject: Re: Danger Ports


> I = am=20 referring to the Back Orifice, Trinoo server ports, etc. Where can = I
> get=20 my hands on a list of those port #'s? or are there any utilities = that
>=20 act as those servers and log all attempts in hopes of catching those=20 users
> who will no doubt try and take advantage of an open=20 system?
>
> ----
> Jonathan M. Slivko <jon_slivko@simphost.com>
> = Technical=20 Support, CoreSync Corporation (http://www.coresync.net)
> Team = Leader,=20 SecureIRC Project (http://secureirc.sourceforge.net)
>=20 Pager/Voicemail: (917) 388-5304
> ----
>
> On Wed, 29 = Nov=20 2000, John Howie wrote:
>
> > Jonathan,
> = >
> >=20 Rather than denying access to certain ports on your system, and = allowing
>=20 > access to the rest, you might find it easier to think in the = reverse=20 -
What
> > ports do I need to leave open to outside = (presumably=20 Internet) users?
> >
> > The answer to that question = depends=20 on the needs of your outside users.
You
> > will probably = need to=20 allow SSH access, and I would suggest that you get
> > users to = use SCP=20 instead of FTP (unless you have a public FTP site that
> > = allows=20 anonymous connections). You might also need to open up access = to
SMTP
>=20 > and POP3 services for mail (while ensuring that your site can't be=20 used
as a
> > mail relay). DNS is another service that you = might=20 need to provide
access
> > to.
> >
> > If = users=20 need access to so-called dangerous services such as X, printer,
> = >=20 NFS, NIS, SNMP, etc. then I would look for a VPN solution that=20 brings
them
> > into your network through the firewall and = allows=20 them to access these
> > services as an internal user.
>=20 >
> > O'Reilly does a good book on Firewall Security, I = suggest that=20 you get
it
> > and have a read. CERT also has a good = document on=20 packet filtering
> > (http://www.cert.org). Also, check the = FreeBSD=20 handbook or The Complete
> > FreeBSD for more information about = setting=20 up firewalls on FreeBSD
systems.
> >
> > Hope this=20 helps,
> >
> > john...
> >
> > ----- = Original Message -----
> > From: "Jonathan M. Slivko" = <jon_slivko@simphost.com>
> = > To:=20 <freebsd-security@freebsd.org>
> > Cc:=20 <freebsd-isp@freebsd.org>
> = > Sent:=20 Wednesday, November 29, 2000 5:23 PM
> > Subject: Danger = Ports
>=20 >
> >
> > > Can someone tell me what are the = "danger"=20 ports on FreeBSD, ports that
> > > perhaps need to be = blocked=20 because they are insecure? I would like to
know
> > > so = in the=20 future, I can prevent outside attacks and concentrate more
on
> = >=20 > internal attacks, or "insider jobs" as they're called.
> > = >
> > > ----
> > > Jonathan M. Slivko = <jon_slivko@simphost.com>
> = > >=20 Technical Support, CoreSync Corporation (http://www.coresync.net)
> > = > Team=20 Leader, SecureIRC Project (http://secureirc.sourceforge.net)
> >=20 > Pager/Voicemail: (917) 388-5304
> > > ----
> > = >
> > >
> > >
> > > To = Unsubscribe: send=20 mail to majordomo@FreeBSD.org
> > = > with=20 "unsubscribe freebsd-security" in the body of the message
> >=20 >
> >
> >
> >
>=20 >
>
>

------=_NextPart_000_0165_01C05A37.992C91F0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 19: 1:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.toronto.istar.net (mail1.toronto.istar.net [209.89.75.17]) by hub.freebsd.org (Postfix) with ESMTP id 369EA37B402; Wed, 29 Nov 2000 19:01:53 -0800 (PST) Received: from d141-117-39.home.cgocable.net ([24.141.117.39]) by mail1.toronto.istar.net with esmtp (Exim 2.02 #1) id 141JzE-0006rF-00; Wed, 29 Nov 2000 22:02:16 -0500 Date: Wed, 29 Nov 2000 22:08:14 -0500 (EST) From: Dru To: "Jonathan M. Slivko" Cc: John Howie , freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? Hi Jonathan, These aren't FreeBSD specific, but here's my favourite links for port #s and things to look out for: http://www.robertgraham.com/pubs/firewall-seen.html http://nethog.net/feeds/niteryder/trojans.htm http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html http://www.portsdb.org/bin/portsdb.cgi These might get you started. Cheers, Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 20: 0:31 2000 Delivered-To: freebsd-isp@freebsd.org Received: from toetag.com (toetag.com [63.192.202.42]) by hub.freebsd.org (Postfix) with ESMTP id 49E3937B400 for ; Wed, 29 Nov 2000 20:00:28 -0800 (PST) Received: from toetag.com (tom@unhooked.net [63.192.202.44]) by toetag.com (8.9.3/8.9.0) with ESMTP id UAA04833; Wed, 29 Nov 2000 20:02:03 -0800 (PST) Message-Id: <200011300402.UAA04833@toetag.com> X-Mailer: exmh version 2.2 08/09/2000 with version: MH 6.8.3 #1[UCI] To: Ron Rosson Cc: freebsd-isp@freebsd.org Subject: Re: Drive Copy In-reply-to: Your message of "Wed, 29 Nov 2000 07:45:40 PST." <20001129074540.A33079@lunatic.oneinsane.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 29 Nov 2000 20:02:02 -0800 From: "Tom" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Nov 2000 07:45:40 PST, "Ron 'The InSaNe One' Rosson" writes: >I hate adding a me too.. but I am lurking and hoping for an answer.. I >have 2 identical machines getting ready to be deployed in two different >places and I would love to only have to tweak one system and then just >copy the drive over to the other systems drive. If you have 2 identical drives then dd is more than you'll ever need to clone machines. For different sized drives pax would be my tool of choice. -- tom@unhooked.net ICQ - 16163541 Spam: the other white meat. AIM - twjansen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 20:21: 3 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 0DC1C37B401 for ; Wed, 29 Nov 2000 20:21:01 -0800 (PST) Received: from admin.westbend.net (admin.westbend.net [209.224.254.141]) (authenticated) by mail.westbend.net (8.11.1/8.11.1) with ESMTP id eAU4KuW71253; Wed, 29 Nov 2000 22:20:56 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <01ca01c05a84$ed4e79e0$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "InvictaNet Customer Support" , "Freebsd-ISP" References: Subject: Re: sendmail 8.11.1 and cyrus sasl Date: Wed, 29 Nov 2000 22:20:51 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "InvictaNet Customer Support" > I've done all this (apart from the make world at the bottom) but still get > relaying denied. I run FreeBSD 3.4 and Sendmail 8.11.1, I really do need to > get SMTP AUTH running, can anyone offer any suggestions of where to look. > Look here for info on setting up SMTP AUTH: > > from http://www.sendmail.org/~ca/email/auth.html Since FreeBSD3.4, has Sendmail 3.9.x, we'll assume your either installing sendmail 8.11.1 manually or via the port. As the "Sendmail.README" in the security/cyrus-sasl port is specific to FreeBSD 4.x w/sendmail 8.11.1. You will need to add the following to ${FILESDIR}/site.config.m4 and ${FILESDIR}/site.config.m4.pre4 (if using sendmail port) or devtools/Site/site.config.m4 (if using sendmail sources): > > APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL') > APPENDDEF(`conf_sendmail_LIBS', `-lsasl') > APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') > APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') > If your still having problems, and noone here can help you, try posting a message to comp.mail.sendmail and Claus Aßmann may give you a tip on how to solve your problem. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Nov 29 20:45:15 2000 Delivered-To: freebsd-isp@freebsd.org Received: from flux.c-zone.net (flux.c-zone.net [216.190.4.216]) by hub.freebsd.org (Postfix) with ESMTP id 8A5DD37B401; Wed, 29 Nov 2000 20:45:11 -0800 (PST) Received: from localhost (bdan@localhost) by flux.c-zone.net (8.11.1/8.11.1) with ESMTP id eAU4j4m38167; Wed, 29 Nov 2000 20:45:04 -0800 (PST) Date: Wed, 29 Nov 2000 20:45:03 -0800 (PST) From: Dan Babb To: "Jonathan M. Slivko" Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org this is right out of the ACL for my core router.. ! reserved networks access-list 110 deny ip 127.0.0.0 0.0.0.255 any log access-list 110 deny ip 10.0.0.0 0.255.255.255 any log access-list 110 deny ip 172.16.0.0 0.15.255.255 any log access-list 110 deny ip 172.31.0.0 0.0.255.255 any log access-list 110 deny ip 192.168.0.0 0.0.255.255 any log ! various exploits, netbios, back orifice, netbus protection access-list 110 deny tcp any any range 137 139 access-list 110 deny tcp any any eq 31337 access-list 110 deny udp any any eq 31337 access-list 110 deny tcp any any range 12345 12350 access-list 110 deny udp any any range 12345 12350 - Dan On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 1: 1:11 2000 Delivered-To: freebsd-isp@freebsd.org Received: from christel.heitec.net (christel.heitec.net [193.101.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 5CDCD37B401 for ; Thu, 30 Nov 2000 01:01:09 -0800 (PST) Received: from tashi.admin.er.heitec.net (paladin.heitec.net [193.101.232.30]) by christel.heitec.net (Postfix) with ESMTP id 28AE9354813 for ; Thu, 30 Nov 2000 10:06:58 +0100 (CET) Received: by tashi.admin.er.heitec.net (Postfix, from userid 1000) id 1498B1DE1; Thu, 30 Nov 2000 10:02:56 +0100 (CET) Date: Thu, 30 Nov 2000 10:02:56 +0100 To: freebsd-isp@freebsd.org Subject: Re: Danger Ports Message-ID: <20001130100255.A793@heitec.net> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jon_slivko@simphost.com on Wed, Nov 29, 2000 at 18:23:54 -0700 Organization: Heitec AG From: lenz@heitec.net (Lenz Gschwendtner) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Jonathan, On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > Can someone tell me what are the "danger" ports on FreeBSD, ports that > perhaps need to be blocked because they are insecure? I would like to know > so in the future, I can prevent outside attacks and concentrate more on > internal attacks, or "insider jobs" as they're called. in your case i would start with the freebsd handbook chapter 8 security then man security, man ipfw, man ipfilter. it has absoloutly no sense to copy some firewall scripts from somewhere if you don't understand what they are doing and why. further is there no sense to concentrate on internal attacks if can't even master the externel ones! cheers lenz -- (__) eat penguins instead, they start to (++)-----i\ spread around anyway! ~~| BSE | * |_|~|_| FreeBSD Systemadministrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 1: 1:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from colossus.invictanet.co.uk (colossus.invictanet.co.uk [62.232.18.118]) by hub.freebsd.org (Postfix) with ESMTP id 2B65C37B401 for ; Thu, 30 Nov 2000 01:01:25 -0800 (PST) Received: from harryhome (modem415.netkonect.net [194.164.14.161]) by colossus.invictanet.co.uk (8.9.3/8.9.3) with SMTP id JAA01386 for ; Thu, 30 Nov 2000 09:01:20 GMT From: "InvictaNet Customer Support" To: "Freebsd-ISP" Subject: RE: sendmail 8.11.1 and cyrus sasl Date: Thu, 30 Nov 2000 09:01:12 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <01ca01c05a84$ed4e79e0$8dfee0d1@westbend.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am slowly getting somewhere with my "AUTH" problem. I have now discovered that it is a method thing. Using Eudora as the client, the AUTH works fine so it is b....y Microsoft that is causing the problem. PLAIN seems to be working ok, it is LOGIN that is not available. The list of clients by Alexey Melnikov. http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html shows that Outlook only supports LOGIN (from my list of availables). Any suggestions?? I will also post this to comp.mail.sendmail Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk mailto:info@invictanet.co.uk phone: 0870 7402252 fax: +44 (0)1233 334001 ------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 3:35:12 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 9145637B400; Thu, 30 Nov 2000 03:35:05 -0800 (PST) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id GAA42040; Thu, 30 Nov 2000 06:39:51 -0500 (EST) (envelope-from rjh@mohawk.net) Date: Thu, 30 Nov 2000 06:39:51 -0500 (EST) From: Ralph Huntington To: "Jonathan M. Slivko" Cc: John Howie , freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Check out "fakebo" and "portsentry" in /usr/ports/security/ On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and allowing > > access to the rest, you might find it easier to think in the reverse - What > > ports do I need to leave open to outside (presumably Internet) users? > > > > The answer to that question depends on the needs of your outside users. You > > will probably need to allow SSH access, and I would suggest that you get > > users to use SCP instead of FTP (unless you have a public FTP site that > > allows anonymous connections). You might also need to open up access to SMTP > > and POP3 services for mail (while ensuring that your site can't be used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > > into your network through the firewall and allows them to access these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" > > To: > > Cc: > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > > perhaps need to be blocked because they are insecure? I would like to know > > > so in the future, I can prevent outside attacks and concentrate more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 3:55:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ritchie.loop.com (ritchie.loop.com [207.211.60.70]) by hub.freebsd.org (Postfix) with ESMTP id 77FA137B400 for ; Thu, 30 Nov 2000 03:55:11 -0800 (PST) Received: from Elektra.loop.com (elektra.loop.com [207.211.60.33]) by ritchie.loop.com (8.9.3/8.9.3) with SMTP id DAA11521 for ; Thu, 30 Nov 2000 03:52:00 -0800 (PST) Message-ID: <005301c05ac4$7002dea0$213cd3cf@loop.com> From: "D. W. Piper" To: Subject: Way OT but desperate - Linux fsck problem Date: Thu, 30 Nov 2000 03:55:21 -0800 Organization: The Loop Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I apologize for the OT message, but I'm bleary-eyed from searching online documentation and archives and I'm hoping some of you gurus out there who have experience with Linux as well as FreeBSD may have a solution: We've got a RedHat 6.0 box (Intel PIII) with a Mylex DAC960 Hardware RAID Controller configured for RAID-5 with seven 9GB SCSI drives. We had to reboot the system last night, and on restart fsck failed for the RAID device with the error message: Block bitmap for group 256 is not in group followed by /dev/rd/c0d2p1: Unexpected inconsistency, run fsck manually Running fsck manually produced the error message: e2fsck: bad magic number in superblock while trying to open /dev/rd/c0d2p1 Trying again using e2fsck -B and varying block sizes of 1024, 2048, etc got: Group descriptor look bad... trying backup blocks e2fsck: bad magic number in superblock while trying to open /dev/rd/c0d2p1 However, the DAC controller's consistency check completed at 100% with no errors, and the driver reported no problems during boot. Is there anything that can be done to solve this and save the filesystem? Thanks, David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 4:47:26 2000 Delivered-To: freebsd-isp@freebsd.org Received: from dryctnath.mmu.ac.uk (dryctnath.mmu.ac.uk [149.170.190.134]) by hub.freebsd.org (Postfix) with ESMTP id 549BF37B401 for ; Thu, 30 Nov 2000 04:47:24 -0800 (PST) Received: from ghondr.mmu.ac.uk ([149.170.5.241]) by dryctnath.mmu.ac.uk with esmtp (Exim 3.13 #2) id 141T8F-0005YQ-00 for freebsd-isp@freebsd.org; Thu, 30 Nov 2000 12:48:11 +0000 Received: from MMU-HSS-GHONDR/SpoolDir by ghondr.mmu.ac.uk (Mercury 1.47); 30 Nov 00 12:47:18 +0100 Received: from SpoolDir by MMU-HSS-GHONDR (Mercury 1.47); 30 Nov 00 12:47:07 +0100 From: "Mr Saif Shad" <6694306x@mmu.ac.uk> Organization: Manchester Metropolitan University To: freebsd-isp@freebsd.org Date: Thu, 30 Nov 2000 12:47:06 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Help Message-ID: <3A264C49.12288.D4287@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been monitoring this list for 2 months and now have to do a project on this mailing list. However, I need a bit of information from you about yourselves in order for me to be able to complete the project. Could you help and tell me the following. 1. What motivates you to be on the list? 2.Does the list satisfy your declared function? 3.Could you give me some information on your social characteristics? (age, nationality, occupation) 4.What is the purpose of the list for you? 5.What other lists are you a member of? I know it's a lot to ask, but it would go a long way and help me very much in completing my degree. Best Wishes, Mr. Saif Shad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 4:55: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gate.trident-uk.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by hub.freebsd.org (Postfix) with ESMTP id 372D037B400 for ; Thu, 30 Nov 2000 04:55:06 -0800 (PST) Received: from [194.207.93.139] by gate.trident-uk.co.uk for freebsd-isp@freebsd.org id MAA26627; Thu Nov 30 12:55:03 2000 Organization: Psi-Domain Ltd. Subject: Re: Help Date: Thu, 30 Nov 2000 12:59:59 +0000 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <0011301300310J.00231@freefire.psi-domain.co.uk> Content-Transfer-Encoding: 8bit To: freebsd-isp@freebsd.org From: Jamie Heckford Reply-To: heckfordj@psi-domain.co.uk Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -- Jamie HeckfordOn Thu, 30 Nov 2000, you wrote: > I have been monitoring this list for 2 months and now have to do a > project on this mailing list. However, I need a bit of information > from you about yourselves in order for me to be able to complete > the project. Could you help and tell me the following. > > 1. What motivates you to be on the list? I receive lots of email and it makes me feel popular :) > > 2.Does the list satisfy your declared function? Yup > > 3.Could you give me some information on your social > characteristics? (age, nationality, occupation) XX, British, Chief Network Engineer > > 4.What is the purpose of the list for you? > > 5.What other lists are you a member of? hackers and stable > > I know it's a lot to ask, but it would go a long way and help me very > much in completing my degree. Good luck! > > Best Wishes, > > Mr. Saif Shad > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. =================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7779 646 529 =================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 7:28:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id EDF9737B400; Thu, 30 Nov 2000 07:28:38 -0800 (PST) Received: from localhost (traviso@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id IAA09380; Thu, 30 Nov 2000 08:28:37 -0700 (MST) Date: Thu, 30 Nov 2000 08:28:32 -0700 (MST) From: Travis {RapidSupport} To: freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 29 Nov 2000, Dan Babb wrote: > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? Probably the best thing for exactly what you are describing is called SNORT it's a light weight intrusion detection software called SNORT which you can get at: http://www.snort.org I can identify exactly what you are referring to in my logs. I also use an ipf firewall to block that which I ID with the IDS software. Here is a snippet of actual logs from snort on my machine: [begin log snippet] [**] Netbus/GabanBus [**] 09/20-21:11:08.683624 *.*.*.*:1891 -> *.*.*.*:12345 TCP TTL:64 TOS:0x0 ID:60113 DF S***** Seq: 0x750B7F5F Ack: 0x0 Win: 0x4000 TCP Options => MSS: 1460 [**] Traceroute ICMP [**] 09/20-22:26:12.133438 204.178.16.36 -> *.*.*.* ICMP TTL:1 TOS:0x0 ID:47254 ID:3699 Seq:13803 ECHO [**] SYN FIN Scan [**] 10/01-22:18:16.531398 203.41.93.253:21 -> *.*.*.*:21 TCP TTL:28 TOS:0x0 ID:39426 SF**** Seq: 0x205F74F Ack: 0x55003324 Win: 0x404 [**] PCAnywhere [**] 10/02-17:45:14.656264 *.*.*.*:1030 -> *.*.*.*:22 UDP TTL:125 TOS:0x0 ID:16896 Len: 10 [**] Backdoor-31337-shell [**] 11/20-16:43:17.064386 *.*.*.*:2286 -> *.*.*.*:31337 TCP TTL:64 TOS:0x0 ID:57979 DF S***** Seq: 0xDDD33B02 Ack: 0x0 Win: 0x4000 TCP Options => MSS: 1460 --- [end log snippet] As you can see I have *'d out the destination IP's (my servers) and some of the attackers IP's. While it creates these quick fingerprints of the attack it also holds more information on a per IP basis. Personally - I don't always have time to dig through the logs so I use "snort snarf" which takes the logs and creates a very nice web interface for tracking attacks and trends. Snort Snarf can be downloaded from the Snort website... Oh, did I mention this is free? =) Travis /* -=[ Travis Ogden ]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RapidNet Admin Team "Courage is not defined by those who Phone#: 605.341.3283 fought and did not fall, but by those ICQ#: 30220771 who fought, fell, and rose again." Mail: traviso@RapidNet.com Fax#: 605.348.1031 Web: www.RapidNet.com/~traviso 800#: 800.763.2525 ATTENTION! "RapidNet has moved to 330 Knollwood Drive, Rapid City, SD 57701." -=-=-=-=-=-=-=-=-=-=-=-=-=-[ traviso@rapidnet.com ]=-=-=-=-= */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 7:30:43 2000 Delivered-To: freebsd-isp@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 5B5B837B401; Thu, 30 Nov 2000 07:30:39 -0800 (PST) Received: from localhost (traviso@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id IAA10607; Thu, 30 Nov 2000 08:30:38 -0700 (MST) Date: Thu, 30 Nov 2000 08:30:38 -0700 (MST) From: Travis {RapidSupport} To: freebsd-isp@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, Travis {RapidSupport} wrote: > called SNORT it's a light weight intrusion detection software called SNORT ...proof that coffee is needed at all hours. Travis /* -=[ Travis Ogden ]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RapidNet Admin Team "Courage is not defined by those who Phone#: 605.341.3283 fought and did not fall, but by those ICQ#: 30220771 who fought, fell, and rose again." Mail: traviso@RapidNet.com Fax#: 605.348.1031 Web: www.RapidNet.com/~traviso 800#: 800.763.2525 ATTENTION! "RapidNet has moved to 330 Knollwood Drive, Rapid City, SD 57701." -=-=-=-=-=-=-=-=-=-=-=-=-=-[ traviso@rapidnet.com ]=-=-=-=-= */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 7:31:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.psknet.com (orion.psknet.com [63.171.251.4]) by hub.freebsd.org (Postfix) with SMTP id 128A837B401 for ; Thu, 30 Nov 2000 07:31:10 -0800 (PST) Received: (qmail 7403 invoked from network); 30 Nov 2000 15:31:03 -0000 Received: from arcadia.psknet.com (HELO arcadia) (63.171.251.7) by orion.psknet.com with SMTP; 30 Nov 2000 15:31:03 -0000 From: "Troy Settle" To: "Mr Saif Shad" <6694306x@mmu.ac.uk>, Subject: RE: Help Date: Thu, 30 Nov 2000 10:30:57 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <3A264C49.12288.D4287@localhost> Importance: Normal X-AntiVirus: scanned for viruses by Pulaski Networks (http://www.psknet.com) using AMaViS (http://www.amavis.org) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ** ** 1. What motivates you to be on the list? To share information, learn new things, help confuse utter newbies :) ** ** 2.Does the list satisfy your declared function? Most definately ** ** 3.Could you give me some information on your social ** characteristics? (age, nationality, occupation) 30-something, white american, ISP Owner ** ** 4.What is the purpose of the list for you? Uh... isn't this the same as question #1? ** ** 5.What other lists are you a member of? -questions, -stable (now and then), inet-access, isp-[ceo|marketing|outsourcing|wireless|equipment] ascend-users, php-db, qmailadmin, platypus-users, and a few others. -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 7:38:46 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 040A837B401 for ; Thu, 30 Nov 2000 07:38:43 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (2249 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Thu, 30 Nov 2000 09:36:47 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Thu, 30 Nov 2000 09:36:46 -0600 (CST) From: James Wyatt To: Udo Erdelhoff Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy In-Reply-To: <20001130004855.M30886@nathan.ruhr.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, Udo Erdelhoff wrote: > James Wyatt wrote some time ago: > > and user tar/cpio to transfer files. > These programs are the wrong tools to do it. They can be used to handle > regular files and {hard,soft} links but they will fail for device nodes, > sparse files and all the other nice features. Use dump, dump or dump: > > cd / > mount /new-root-partition /mnt > dump 0af - | (cd /mnt ; restore -rf -) > umount /mnt Thanks, due to ancient experiences with dump/restore on an old BSD VAX and a Tandy RS/6000, I've disliked dump by default, but this is a great use for it and I need to update my feelings about dump/restore. I usually use tar to move files and cpio to backup disks and MAKEDEV to build the devs on the new system. I like your solution better. That said, because you're using a -f and doing a while tree, I'd try: dump 0af - | (cd /mnt && restore -rf -) ^^ or, more likely: (cd /oldfilesysbase && dump 0af -) | (cd /mnt && restore -rf -) Anyone who types as badly as I do will *love* that the restore isn't done unless the cd works. Thanks for the other missing pieces. FWIW, I usually use "dangerously dedicated" on everything but multiboot laptops so the disklabel clue was great. > Murphy was an optimist. The first step is to create and verify a backup > on a reliable and removable medium. Like dd-ing it to another hard drive? (^_^) Oh yeah, the *tape* drive... Does anyone have bootable tape support on x86? The MakeSysB tape generation on AIX boxes rocks. There also used to be a SCO-usable product (CTar?) that made a tape and a boot floppy. Both worked well. Thanks again for the useful reply. Vielen dank! - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 7:52: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns1.i-p-d.nl (ns1.i-p-d.nl [208.239.240.129]) by hub.freebsd.org (Postfix) with ESMTP id AE5D037B400 for ; Thu, 30 Nov 2000 07:52:07 -0800 (PST) Received: from danny (xs02-098.support.nl [195.114.229.98]) by ns1.i-p-d.nl (8.9.3/8.9.3) with ESMTP id QAA05183 for ; Thu, 30 Nov 2000 16:48:08 +0100 (CET) (envelope-from danny@i-p-d.nl) From: danny@i-p-d.nl To: freebsd-isp@FreeBSD.ORG Date: Thu, 30 Nov 2000 16:51:17 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: dd Message-ID: <3A268585.2235.C400D6@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanx for all people responding to my posting. dd works fine ( dd if=/dev/ad0 of=/dev/ad1 ) Adding the additional disk space I will have to look into. Thanx again!! Met vriendelijke groeten, Danny Zwegers Unix SysAdmin (Spec:Domains) IPD Hosting & Design BV ------------------- WWW Hosting --------------------- http://www.i-p-d.nl Tel: 0165-571675 http://www.ipdhosting.com Fax: 0165-571710 http://www.domeinhosting.com Email: danny@i-p-d.nl http://www.secure.nl ------------------- WWW Design --------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 8: 4:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-177.n01.orldfl01.us.ra.verio.net [157.238.210.177]) by hub.freebsd.org (Postfix) with ESMTP id 94DB037B400 for ; Thu, 30 Nov 2000 08:04:51 -0800 (PST) Received: (from bill@localhost) by bilver.wjv.com (8.9.3/8.9.3) id LAA16876 for freebsd-isp@freebsd.org; Thu, 30 Nov 2000 11:04:50 -0500 (EST) (envelope-from bill) Date: Thu, 30 Nov 2000 11:04:42 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Subject: Re: Drive Copy Message-ID: <20001130110442.A16709@wjv.com> Reply-To: bv@bilver.wjv.com References: <20001130004855.M30886@nathan.ruhr.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Thu, Nov 30, 2000 at 09:36:46AM -0600 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Nov 30, 2000 at 09:36:46AM -0600, James Wyatt thus spoke: > On Thu, 30 Nov 2000, Udo Erdelhoff wrote: > > James Wyatt wrote some time ago: > > > and user tar/cpio to transfer files. > > These programs are the wrong tools to do it. They can be used to > > handle regular files and {hard,soft} links but they will fail > > for device nodes, sparse files and all the other nice features. > > Use dump, dump or dump: > > cd / > > mount /new-root-partition /mnt > > dump 0af - | (cd /mnt ; restore -rf -) > > umount /mnt > Thanks, due to ancient experiences with dump/restore on an old BSD > VAX and a Tandy RS/6000, I've disliked dump by default, .. Been there on the 6000. Can't say that I blame you one bit. > Does anyone have bootable tape support on x86? The MakeSysB tape > generation on AIX boxes rocks. There also used to be a SCO-usable > product (CTar?) that made a tape and a boot floppy. Both worked well. Ctar was the original - Mike Schwartz as I recall - the company was Unitrends. It's still around but it's decendants BackupEdge from Microlite and Lone-Tar from Cactus are quite popular. Edge supports boot from tape on the new HPs. They don't support the FreeBSD market. Lone-Tar supports FreeBSD. How well I'm not sure as I haven't installed my copy - I need to get my tape drive fixed first. I have seen no vendor which supports bootable disaster recovery software under FreeBSD, though LoneTar and BRU have bootable recovery disks for Linux. I've not used a current BRU - just on an old SGI so I can't tell you about that. I've used both BE and LT on client machines [primarily SCO] and they handle a complete backup, including all the /dev files, and empty directores, etc., properly. All commercial stuff. They do have downloads. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 8:41:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.mclink.it (net128-007.mclink.it [195.110.128.7]) by hub.freebsd.org (Postfix) with ESMTP id 2C89037B69B for ; Thu, 30 Nov 2000 08:41:45 -0800 (PST) Received: from net147-226.mclink.it (net147-226.mclink.it [195.110.147.226]) by mail1.mclink.it (8.9.3/8.9.0) with ESMTP id RAA21716; Thu, 30 Nov 2000 17:41:34 +0100 (CET) Date: Thu, 30 Nov 2000 17:44:44 +0100 From: Massimo Fubini X-Mailer: telnet host 25 X-Priority: 3 (Normal) Message-ID: <16234962935.20001130174444@aexis-telecom.it> To: Udo Erdelhoff Cc: freebsd-isp@FreeBSD.ORG, James Wyatt Subject: Re[2]: Drive Copy In-reply-To: <20001130004855.M30886@nathan.ruhr.de> References: <767440343.20001129142712@aexis-telecom.it> <20001130004855.M30886@nathan.ruhr.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Udo, I want to thank you and all the other that gave detailed answer for the question. I said it was "easy" because I thought the original poster had to copy two drive of the same size, and I did it to clone workstation. If the disk size are the same, copying disks is not difficult. I have never done it on disk of different size. I'm sorry if someone got offended by the word "easy" for this stuff. I didn't wont to be impolite.... -- Best regards, Massimo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 9:40:12 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.tcworks.net (ns.tcworks.net [216.61.218.2]) by hub.freebsd.org (Postfix) with ESMTP id EFF1337B401 for ; Thu, 30 Nov 2000 09:40:09 -0800 (PST) Received: from tcworks.net (stuck.sticky.org [216.61.218.6]) by ns.tcworks.net (8.9.2/8.9.2) with ESMTP id LAA65812; Thu, 30 Nov 2000 11:31:15 -0600 (CST) (envelope-from ccook@tcworks.net) Message-ID: <3A2690D8.BF01C7EE@tcworks.net> Date: Thu, 30 Nov 2000 11:39:36 -0600 From: Chris Cook X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Thomas Wahyudi Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Drive Copy References: <005d01c05a79$72e31040$2904020a@unpar.ac.id> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thomas Wahyudi wrote: > > hmm may be this trick will work ? > we use ghost to create 30 Freebsd Xwindows workstation > we just create image 1 HD and ghost it to another computer using muticast > session provided by ghost ?? you ghost FFS filesystems? -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 9:44:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id A520037B400; Thu, 30 Nov 2000 09:44:12 -0800 (PST) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id JAA44928; Thu, 30 Nov 2000 09:43:58 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200011301743.JAA44928@gndrsh.dnsmgr.net> Subject: Re: Danger Ports In-Reply-To: from Dan Babb at "Nov 29, 2000 08:45:03 pm" To: bdan@c-zone.net (Dan Babb) Date: Thu, 30 Nov 2000 09:43:57 -0800 (PST) Cc: jon_slivko@simphost.com (Jonathan M. Slivko), freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please do all the rest of us a favor and filter the packets to reserved networks, not just from them. > this is right out of the ACL for my core router.. > > ! reserved networks > access-list 110 deny ip 127.0.0.0 0.0.0.255 any log > access-list 110 deny ip 10.0.0.0 0.255.255.255 any log > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > access-list 110 deny ip 192.168.0.0 0.0.255.255 any log access-list 110 deny ip any 127.0.0.0 0.0.0.255 log access-list 110 deny ip any 10.0.0.0 0.255.255.255 log access-list 110 deny ip any 172.16.0.0 0.15.255.255 log access-list 110 deny ip any 172.31.0.0 0.0.255.255 log access-list 110 deny ip any 192.168.0.0 0.0.255.255 log -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 9:47:53 2000 Delivered-To: freebsd-isp@freebsd.org Received: from oasis.fireblue.com (oasis.fireblue.com [216.4.163.4]) by hub.freebsd.org (Postfix) with SMTP id 67A8C37B402 for ; Thu, 30 Nov 2000 09:47:45 -0800 (PST) Received: (qmail 23310 invoked by uid 1001); 30 Nov 2000 17:47:35 -0000 Date: Thu, 30 Nov 2000 19:47:35 +0200 From: Abraham vd Merwe To: FreeBSD ISP Related Questions Subject: Re: Danger Ports Message-ID: <20001130194735.A23238@oasis.fireblue.com> Mail-Followup-To: FreeBSD ISP Related Questions References: <200011301743.JAA44928@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011301743.JAA44928@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Thu, Nov 30, 2000 at 09:43:57 -0800 Organization: Frogfoot Networks X-Operating-System: Debian GNU/Linux oasis 2.2.17 i686 X-GPG-Public-Key: http://oasis.frogfoot.net/keys/frogfoot.gpg X-Uptime: 7:44pm up 4 days, 18:03, 9 users, load average: 0.00, 0.00, 0.00 X-Edited-With-Muttmode: muttmail.sl - 2000-11-20 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Rodney! > Please do all the rest of us a favor and filter the > packets to reserved networks, not just from them. > =20 > > this is right out of the ACL for my core router.. > >=20 > > ! reserved networks =20 > > access-list 110 deny ip 127.0.0.0 0.0.0.255 any log > > access-list 110 deny ip 10.0.0.0 0.255.255.255 any log > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > > access-list 110 deny ip 192.168.0.0 0.0.255.255 any log >=20 > access-list 110 deny ip any 127.0.0.0 0.0.0.255 log > access-list 110 deny ip any 10.0.0.0 0.255.255.255 log > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log > access-list 110 deny ip any 192.168.0.0 0.0.255.255 log Actually I have a more complete spoofing template for you: !! !! Spoofing ACL !! ! Deny any packets from the RFC 1918, IANA reserved, test, ! multicast as a source, and loopback netblocks to block ! attacks from commonly spoofed IP addresses. ! All zero, all one access-list 2000 deny ip 0.0.0.0 0.255.255.255 any access-list 2000 deny ip host 255.255.255.255 any ! Claims it came from the inside network, yet arrives on the ! outside (read: Internet) interface. Do not use this if CEF ! has been configured to take care of spoofing. access-list 2000 deny ip 216.4.163.0 0.0.0.63 any access-list 2000 deny ip 216.4.162.104 0.0.0.7 any access-list 2000 deny ip 216.5.193.128 0.0.0.7 any access-list 2000 deny ip 216.5.193.160 0.0.0.3 any ! IANA reserved access-list 2000 deny ip 1.0.0.0 0.255.255.255 any access-list 2000 deny ip 2.0.0.0 0.255.255.255 any ! Loopback access-list 2000 deny ip 127.0.0.0 0.255.255.255 any ! RFC 1918 access-list 2000 deny ip 10.0.0.0 0.255.255.255 any access-list 2000 deny ip 192.168.0.0 0.0.255.255 any access-list 2000 deny ip 172.16.0.0 0.15.255.255 any ! Link local reserved access-list 2000 deny ip 169.254.0.0 0.0.255.255 any ! IANA example network access-list 2000 deny ip 192.0.2.0 0.0.0.255 any ! Multicast access-list 2000 deny ip 224.0.0.0 15.255.255.255 any ! Experimental access-list 2000 deny ip 240.0.0.0 15.255.255.255 any ! Allow IP access to the intranet (firewall filters specific ports) access-list 2000 permit ip any 216.4.163.0 0.0.0.63 access-list 2000 permit ip any 216.4.162.104 0.0.0.7 access-list 2000 permit ip any 216.5.193.128 0.0.0.7 access-list 2000 permit ip any 216.5.193.160 0.0.0.3 ! Our explicit (read: logged) drop all rule access-list 2000 deny any any --=20 Regards Abraham Laws are like sausages. It's better not to see them being made. -- Otto von Bismarck ___________________________________________________ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 - Tel: +27 21 887 8703 Http: http://www.frogfoot.net Email: abz@frogfoot.net --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6JpK3V+L3lxo9wFURAmgfAJwIpASssV7L6dmzar/0HwQMfS1YpQCgklcL /NKc6qj+99t2UMpwsi9OcSs= =tAx9 -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 10:14:42 2000 Delivered-To: freebsd-isp@freebsd.org Received: from sun2.siteone.net (ns2.site-one.com [209.246.218.67]) by hub.freebsd.org (Postfix) with ESMTP id 02D1D37B401 for ; Thu, 30 Nov 2000 10:14:39 -0800 (PST) Received: from David (wan104.siteone.net [209.246.218.40]) by sun2.siteone.net (8.9.3/8.9.3) with SMTP id NAA07744 for ; Thu, 30 Nov 2000 13:15:18 -0500 From: "David Lawson" To: Subject: Email Monitoring Date: Thu, 30 Nov 2000 13:14:52 -0500 Message-ID: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0057_01C05ACF.8694C240" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0057_01C05ACF.8694C240 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit I have a client that would like to monitor all the incoming and outgoing email for his business. Does anyone know of a way to do this. They will have their own domain name. David L. Lawson Technical Support Manager Partner Alliance Director Site One Networks, Inc. 302-337-8800 Phone 800-354-5434 Toll Free 302-337-3915 Fax ------=_NextPart_000_0057_01C05ACF.8694C240 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have a client that would like to monitor = all the=20 incoming and outgoing email for his business. = Does=20 anyone know of a way to do this. They will have their own domain=20 name.
 

David L. Lawson
Technical Support = Manager
Partner Alliance=20 Director
Site One Networks, Inc.
302-337-8800 = Phone
800-354-5434 Toll=20 Free
302-337-3915 Fax

 
------=_NextPart_000_0057_01C05ACF.8694C240-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 10:42:16 2000 Delivered-To: freebsd-isp@freebsd.org Received: from kira.epconline.net (kira.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id DD8F837B400 for ; Thu, 30 Nov 2000 10:42:11 -0800 (PST) Received: from therock (betterguard.epconline.net [209.83.132.193]) by kira.epconline.net (8.9.3/8.9.3) with SMTP id MAA75603 for ; Thu, 30 Nov 2000 12:42:09 -0600 (CST) From: "Chuck Rock" To: Subject: RE: Email Monitoring Date: Thu, 30 Nov 2000 12:44:38 -0600 Message-ID: <002b01c05afd$97ede570$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002C_01C05ACB.4D537570" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_002C_01C05ACB.4D537570 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit You could set up an alias for each of their users so that incoming E-mail goes to both the user and the administrator, but that doesn't cover outgoing E-mail. A Perl script to scan the mail log for each of your users that would run on a nightly basis would be a way to monitor outgoing recipients, but actually intercepting content of outgoing E-mail would require a separate application to interface with Sendmail or some other mail server program you intend on using. My ideas, Chuck -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of David Lawson Sent: Thursday, November 30, 2000 12:15 PM To: freebsd-isp@FreeBSD.ORG Subject: Email Monitoring I have a client that would like to monitor all the incoming and outgoing email for his business. Does anyone know of a way to do this. They will have their own domain name. David L. Lawson Technical Support Manager Partner Alliance Director Site One Networks, Inc. 302-337-8800 Phone 800-354-5434 Toll Free 302-337-3915 Fax ------=_NextPart_000_002C_01C05ACB.4D537570 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
You=20 could set up an alias for each of their users so that incoming E-mail = goes to=20 both the user and the administrator, but that doesn't cover outgoing=20 E-mail.
 
A Perl=20 script to scan the mail log for each of your users that would run on a = nightly=20 basis would be a way to monitor outgoing recipients, but actually = intercepting=20 content of outgoing E-mail would require a separate application to = interface=20 with Sendmail or some other mail server program you intend on=20 using.
 
My=20 ideas,
Chuck
-----Original Message-----
From:=20 owner-freebsd-isp@FreeBSD.ORG = [mailto:owner-freebsd-isp@FreeBSD.ORG]On=20 Behalf Of David Lawson
Sent: Thursday, November 30, 2000 = 12:15=20 PM
To: freebsd-isp@FreeBSD.ORG
Subject: Email=20 Monitoring

I have a client that would like to monitor = all the=20 incoming and outgoing email for his business. = Does=20 anyone know of a way to do this. They will have their own domain=20 name.
 

David L. Lawson
Technical Support = Manager
Partner=20 Alliance Director
Site One Networks, Inc.
302-337-8800=20 Phone
800-354-5434 Toll Free
302-337-3915 Fax

 
------=_NextPart_000_002C_01C05ACB.4D537570-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 12:54:48 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id C9A8D37B401 for ; Thu, 30 Nov 2000 12:54:46 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (1239 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Thu, 30 Nov 2000 14:53:07 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Thu, 30 Nov 2000 14:53:03 -0600 (CST) From: James Wyatt To: David Lawson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Email Monitoring In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, David Lawson wrote: > I have a client that would like to monitor all the incoming and outgoing > email for his business. Does anyone know of a way to do this. They will have > their own domain name. Does "monitor" mean uptime/availability of the server, or an interception of email traffic for monitoring or auditing? Monitoring is easy and provided by several outside vendors. A logjam of outgoing email is usually easy to spot by the building mail queue. Interception can be easier if you don't allow *any* port 25 outbound connections and maybe the pop3 port. 3rd party Webmail is trickier, but you can block the domains via proxy. Hope this helps - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 12:57:18 2000 Delivered-To: freebsd-isp@freebsd.org Received: from alpha.simphost.com (unknown [216.253.163.10]) by hub.freebsd.org (Postfix) with ESMTP id B0C8637B400 for ; Thu, 30 Nov 2000 12:57:15 -0800 (PST) Received: by alpha.simphost.com (Postfix, from userid 1060) id A106466B0A; Thu, 30 Nov 2000 13:57:26 -0700 (MST) Received: from localhost (localhost [127.0.0.1]) by alpha.simphost.com (Postfix) with ESMTP id 9C4A262D03; Thu, 30 Nov 2000 13:57:26 -0700 (MST) Date: Thu, 30 Nov 2000 13:57:26 -0700 (MST) From: "Jonathan M. Slivko" To: James Wyatt Cc: David Lawson , freebsd-isp@FreeBSD.ORG Subject: Re: Email Monitoring In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please correct me if i'm wrong in assuming that the client would like to log all his e-mail accounts for his review for inappropriate, non-buisness e-mail, etc. If i'm not on the right track, please let me know. ---- Jonathan M. Slivko Technical Support, CoreSync Corporation (http://www.coresync.net) Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) Pager/Voicemail: (917) 388-5304 ---- On Thu, 30 Nov 2000, James Wyatt wrote: > On Thu, 30 Nov 2000, David Lawson wrote: > > I have a client that would like to monitor all the incoming and outgoing > > email for his business. Does anyone know of a way to do this. They will have > > their own domain name. > > Does "monitor" mean uptime/availability of the server, or an interception > of email traffic for monitoring or auditing? Monitoring is easy and > provided by several outside vendors. A logjam of outgoing email is usually > easy to spot by the building mail queue. Interception can be easier if you > don't allow *any* port 25 outbound connections and maybe the pop3 port. > 3rd party Webmail is trickier, but you can block the domains via proxy. > > Hope this helps - Jy@ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 12:59: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.ruhr.de (in-ruhr3.ruhr.de [212.23.134.2]) by hub.freebsd.org (Postfix) with SMTP id D3E2337B698 for ; Thu, 30 Nov 2000 12:58:59 -0800 (PST) Received: (qmail 10873 invoked by alias); 30 Nov 2000 21:00:47 -0000 Received: (from ue@localhost) by nathan.ruhr.de (8.11.0/8.11.0) id eAUJVLw66331 for freebsd-isp@freebsd.org; Thu, 30 Nov 2000 20:31:21 +0100 (CET) (envelope-from ue) Date: Thu, 30 Nov 2000 20:31:21 +0100 From: Udo Erdelhoff To: FreeBSD ISP Related Questions Subject: Re: Danger Ports Message-ID: <20001130203120.T30886@nathan.ruhr.de> Mail-Followup-To: FreeBSD ISP Related Questions References: <200011301743.JAA44928@gndrsh.dnsmgr.net> <20001130194735.A23238@oasis.fireblue.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001130194735.A23238@oasis.fireblue.com>; from abz@frogfoot.net on Thu, Nov 30, 2000 at 07:47:35PM +0200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Nov 30, 2000 at 07:47:35PM +0200, Abraham vd Merwe wrote: > ! IANA example network > access-list 2000 deny ip 192.0.2.0 0.0.0.255 any You may want to add ! SUN example network access-list 2000 deny ip 192.9.200.0 0.0.0.255 any This block is delegated to SUN and it's used as the example network within the SunOS 4.0 documentation (those were the days). The docs contain the following phrase: "If you need a network for internal use only, you may use 192.9.200.* for this purpose. This network belongs to SUN and it will never be routed to the public networks" (or words to that effect, it's been some time) /s/Udo -- "Good, bad, I'm the guy with the gun" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 14:12:40 2000 Delivered-To: freebsd-isp@freebsd.org Received: from blotto.phreak.net (blotto.phreak.net [207.250.188.230]) by hub.freebsd.org (Postfix) with ESMTP id 9CA8C37B400 for ; Thu, 30 Nov 2000 14:12:37 -0800 (PST) Received: from phreak.net (localhost.phreak.net [127.0.0.1]) by blotto.phreak.net (Postfix) with SMTP id 8471E9EE01; Thu, 30 Nov 2000 16:09:07 -0600 (CST) Received: from 207.250.66.46 (SquirrelMail authenticated user operator) by mail.phreak.net with HTTP; Thu, 30 Nov 2000 16:09:16 -0600 (CST) Message-ID: <1655.207.250.66.46.975622156.squirrel@mail.phreak.net> Date: Thu, 30 Nov 2000 16:09:16 -0600 (CST) Subject: Re: Drive Copy From: "Operator" To: bv@bilver.wjv.com In-Reply-To: <20001130110442.A16709@wjv.com> References: <20001130110442.A16709@wjv.com> Cc: freebsd-isp@freebsd.org X-Mailer: SquirrelMail (version 0.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Does anyone have bootable tape support on x86? The MakeSysB tape > > generation on AIX boxes rocks. There also used to be a SCO-usable > > product (CTar?) that made a tape and a boot floppy. Both worked well. > > Ctar was the original - Mike Schwartz as I recall - the company was > Unitrends. It's still around but it's decendants BackupEdge from > Microlite and Lone-Tar from Cactus are quite popular. > > Edge supports boot from tape on the new HPs. They don't support > the FreeBSD market. Lone-Tar supports FreeBSD. How well I'm not > sure as I haven't installed my copy - I need to get my tape drive > fixed first. I have seen no vendor which supports bootable > disaster recovery software under FreeBSD, though LoneTar and BRU > have bootable recovery disks for Linux. Funny you mention Unitrends software, they actually make a product called Backup Professional ( http://www.unitrends.com/bp.html ) which supports x86 booting from floppy along with tons of other neat features. I was doing a lot of looking around for a package that'll let me backup various platforms and from what I've found Backup Pro is about the only one that'll deal with all my platforms. I purchased the software, but as of yet haven't installed it since I've been waiting my my library to show up (which did yesterday!) so hopefully in the next little while I'll be able to give it a go and see how it actually works.. If you're interested feel free to drop me an email and I'll keep you in the loop.. Regards, -- Operator operator@phreak.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 14:31: 1 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mx01-a.netapp.com (unknown [198.95.226.53]) by hub.freebsd.org (Postfix) with ESMTP id C37D337B400 for ; Thu, 30 Nov 2000 14:30:57 -0800 (PST) Received: from frejya.corp.netapp.com (frejya.corp.netapp.com [10.10.20.91]) by mx01-a.netapp.com (8.11.0/8.11.0/NTAP-1.0) with ESMTP id eAUMTxJ19342; Thu, 30 Nov 2000 14:30:00 -0800 (PST) Received: from tooting.eng.netapp.com (localhost [127.0.0.1]) by frejya.corp.netapp.com (8.11.0/8.11.0/NTAP-1.1) with ESMTP id eAUMTdC12370; Thu, 30 Nov 2000 14:29:55 -0800 (PST) Received: (from guy@localhost) by tooting.eng.netapp.com (8.8.8+Sun/8.8.8) id OAA16145; Thu, 30 Nov 2000 14:29:26 -0800 (PST) From: Guy Harris Message-Id: <200011302229.OAA16145@tooting.eng.netapp.com> Subject: Re: tcpdump & user-ppp/tunX. Ethereal ? To: Stanley.Hopcroft@ipaustralia.gov.au Date: Thu, 30 Nov 2000 14:29:26 -0800 (PST) Cc: rowan@sensation.net.au, freebsd-isp@freebsd.org X-Mailer: ELM [version 2.4ME++ PL59 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I am writing to say that ethereal (http://www.zing.org aka > http://www.ethereal.com/) is a very nice seven layer packet decoder > that may be suitable if you need nasty link layer stuff. > > There is a FreeBSD port of it, and while for my moneys worth, tcpdump > with ASCII decode patches (he he), Note that at least some ASCII display is done by the current version of tcpdump in CVS - see http://www.tcpdump.org/ (nightly snapshots of the CVS source are available from there as tarballs). I forget whether the most recent tcpdump.org release (3.5.2) has it or not. As for the original question that started this thread: The "-e" flag isn't a "show packet size" option, it's a "show the link-level header" options; from the man page (this is the tcpdump 3.4 man page, but others should say the same thing): -e Print the link-level header on each dump line. At least in the FreeBSD 3.4 source, the "tun" devices register themselves with BPF as DLT_NULL devices. Tcpdump 3.4's link-layer print header for DLT_NULL does *nothing* if "-n" is specified, so the options in the example: velvet# tcpdump -qenli tun0 will cause "-e" to do nothing. The *PPP* link-layer printer in the FreeBSD 3.4 source appears to print a packet length, when "-e" is used, for "BSD/OS PPP", but you'd only see that, I suspect, on, well, BSD/OS. I don't see any indication that it would print the length on "standard" PPP, but I may have missed something. For some other link-layers, e.g. Ethernet, the "-e" flag does cause a link-layer header, plus the packet length, to be printed. Another problem is that "tunX" devices being DLT_NULL will confuse tcpdump if the link-layer header isn't 4 bytes of AF_ value specifying the protocol used by the payload; if, for example, it's a PPP header, tcpdump will probably get greatly confused in other ways. A while ago, I put a hack into Ethereal to cause it not to trust that DLT_NULL captures have an AF_ type as the link-layer header, and to check for what appears to be a PPP header and, if it finds it, treat the capture as a PPP capture. If Ethereal, when capturing on a tunX device, reports the packet size correctly, but tcpdump doesn't, that's probably the source of the problem; tcpdump is probably just completely confused about the type of packets it's seeing. I still have a capture of that sort which I got when the DLT_NULL-capture-with-PPP-header problem was reported on one of the Ethereal mailing lists (that being what provoked the addition of the aforementioned hack); I shall look into putting an equivalent hack into tcpdump, sigh (it'd show up in the current CVS version). (It might be Really Nice if there were, say, an "ioctl" that could be done on "tunX" devices to set the DLT_ type of the device to something other than DLT_NULL, and if programs using it for, say, user-mode PPP set the DLT_ type appropriately.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 15: 3:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 958EB37B400; Thu, 30 Nov 2000 15:03:36 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id MAA03519; Fri, 1 Dec 2000 12:03:14 +1300 (NZDT) Date: Fri, 1 Dec 2000 12:03:14 +1300 (NZDT) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: "Jonathan M. Slivko" Cc: John Howie , freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Back Orifice et al are only dangerous ports if you are listening to those ports. Seems unlikely you'd do that under FreeBSD. You might want to block packets to these ports on other machines of course, but that has nothing to do with FreeBSD's security. Andrew McNaughton On Wed, 29 Nov 2000, Jonathan M. Slivko wrote: > Date: Wed, 29 Nov 2000 19:08:09 -0700 (MST) > From: "Jonathan M. Slivko" > To: John Howie > Cc: freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG > Subject: Re: Danger Ports > > I am referring to the Back Orifice, Trinoo server ports, etc. Where can I > get my hands on a list of those port #'s? or are there any utilities that > act as those servers and log all attempts in hopes of catching those users > who will no doubt try and take advantage of an open system? > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Wed, 29 Nov 2000, John Howie wrote: > > > Jonathan, > > > > Rather than denying access to certain ports on your system, and allowing > > access to the rest, you might find it easier to think in the reverse - What > > ports do I need to leave open to outside (presumably Internet) users? > > > > The answer to that question depends on the needs of your outside users. You > > will probably need to allow SSH access, and I would suggest that you get > > users to use SCP instead of FTP (unless you have a public FTP site that > > allows anonymous connections). You might also need to open up access to SMTP > > and POP3 services for mail (while ensuring that your site can't be used as a > > mail relay). DNS is another service that you might need to provide access > > to. > > > > If users need access to so-called dangerous services such as X, printer, > > NFS, NIS, SNMP, etc. then I would look for a VPN solution that brings them > > into your network through the firewall and allows them to access these > > services as an internal user. > > > > O'Reilly does a good book on Firewall Security, I suggest that you get it > > and have a read. CERT also has a good document on packet filtering > > (http://www.cert.org). Also, check the FreeBSD handbook or The Complete > > FreeBSD for more information about setting up firewalls on FreeBSD systems. > > > > Hope this helps, > > > > john... > > > > ----- Original Message ----- > > From: "Jonathan M. Slivko" > > To: > > Cc: > > Sent: Wednesday, November 29, 2000 5:23 PM > > Subject: Danger Ports > > > > > > > Can someone tell me what are the "danger" ports on FreeBSD, ports that > > > perhaps need to be blocked because they are insecure? I would like to know > > > so in the future, I can prevent outside attacks and concentrate more on > > > internal attacks, or "insider jobs" as they're called. > > > > > > ---- > > > Jonathan M. Slivko > > > Technical Support, CoreSync Corporation (http://www.coresync.net) > > > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > > > Pager/Voicemail: (917) 388-5304 > > > ---- > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Andrew McNaughton Scoop Media Ltd andrew@scoop.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 15: 9:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-89.n01.orldfl01.us.ra.verio.net [157.238.210.89]) by hub.freebsd.org (Postfix) with ESMTP id 6720E37B404 for ; Thu, 30 Nov 2000 15:09:09 -0800 (PST) Received: (from bill@localhost) by bilver.wjv.com (8.9.3/8.9.3) id RAA19704 for freebsd-isp@freebsd.org; Thu, 30 Nov 2000 17:52:13 -0500 (EST) (envelope-from bill) Date: Thu, 30 Nov 2000 17:50:45 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Subject: Re: Drive Copy Message-ID: <20001130175044.B19547@wjv.com> Reply-To: bv@bilver.wjv.com References: <20001130110442.A16709@wjv.com> <1655.207.250.66.46.975622156.squirrel@mail.phreak.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1655.207.250.66.46.975622156.squirrel@mail.phreak.net>; from operator@phreak.net on Thu, Nov 30, 2000 at 04:09:16PM -0600 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Nov 30, 2000 at 04:09:16PM -0600, Operator thus spoke: > > > Does anyone have bootable tape support on x86? The MakeSysB > > > tape generation on AIX boxes rocks. There also used to be a > > > SCO-usable product (CTar?) that made a tape and a boot floppy. > > > Both worked well. > > Ctar was the original - Mike Schwartz as I recall - the company was > > Unitrends. It's still around but it's decendants BackupEdge from > > Microlite and Lone-Tar from Cactus are quite popular. > > Edge supports boot from tape on the new HPs. They don't support > > the FreeBSD market. Lone-Tar supports FreeBSD. How well I'm not > > sure as I haven't installed my copy - I need to get my tape drive > > fixed first. I have seen no vendor which supports bootable > > disaster recovery software under FreeBSD, though LoneTar and BRU > > have bootable recovery disks for Linux. > Funny you mention Unitrends software, they actually make a product > called Backup Professional ( http://www.unitrends.com/bp.html ) > which supports x86 booting from floppy along with tons of > other neat features. Well not really funny if you know the history. About 2 years ago I lent Steve [on the net of course] and SGI Indy he could compile the latest SGI version of Lone-Tar. Are you saying the the BP from Unitrends supports floppy boot recovery for BSD? All three of the programs support the 'mainstream' Unix systems and an emergency boot floppy for many of them. > I was doing a lot of looking around for a package that'll let me > backup various platforms and from what I've found Backup Pro > is about the only one that'll deal with all my platforms. In that case I'll bet Cactus has most of those too because Steve [at Unitrends] and Jeff [at cactus.com - aka LoneTar] work closely together. > If you're interested feel free to drop me an email and I'll keep > you in the loop.. Not really neccesary since I know the people involved at the three based on the original Ctar. I've only corresponded by mail with XXX at BRU. Up until about 3 years ago I supported many small business machines, primarily on SCO, and one of the products is always on any machines I support. One client thought the price was a bit stiff, until I had to reload is SCO on his AT&T/Olivettie three times - because it turned out a flaky controller or motherboard. Bizarre machine with far too many daughter cards. Stick in the floppy - and 5 minutes later be loading from tape. He also was there when I did the first raw install and he saw that the price [$300 as I recall] more than paid for itself. All the machine are also running bit-level verifies to a bit by bit compare of tape contents with what is on the hard drive after the backup. Don't see an error that way often, but everyone once in a while a bit get corrupted somewhere along the line. Nice to know it immediately after backup instead of when you need the tape. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 16:14:17 2000 Delivered-To: freebsd-isp@freebsd.org Received: from sun2.siteone.net (ns2.site-one.com [209.246.218.67]) by hub.freebsd.org (Postfix) with ESMTP id 35E6537B400 for ; Thu, 30 Nov 2000 16:14:10 -0800 (PST) Received: from David (wan104.siteone.net [209.246.218.40]) by sun2.siteone.net (8.9.3/8.9.3) with SMTP id TAA20692; Thu, 30 Nov 2000 19:14:46 -0500 From: "David Lawson" To: Cc: , "Jonathan M. Slivko" Subject: RE: Email Monitoring Date: Thu, 30 Nov 2000 19:14:16 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My client wants to intercept his employees email traffic for monitoring and auditing. He wants to make sure the email is not being used for personal use and he also wants to make sure that his employees are not making promises to customers that they can't keep. I'm not sure what type of business it is but they exchange allot of sensitive material. David L. Lawson Technical Support Manager Partner Alliance Director Site One Networks, Inc. 302-337-8800 Phone 800-354-5434 Toll Free 302-337-3915 Fax -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jonathan M. Slivko Sent: Thursday, November 30, 2000 3:57 PM To: James Wyatt Cc: David Lawson; freebsd-isp@FreeBSD.ORG Subject: Re: Email Monitoring Please correct me if i'm wrong in assuming that the client would like to log all his e-mail accounts for his review for inappropriate, non-buisness e-mail, etc. If i'm not on the right track, please let me know. ---- Jonathan M. Slivko Technical Support, CoreSync Corporation (http://www.coresync.net) Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) Pager/Voicemail: (917) 388-5304 ---- On Thu, 30 Nov 2000, James Wyatt wrote: > On Thu, 30 Nov 2000, David Lawson wrote: > > I have a client that would like to monitor all the incoming and outgoing > > email for his business. Does anyone know of a way to do this. They will have > > their own domain name. > > Does "monitor" mean uptime/availability of the server, or an interception > of email traffic for monitoring or auditing? Monitoring is easy and > provided by several outside vendors. A logjam of outgoing email is usually > easy to spot by the building mail queue. Interception can be easier if you > don't allow *any* port 25 outbound connections and maybe the pop3 port. > 3rd party Webmail is trickier, but you can block the domains via proxy. > > Hope this helps - Jy@ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 16:21:39 2000 Delivered-To: freebsd-isp@freebsd.org Received: from axis.tdd.lt (axis.tdd.lt [193.219.211.5]) by hub.freebsd.org (Postfix) with ESMTP id 9975E37B400 for ; Thu, 30 Nov 2000 16:21:35 -0800 (PST) Received: from localhost (midom@localhost) by axis.tdd.lt (8.11.1/8.11.1) with ESMTP id eB10LW489798 for ; Fri, 1 Dec 2000 02:21:32 +0200 (EET) Date: Fri, 1 Dec 2000 02:21:32 +0200 (EET) From: Domas Mituzas X-Sender: midom@axis.tdd.lt To: freebsd-isp@freebsd.org Subject: Re: Email Monitoring In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > I have a client that would like to monitor all the incoming and outgoing > email for his business. Does anyone know of a way to do this. They will have > their own domain name. I have experience in sendmail/qmail, and I find that both systems allow logging all incoming/outgoing email (qmail after recompile has special handler). All those questions are described in FAQ's of theese products. Moreover, you should also redirect all outgoing smtp traffic to the smarthost (all modern firewalling systems may do that). And, don't forget the submission capability on sendmail (it opens another port, you'd care about that). -- Domas sysadmin, delfi.lt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 16:31:48 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns1.walls-media.com (ns1.walls-media.com [206.166.197.1]) by hub.freebsd.org (Postfix) with ESMTP id 2F61937B400 for ; Thu, 30 Nov 2000 16:31:42 -0800 (PST) Received: from ntwksbry ([206.166.197.58]) by ns1.walls-media.com (Post.Office MTA Undefined release Undefined ID# 0-67172U100L2S100V35) with SMTP id com; Thu, 30 Nov 2000 18:31:02 -0600 From: "Bryan Bunch" To: "David Lawson" , Subject: RE: Email Monitoring Date: Thu, 30 Nov 2000 18:31:35 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Procmail is a good tool to forward incoming email to multiple boxes. See: http://www.ling.helsinki.fi/users/reriksso/procmail/mini-faq.html#forward-copy (Sorry if the above wrapped) and http://www.procmail.org Found in the ports tree under /ports/mail/procmail/ Bryan > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of David Lawson > Sent: Thursday, November 30, 2000 6:14 PM > To: freebsd-isp@FreeBSD.ORG > Cc: jwyatt@rwsystems.net; Jonathan M. Slivko > Subject: RE: Email Monitoring > > > My client wants to intercept his employees email traffic for monitoring and > auditing. He wants to make sure the email is not being used for personal use > and he also wants to make sure that his employees are not making promises to > customers that they can't keep. I'm not sure what type of business it is but > they exchange allot of sensitive material. > > > > David L. Lawson > Technical Support Manager > Partner Alliance Director > Site One Networks, Inc. > 302-337-8800 Phone > 800-354-5434 Toll Free > 302-337-3915 Fax > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Jonathan M. Slivko > Sent: Thursday, November 30, 2000 3:57 PM > To: James Wyatt > Cc: David Lawson; freebsd-isp@FreeBSD.ORG > Subject: Re: Email Monitoring > > > Please correct me if i'm wrong in assuming that the client would like to > log all his e-mail accounts for his review for inappropriate, non-buisness > e-mail, etc. If i'm not on the right track, please let me know. > > ---- > Jonathan M. Slivko > Technical Support, CoreSync Corporation (http://www.coresync.net) > Team Leader, SecureIRC Project (http://secureirc.sourceforge.net) > Pager/Voicemail: (917) 388-5304 > ---- > > On Thu, 30 Nov 2000, James Wyatt wrote: > > > On Thu, 30 Nov 2000, David Lawson wrote: > > > I have a client that would like to monitor all the incoming and outgoing > > > email for his business. Does anyone know of a way to do this. They will > have > > > their own domain name. > > > > Does "monitor" mean uptime/availability of the server, or an interception > > of email traffic for monitoring or auditing? Monitoring is easy and > > provided by several outside vendors. A logjam of outgoing email is usually > > easy to spot by the building mail queue. Interception can be easier if you > > don't allow *any* port 25 outbound connections and maybe the pop3 port. > > 3rd party Webmail is trickier, but you can block the domains via proxy. > > > > Hope this helps - Jy@ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 17:47:22 2000 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id 73CE537B400 for ; Thu, 30 Nov 2000 17:47:17 -0800 (PST) Received: (from enno@localhost) by metva.com.au id MAA14864 for freebsd-isp@FreeBSD.ORG; Fri, 1 Dec 2000 12:47:00 +1100 (EST) From: Enno Davids Message-Id: <200012010147.MAA14864@metva.com.au> Subject: Re: Email Monitoring To: freebsd-isp@FreeBSD.ORG Date: Fri, 1 Dec 2000 12:47:00 +1100 (EST) X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org | You could set up an alias for each of their users so that incoming E-mail | goes to both the user and the administrator, but that doesn't cover outgoing | E-mail. | | A Perl script to scan the mail log for each of your users that would run on | a nightly basis would be a way to monitor outgoing recipients, but actually | intercepting content of outgoing E-mail would require a separate application | to interface with Sendmail or some other mail server program you intend on | using. You can do this with SMTPD if you want. If you don't know it SMTPD is, primarily aimed at people who want to get away from the sendmail bug of the month club (which is admittedly much less of a problem now than some years back). It also has good control over non-relaying and who gets to use your service. The idea is to have an inet spawned service which does SMTP _only_ and saves to a chrooted spool area. A delivery daemon picks up the spooled email and drops it in your real mailer for delivery (i.e. you can still use sendmail and its great flexibility to do delivery for you). For this purpose though it pays to know that the delivery can be made through an arbitrary mailer program (but one which supports a small subset of sendmail's command line arguments and has similar return codes is easiest). This means you can write a script which copies out those emails from the client being monitored and then does delivery and substitute it for the straight call to /usr/lib/sendmail. You may need to recompile to change the delivery agent though. Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 20:54:58 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 7E12E37B400 for ; Thu, 30 Nov 2000 20:54:56 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (1528 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Thu, 30 Nov 2000 22:54:19 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Thu, 30 Nov 2000 22:54:08 -0600 (CST) From: James Wyatt To: David Lawson Cc: freebsd-isp@FreeBSD.ORG, "Jonathan M. Slivko" Subject: RE: Email Monitoring In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, David Lawson wrote: > My client wants to intercept his employees email traffic for monitoring and > auditing. He wants to make sure the email is not being used for personal use > and he also wants to make sure that his employees are not making promises to > customers that they can't keep. I'm not sure what type of business it is but > they exchange allot of sensitive material. Then ensure they talk to their counsel about a document retention policy and set expiration dates. While I can't say I have a customer doing this via a holding queue and some scripting, it doesn't mean I don't. (^_^) The amount of data this can generate can be considerable, but it is a great way to search attachments when you hear of a new virus and you can make daily nuggets as gzipped-tarballs with a script that will also delete them after 30-90 days. But we digress from FreeBSD - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 21: 4:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 59DC537B400 for ; Thu, 30 Nov 2000 21:04:11 -0800 (PST) Received: from admin.westbend.net (admin.westbend.net [209.224.254.141]) (authenticated) by mail.westbend.net (8.11.1/8.11.1) with ESMTP id eB1546d90841; Thu, 30 Nov 2000 23:04:07 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <00ae01c05b54$1f20d600$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "InvictaNet Customer Support" , "Freebsd-ISP" References: Subject: Re: sendmail 8.11.1 and cyrus sasl Date: Thu, 30 Nov 2000 23:04:01 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "InvictaNet Customer Support" > I am slowly getting somewhere with my "AUTH" problem. I have now discovered > that it is a method thing. > > Using Eudora as the client, the AUTH works fine so it is b....y Microsoft > that is causing the problem. PLAIN seems to be working ok, it is LOGIN that > is not available. > > The list of clients by Alexey Melnikov. > http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html shows that > Outlook only supports LOGIN (from my list of availables). > > Any suggestions?? > Do you have the following in your sendmail.mc file? TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl Try telneting to the smtp port of your server, you should get a response as shown below: mail# telnet mail 25 Trying 209.224.254.131... Connected to mail.westbend.net. Escape character is '^]'. 220 mail.westbend.net ESMTP Sendmail 8.11.1/8.11.1; Thu, 30 Nov 2000 20:18:40 -0600 (CST) Enter "ehlo " ehlo mail 250-mail.westbend.net Hello ns1.westbend.net [209.224.254.131], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250 HELP If your not getting LOGIN, then check /usr/local/lib/sasl for liblogin.so. If this file doesn't exist, did you configure the SASL sources with "--enable-login". The security/cyrus-sasl enables LOGIN by default, did you use the port? Also, the port installs the sasldb file as cyrus:mail, you need to change it to cyrus:wheel, otherwise the maillog will show: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied Does anyone know how to get sendmail to run as group mail, instead of group wheel? I tried adding root to the mail group but that didn't work. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 22:16:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 3928037B400; Thu, 30 Nov 2000 22:16:42 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 30 Nov 2000 22:15:05 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eB16GVh13992; Thu, 30 Nov 2000 22:16:31 -0800 (PST) (envelope-from cjc) Date: Thu, 30 Nov 2000 22:16:31 -0800 From: "Crist J . Clark" To: "Rodney W. Grimes" Cc: Dan Babb , "Jonathan M. Slivko" , freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports Message-ID: <20001130221631.E99903@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200011301743.JAA44928@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200011301743.JAA44928@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Thu, Nov 30, 2000 at 09:43:57AM -0800 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Nov 30, 2000 at 09:43:57AM -0800, Rodney W. Grimes wrote: [snip] > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log Is it me? Isn't the second network in each a subset of the first? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 22:24: 5 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 08EC237B400; Thu, 30 Nov 2000 22:24:00 -0800 (PST) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id WAA46764; Thu, 30 Nov 2000 22:23:33 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200012010623.WAA46764@gndrsh.dnsmgr.net> Subject: Re: Danger Ports In-Reply-To: <20001130221631.E99903@149.211.6.64.reflexcom.com> from "Crist J . Clark" at "Nov 30, 2000 10:16:31 pm" To: cjclark@alum.mit.edu Date: Thu, 30 Nov 2000 22:23:33 -0800 (PST) Cc: bdan@c-zone.net (Dan Babb), jon_slivko@simphost.com (Jonathan M. Slivko), freebsd-security@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Thu, Nov 30, 2000 at 09:43:57AM -0800, Rodney W. Grimes wrote: > > [snip] > > > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > > > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log > > Is it me? Isn't the second network in each a subset of the first? Whooopss... I didn't even read the access-list that close, and your right the 172.31.0.0 is infact a subset of the 172.16.0.0 rule. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 22:26:42 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.sheltonbbs.com (unknown [206.196.109.2]) by hub.freebsd.org (Postfix) with SMTP id 5920837B400 for ; Thu, 30 Nov 2000 22:26:39 -0800 (PST) Received: (qmail 14645 invoked from network); 1 Dec 2000 06:44:00 -0000 Received: from systemadmin.sheltonbbs.com (63.102.143.76) by mail.sheltonbbs.com with SMTP; 1 Dec 2000 06:44:00 -0000 Date: Fri, 1 Dec 2000 00:25:58 -0600 (CST) From: Butch Evans X-Sender: root@systemadmin.sheltonbbs.com To: Freebsd-ISP Subject: Re: Danger Ports In-Reply-To: <20001130221631.E99903@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, Crist J . Clark wrote: > On Thu, Nov 30, 2000 at 09:43:57AM -0800, Rodney W. Grimes wrote: > > [snip] > > > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > > > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log > > Is it me? Isn't the second network in each a subset of the first? > I am not sure what you mean, but you read the access list as: access-list 110 deny ip 172.16.0.0 0.15.255.255 any log ^^^^^^^^^^^^^^^^^^^^^^ ^ From To access-list 110 deny ip any 172.16.0.0 0.15.255.255 log ^^^ ^^^^^^^^^^^^^^^^^^^^^^ From To See the difference? -- Butch Evans Shelton Internet Network Admin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Nov 30 22:29: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.sheltonbbs.com (unknown [206.196.109.2]) by hub.freebsd.org (Postfix) with SMTP id 4D2BA37B400 for ; Thu, 30 Nov 2000 22:29:06 -0800 (PST) Received: (qmail 15608 invoked from network); 1 Dec 2000 06:46:27 -0000 Received: from systemadmin.sheltonbbs.com (63.102.143.76) by mail.sheltonbbs.com with SMTP; 1 Dec 2000 06:46:27 -0000 Date: Fri, 1 Dec 2000 00:28:25 -0600 (CST) From: Butch Evans X-Sender: root@systemadmin.sheltonbbs.com To: Freebsd-ISP Subject: Re: Danger Ports In-Reply-To: <20001130221631.E99903@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 30 Nov 2000, Crist J . Clark wrote: > > > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > > > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log > > Is it me? Isn't the second network in each a subset of the first? > Now that I re-read your question, I see what you are saying...You are correct. -- Butch Evans Shelton Internet Network Admin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 3: 1: 2 2000 Delivered-To: freebsd-isp@freebsd.org Received: from newcolo.invictanet.co.uk (unknown [62.232.63.118]) by hub.freebsd.org (Postfix) with ESMTP id 9B74837B402 for ; Fri, 1 Dec 2000 03:00:58 -0800 (PST) Received: from harryhome (modem273.netkonect.net [194.164.14.19]) (authenticated) by newcolo.invictanet.co.uk (8.11.1/8.11.1) with ESMTP id eB1B1RP37161; Fri, 1 Dec 2000 11:01:32 GMT From: "InvictaNet Customer Support" To: "Scot W. Hetzel" Cc: "Freebsd-ISP" Subject: RE: sendmail 8.11.1 and cyrus sasl Date: Fri, 1 Dec 2000 11:00:42 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <00ae01c05b54$1f20d600$8dfee0d1@westbend.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If all else fails, RTFM. Or in my case, configure. In there, as plain as plain can be ....--enable-login. Doh! Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk mailto:info@invictanet.co.uk phone: 0870 7402252 fax: +44 (0)1233 334001 ------------------------------------------------------ -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Scot W. Hetzel Sent: Friday, December 01, 2000 5:04 AM To: InvictaNet Customer Support; Freebsd-ISP Subject: Re: sendmail 8.11.1 and cyrus sasl If your not getting LOGIN, then check /usr/local/lib/sasl for liblogin.so. If this file doesn't exist, did you configure the SASL sources with "--enable-login". The security/cyrus-sasl enables LOGIN by default, did you use the port? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 3:39:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.lawforum.co.za (unknown [196.25.141.38]) by hub.freebsd.org (Postfix) with ESMTP id A350037B400 for ; Fri, 1 Dec 2000 03:39:52 -0800 (PST) Received: from nobody by mail.lawforum.co.za with scanned_ok (Exim 3.02 #1) id 141oWU-0008FF-00 for freebsd-isp@freebsd.org; Fri, 01 Dec 2000 13:38:38 +0200 Received: from rip by mail.lawforum.co.za with local (Exim 3.02 #1) id 141oVu-0008EZ-00; Fri, 01 Dec 2000 13:38:02 +0200 Date: Fri, 1 Dec 2000 13:38:02 +0200 From: "R.I.Pienaar" To: James Wyatt Cc: David Lawson , freebsd-isp@FreeBSD.ORG, "Jonathan M. Slivko" Subject: Re: Email Monitoring Message-ID: <20001201133802.Y4646@pinetec.co.za> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from jwyatt@rwsystems.net on Thu, Nov 30, 2000 at 10:54:08PM -0600 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan: Version $Id: iScan,v 1.21 2000/09/23 16:25:21 rip Exp $ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, doing this is pretty easy if you use exim as a mail server, I have written antivirus software that intercepts mail being sent in and routed through the server, you can do pretty much anything with mail in this fashion, it does add a bit of overhead (each mail gets handled twice and calls the script) but if your code is well optimised it doesnt have a huge impact, how much mail goes through your clients machines? On Thu Nov 30, 2000 at 10:54:08PM -0600, James Wyatt wrote: > On Thu, 30 Nov 2000, David Lawson wrote: > > My client wants to intercept his employees email traffic for monitoring and > > auditing. He wants to make sure the email is not being used for personal use > > and he also wants to make sure that his employees are not making promises to > > customers that they can't keep. I'm not sure what type of business it is but > > they exchange allot of sensitive material. > > Then ensure they talk to their counsel about a document retention policy > and set expiration dates. While I can't say I have a customer doing this > via a holding queue and some scripting, it doesn't mean I don't. (^_^) The > amount of data this can generate can be considerable, but it is a great > way to search attachments when you hear of a new virus and you can make > daily nuggets as gzipped-tarballs with a script that will also delete them > after 30-90 days. But we digress from FreeBSD - Jy@ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- R.I. Pienaar rip@pinetec.co.za "Let us gather hallucinations from our private minds Let us witness the reincarnation of the Sun" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 8: 6: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from relay1.sfo.com (relay1.sfo.com [209.159.128.250]) by hub.freebsd.org (Postfix) with ESMTP id 94EBD37B401 for ; Fri, 1 Dec 2000 08:06:04 -0800 (PST) Received: from valerie.sfo.com (valerie.sfo.com [209.159.128.66] (may be forged)) by relay1.sfo.com (8.9.2/8.9.2/SFO.r.04) with ESMTP id IAA07938 for ; Fri, 1 Dec 2000 08:06:04 -0800 (PST) Message-Id: <5.0.0.25.2.20001201075130.085f1460@pop.sfo.com> X-Sender: sommers@pop.sfo.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Fri, 01 Dec 2000 08:05:38 -0800 To: freebsd-isp@FreeBSD.ORG From: William Sommers Subject: Re: Danger Ports In-Reply-To: References: <20001130221631.E99903@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:28 AM 12/1/00 -0600, Butch Evans wrote: >> > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log >> > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log >> >> > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log >> > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log >> >> Is it me? Isn't the second network in each a subset of the first? >> > Now that I re-read your question, I see what you are saying...You are > correct. Um, unless I'm not yet fully caffeinated: 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 No overlap at all. -wfs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 8: 9:29 2000 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 594E437B400 for ; Fri, 1 Dec 2000 08:09:25 -0800 (PST) Received: (qmail 62272 invoked by uid 1001); 1 Dec 2000 16:09:22 +0000 (GMT) To: sommers@sfo.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports From: sthaug@nethelp.no In-Reply-To: Your message of "Fri, 01 Dec 2000 08:05:38 -0800" References: <5.0.0.25.2.20001201075130.085f1460@pop.sfo.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Fri, 01 Dec 2000 17:09:22 +0100 Message-ID: <62270.975686962@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log > >> > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log > >> > >> > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log > >> > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log > >> > >> Is it me? Isn't the second network in each a subset of the first? > >> > > Now that I re-read your question, I see what you are saying...You are > > correct. > > Um, unless I'm not yet fully caffeinated: > > 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 > 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 You're not yet fully caffeinated. 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.31.255.255 Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 8:23:21 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.cswnet.com (mail.cswnet.com [209.136.192.23]) by hub.freebsd.org (Postfix) with ESMTP id 018A537B401 for ; Fri, 1 Dec 2000 08:23:20 -0800 (PST) Received: from ssaos2 (ssaos2.csw.net [209.136.201.13]) by mail.cswnet.com (Postfix) with SMTP id C6B005D184 for ; Fri, 1 Dec 2000 10:23:18 -0600 (CST) From: lambert@cswnet.com Date: Fri, 01 Dec 2000 10:22:20 -0600 To: freebsd-isp@FreeBSD.ORG In-Reply-To: <20001201133802.Y4646@pinetec.co.za> Subject: Re: Email Monitoring X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.10a c10 Message-Id: <20001201162318.C6B005D184@mail.cswnet.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Postfix has a configuration option for this sort of thing. always_bcc = archiveaddress@the.domain On Thu, 30 Nov 2000, David Lawson wrote: > My client wants to intercept his employees email traffic for monitoring and > auditing. He wants to make sure the email is not being used for personal use > and he also wants to make sure that his employees are not making promises to > customers that they can't keep. I'm not sure what type of business it is but > they exchange allot of sensitive material. -- Scott Lambert lambert@cswnet.com Systems and Security Administrator CSW Net, Inc. ================================================================ Written: Friday, December 01, 2000 - 10:20 AM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 10: 5:18 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gate1.noc.usmc.mil (gate1.noc.usmc.mil [192.156.71.34]) by hub.freebsd.org (Postfix) with ESMTP id D669E37B400 for ; Fri, 1 Dec 2000 10:05:12 -0800 (PST) Received: by gate1.noc.usmc.mil; id SAA00175; Fri, 1 Dec 2000 18:04:11 GMT Received: from host014.noc.usmc.mil(192.156.77.14) by gate1.noc.usmc.mil via smap (V5.0) id xma029567; Fri, 1 Dec 00 18:03:11 GMT Received: by host014.noc.usmc.mil with Internet Mail Service (5.5.2650.21) id ; Fri, 1 Dec 2000 13:02:17 -0500 Message-ID: <1988A7BBBD55D3119B4A00902771C45404A01365@host014.noc.usmc.mil> From: Bird Mr Gregory L To: "'freebsd-isp@FreeBSD.ORG'" Subject: RE: Danger Ports Date: Fri, 1 Dec 2000 13:02:17 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C05BC0.D75C1B00" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C05BC0.D75C1B00 Content-Type: text/plain; charset="iso-8859-1" Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it: access-list lines: access-list 110 deny ip 172.16.0.0 0.15.255.255 any log access-list 110 deny ip 172.31.0.0 0.0.255.255 any log 172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255 so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself. Greg Bird Senior Network Security Engineer -----Original Message----- From: William Sommers [mailto:sommers@sfo.com] Sent: Friday, December 01, 2000 11:06 AM To: freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports At 12:28 AM 12/1/00 -0600, Butch Evans wrote: >> > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log >> > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log >> >> > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log >> > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log >> >> Is it me? Isn't the second network in each a subset of the first? >> > Now that I re-read your question, I see what you are saying...You are > correct. Um, unless I'm not yet fully caffeinated: 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 No overlap at all. -wfs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C05BC0.D75C1B00 Content-Type: text/html; charset="iso-8859-1" RE: Danger Ports

Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it:


access-list lines:
access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log


172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255

so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself.


Greg Bird
Senior Network Security Engineer



-----Original Message-----
From: William Sommers [mailto:sommers@sfo.com]
Sent: Friday, December 01, 2000 11:06 AM
To: freebsd-isp@FreeBSD.ORG
Subject: Re: Danger Ports


At 12:28 AM 12/1/00 -0600, Butch Evans wrote:

 >> > > access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
 >> > > access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log
 >>
 >> > access-list 110 deny   ip any 172.16.0.0 0.15.255.255 log
 >> > access-list 110 deny   ip any 172.31.0.0 0.0.255.255 log
 >>
 >> Is it me? Isn't the second network in each a subset of the first?
 >>
 > Now that I re-read your question, I see what you are saying...You are
 > correct.

Um, unless I'm not yet fully caffeinated:

172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255
172.31.0.0 0.0.255.255  matches 176.31.0.0 - 176.31.255.255

No overlap at all.


  -wfs



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C05BC0.D75C1B00-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 10: 7:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gate1.noc.usmc.mil (gate1.noc.usmc.mil [192.156.71.34]) by hub.freebsd.org (Postfix) with ESMTP id BDC3B37B401 for ; Fri, 1 Dec 2000 10:07:05 -0800 (PST) Received: by gate1.noc.usmc.mil; id SAA01117; Fri, 1 Dec 2000 18:06:10 GMT Received: from host014.noc.usmc.mil(192.156.77.14) by gate1.noc.usmc.mil via smap (V5.0) id xma000908; Fri, 1 Dec 00 18:05:34 GMT Received: by host014.noc.usmc.mil with Internet Mail Service (5.5.2650.21) id ; Fri, 1 Dec 2000 13:04:40 -0500 Message-ID: <1988A7BBBD55D3119B4A00902771C45404A01366@host014.noc.usmc.mil> From: Bird Mr Gregory L To: "'freebsd-isp@FreeBSD.ORG'" Subject: RE: Danger Ports Date: Fri, 1 Dec 2000 13:04:40 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C05BC1.2CB74D40" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C05BC1.2CB74D40 Content-Type: text/plain; charset="iso-8859-1" my bad - long day: 172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255 should have read 172.16.0.0 0.15.255.255 = 172.16.0.0:255.240.0.0 = 172.16.0.0 - 172.31.255.255 Greg Bird > Network Security Engineer > USMC MITNOC > Phone: 703-784-5300, DSN 278-5300 > Fax: 703-784-3477, DSN 278-3477 birdgl@noc.usmc.mil CCNA, Network+ -----Original Message----- From: Bird Mr Gregory L Sent: Friday, December 01, 2000 1:02 PM To: 'freebsd-isp@FreeBSD.ORG' Subject: RE: Danger Ports Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it: access-list lines: access-list 110 deny ip 172.16.0.0 0.15.255.255 any log access-list 110 deny ip 172.31.0.0 0.0.255.255 any log 172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255 so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself. Greg Bird Senior Network Security Engineer -----Original Message----- From: William Sommers [mailto:sommers@sfo.com] Sent: Friday, December 01, 2000 11:06 AM To: freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports At 12:28 AM 12/1/00 -0600, Butch Evans wrote: >> > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log >> > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log >> >> > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log >> > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log >> >> Is it me? Isn't the second network in each a subset of the first? >> > Now that I re-read your question, I see what you are saying...You are > correct. Um, unless I'm not yet fully caffeinated: 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 No overlap at all. -wfs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C05BC1.2CB74D40 Content-Type: text/html; charset="iso-8859-1" RE: Danger Ports

my bad - long day:

172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255
should have read
172.16.0.0 0.15.255.255 = 172.16.0.0:255.240.0.0 = 172.16.0.0 - 172.31.255.255

Greg Bird
> Network Security Engineer
> USMC MITNOC
> Phone: 703-784-5300, DSN 278-5300
> Fax: 703-784-3477, DSN 278-3477
birdgl@noc.usmc.mil
CCNA, Network+


-----Original Message-----
From: Bird Mr Gregory L
Sent: Friday, December 01, 2000 1:02 PM
To: 'freebsd-isp@FreeBSD.ORG'
Subject: RE: Danger Ports


Yes there is overlap...I am not quite sure where you learned how to subnet...but the rest of the world does it:


access-list lines:
access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log


172.16.0.0 0.15.255.255 = 172.16.0.0:255.252.0.0 = 172.16.0.0 - 172.31.255.255

so there is overlap. You might want to refresh yourself a little on your subnetting...or fully caffeinate yourself.


Greg Bird
Senior Network Security Engineer



-----Original Message-----
From: William Sommers [mailto:sommers@sfo.com]
Sent: Friday, December 01, 2000 11:06 AM
To: freebsd-isp@FreeBSD.ORG
Subject: Re: Danger Ports


At 12:28 AM 12/1/00 -0600, Butch Evans wrote:

 >> > > access-list 110 deny   ip 172.16.0.0 0.15.255.255 any log
 >> > > access-list 110 deny   ip 172.31.0.0 0.0.255.255 any log
 >>
 >> > access-list 110 deny   ip any 172.16.0.0 0.15.255.255 log
 >> > access-list 110 deny   ip any 172.31.0.0 0.0.255.255 log
 >>
 >> Is it me? Isn't the second network in each a subset of the first?
 >>
 > Now that I re-read your question, I see what you are saying...You are
 > correct.

Um, unless I'm not yet fully caffeinated:

172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255
172.31.0.0 0.0.255.255  matches 176.31.0.0 - 176.31.255.255

No overlap at all.


  -wfs



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C05BC1.2CB74D40-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 10:23:47 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 57EA737B400 for ; Fri, 1 Dec 2000 10:23:44 -0800 (PST) Received: (qmail 7858 invoked by uid 3001); 1 Dec 2000 18:23:37 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 1 Dec 2000 18:23:37 -0000 Received: (qmail 61821 invoked by uid 1001); 1 Dec 2000 18:23:37 -0000 Date: Fri, 1 Dec 2000 13:23:37 -0500 From: Brian Reichert To: freebsd-isp@freebsd.org Subject: cron messages: yp_next: clnt_call: RPC: Timed out Message-ID: <20001201132337.P57099@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Under FreeBSD 3.4-R, under a NIS client environment, I cannot seem to keep cron messages quiet. Harmless things like 'atrun' generate mail: From root Fri Dec 1 02:00:10 2000 Return-Path: Received: (from root@localhost) by private.internal.mydomain.com (8.9.3/8.9.3) id CAA75601; Fri, 1 Dec 2000 02:00:10 GMT (envelope-from root) Date: Fri, 1 Dec 2000 02:00:10 GMT Message-Id: <200012010200.CAA75601@private.internal.mydomain.com> From: root (Cron Daemon) To: root Subject: Cron /usr/libexec/atrun X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: yp_next: clnt_call: RPC: Timed out (I've obfuscated the hostnames.) On this machine, root is a local account, not an NIS account. The NIS server is nis1% uname -a SunOS nis1 5.7 Generic_106542-04 i86pc i386 i86pc Does anyone have any advice on this matter? -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 10:41:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id EAB7037B400 for ; Fri, 1 Dec 2000 10:41:48 -0800 (PST) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id LAA09081; Fri, 1 Dec 2000 11:39:00 -0700 (MST) Date: Fri, 1 Dec 2000 11:38:59 -0700 (MST) From: "Forrest W. Christian" To: William Sommers Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Danger Ports In-Reply-To: <5.0.0.25.2.20001201075130.085f1460@pop.sfo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 1 Dec 2000, William Sommers wrote: > Um, unless I'm not yet fully caffeinated: > > 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 > 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 You must not be fully caffenated yet... 172.16.0.0 0.15.255.255 matches: 172.16.0.0 thru 172.31.255.255 (I will ignore that you mangled the 172 to 176) - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 13:44:49 2000 Delivered-To: freebsd-isp@freebsd.org Received: from krell.webweaver.net (krell.webweaver.net [206.24.105.170]) by hub.freebsd.org (Postfix) with ESMTP id 0629C37B400 for ; Fri, 1 Dec 2000 13:44:47 -0800 (PST) Received: from xwin.nmhtech.com (xwin.nmhtech.com [208.138.46.10]) by krell.webweaver.net (Postfix) with ESMTP id 6DC2D20F0D for ; Fri, 1 Dec 2000 13:28:04 -0800 (PST) Content-Length: 1107 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Fri, 01 Dec 2000 13:44:46 -0700 (PST) From: Nicole To: freebsd-isp@freebsd.org Subject: client firewall with 2 ethernet ports Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings I have what is perhaps a silly question, but I am unsure what the best way is to setup client level firewall rules in rc.firewall when the server has 2 ethernet ports. one port is used as the connection the the network. The second port is used as a 192.168 type of network providing a secure backend connection between servers for NFS and the like. How do I setup rules that apply to one port and not the other? Would I use a modified form of the simple rules? Any clues appreciated! Thanks! Nicole nicole@unixgirl.com |\ __ /| (`\ http://www.unixgirl.com/ webmistress@dangermouse.org | o_o |__ ) ) http://www.dangermouse.org/ nicole@deviantimages.com // \\ http://www.deviantimages.com/ ---------------------------(((---(((---------------------------------------- -- Powered by Coka-Cola and FreeBSD -- -- Dames are put on this earth to weaken us, drain our energy - laugh at us when they see us naked. (Johnny Dangerously) ------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Dec 1 21:23:52 2000 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (ftp.golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 126FD37B400 for ; Fri, 1 Dec 2000 21:23:50 -0800 (PST) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AH9370.63.d1acf55c) with ESMTP id smcsaaaa for ; Sat, 2 Dec 2000 16:30:09 +1100 Message-ID: <3A288767.A893C761@quake.com.au> Date: Sat, 02 Dec 2000 16:23:51 +1100 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Nicole Cc: freebsd-isp@freebsd.org Subject: Re: client firewall with 2 ethernet ports References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nicole wrote: > > Greetings > I have what is perhaps a silly question, but I am unsure what the best way is > to setup client level firewall rules in rc.firewall when the server has 2 > ethernet ports. > one port is used as the connection the the network. > The second port is used as a 192.168 type of network providing a secure > backend connection between servers for NFS and the like. > > How do I setup rules that apply to one port and not the other? > Would I use a modified form of the simple rules? > > Any clues appreciated! > > Thanks! > > Nicole Hiya, You can use the "via interface" command... Eg. deny ip from any to any via dc0 that will block out going and incoming on that interface, to only stop one you can use "in via interface" or "out via interface", you can also replace via with recv or xmit... but that confuses me and dose the same thing anyway.. Hope this is of some help :) Kal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 8:48:14 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gate.trident-uk.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by hub.freebsd.org (Postfix) with ESMTP id 1F2CB37B400; Sat, 2 Dec 2000 08:48:10 -0800 (PST) Received: from [194.207.93.139] by gate.trident-uk.co.uk for freebsd-isp@freebsd.org id QAA29444; Sat Dec 2 16:48:04 2000 Organization: Psi-Domain Ltd. Subject: DHCP Tricky config Date: Sat, 2 Dec 2000 16:50:53 +0000 X-Mailer: KMail [version 1.0.28] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <00120216533101.00265@freefire.psi-domain.co.uk> Content-Transfer-Encoding: 8bit To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org From: Jamie Heckford Reply-To: heckfordj@psi-domain.co.uk Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Heres what I want to do, any ideas people?: This is a medium sized LAN. When people log onto the network (Windows workstations powered by fBSD servers) I want them to be assigned a tempoary IP address via DHCP. When they authenticate with there user/pass, I want them to be assigned a dedicated / static IP based on their username, so where-ever they go in the office (different desks etc.) they always have that IP. Reason being it is easier to implement User level Filtering options. Any suggestions? Thanks, -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. =================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7779 646 529 =================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 9:24:19 2000 Delivered-To: freebsd-isp@freebsd.org Received: from orion.buckhorn.net (orion.buckhorn.net [63.151.7.243]) by hub.freebsd.org (Postfix) with ESMTP id 0138337B401 for ; Sat, 2 Dec 2000 09:24:16 -0800 (PST) Received: from buckhorn.net (localhost.buckhorn.net [127.0.0.1]) by orion.buckhorn.net (8.11.1/8.11.1) with ESMTP id eB2HNbw21060 for ; Sat, 2 Dec 2000 11:23:39 -0600 (CST) (envelope-from bob@buckhorn.net) Message-ID: <3A293019.98AFF1EC@buckhorn.net> Date: Sat, 02 Dec 2000 11:23:37 -0600 From: Bob Martin X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.1.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DHCP Tricky config References: <00120216533101.00265@freefire.psi-domain.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jamie Heckford wrote: > > Hi, > > Heres what I want to do, any ideas people?: > > This is a medium sized LAN. > > When people log onto the network (Windows workstations powered by fBSD servers) > I want them to be assigned a tempoary IP address via DHCP. When they > authenticate with there user/pass, I want them to be assigned a dedicated / > static IP based on their username, so where-ever they go in the office > (different desks etc.) they always have that IP. > > Reason being it is easier to implement User level Filtering options. > > Any suggestions? > > Thanks, > > -- > Jamie Heckford > Chief Network Engineer > Psi-Domain - Innovative Linux Solutions. Ask Us How. > > =================================== > email: heckfordj@psi-domain.co.uk > web: http://www.psi-domain.co.uk/ > > tel: +44 (0)1737 789 246 > fax: +44 (0)1737 789 245 > mobile: +44 (0)7779 646 529 > =================================== The problem with this concept is that the computer get's the ip when the NIC starts, not when the user logs in. Your best shot is to come up with a way to dynamically update the filter based on the users current ip. You could probably do this with a combination of perl and Samba running in NT domain controller mode. Good luck. Bob Martin -- As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality. -- Albert Einstein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 11:35: 9 2000 Delivered-To: freebsd-isp@freebsd.org Received: from marius.org (marius.org [216.88.115.170]) by hub.freebsd.org (Postfix) with ESMTP id 079A837B400 for ; Sat, 2 Dec 2000 11:35:06 -0800 (PST) Received: (from marius@localhost) by marius.org (8.11.0/8.11.0) id eB2JZ4D41866 for freebsd-isp@freebsd.org; Sat, 2 Dec 2000 13:35:04 -0600 (CST) Date: Sat, 2 Dec 2000 13:35:04 -0600 From: Marius Strom To: freebsd-isp@freebsd.org Subject: mod_php4+libmcal support Message-ID: <20001202133504.E57153@marius.org> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 'afternoon folks: Trying to compile mod_php4 out of ports with some minor enhancements to scripts/configure.php, namely to support bcmath, yp, and mcal. bcmath and yp support haven't been a problem, but mcal support is driving me nuts. I've snagged the latest libmcal (v0.6) from mcal.chek.com and the associated drivers (mstore, icap). I've compiled it according to the instructions given at chek.com, then I go back to a php4 recompile. At the last stage of the compile, it gives me the following error: *** Warning: This library needs some functionality provided by -lmcal. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have. This still provides me with a php4 .so file, but reloading apache after an install of it gives errors about mcal defines. So, I go back to the libmcal stuff, changes the CFLAGS to -shared, and recompile. Still getting the same error. Anyone have any ideas/experience into this? -- Marius Strom Professional Geek/Unix System Administrator URL: http://www.marius.org http://www.marius.org/marius.pgp 0x55DE53E4 Turn off the faucet? We're too busy mopping up the floor! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 11:35:13 2000 Delivered-To: freebsd-isp@freebsd.org Received: from host5.websitesource.com (unknown [209.239.40.154]) by hub.freebsd.org (Postfix) with ESMTP id C5C7F37B69F for ; Sat, 2 Dec 2000 11:35:10 -0800 (PST) Received: (from jskco2@localhost) by host5.websitesource.com (8.10.2/8.10.2) id eB2JFYi31523; Sat, 2 Dec 2000 14:15:34 -0500 X-Authentication-Warning: host5.websitesource.com: jskco2 set sender to november2-request@onlinebuys.org using -f To: november2@onlinebuys.org From: Justin Krauss Subject: Urgent: Please Read Reply-To: customercare@onlinebuys.org Date: Sat, 2 Dec 2000 11:31:15 -0800 X-Sender: customercare@onlinebuys.org X-Originating-Host: spider-mtc-tc033.proxy.aol.com [64.12.105.163]; Sat, 2 Dec 2000 18:46:04 GMT X-Mailer: WebMail Check v2.3.21 (2000-7-19) X-Browser: Mozilla/4.0 (compatible; MSIE 5.5; MSN 2.5; AOL 5.0; Windows 98; Compaq), JavaScript: On Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailing-List: archive/latest/1 X-Loop: november2@onlinebuys.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My wife and I are trying to get our new website up and running. It is a complete shopping mall. It also has a wonderful online travel agency. Would you please visit Http://www.onlinebuys.org at least once. --or better yet bookmark it and use it for all your travel and shopping needs. God Bless, Justin & Nicole Krauss To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 12:32:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from host5.websitesource.com (unknown [209.239.40.154]) by hub.freebsd.org (Postfix) with ESMTP id ABF5237B400 for ; Sat, 2 Dec 2000 12:32:52 -0800 (PST) Received: (from jskco2@localhost) by host5.websitesource.com (8.10.2/8.10.2) id eB2KUCG16556; Sat, 2 Dec 2000 15:30:12 -0500 X-Authentication-Warning: host5.websitesource.com: jskco2 set sender to november2-request@onlinebuys.org using -f Date: Sat, 2 Dec 2000 20:52:09 +0100 From: Massimo Fubini X-Mailer: telnet host 25 X-Priority: 3 (Normal) Message-ID: <53709252.20001202205209@aexis-telecom.it> To: Justin Krauss Cc: november2@onlinebuys.org Subject: Re: Urgent: Please Read In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailing-List: archive/latest/2 X-Loop: november2@onlinebuys.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Justin, Fuck You!! I will never visit your online travel agency, and never buy anything there for all my life. Bye Massimo Saturday, December 02, 2000, 8:31:15 PM, you wrote: JK> My wife and I are trying to get our new website up and running. JK> It is a complete shopping mall. It also has a wonderful online travel JK> agency. Would you please visit Http://www.onlinebuys.org at least JK> once. --or better yet bookmark it and use it for all your travel JK> and shopping needs. JK> To Unsubscribe: send mail to majordomo@FreeBSD.org JK> with "unsubscribe freebsd-isp" in the body of the message -- Best regards, Massimo mailto:supermax@aexis-telecom.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 13: 5:58 2000 Delivered-To: freebsd-isp@freebsd.org Received: from host5.websitesource.com (unknown [209.239.40.154]) by hub.freebsd.org (Postfix) with ESMTP id A401037B400; Sat, 2 Dec 2000 13:05:53 -0800 (PST) Received: (from jskco2@localhost) by host5.websitesource.com (8.10.2/8.10.2) id eB2Kvgh06624; Sat, 2 Dec 2000 15:57:42 -0500 X-Authentication-Warning: host5.websitesource.com: jskco2 set sender to november3-request@onlinebuys.org using -f To: november3@onlinebuys.org From: Justin Krauss Subject: Family Owned Website November Newsletter Reply-To: customercare@onlinebuys.org Date: Sat, 2 Dec 2000 13:02:29 -0800 X-Sender: customercare@onlinebuys.org X-Originating-Host: spider-wq022.proxy.aol.com [205.188.200.146]; Sat, 2 Dec 2000 20:18:38 GMT X-Mailer: WebMail Check v2.3.21 (2000-7-19) X-Browser: Mozilla/4.0 (compatible; MSIE 5.5; MSN 2.5; AOL 5.0; Windows 98; Compaq), JavaScript: On Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailing-List: archive/latest/1 X-Loop: november3@onlinebuys.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My wife and I are trying to get our new website up and running. It is a complete shopping mall. It also has a wonderful online travel agency. Would you please visit Http://www.onlinebuys.org at least once. --or better yet bookmark it and use it for all your travel and shopping needs. God Bless, Justin & Nicole Krauss Please note that you or someone on your behalf have subscribed to this list --we have even had funny people subscribe under abuse emails. If you do not want this news letter please respond with remove. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 14:15: 7 2000 Delivered-To: freebsd-isp@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id C8FDF37B400 for ; Sat, 2 Dec 2000 14:15:05 -0800 (PST) Received: by puck.firepipe.net (Postfix, from userid 1000) id 3F1A319D2; Sat, 2 Dec 2000 17:15:05 -0500 (EST) Date: Sat, 2 Dec 2000 17:15:05 -0500 From: Will Andrews To: Massimo Fubini Cc: isp@FreeBSD.org Subject: Re: Urgent: Please Read Message-ID: <20001202171505.K559@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Massimo Fubini , isp@FreeBSD.org References: <53709252.20001202205209@aexis-telecom.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <53709252.20001202205209@aexis-telecom.it>; from supermax@aexis-telecom.it on Sat, Dec 02, 2000 at 08:52:09PM +0100 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Dec 02, 2000 at 08:52:09PM +0100, Massimo Fubini wrote: > Hello Justin, > > Fuck You!! > I will never visit your online travel agency, and never buy anything > there for all my life. > > Bye > Massimo A little clue for you: spammers often use "personal" requests to get people to reply and/or visit their web site. So now you've verified that your email address is live and well, and put yourself on spam lists. Try not to get pissed at them. Just take the time to have their relays shut down. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 16:30:45 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cod.progroup.com (cod.progroup.com [207.44.190.233]) by hub.freebsd.org (Postfix) with ESMTP id CB0C637B400 for ; Sat, 2 Dec 2000 16:30:43 -0800 (PST) Received: from progroup.com (guppy.progroup.com [207.44.190.237]) by cod.progroup.com (8.9.2/8.9.2) with ESMTP id QAA75526; Sat, 2 Dec 2000 16:29:20 -0800 (PST) (envelope-from craig@progroup.com) Message-ID: <3A29939E.72A7A4D4@progroup.com> Date: Sat, 02 Dec 2000 16:28:14 -0800 From: Craig Shaver Organization: Productivity Group, Inc. X-Mailer: Mozilla 4.7 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: Will Andrews Cc: isp@FreeBSD.ORG Subject: Re: Urgent: Please Read References: <53709252.20001202205209@aexis-telecom.it> <20001202171505.K559@puck.firepipe.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi - how do you do that? Will Andrews wrote: > ... > > Try not to get pissed at them. Just take the time to have their relays > shut down. > > -- -- Craig Shaver, My Itty Bitty Dot Com POB 60458 Sunnyvale, CA 94088 (650)390-0654 http://www.progroup.com/ mailto:craig@progroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 16:38:55 2000 Delivered-To: freebsd-isp@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id 89E8237B400 for ; Sat, 2 Dec 2000 16:38:53 -0800 (PST) Received: by puck.firepipe.net (Postfix, from userid 1000) id 62F0E19D2; Sat, 2 Dec 2000 19:38:49 -0500 (EST) Date: Sat, 2 Dec 2000 19:38:49 -0500 From: Will Andrews To: Craig Shaver Cc: Will Andrews , isp@FreeBSD.ORG Subject: Re: Urgent: Please Read Message-ID: <20001202193849.M559@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Craig Shaver , isp@FreeBSD.ORG References: <53709252.20001202205209@aexis-telecom.it> <20001202171505.K559@puck.firepipe.net> <3A29939E.72A7A4D4@progroup.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A29939E.72A7A4D4@progroup.com>; from craig@progroup.com on Sat, Dec 02, 2000 at 04:28:14PM -0800 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Dec 02, 2000 at 04:28:14PM -0800, Craig Shaver wrote: > Hi - how do you do that? Find out their upstream's abuse address (http://www.mail-abuse.net/ has a nice database for this) and contact them. If that doesn't work, go higher upstream. If you can't reach somebody to have it shutdown, then have it put on MAPS/RSS/ORBS/etc. I'm not an expert at shutting relays down -- thankfully that's never been in my job description. *grin* So take my suggestion with a grain of salt. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 21: 1:31 2000 Delivered-To: freebsd-isp@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-095.npt-sdsl.stargate.net [208.223.229.95]) by hub.freebsd.org (Postfix) with ESMTP id E9D7837B400; Sat, 2 Dec 2000 21:01:27 -0800 (PST) Received: from shazam.int (shazam.int [192.168.5.3]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id FAA91857; Sun, 3 Dec 2000 05:01:19 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Sun, 3 Dec 2000 00:01:26 -0500 (EST) From: Jim Durham X-Sender: durham@shazam.int To: Jamie Heckford Cc: freebsd-isp@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: DHCP Tricky config In-Reply-To: <00120216533101.00265@freefire.psi-domain.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 2 Dec 2000, Jamie Heckford wrote: > Hi, > > Heres what I want to do, any ideas people?: > > This is a medium sized LAN. > > When people log onto the network (Windows workstations powered by fBSD servers) > I want them to be assigned a tempoary IP address via DHCP. When they > authenticate with there user/pass, I want them to be assigned a dedicated / > static IP based on their username, so where-ever they go in the office > (different desks etc.) they always have that IP. > > Reason being it is easier to implement User level Filtering options. > Hmmm... you didn't say if you were using Samba? If so, you have the individual user scripts. These are run after the DHCP address is assigned. I believe there are a couple different little applications kicking around tucows or similar places that will change IP on the fly for WIn boxes. However, you have the notty little problem of losing the original connection when the IP changes. Why not modify your filters with the DHCP IP instead? -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 22:49:59 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.mclink.it (net128-053.mclink.it [195.110.128.53]) by hub.freebsd.org (Postfix) with ESMTP id DC0D037B401 for ; Sat, 2 Dec 2000 22:49:56 -0800 (PST) Received: from net147-191.mclink.it (net147-191.mclink.it [195.110.147.191]) by mail.mclink.it (8.9.3/8.9.0) with ESMTP id HAA21907 for ; Sun, 3 Dec 2000 07:49:54 +0100 (CET) Date: Sun, 3 Dec 2000 07:48:56 +0100 From: Massimo Fubini X-Mailer: telnet host 25 X-Priority: 3 (Normal) Message-ID: <5740121637.20001203074856@aexis-telecom.it> To: freebsd-isp@freebsd.org Subject: Sorry! Re[2]: Urgent: Please Read In-reply-To: <53709252.20001202205209@aexis-telecom.it> References: <53709252.20001202205209@aexis-telecom.it> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I want to excuse, but I didn't send my complaining e-mail to the list, it was a personal e-mail, that has been forwarded to the list. (you can check it from the mail header). Bye and sorry Massimo I wrote: MF> I will never visit your online travel agency, and never buy anything MF> there for all my life. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Dec 2 23:13: 1 2000 Delivered-To: freebsd-isp@freebsd.org Received: from arthur.tacni.net (mail.tacni.net [216.178.136.165]) by hub.freebsd.org (Postfix) with SMTP id 4C07D37B400 for ; Sat, 2 Dec 2000 23:12:59 -0800 (PST) Received: (qmail 7244 invoked by alias); 3 Dec 2000 07:12:54 -0000 Received: from unknown (HELO tacni.net) (207.55.167.109) by arthur.tacni.net with SMTP; 3 Dec 2000 07:12:54 -0000 Message-ID: <3A29F287.93DFD65B@tacni.net> Date: Sun, 03 Dec 2000 01:13:11 -0600 From: Tom ONeil Reply-To: tom.oneil@instantisp.net Organization: InstantISP.net X-Mailer: Mozilla 4.72 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: heckfordj@psi-domain.co.uk, Free Subject: Re: DHCP Tricky config References: <00120216533101.00265@freefire.psi-domain.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Saw this very setup in sysadmin mag called netreg. www.netreg.org Haven't tred it yet, looks interesting. Jamie Heckford wrote: > > Hi, > > Heres what I want to do, any ideas people?: > > This is a medium sized LAN. > > When people log onto the network (Windows workstations powered by fBSD servers) > I want them to be assigned a tempoary IP address via DHCP. When they > authenticate with there user/pass, I want them to be assigned a dedicated / > static IP based on their username, so where-ever they go in the office > (different desks etc.) they always have that IP. > > Reason being it is easier to implement User level Filtering options. > > Any suggestions? > > Thanks, > > -- > Jamie Heckford > Chief Network Engineer > Psi-Domain - Innovative Linux Solutions. Ask Us How. > > =================================== > email: heckfordj@psi-domain.co.uk > web: http://www.psi-domain.co.uk/ > > tel: +44 (0)1737 789 246 > fax: +44 (0)1737 789 245 > mobile: +44 (0)7779 646 529 > =================================== > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Thomas J. ONeil tom.oneil@instantisp.net http://www.instantisp.net/ "National power, local presence" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message