From owner-freebsd-security Sun Feb 7 13:17:01 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA15504 for freebsd-security-outgoing; Sun, 7 Feb 1999 13:17:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from escape.rtsnet.ru (escape.rtsnet.ru [194.247.132.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA15498 for ; Sun, 7 Feb 1999 13:16:57 -0800 (PST) (envelope-from igor@zynaps.ru) Received: from vulcan.rtsnet.ru (vulcan.rtsnet.ru [172.16.4.33]) by escape.rtsnet.ru (8.9.1a/8.9.1/Zynaps) with ESMTP id AAA00314 for ; Mon, 8 Feb 1999 00:16:55 +0300 (MSK) (envelope-from igor@zynaps.ru) Received: (from igor@localhost) by vulcan.rtsnet.ru (8.8.8/8.8.8/Zynaps) id AAA07212 for freebsd-security@freebsd.org; Mon, 8 Feb 1999 00:16:54 +0300 (MSK) (envelope-from igor) Message-ID: <19990208001654.A7195@rtsnet.ru> Date: Mon, 8 Feb 1999 00:16:54 +0300 From: Igor Vinokurov To: freebsd-security@FreeBSD.ORG Subject: ssh and PAM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. sshd can use FreeBSD's PAM implementation? We plan using tacacs to authen. users when they logins to fbsd box (unix shell service). -- Igor Vinokurov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 7 16:25:36 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA11775 for freebsd-security-outgoing; Sun, 7 Feb 1999 16:25:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ch3.chiaher.com.tw ([210.59.156.129]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA11765 for ; Sun, 7 Feb 1999 16:25:34 -0800 (PST) (envelope-from csw@chiaher.com.tw) Received: from IP001-018 ([172.18.1.18]) by ch3.chiaher.com.tw with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id DTMLL14X; Mon, 8 Feb 1999 08:23:27 +0800 Message-ID: <012901be52f9$f29c0c80$120112ac@ip001-018> From: "Max Wong" To: Cc: "Security" Subject: After "ipfw l" Date: Mon, 8 Feb 1999 08:28:27 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sir, Thanks for your response. After I run "ipfw l" on the console. Here is the result. "01000 allow ip from 127.0.0.1 to 127.0.0.1 10000 allow tcp from 171.17.1.0/24 to any 9999 65535 deny ip from any to any" I just can't telnet Freebsd using port 9999 after I changed the telnet port from 23 to 9999. What's wrong with it? Thanks Max Wong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 7 16:55:36 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA15754 for freebsd-security-outgoing; Sun, 7 Feb 1999 16:55:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from zeus.theinternet.com.au (zeus.theinternet.com.au [203.34.176.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA15747 for ; Sun, 7 Feb 1999 16:55:32 -0800 (PST) (envelope-from akm@zeus.theinternet.com.au) Received: (from akm@localhost) by zeus.theinternet.com.au (8.8.7/8.8.7) id KAA20480; Mon, 8 Feb 1999 10:54:34 +1000 (EST) (envelope-from akm) From: Andrew Kenneth Milton Message-Id: <199902080054.KAA20480@zeus.theinternet.com.au> Subject: Re: After "ipfw l" In-Reply-To: <012901be52f9$f29c0c80$120112ac@ip001-018> from Max Wong at "Feb 8, 99 08:28:27 am" To: csw@chiaher.com.tw (Max Wong) Date: Mon, 8 Feb 1999 10:54:34 +1000 (EST) Cc: Pajar@ITB.ac.id, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org +----[ Max Wong ]--------------------------------------------- | Sir, | Thanks for your response. After I run "ipfw l" on the console. Here is the | result. | "01000 allow ip from 127.0.0.1 to 127.0.0.1 | 10000 allow tcp from 171.17.1.0/24 to any 9999 | 65535 deny ip from any to any" ipfw add 9000 allow tcp from any to any established and change your 10000 rule to be ipfw add 10000 allow tcp from 171.17.1.0/24 to any 9999 setup | I just can't telnet Freebsd using port 9999 after I changed the telnet port | from 23 to 9999. | What's wrong with it? You need to allow traffic in the reverse direction. -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | Milton ACN: 082 081 472 | M:+61 416 022 411 |72 Col .Sig PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|Specialist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 00:10:11 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA00359 for freebsd-security-outgoing; Mon, 8 Feb 1999 00:10:11 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bsd.vniigazmain.gazprom.ru (a17.gazprom.ru [194.215.12.17] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA00188 for ; Mon, 8 Feb 1999 00:08:47 -0800 (PST) (envelope-from smelekov@bsd.vniigazmain.gazprom.ru) Received: from vniigazmain.gazprom.ru by bsd.vniigazmain.gazprom.ru with ESMTP id LAA18468; (8.9.1/vak/1.9) Mon, 8 Feb 1999 11:07:15 +0300 (MSK) Message-ID: <36BE9C67.2F79B121@vniigazmain.gazprom.ru> Date: Mon, 08 Feb 1999 11:12:24 +0300 From: "Serguei V. Melekhov" X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: TCPdump Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey, I vote 'NO'. We shouldn't let someone install bsd with default bpf enabled option. Cause alot of lamers don't even know what r they doing. -- Yours, Serguei V. Melekhov System Administrator of International Relations And Information Division All-Russian Scientific Research Institute of Natural Gases and Gas Technologies Tel. (095) 355-9165 Fax: (095) 399-1677 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 00:45:23 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA04463 for freebsd-security-outgoing; Mon, 8 Feb 1999 00:45:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from atdot.dotat.org (atdot.dotat.org [203.23.150.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA04454 for ; Mon, 8 Feb 1999 00:45:20 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.2/8.7) id TAA14205; Mon, 8 Feb 1999 19:14:07 +1030 (CST) From: Mark Newton Message-Id: <199902080844.TAA14205@atdot.dotat.org> Subject: Re: TCPdump To: smelekov@vniigazmain.gazprom.ru (Serguei V. Melekhov) Date: Mon, 8 Feb 1999 19:14:07 +1030 (CST) Cc: security@FreeBSD.ORG In-Reply-To: <36BE9C67.2F79B121@vniigazmain.gazprom.ru> from "Serguei V. Melekhov" at Feb 8, 99 11:12:24 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Serguei V. Melekhov wrote: > I vote 'NO'. We shouldn't let someone install bsd with default > bpf enabled option. Cause alot of lamers don't even know what r they > doing. How many of us here remember the criticism Sun used to get with SunOS 4.x because the nit device was enabled by default? I repeat my earlier suggestion: provide a "kernel" distribution containing GENERIC kernels tuned for different purposes. Let the user decide whether they get bpf by default. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1958-3414 ------------- Fax: +61-8-83034403 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 03:56:25 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA23089 for freebsd-security-outgoing; Mon, 8 Feb 1999 03:56:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from zeus.theinternet.com.au (zeus.theinternet.com.au [203.34.176.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA23083 for ; Mon, 8 Feb 1999 03:56:21 -0800 (PST) (envelope-from akm@zeus.theinternet.com.au) Received: (from akm@localhost) by zeus.theinternet.com.au (8.8.7/8.8.7) id VAA27665; Mon, 8 Feb 1999 21:44:10 +1000 (EST) (envelope-from akm) From: Andrew Kenneth Milton Message-Id: <199902081144.VAA27665@zeus.theinternet.com.au> Subject: Re: TCPdump In-Reply-To: <36BE9C67.2F79B121@vniigazmain.gazprom.ru> from "Serguei V. Melekhov" at "Feb 8, 99 11:12:24 am" To: smelekov@vniigazmain.gazprom.ru (Serguei V. Melekhov) Date: Mon, 8 Feb 1999 21:44:10 +1000 (EST) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org +----[ Serguei V. Melekhov ]--------------------------------------------- | Hey, | | I vote 'NO'. We shouldn't let someone install bsd with default | bpf enabled option. Cause alot of lamers don't even know what r they | doing. Gee why don't we just make it harder to install then? Or require a licence to drive a computer... no wait! A splash screen that just has CAVEAT EMPTOR on it when it boots. Oooh oooh I know! Have a root password automatially generated by the system when it installs and *force* them to read the documentation to find out how to get the root password (coz of course the console would be 'insecure', although getting to booting single user probably lowers your lamer quotient). Actually it's too dangerous to allow people to have any networking at all by default, so it shouldn't have any network drivers by default either, Bah, make the boot floppy a 'freedos' boot floppy, until they read the documentation to find out where the real boot floppies are. And then everyone can stop answering -questions email... There might be a lot of good reasons not to include bpf in the default kernel, but, "there are a lot of lamers" is not a good one. -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | Milton ACN: 082 081 472 | M:+61 416 022 411 |72 Col .Sig PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|Specialist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 05:24:05 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA03927 for freebsd-security-outgoing; Mon, 8 Feb 1999 05:24:05 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA03869 for ; Mon, 8 Feb 1999 05:23:56 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.2/8.9.2) with ESMTP id IAA02577 for ; Mon, 8 Feb 1999 08:23:51 -0500 (EST) (envelope-from matt@zigg.com) Date: Mon, 8 Feb 1999 08:23:51 -0500 (EST) From: Matt Behrens To: security@FreeBSD.ORG Subject: bypassing "allow ip from any to any"? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I rebooted one of my boxes 24 hours ago. I run the "open" firewall set with ppp -alias (as an on-demand packet filter, I know, I should do better) ;) but saw something strange in last night's security check. Rule 65000 clearly states 65000 allow ip from any to any yet this came across in my logs last night: xxx.xxx.xxx denied packets: > 65535 2 139 deny ip from any to any I don't see how it could, unless someone was fudging with my ipfw config. Or do I just not know something? (I do run options NETATALK here, could that somehow have snuck in?) - Matt Behrens Network Administrator, zigg.com Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 06:00:54 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA07902 for freebsd-security-outgoing; Mon, 8 Feb 1999 06:00:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from citadel.cdsec.com (citadel.cdsec.com [192.96.22.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA07897 for ; Mon, 8 Feb 1999 06:00:50 -0800 (PST) (envelope-from ian@cdsec.com) Received: (from nobody@localhost) by citadel.cdsec.com (8.8.8/8.6.9) id QAA28414; Mon, 8 Feb 1999 16:00:47 +0200 (SAST) Received: by citadel via recvmail id 28412; Mon Feb 8 16:00:11 1999 Message-ID: <36BEEEC5.9899B557@cdsec.com> Date: Mon, 08 Feb 1999 16:03:49 +0200 From: Ian Cooper Reply-To: ian@cdsec.com Organization: Citadel Data Security X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG CC: Matt Behrens Subject: Re: bypassing "allow ip from any to any"? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt The answer to this is fairly simple. The ipfw code in the kernel has a default rule, 65535, which can never be deleted. This rule denies all packets. The open "firewall" runs by adding a rule 65000 in rc.firewall, which allows all packets, and since its number is lower than the 65535 rule, will override it. What has apparently happened is that the kernel routines have received some packets (netbios it appears) just after the network has come up, but before the ipfw 65000 rule has been added. by rc.firewall. The result is that the packets match the default 65535 rule and are denied. Ian Matt Behrens wrote: > > I rebooted one of my boxes 24 hours ago. I run the "open" firewall > set with ppp -alias (as an on-demand packet filter, I know, I should > do better) ;) but saw something strange in last night's security > check. > > Rule 65000 clearly states > > 65000 allow ip from any to any > > yet this came across in my logs last night: > > xxx.xxx.xxx denied packets: > > 65535 2 139 deny ip from any to any > > I don't see how it could, unless someone was fudging with my ipfw > config. Or do I just not know something? (I do run options NETATALK > here, could that somehow have snuck in?) > > - Matt Behrens > Network Administrator, zigg.com > Engineer, Nameless IRC Network > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Ian Cooper E-mail: ian@cdsec.com Citadel Data Security Phone: +27 21 423-6065 Firewalls/Virtual Private Networks Fax: +27 21 424-3656 Data Security Products WWW: http://www.cdsec.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 06:01:15 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA08016 for freebsd-security-outgoing; Mon, 8 Feb 1999 06:01:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id GAA08004 for ; Mon, 8 Feb 1999 06:01:13 -0800 (PST) (envelope-from cjohnson@palomine.net) Received: (qmail 3445 invoked by uid 1000); 8 Feb 1999 14:01:11 -0000 Date: Mon, 8 Feb 1999 09:01:11 -0500 From: Chris Johnson To: Matt Behrens Cc: security@FreeBSD.ORG Subject: Re: bypassing "allow ip from any to any"? Message-ID: <19990208090111.A3398@palomine.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: ; from Matt Behrens on Mon, Feb 08, 1999 at 08:23:51AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Feb 08, 1999 at 08:23:51AM -0500, Matt Behrens wrote: > I rebooted one of my boxes 24 hours ago. I run the "open" firewall > set with ppp -alias (as an on-demand packet filter, I know, I should > do better) ;) but saw something strange in last night's security > check. > > Rule 65000 clearly states > > 65000 allow ip from any to any > > yet this came across in my logs last night: > > xxx.xxx.xxx denied packets: > > 65535 2 139 deny ip from any to any > > I don't see how it could, unless someone was fudging with my ipfw > config. Or do I just not know something? (I do run options NETATALK > here, could that somehow have snuck in?) I'd guess that the denied packets came in during boot-up, after your network interface came up but before your firewall rules were in place. Chris > > - Matt Behrens > Network Administrator, zigg.com > Engineer, Nameless IRC Network > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 06:40:21 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA13164 for freebsd-security-outgoing; Mon, 8 Feb 1999 06:40:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail1.WorldMediaCo.com ([207.252.121.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA13155 for ; Mon, 8 Feb 1999 06:40:17 -0800 (PST) (envelope-from opsys@open-systems.net) Received: from freebsd.omaha.com ([207.252.122.220]) by mail1.WorldMediaCo.com (Post.Office MTA v3.5.3 release 223 ID# 0-55573U2500L250S0V35) with SMTP id com; Mon, 8 Feb 1999 08:33:38 -0600 Date: Mon, 8 Feb 1999 08:40:07 +0000 (GMT) From: "Open Systems Inc." X-Sender: opsys@freebsd.omaha.com To: Matt Behrens cc: security@FreeBSD.ORG Subject: Re: bypassing "allow ip from any to any"? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 Feb 1999, Matt Behrens wrote: > yet this came across in my logs last night: > > xxx.xxx.xxx denied packets: > > 65535 2 139 deny ip from any to any > > I don't see how it could, unless someone was fudging with my ipfw > config. Or do I just not know something? (I do run options NETATALK > here, could that somehow have snuck in?) Spooky huh? :-) What your seeing is what I and others discussed a few months back. What happens is, you default your kernel to open or closed. Yous et up your rules and then you reboot. On reboot there is a small window where the kernel is loaded and packets are allowed or denied based on wether your kernel is configured for deny all or allow all, BEFORE your rules are loaded from rc.firewall. I.e, kernel loads, a few packets get received, screen saver loads, sendmail loads, rc.firewall loads. I make my kernel default to deny, and have 2 deny all rules in my rc.firewall. This should catch everything: 65534 0 0 deny log ip from any to any <-- this rule will deny everything once rc.firewall is loaded. 65535 3 244 deny ip from any to any <--- this rule catches the packets that slip through the window on bootup. Make sense? Chris -- "Join Team-FreeBSD on cracking RC5-64! grab you client now and HELP OUT! http://www.distributed.net/cgi/select.cgi" ===================================| Open Systems FreeBSD Consulting. FreeBSD 2.2.8 is available now! | Phone: 402-573-9124 -----------------------------------| 3335 N. 103 Plaza #14, Omaha, NE 68134 FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net http://www.freebsd.org | Consulting, Network Engineering, Security ===================================| http://open-systems.net -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= =BBjp -----END PGP PUBLIC KEY BLOCK----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 06:53:44 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA15114 for freebsd-security-outgoing; Mon, 8 Feb 1999 06:53:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA15109 for ; Mon, 8 Feb 1999 06:53:41 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.2/8.9.2) with ESMTP id JAA02833; Mon, 8 Feb 1999 09:53:27 -0500 (EST) (envelope-from matt@zigg.com) Date: Mon, 8 Feb 1999 09:53:26 -0500 (EST) From: Matt Behrens To: "Open Systems Inc." cc: security@FreeBSD.ORG Subject: Re: bypassing "allow ip from any to any"? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 Feb 1999, Open Systems Inc. wrote: : Make sense? Yep. Thanks to all who replied. When I got the first private reply a little while ago, it hit me. Especially considering how slow my ol' system is to boot up. ;) - Matt Behrens Network Administrator, zigg.com Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 8 21:44:12 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA07846 for freebsd-security-outgoing; Mon, 8 Feb 1999 21:44:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (gw4.roble.com [199.108.85.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA07838 for ; Mon, 8 Feb 1999 21:44:10 -0800 (PST) (envelope-from sendmail@roble.com) Received: from roble2.roble.com (roble2.roble.com [207.5.40.52]) by roble.com (Roble1b) with SMTP id VAA06225 for ; Mon, 8 Feb 1999 21:44:13 -0800 (PST) Date: Mon, 8 Feb 1999 21:44:08 -0800 (PST) From: Roger Marquis To: freebsd-security@FreeBSD.ORG Subject: navigator-4.5.bin: /etc/pwd.db: Invalid argument? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here's an odd error from /var/log/user.messages: Feb 8 11:30:47 freebie navigator-4.5.bin: /etc/pwd.db: Invalid argument Anyone else seen this? Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 06:21:55 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA20145 for freebsd-security-outgoing; Tue, 9 Feb 1999 06:21:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA20129 for ; Tue, 9 Feb 1999 06:21:47 -0800 (PST) (envelope-from hu006co@mail.euroweb.hu) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id PAA15367; Tue, 9 Feb 1999 15:21:31 +0100 (MET) Received: (from zgabor@localhost) by CoDe.hu (8.8.8/8.8.8) id JAA00366; Tue, 9 Feb 1999 09:01:18 +0100 (CET) (envelope-from zgabor) From: Zahemszky Gabor Message-Id: <199902090801.JAA00366@CoDe.hu> Subject: Re: bypassing "allow ip from any to any"? In-Reply-To: from Matt Behrens at "Feb 8, 99 09:53:26 am" To: freebsd-security@FreeBSD.ORG Date: Tue, 9 Feb 1999 09:00:03 +0100 (CET) Cc: matt@zigg.com X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, 8 Feb 1999, Open Systems Inc. wrote: > > : Make sense? > > Yep. Thanks to all who replied. When I got the first private > reply a little while ago, it hit me. Especially considering how > slow my ol' system is to boot up. ;) If you need an open firewall, put options IPFIREWALL_DEFAULT_TO_ACCEPT into your kernel config file, make kernel install and reboot. (See LINT about that option) ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 13:09:24 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA07553 for freebsd-security-outgoing; Tue, 9 Feb 1999 13:09:24 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from atdot.dotat.org (atdot.dotat.org [203.23.150.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA07546 for ; Tue, 9 Feb 1999 13:09:22 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.2/8.7) id HAA12120; Wed, 10 Feb 1999 07:38:04 +1030 (CST) From: Mark Newton Message-Id: <199902092108.HAA12120@atdot.dotat.org> Subject: Re: navigator-4.5.bin: /etc/pwd.db: Invalid argument? To: marquis@roble.com (Roger Marquis) Date: Wed, 10 Feb 1999 07:38:04 +1030 (CST) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Roger Marquis" at Feb 8, 99 09:44:08 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roger Marquis wrote: > Here's an odd error from /var/log/user.messages: > Feb 8 11:30:47 freebie navigator-4.5.bin: /etc/pwd.db: Invalid argument > Anyone else seen this? Are you running NIS? I've seen it on a couple of the machines at work, and occasionally on my laptop. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1958-3414 ------------- Fax: +61-8-83034403 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 14:44:32 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA18615 for freebsd-security-outgoing; Tue, 9 Feb 1999 14:44:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18602 for ; Tue, 9 Feb 1999 14:44:26 -0800 (PST) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id QAA27931 for security@freebsd.org; Tue, 9 Feb 1999 16:44:24 -0600 (CST) From: Igor Roshchin Message-Id: <199902092244.QAA27931@alecto.physics.uiuc.edu> Subject: Netect Advisory: palmetto.ftpd - remote root overflow (fwd) To: security@FreeBSD.ORG Date: Tue, 9 Feb 1999 16:44:24 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This advisory posted to the BUGTRAQ does not mention FreeBSD. I wonder if the FreeBSD's patches fix this vulnerability, and if so, what was the "turn point" date. Thanks, Igor ----- Forwarded message from Jordan Ritter ----- [Internal error while calling pgp, raw data follows] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Netect, Inc. General Public Security Advisory % Advisory: palmetto.ftpd % Issue date: February 9, 1999 % Revision: February 8, 1999 % Contact: Jordan Ritter [Topic] Remote buffer overflows in various FTP servers leads to potential root compromise. [Affected Systems] Any server running the latest version of ProFTPD (1.2.0pre1) or the latest version of Wuarchive ftpd (2.4.2-academ[BETA-18]). wu-ftpd is installed and enabled by default on most Linux variants such as RedHat and Slackware Linux. ProFTPD is new software recently adopted by many major internet companies for its improved performance and reliability. Investigation of this vulnerability is ongoing; the below lists software and operating systems for which Netect has definitive information. [Overview] Software that implements FTP is called an "ftp server", "ftp daemon", or "ftpd". On most vulnerable systems, the ftpd software is enabled and installed by default. There is a general class of vulnerability that exists in several popular ftp servers. Due to insufficient bounds checking, it is possible to subvert an ftp server by corrupting its internal stack space. By supplying carefully designed commands to the ftp server, intruders can force the the server to execute arbitrary commands with root privilege. On most vulnerable systems, the ftpd software is installed and enabled by default. [Impact] Intruders who are able to exploit this vulnerability can ultimately gain interactive access to the remote ftp server with root privilege. [Solution] Currently there are several ways to exploit the ftp servers in question. One temporary workaround against an anonymous attack is to disable any world writable directories the user may have access to by making them read only. This will prevent an attacker from building an unusually large path, which is required in order to execute these particular attacks. The permanent solution is to install a patch from your Vendor, or locate one provided by the Software's author or maintainer. See Appendices A and B for more specific information. Netect strongly encourages immediate upgrade and/or patching where available. Netect provides a strong software solution for the automatic detection and removal of security vulnerabilities. Current HackerShield customers can protect themselves from this vulnerability by either visiting the Netect website and downloading the latest RapidFire(tm) update, or by enabling automatic RapidFire(tm) updates (no user intervention required). Interested in protecting your network today? Visit the Netect website at http://www.netect.com/ and download a FREE 30 day copy of HackerShield, complete with all the latest RapidFire(tm) updates to safeguard your network from hackers. [Appendix A, Software Information] % ProFTPD Current version: 1.2.0pre1, released October 19, 1998. All versions prior to 1.2.0pre1: vulnerable. Fix: will be incorporated into 1.2.0pre2. Currently recommended action: upgrade to the new version when it becomes available, or apply the version 1.2.0pre1 patch found at: ftp://ftp.proftpd.org/patches/proftpd-1.2.0pre1-path_exploit.patch % wu-ftpd Current version: 2.4.2 (beta 18), unknown release date. All versions through 2.4.2 (beta 18): vulnerability dependant upon target platform, probably vulnerable either due to OS-provided runtime vulnerability or through use of replacement code supplied with the source kit. No patches have been made available. Fix: unknown. Currently recommended action: Upgrade to wu-ftpd VR series. % wu-ftpd VR series Current version: 2.4.2 (beta 18) VR12, released January 1, 1999. All versions prior to 2.4.2 (beta 18) VR10: vulnerable. Fix: incorporated into VR10, released November 1, 1998. Available from: ftp://ftp.vr.net/pub/wu-ftpd/ Filenames: wu-ftpd-2.4.2-beta-18-vr12.tar.Z wu-ftpd-2.4.2-beta-18-vr12.tar.gz % BeroFTPD [NOT vulnerable] Current version: 1.3.1, released December 20, 1998. All versions prior to 1.2.0: vulnerable. Fix: incorporated into 1.2.0, released October 26, 1998. Available from: ftp://ftp.beroftpd.unix.eu.org/pub/BeroFTPD/ ftp://ftp.croftj.net/usr/bero/BeroFTPD/ ftp://ftp.sunet.se/pub/nir/ftp/servers/BeroFTPD/ ftp://sunsite.cnlab-switch.ch/mirror/BeroFTPD/ Filename: BeroFTPD-1.3.1.tar.gz % NcFTPd [NOT vulnerable] Current version: 2.3.5, released January 6, 1999. All versions prior to 2.3.4: unknown. Available from: http://www.ncftp.com/download/ Notes: % NcFTPd 2.3.4 (libc5) ftp server has a remotely exploitable bug that results in the loss of the server's ability to log activity. % This bug cannot be exploited to gain unintended or privileged access to a system running the NcFTPd 2.3.4 (libc5) ftp server, as tested. % The bug was reproducible only on a libc5 Linux system. The Linux glibc version of NcFTPd 2.3.4 ftp server is NOT vulnerable. % The bug does not appear to be present in the latest version, NcFTPd 2.3.5. Affected users may upgrade free of charge to the latest version. Thanks go to Gregory Lundberg for providing the information regarding wu-ftpd and BeroFTPD. [Appendix B, Vendors] % RedHat Software, Inc. % RedHat Version 5.2 and previous versions ARE vulnerable. Updates will be available from: ftp://updates.redhat.com/5.2// Filename: wu-ftpd-2.4.2b18-2.1..rpm % Walnut Creek CDROM and Patrick Volkerding % Slackware All versions ARE vulnerable. Updates will be available from: ftp://ftp.cdrom.com/pub/linux/slackware-3.6/slakware/n8/ ftp://ftp.cdrom.com/pub/linux/slackware-current/slakware/n8/ Filenames tcpip1.tgz (3.6) [971a5f57bec8894364c1e0d358ffbfd4] tcpip1.tgz (current) [c7460a456fcbf19afb49af8c8422ecbc] % Caldera Systems, Inc. % OpenLinux Latest version IS vulnerable Updates will be available from: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/ % SCO % UnixWare Version 7.0.1 and earlier (except 2.1.x) IS vulnerable. % OpenServer Versions 5.0.5 and earlier IS vulnerable. % CMW+ Version 3.0 is NOT vulnerable. % Open Desktop/Server Version 3.0 is NOT vulnerable. Binary versions of ftpd will be available shortly from the SCO ftp site: ftp://ftp.sco.com/SSE/sse021.ltr - cover letter ftp://ftp.sco.com/SSE/sse021.tar.Z - replacement binaries Notes: This fix is a binary for the following SCO operating systems: % SCO UnixWare 7.0.1 and earlier releases (not UnixWare 2.1.x) % SCO OpenServer 5.0.5 and earlier releases For the latest security bulletins and patches for SCO products, please refer to http://www.sco.com/security/. % IBM Corporation % AIX Versions 4.1.x, 4.2.x, and 4.3.x ARE NOT vulnerable. % Hewlett-Packard % HPUX Versions 10.x and 11.x ARE NOT vulnerable. HP is continuing their investigation. % Sun Microsystems, Inc. % SunOS All versions ARE NOT vulnerable. % Solaris All versions ARE NOT vulnerable. % Microsoft, Inc. % IIS Versions 3.0 and 4.0 ARE NOT vulnerable. % Compaq Computer Corporation % Digital UNIX V40b - V40e ARE NOT vulnerable. % TCP/IP(UCX) for OpenVMS V4.1, V4.2, V5.0 ARE NOT vulnerable. % Silicon Graphics, Inc. (SGI) % IRIX and Unicos Currently, Silicon Graphics, Inc. is investigating and no further information is available for public release at this time. As further information becomes available, additional advisories will be issued via the normal SGI security information distribution method including the wiretap mailing list. Silicon Graphics Security Headquarters http://www.sgi.com/Support/security/ % NetBSD % NetBSD All versions ARE NOT vulnerable. [Appendix C, Netect Contact Information] Copyright (c) 1999 by Netect, Inc. The information contained herein is the property of Netect, Inc. The contact for this advisory is Jordan Ritter . PGP signed/encrypted email is preferred. Visit http://www.netect.com/ for more information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE2wGAO+siuashk00ERApprAKD80kW0Lf+QzbK1pwlt3LkgfXm5PwCfTZH9 fd5neqlXzS8ZQQpaxIMg0cE= =j2iu -----END PGP SIGNATURE----- [End of raw data] ----- End of forwarded message from Jordan Ritter ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 15:44:37 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA27610 for freebsd-security-outgoing; Tue, 9 Feb 1999 15:44:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA27600 for ; Tue, 9 Feb 1999 15:44:35 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.2/8.9.1) id PAA61825; Tue, 9 Feb 1999 15:29:32 -0800 (PST) (envelope-from dillon) Date: Tue, 9 Feb 1999 15:29:32 -0800 (PST) From: Matthew Dillon Message-Id: <199902092329.PAA61825@apollo.backplane.com> To: Igor Roshchin Cc: security@FreeBSD.ORG Subject: Re: Netect Advisory: palmetto.ftpd - remote root overflow (fwd) References: <199902092244.QAA27931@alecto.physics.uiuc.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here is an excerpt from the VR10 patch: + A recent discussion on BUGTRAQ pointed out a buffer-overrun in the realpath + function. Bernard imported the FreeBSD realpath() function to correct this + error. This closes Stan's TODO item 1. This infers that FreeBSD's realpath() function does not have a buffer overflow problem. I've looked at the code, and it appears to not have a buffer overflow problem. -Matt :This advisory posted to the BUGTRAQ does not mention FreeBSD. : :I wonder if the FreeBSD's patches fix this vulnerability, :and if so, what was the "turn point" date. : :Thanks, : :Igor :... : :% wu-ftpd : : Current version: 2.4.2 (beta 18), unknown release date. : All versions through 2.4.2 (beta 18): vulnerability dependant upon :.. : : % wu-ftpd VR series : : Current version: 2.4.2 (beta 18) VR12, released January 1, 1999. : All versions prior to 2.4.2 (beta 18) VR10: vulnerable. : Fix: incorporated into VR10, released November 1, 1998. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 18:08:00 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA19026 for freebsd-security-outgoing; Tue, 9 Feb 1999 18:08:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA19019 for ; Tue, 9 Feb 1999 18:07:55 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id XAA01954; Tue, 9 Feb 1999 23:07:21 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199902100207.XAA01954@ns1.sminter.com.ar> Subject: Re: navigator-4.5.bin: /etc/pwd.db: Invalid argument? In-Reply-To: from Roger Marquis at "Feb 8, 99 09:44:08 pm" To: marquis@roble.com (Roger Marquis) Date: Tue, 9 Feb 1999 23:07:21 -0300 (GMT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Roger Marquis escribió: > Here's an odd error from /var/log/user.messages: > > Feb 8 11:30:47 freebie navigator-4.5.bin: /etc/pwd.db: Invalid argument > > Anyone else seen this? Yes, the same happens at home with 2.2.6 and Netscape 3.0, even beeing off-line. Regards. Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 9 20:55:21 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA09159 for freebsd-security-outgoing; Tue, 9 Feb 1999 20:55:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA09152 for ; Tue, 9 Feb 1999 20:55:18 -0800 (PST) (envelope-from mike@sentex.net) Received: from gravel (ospf-wat.sentex.net [209.167.248.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id XAA12900 for ; Tue, 9 Feb 1999 23:55:15 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.1.19990209235845.04d42c80@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 10 Feb 1999 00:02:29 -0500 To: security@FreeBSD.ORG From: Mike Tancsa Subject: ftp vulnerability ? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://www.netect.com/advisory_0209.html does not explicitly exclude the ftp daemon that ships with FreeBSD. Do you know if it is vulnerable or not ? ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 06:23:59 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02816 for freebsd-security-outgoing; Wed, 10 Feb 1999 06:23:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.128.94.182]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA02809 for ; Wed, 10 Feb 1999 06:23:54 -0800 (PST) (envelope-from software@kew.com) Received: from sonata.hh.kew.com (root@sonata-dmz.hh.kew.com [192.168.205.1]) by kendra.ne.mediaone.net (8.9.1/8.9.1) with ESMTP id JAA09209; Wed, 10 Feb 1999 09:23:50 -0500 (EST) Received: from kew.com (minerva.hh.kew.com [192.168.203.144]) by sonata.hh.kew.com (8.9.1/8.9.1) with ESMTP id JAA13883; Wed, 10 Feb 1999 09:23:49 -0500 (EST) Message-ID: <36C19674.F553CB64@kew.com> Date: Wed, 10 Feb 1999 09:23:48 -0500 From: Drew Derbyshire Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: firewall with SOCKS5, UDP, ICQ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've got a firewall running FreeBSD 2.2.7-RELEASE. Because the ICQ Windows client longs for UDP support, I've installed the socks5-v1.0r8 server, but keep seeing the following errors: Feb 10 09:07:31 pandora Socks5[9147]: Socks5 starting at Wed Feb 10 09:07:31 1999 from inetd Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Request: (lucia.hh.kew.com:1177) for user thomas Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Established: (lucia.hh.kew.com:1178) for user thomas Now, I don't care about the errors per se, but the general functionality of the ICQ client behind the firewall is affected by as opposed to on a bare dial connection is noticeable, such as server time outs and the like. Time out for the server is set for 240 (minutes), time-outs for the client is set for 9999 (seconds). Suggestions, comments? -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 "People will buy anything that's one to the customer" - Sinclair Lewis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 09:13:47 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA22172 for freebsd-security-outgoing; Wed, 10 Feb 1999 09:13:47 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA22167 for ; Wed, 10 Feb 1999 09:13:45 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id SAA26546; Wed, 10 Feb 1999 18:13:39 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id SAA03861; Wed, 10 Feb 1999 18:13:34 +0100 (MET) Date: Wed, 10 Feb 1999 18:13:33 +0100 From: Eivind Eklund To: Mike Tancsa Cc: security@FreeBSD.ORG Subject: Re: ftp vulnerability ? Message-ID: <19990210181333.R96008@bitbox.follo.net> References: <4.1.19990209235845.04d42c80@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <4.1.19990209235845.04d42c80@granite.sentex.ca>; from Mike Tancsa on Wed, Feb 10, 1999 at 12:02:29AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Feb 10, 1999 at 12:02:29AM -0500, Mike Tancsa wrote: > > http://www.netect.com/advisory_0209.html does not explicitly exclude the > ftp daemon that ships with FreeBSD. Do you know if it is vulnerable or not ? Not vulnerable according to my reading of the code. (I have somewhat more details of the relevant vulnerabilities than is in the official advisory). Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 13:47:34 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA23164 for freebsd-security-outgoing; Wed, 10 Feb 1999 13:47:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tasam.com (tasam.com [198.232.144.22]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA23151 for ; Wed, 10 Feb 1999 13:47:24 -0800 (PST) (envelope-from security@tasam.com) Received: from localhost (security@localhost) by tasam.com (8.9.1/8.9.1) with SMTP id QAA18440 for ; Wed, 10 Feb 1999 16:47:15 -0500 (EST) Date: Wed, 10 Feb 1999 16:47:15 -0500 (EST) From: Tasam Security To: security@FreeBSD.ORG Subject: lcall ? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This may be a stupid question, I was playing with some shellcode and writing some under freebsd 2.2CAM, I noticed that instead of using int $0x80, an lcall 0x7,0x00 is used in the execve call... well I disassembled it: Dump of assembler code for function execve: 0x1218 : leal 0x3b,%eax 0x121e : lcall 0x7,0x0 0x1225 : jb 0x1210 0x1227 : ret End of assembler dump. (gdb) x/bx execve+6 0x121e : 0x9a 0x121f : 0x00 0x1220 : 0x00 0x1221 : 0x00 0x1222 : 0x00 0x1223 : 0x07 0x1224 : 0x00 0x1225 : 0x72 0x1226 : 0xe9 It appears that the lcall instruction has \x00 characters in it... and if I remember right, the shellcode can't contain any \x00's because strcpy(and others) will stop processing the buffer at that point and all the necessary code won't be copied, So if the lcall instruction contains \x00's then is it impossible to use it when writin goverflows? This would mean that if freebsd2.2CAM has no other way to call system calls then using lcall, you couldn't sucessfully use the standard exploit method on suid programs... Now I am by no means an experinced asm programmer, so I don' know if this is correct.. I just found it to be interesting... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 14:28:06 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA28231 for freebsd-security-outgoing; Wed, 10 Feb 1999 14:28:06 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from conway.com (host167.conway.com [208.234.182.167] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA28037; Wed, 10 Feb 1999 14:27:39 -0800 (PST) (envelope-from bill.rosenthal@conway.com) Date: Wed, 10 Feb 1999 14:27:39 -0800 (PST) Message-Id: <199902102227.OAA28037@hub.freebsd.org> From: William A Rosenthal To: William A Rosenthal Subject: Global Conference: SUPER CITIES OF THE 21st CENTURY Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ___________________________________________________________ Please join us in Madrid from May 2-5, 1999 for the World Development Federation's 7th annual Global Super Projects Conference on SUPER CITIES OF THE 21st CENTURY. Urban leaders and senior business executives from around the world will meet to define the components essential for cities to become "world class" in the next millennium. In addition to the conference's co-host, Mayor Alvarez del Manzano of Madrid, other dignitaries expected to participate include: Spain's Prime Minister Jose Maria Aznar; Germany's ex-Finance Minister Theo Weigel; world-renowned architect Ricardo Bofill; Olympics Committee President Juan Samaranch; the originator of the "World Cities" concept, Professor Peter Hall; and mayors from major metropolises worldwide. The latest program information about the Super Cities Conference and a convenient registraton form may be found at our Web site, Please join us in Madrid from May 2-5, 1999 for the World Development Federation's 7th annual Global Super Projects Conference on SUPER CITIES OF THE 21st CENTURY. Urban leaders and senior business executives from around the world will meet to define the components essential for cities to become "world class" in the next millennium. In addition to the conference's co-host, Mayor Alvarez del Manzano of Madrid, other dignitaries expected to participate include: Spain's Prime Minister Jose Maria Aznar; Germany's ex-Finance Minister Theo Weigel; world-renowned architect Ricardo Bofill; Olympics Committee President Juan Samaranch; the originator of the "World Cities" concept, Professor Peter Hall; and mayors from major metropolises worldwide. The latest program information about the Super Cities Conference and a convenient registraton form may be found at our Web site, http://www.conway.com/wdf/madrid99/ I hope you can join us. Sincerely, William A. Rosenthal Vice Chairman, WDF mailto: bill.rosenthal@conway.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 15:14:46 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA04642 for freebsd-security-outgoing; Wed, 10 Feb 1999 15:14:46 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from inet.chip-web.com (c1003518-a.plstn1.sfba.home.com [24.1.82.47]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA04636 for ; Wed, 10 Feb 1999 15:14:44 -0800 (PST) (envelope-from ludwigp@bigfoot.com) Received: (qmail 24532 invoked from network); 10 Feb 1999 23:14:43 -0000 Received: from speedy.chip-web.com (HELO speedy) (172.16.1.1) by inet.chip-web.com with SMTP; 10 Feb 1999 23:14:43 -0000 Message-Id: <4.1.19990210150955.009f3e80@mail-r> X-Sender: ludwigp2@mail-r X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 10 Feb 1999 15:13:52 -0800 To: Drew Derbyshire , security@FreeBSD.ORG From: Ludwig Pummer Subject: Re: firewall with SOCKS5, UDP, ICQ In-Reply-To: <36C19674.F553CB64@kew.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:23 AM 2/10/99 , Drew Derbyshire wrote: >I've got a firewall running FreeBSD 2.2.7-RELEASE. Because the ICQ Windows >client longs for UDP support, I've installed the socks5-v1.0r8 server, but >keep seeing the following errors: > >Feb 10 09:07:31 pandora Socks5[9147]: Socks5 starting at Wed Feb 10 09:07:31 >1999 from inetd >Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Request: >(lucia.hh.kew.com:1177) for user thomas >Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Established: >(lucia.hh.kew.com:1178) for user thomas Those aren't errors. Socks5 likes to log everything to wherever root is logged in. >Now, I don't care about the errors per se, but the general functionality of >the ICQ client behind the firewall is affected by as opposed to on a bare dial >connection is noticeable, such as server time outs and the like. I've noticed the same thing for a while. What seems to work for me (finally) is ICQ 99a (www.icq99.com), with the SOCKS5 server set (internal and external IPs, no hostnames), 'Always use Real IP' off, and I did an nslookup on icqalpha.mirabilis.com and entered all of the IP addresses into my servers list, one-by-one. BTW, I'm running from a cable modem with a static IP. --Ludwig Pummer ( ludwigp@bigfoot.com ) ICQ UIN: 692441 ( ludwigp@email.com ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 15:35:13 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA08385 for freebsd-security-outgoing; Wed, 10 Feb 1999 15:35:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from monsoon.dial.pipex.net (monsoon.dial.pipex.net [158.43.128.69]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA08340 for ; Wed, 10 Feb 1999 15:35:04 -0800 (PST) (envelope-from r.yeardley@dial.pipex.com) Received: (qmail 18619 invoked from network); 10 Feb 1999 23:35:00 -0000 Received: from userm863.uk.uudial.com (HELO rich.hunter13.lan) (193.149.80.151) by smtp.dial.pipex.com with SMTP; 10 Feb 1999 23:35:00 -0000 From: r.yeardley@dial.pipex.com (Richard Yeardley) To: security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ Date: Wed, 10 Feb 1999 23:35:11 GMT Organization: None Message-ID: <36c31785.127023740@smtp.dial.pipex.com> References: <4.1.19990210150955.009f3e80@mail-r> In-Reply-To: <4.1.19990210150955.009f3e80@mail-r> X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id PAA08362 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Feb 1999 15:13:52 -0800, it was written: >At 06:23 AM 2/10/99 , Drew Derbyshire wrote: >>I've got a firewall running FreeBSD 2.2.7-RELEASE. Because the ICQ Windows >>client longs for UDP support, I've installed the socks5-v1.0r8 server, but >>keep seeing the following errors: >> >>Feb 10 09:07:31 pandora Socks5[9147]: Socks5 starting at Wed Feb 10 09:07:31 >>1999 from inetd >>Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Request: >>(lucia.hh.kew.com:1177) for user thomas >>Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Established: >>(lucia.hh.kew.com:1178) for user thomas > >Those aren't errors. Socks5 likes to log everything to wherever root is >logged in. If memory serves me running ./configure --withsyslog=NO when building Socks5 stops the message logging. You'd better check the configure script just in case I've mis-spelled the option. >>Now, I don't care about the errors per se, but the general functionality of >>the ICQ client behind the firewall is affected by as opposed to on a bare dial >>connection is noticeable, such as server time outs and the like. Same here - I can't receive files (which isn't an ICQ problem but a firewall/socks problem) and more often than not sending a message (either directly or through the icq servers) hangs for around five minutes. Some days it's fine, others it isn't. >I've noticed the same thing for a while. What seems to work for me >(finally) is ICQ 99a (www.icq99.com), with the SOCKS5 server set (internal >and external IPs, no hostnames), 'Always use Real IP' off, and I did an >nslookup on icqalpha.mirabilis.com and entered all of the IP addresses into >my servers list, one-by-one. Slightly off-topic but any ideas when ICQ99 will be beyond alpha release? >BTW, I'm running from a cable modem with a static IP. V90 modem with dynamic IP, using ipfw, socks5, and apache as proxy server. Currently serving a 95 box and an NTWS box with Internet access. Erm, that's just in case anyone was interested. >--Ludwig Pummer ( ludwigp@bigfoot.com ) >ICQ UIN: 692441 ( ludwigp@email.com ) > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message FBSD3.0 : AMD PR75 : 32MB RAM : 335MD HD : V90 modem : NE2000 NIC apache 1.3.4+PHP3 : named : qpopper: socks5 : ipfw : mysql : samba To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 17:05:36 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA22279 for freebsd-security-outgoing; Wed, 10 Feb 1999 17:05:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from guepardo.vicosa.com.br (guepardo.tdnet.com.br [200.236.148.6]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id RAA22240; Wed, 10 Feb 1999 17:05:22 -0800 (PST) (envelope-from grios@netshell.vicosa.com.br) Received: from netshell.vicosa.com.br [200.236.148.201] by guepardo.vicosa.com.br with ESMTP (SMTPD32-4.03) id AF6529700DA; Wed, 10 Feb 1999 22:16:21 +03d00 Message-ID: <36C2284E.8891D1E7@netshell.vicosa.com.br> Date: Wed, 10 Feb 1999 22:46:06 -0200 From: Gustavo Vieira G C Rios X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: BSD-Security , BSD-Stable Subject: Sorry, but Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am sorry if this mailing list is not devoted to my words, but does anybody here know QNX? I know it one week ago, i simply cannot believe it! It's fantastic!!!!!!!!! I have were wonderfull about FreeBSD, but QNX is fantastic, it is equal to pow(very fantastic,very fantastic)! So i have one question to Core Team Developer (sorry if this question is too stupid, please, dont kill for this) Q: Why not develop some thing like QNX ? A Real Time OS for Free and as good as QNX(i believe that the core team will need to be as good as QNX TEAM) would be a killer!!!!!!!!!! As i saw in a zine: QNX is not UNIX, is better!!!!!!!!!!!! PS: It's just a beginner question! i DONT intend to tease any FreeBSD lover! Give some answer! -- I use UNIX because reboots are for hardware upgrades. You use windowze because the guy on TV told you to ... Gustavo Rios - UNIX System Admin. - UIN 27456973 +---------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 19:23:42 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA08776 for freebsd-security-outgoing; Wed, 10 Feb 1999 19:23:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.128.94.182]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA08771 for ; Wed, 10 Feb 1999 19:23:41 -0800 (PST) (envelope-from software@kew.com) Received: from sonata.hh.kew.com (root@sonata-dmz.hh.kew.com [192.168.205.1]) by kendra.ne.mediaone.net (8.9.1/8.9.1) with ESMTP id WAA11441; Wed, 10 Feb 1999 22:23:39 -0500 (EST) Received: from kew.com (minerva.hh.kew.com [192.168.203.144]) by sonata.hh.kew.com (8.9.1/8.9.1) with ESMTP id WAA16195; Wed, 10 Feb 1999 22:23:38 -0500 (EST) Message-ID: <36C24D39.8D29C578@kew.com> Date: Wed, 10 Feb 1999 22:23:37 -0500 From: Drew Derbyshire Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) X-Mailer: Mozilla 4.5 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Alla Bezroutchko CC: security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ References: <36C19674.F553CB64@kew.com> <36C1AAF4.AE320A97@sovlink.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alla Bezroutchko wrote: > Drew Derbyshire wrote: > > > > I've got a firewall running FreeBSD 2.2.7-RELEASE. Because the ICQ Windows > > client longs for UDP support, I've installed the socks5-v1.0r8 server, but > > keep seeing the following errors: > > > > Feb 10 09:07:31 pandora Socks5[9147]: Socks5 starting at Wed Feb 10 09:07:31 1999 from inetd > > Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Request: (lucia.hh.kew.com:1177) for user thomas > > Feb 10 09:07:31 pandora Socks5[9147]: UDP Proxy Established: (lucia.hh.kew.com:1178) for user thomas > > > > Now, I don't care about the errors per se, but the general functionality of > > the ICQ client behind the firewall is affected by as opposed to on a bare dial > > connection is noticeable, such as server time outs and the like. > > Don't see any errors there. Whoops. I left off the one real error, and didn't show the pattern, which is what I get for being in a hurry this morning: Feb 10 21:09:55 pandora Socks5[11227]: Socks5 starting at Wed Feb 10 21:09:55 1999 from inetd Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Request: (minerva.hh.kew.com:1108) for user ahd Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Established: (dogbert.hh.kew.com:1109) for user hobbit Feb 10 21:17:14 pandora Socks5[11225]: S5IOCheck: recv failed: Undefined error: 0 Feb 10 21:17:14 pandora Socks5[11225]: UDP Proxy Termination: (natalie.hh.kew.com:2859) for user flopsie; 1485 bytes out 965 bytes in Feb 10 21:17:14 pandora Socks5[11244]: Socks5 starting at Wed Feb 10 21:17:14 1999 from inetd Feb 10 21:17:14 pandora Socks5[11244]: UDP Proxy Request: (natalie.hh.kew.com:2863) for user flopsie Feb 10 21:17:14 pandora Socks5[11244]: UDP Proxy Established: (natalie.hh.kew.com:2864) for user flopsie Feb 10 21:17:36 pandora Socks5[11227]: S5IOCheck: recv failed: Undefined error: 0 Feb 10 21:17:36 pandora Socks5[11227]: UDP Proxy Termination: (dogbert.hh.kew.com:1109) for user hobbit; 1467 bytes out 600 bytes in Feb 10 21:17:36 pandora Socks5[11246]: Socks5 starting at Wed Feb 10 21:17:36 1999 from inetd Feb 10 21:17:37 pandora Socks5[11246]: UDP Proxy Request: (dogbert.hh.kew.com:1111) for user hobbit Feb 10 21:17:37 pandora Socks5[11246]: UDP Proxy Established: (dogbert.hh.kew.com:1112) for user hobbit Feb 10 21:25:56 pandora Socks5[11244]: S5IOCheck: recv failed: Undefined error: 0 Feb 10 21:25:56 pandora Socks5[11244]: UDP Proxy Termination: (natalie.hh.kew.com:2864) for user flopsie; 1821 bytes out 937 bytes in Feb 10 21:25:57 pandora Socks5[11267]: Socks5 starting at Wed Feb 10 21:25:57 1999 from inetd Feb 10 21:25:57 pandora Socks5[11267]: UDP Proxy Request: (natalie.hh.kew.com:2884) for user flopsie Feb 10 21:25:57 pandora Socks5[11267]: UDP Proxy Established: (natalie.hh.kew.com:2885) for user flopsie Thr recv failing is the error, although of course '0' isn't. The pattern is the server restarting every ten minutes or so, even though the timeout is set much higher. > And your logs don't show anything wrong with performance. No. :-) Again, vapor lock. The performance issue is timeouts. > Do you have any packet filtering enabled like ipfw or ipfilter? Yes. I revamped it for ICQ, since I didn't any let UDP ports in except DNS. > Check if it permits > UDP traffic for ICQ. Also check your SOCKS config. Yes, I opened a range of UDP ports of . I have no rejected UDP packets this evening, and I'm watching the packets back and forth to the outside interface with tcpdump. > It should permit > connects (c) and sendto (u). It allows virtually everything; my main security is that the socks port is only run on the inner interface and the port is blocked from the outside world. The file reads: set SOCKS5_BINDINTFC socks.hh.kew.com:1080 set SOCKS5_NOIDENT 1 set SOCKS5_PIDFILE /var/run/socks5 set SOCKS5_UDPPORTRANGE 16000-16999 set SOCKS5_REVERSEMAP 1 set SOCKS5_TIMEOUT 240 auth .hh.kew.com - u permit u - - - - - No doubt the SOCKS5_BINDINTFC is now ignored since for my light load I use inetd. > I run SOCKS5 proxy mostly for permitting ICQ through a firewall and it > works perfectly. No timeouts, nothing wrong with it. Hmmm. My behavior is more like what others reported. The suggestion to go to 99a may be desirable. Are you at that level? -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 Mind Like A Steel Trap: Rusty And Illegal In 37 States To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 21:05:25 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA20577 for freebsd-security-outgoing; Wed, 10 Feb 1999 21:05:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dol.net (mail.dol.net [204.183.91.8]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA20571 for ; Wed, 10 Feb 1999 21:05:23 -0800 (PST) (envelope-from eric@dol.net) Date: Wed, 10 Feb 1999 21:05:23 -0800 (PST) From: eric@dol.net Message-Id: <199902110505.VAA20571@hub.freebsd.org> X-Sender: eric@mail.dol.net X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: security@FreeBSD.ORG Subject: consultant wanted for web server/security configuration Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am in need of some web server / security handholding for configuring freebsd 2.2.8 and zeus as a web server. I would like some recommendations on who I can contact that can help and is trustworthy. This would be paid on a hourly / basis via phone and internet. I need to get this project jumpstarted. thanks eric Delaware Online!.........The SMART Choice! With 56K V.90 & X2 & Flex Modems Phone : 302-762-0375 Fax: 302-762-3462 Failure is NOT an option... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 10 22:49:50 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA02206 for freebsd-security-outgoing; Wed, 10 Feb 1999 22:49:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from obie.softweyr.com ([204.68.178.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA02183; Wed, 10 Feb 1999 22:49:44 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id XAA27132; Wed, 10 Feb 1999 23:49:29 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36C27D79.A79C277B@softweyr.com> Date: Wed, 10 Feb 1999 23:49:29 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Gustavo Vieira G C Rios CC: BSD-Security , BSD-Stable Subject: Re: Sorry, but References: <36C2284E.8891D1E7@netshell.vicosa.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gustavo Vieira G C Rios wrote: > > I am sorry if this mailing list is not devoted to my words, but does > anybody here know QNX? > I know it one week ago, i simply cannot believe it! It's > fantastic!!!!!!!!! > I have were wonderfull about FreeBSD, but QNX is fantastic, it is equal > to pow(very fantastic,very fantastic)! > So i have one question to Core Team Developer (sorry if this question is > too stupid, please, dont kill for this) > > Q: Why not develop some thing like QNX ? > A Real Time OS for Free and as good as QNX(i believe that the core team > will need to be as good as QNX TEAM) would be a killer!!!!!!!!!! > As i saw in a zine: QNX is not UNIX, is better!!!!!!!!!!!! I don't know about "as good as QNX", but somebody already has. See http://www.rtmx.com/, and then read the following article: http://www.daemonnews.org/199811/d-advocate.html Thanks for your enthusiasm. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 11 01:00:49 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA15287 for freebsd-security-outgoing; Thu, 11 Feb 1999 01:00:49 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from buddy.sovlink.ru (buddy.sovlink.ru [194.186.12.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15278 for ; Thu, 11 Feb 1999 01:00:45 -0800 (PST) (envelope-from alla@sovlink.ru) Received: from sovlink.ru (punk.sovlink.ru [194.186.12.133]) by buddy.sovlink.ru (8.9.1/8.9.1) with ESMTP id MAA01486; Thu, 11 Feb 1999 12:07:52 +0300 (MSK) Message-ID: <36C29C2C.EDEEDB05@sovlink.ru> Date: Thu, 11 Feb 1999 12:00:28 +0300 From: Alla Bezroutchko X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: Drew Derbyshire CC: security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ References: <36C19674.F553CB64@kew.com> <36C1AAF4.AE320A97@sovlink.ru> <36C24D39.8D29C578@kew.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Drew Derbyshire wrote: > Whoops. I left off the one real error, and didn't show the pattern, which is what I get for being in a > hurry this morning: > Thr recv failing is the error, although of course '0' isn't. The pattern is the server restarting every > ten minutes or so, even though the timeout is set much higher. I suppose it should restart. When a user connects to port 1080 inetd starts a new copy of socks5 to handle this request. When socks5 finishes processing the request, it dies. And inetd keeps starting new socks5 processes for every user request. Do you run socks5 from inetd with -i option? Do you have nowait set for it? Check if there are too many socks5 processes hanging around. I don't know if there is some other way of running socks5 from inetd, but this works for me. I have no idea about "recv failed" error. > Hmmm. My behavior is more like what others reported. The suggestion to go to 99a may be desirable. Are > you at that level? There is a user running 98beta quite happily. I don't think that is the issue. There is a strange thing I noticed in your logs: > Feb 10 21:09:55 pandora Socks5[11227]: Socks5 starting at Wed Feb 10 21:09:55 1999 from inetd > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Request: (minerva.hh.kew.com:1108) for user ahd > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Established: (dogbert.hh.kew.com:1109) for user hobbit > Feb 10 21:17:36 pandora Socks5[11227]: S5IOCheck: recv failed: Undefined error: 0 > Feb 10 21:17:36 pandora Socks5[11227]: UDP Proxy Termination: (dogbert.hh.kew.com:1109) for user hobbit; > 1467 bytes out 600 bytes in UDP proxy was requested for user ahd and established for user hobbit by the same socks5 process. Why so? And I still don't get one thing: does ICQ work at all through you socks5 (even being slow and timing out sometimes) or it doesn't? -- Alla Bezroutchko Sovlink LLC Systems Administrator Moscow, Russia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 11 01:19:51 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA17199 for freebsd-security-outgoing; Thu, 11 Feb 1999 01:19:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA17153 for ; Thu, 11 Feb 1999 01:19:05 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am ([209.58.5.202]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id NAA20928; Thu, 11 Feb 1999 13:16:44 +0400 (GMT) Received: from acc.am (nightmar.acc.am [192.168.100.108]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id NAA20514; Thu, 11 Feb 1999 13:17:18 +0400 (AMT) Message-ID: <36C29F76.BA759A5F@acc.am> Date: Thu, 11 Feb 1999 13:14:30 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: Alla Bezroutchko CC: Drew Derbyshire , security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ References: <36C19674.F553CB64@kew.com> <36C1AAF4.AE320A97@sovlink.ru> <36C24D39.8D29C578@kew.com> <36C29C2C.EDEEDB05@sovlink.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about running Socks5 daemon as stand-alone daemon (use multithreading mode on FBSD3.0), it decreases CPU load (compared with inetd variant) and works just fine for me .... I'm able to use all ICQ feautures including Chat , may be except hosts , that use the same proxy . Alla Bezroutchko wrote: > > Drew Derbyshire wrote: > > > Whoops. I left off the one real error, and didn't show the pattern, which is what I get for being in a > > hurry this morning: > > Thr recv failing is the error, although of course '0' isn't. The pattern is the server restarting every > > ten minutes or so, even though the timeout is set much higher. > > I suppose it should restart. When a user connects to port 1080 inetd > starts a new copy of socks5 > to handle this request. When socks5 finishes processing the request, it > dies. And inetd keeps starting > new socks5 processes for every user request. Do you run socks5 from > inetd with -i option? Do you have > nowait set for it? Check if there are too many socks5 processes hanging > around. > > I don't know if there is some other way of running socks5 from inetd, > but this works for me. > > I have no idea about "recv failed" error. > > > Hmmm. My behavior is more like what others reported. The suggestion to go to 99a may be desirable. Are > > you at that level? > > There is a user running 98beta quite happily. I don't think that is the > issue. > > There is a strange thing I noticed in your logs: > > Feb 10 21:09:55 pandora Socks5[11227]: Socks5 starting at Wed Feb 10 21:09:55 1999 from inetd > > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Request: (minerva.hh.kew.com:1108) for user ahd > > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Established: (dogbert.hh.kew.com:1109) for user hobbit > > Feb 10 21:17:36 pandora Socks5[11227]: S5IOCheck: recv failed: Undefined error: 0 > > Feb 10 21:17:36 pandora Socks5[11227]: UDP Proxy Termination: (dogbert.hh.kew.com:1109) for user hobbit; > > 1467 bytes out 600 bytes in > > UDP proxy was requested for user ahd and established for user hobbit by > the same socks5 process. Why so? > > And I still don't get one thing: does ICQ work at all through you socks5 > (even being slow and timing > out sometimes) or it doesn't? > > -- > Alla Bezroutchko Sovlink LLC > Systems Administrator Moscow, Russia > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 11 18:20:22 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA28652 for freebsd-security-outgoing; Thu, 11 Feb 1999 18:20:22 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from csi-x.net (csi-x.net [202.184.73.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA28634 for ; Thu, 11 Feb 1999 18:20:14 -0800 (PST) (envelope-from najib@csi-x.net) Received: from csi-x.net (nobody@csi-x.net [202.184.73.5]) by csi-x.net (8.9.2/8.9.2) with SMTP id KAA18417 for ; Fri, 12 Feb 1999 10:26:48 +0800 (MYT) From: "Muhammad Najib" Reply-to: najib@csi-x.net To: freebsd-security@FreeBSD.ORG Date: Fri, 12 Feb 1999 10:26:51 -800 Subject: IP Filter 3.2.10 Message-id: <36c3916b.47ec.0@csi-x.net> X-User-Info: 202.184.73.8 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org anybody compiled ip filter 3.2.10 successfully on FreeBSD 3.0 !? Wondering why I get this error .... grr .. anybody !? $ make freebsd22 if [ ! -f netinet/done ] ; then (cd netinet; ln -s ../*.h .; ln -s ../ip_ftp_px y.c .); (cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); touch netinet/done; fi make setup "TARGOS=BSD" "CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` " if [ ! -d BSD/FreeBSD-3.0-STABLE-i386 ] ; then mkdir BSD/FreeBSD-3.0-STABLE-i386 ; fi rm -f BSD/FreeBSD-3.0-STABLE-i386/Makefile BSD/FreeBSD-3.0-STABLE-i386/Makefile. ipsend ln -s ../Makefile BSD/FreeBSD-3.0-STABLE-i386/Makefile ln -s ../Makefile.ipsend BSD/FreeBSD-3.0-STABLE-i386/Makefile.ipsend rm -f BSD/`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`/ioconf.h make freebsd if [ ! -f netinet/done ] ; then (cd netinet; ln -s ../*.h .; ln -s ../ip_ftp_px y.c .); (cd netinet; ln -s ../ipsend/tcpip.h tcpip.h); touch netinet/done; fi make setup "TARGOS=BSD" "CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m` " if [ ! -d BSD/FreeBSD-3.0-STABLE-i386 ] ; then mkdir BSD/FreeBSD-3.0-STABLE-i386 ; fi rm -f BSD/FreeBSD-3.0-STABLE-i386/Makefile BSD/FreeBSD-3.0-STABLE-i386/Makefile. ipsend ln -s ../Makefile BSD/FreeBSD-3.0-STABLE-i386/Makefile ln -s ../Makefile.ipsend BSD/FreeBSD-3.0-STABLE-i386/Makefile.ipsend (cd BSD/`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`; make build TOP=../.. " BINDEST=/usr/local/bin" "SBINDEST=/sbin" "MANDIR=/usr/local/man" 'CFLAGS=-I$(TO P) ' "IPFLKM=-DIPFILTER_LKM" "IPFLOG=-DIPFILTER_LOG" "LOGFAC=-DLOGFAC=LOG_LOCAL 0" "POLICY=-DIPF_DEFAULT_PASS=FR_PASS" "SOLARIS2=" "DEBUG=-g" "DCPU=`uname -m`" "CPUDIR=`uname -s|sed -e 's@/@@g'`-`uname -r`-`uname -m`" "ML=mlf_ipl.c"; cd .) cc -g -I../.. -c ../../ipf.c -o ipf.o cc -g -I../.. -c ../../parse.c -o parse.o In file included from ../../parse.c:33: ./../ip_fil.h:388: warning: `struct ifnet' declared inside parameter list ./../ip_fil.h:388: warning: its scope is only this definition or declaration, ./../ip_fil.h:388: warning: which is probably not what you want. ./../ip_fil.h:389: warning: `struct ifnet' declared inside parameter list cc -g -I../.. -c ../../opt.c -o opt.o cc -g -I../.. ipf.o parse.o opt.o -o ipf /bin/rm -f ../../ipf ln -s `pwd`/ipf ../.. cc -g -I../.. -c ../../fils.c -o fils.o In file included from ../../fils.c:35: ./../netinet/ip_fil.h:388: warning: `struct ifnet' declared inside parameter li st ./../netinet/ip_fil.h:388: warning: its scope is only this definition or declar ation, ./../netinet/ip_fil.h:388: warning: which is probably not what you want. ./../netinet/ip_fil.h:389: warning: `struct ifnet' declared inside parameter li st cc -g -I../.. -c ../../kmem.c -o kmem.o cc -g -I../.. fils.o parse.o kmem.o opt.o -o ipfstat cc -g -I../.. -c ../../ipt.c -o ipt.o cc -g -I../.. -c ../../fil.c -o fil.o cc -g -I../.. -c ../../ipft_sn.c -o ipft_sn.o cc -g -I../.. -c ../../ipft_ef.c -o ipft_ef.o cc -g -I../.. -c ../../ipft_td.c -o ipft_td.o cc -g -I../.. -c ../../ipft_pc.c -o ipft_pc.o cc -g -I../.. -c ../../ipft_tx.c -o ipft_tx.o cc -g -I../.. -c ../../misc.c -o misc.o cc -g -I../.. -c ../../ip_frag.c -o ip_frag_u.o cc -g -I../.. -c ../../ip_state.c -o ip_state_u.o cc -g -I../.. -c ../../ip_nat.c -o ip_nat_u.o cc -g -I../.. -c ../../ip_proxy.c -o ip_proxy_u.o cc -g -I../.. -c ../../ip_auth.c -o ip_auth_u.o In file included from ../../ip_auth.c:78: /usr/include/netinet/in_var.h:49: field `ia_ifa' has incomplete type *** Error code 1 Stop. *** Error code 1 Stop. *** Error code 1 Stop. $ well .... anybody with the same error(s) !? thanx in advance :) cheers, ****************************************************************** MUHAMMAD NAJIB ABDUL MUKTHI member of My-Linux.ORG SYSTEM ADMINISTRATOR http://www.my-linux.org Kolej Damansara Utama 32, Jalan Anson najib@mrsm.org 10400, Pulau Pinang. najib@csi-x.net http://www.kaypo.net najib@kdupg.edu.my Tel : 042280053 ext332 najib@my-linux.org ****************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 02:18:15 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA17139 for freebsd-security-outgoing; Fri, 12 Feb 1999 02:18:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from titanium.yy.ics.keio.ac.jp (titanium.yy.ics.keio.ac.jp [131.113.47.73]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA17119 for ; Fri, 12 Feb 1999 02:18:05 -0800 (PST) (envelope-from sanpei@sanpei.org) Received: from lavender.yy.cs.keio.ac.jp (lavender.rad.cc.keio.ac.jp [131.113.16.115]) by titanium.yy.ics.keio.ac.jp (8.8.8+3.0Wbeta13/3.7W) with ESMTP id TAA26826; Fri, 12 Feb 1999 19:17:51 +0900 (JST) Received: (from sanpei@localhost) by lavender.yy.cs.keio.ac.jp (8.8.8/3.7W) id TAA05329; Fri, 12 Feb 1999 19:17:51 +0900 (JST) Date: Fri, 12 Feb 1999 19:17:51 +0900 (JST) Message-Id: <199902121017.TAA05329@lavender.yy.cs.keio.ac.jp> To: najib@csi-x.net Cc: freebsd-security@FreeBSD.ORG, sanpei@sanpei.org Subject: Re: IP Filter 3.2.10 In-Reply-To: Your message of "Sat, 13 Feb 1999 03:26:51 JST". <36c3916b.47ec.0@csi-x.net> From: sanpei@sanpei.org (MIHIRA Yoshiro) X-Mailer: mnews [version 1.21] 1997-12/23(Tue) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org <36c3916b.47ec.0@csi-x.net> wrote >> anybody compiled ip filter 3.2.10 successfully on FreeBSD 3.0 !? Wondering why >> I get this error .... grr .. anybody !? I use 3.2.10 under FreeBSD-3.0-stable, but not support LKM and KLM. http://www.yy.cs.keio.ac.jp/~sanpei/ipfilter.html I send about this to Peter Wemm who is last committer of IP Filter 3.2.7 on FreeBSD-3.0 source tree and Darren Reed who wrote IP Filter. But I do not have any response..... Cheers MIHIRA Yoshiro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 02:24:31 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA17934 for freebsd-security-outgoing; Fri, 12 Feb 1999 02:24:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from csi-x.net (csi-x.net [202.184.73.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA17922 for ; Fri, 12 Feb 1999 02:24:25 -0800 (PST) (envelope-from najib@csi-x.net) Received: from csi-x.net (nobody@csi-x.net [202.184.73.5]) by csi-x.net (8.9.2/8.9.2) with SMTP id SAA25828; Fri, 12 Feb 1999 18:31:09 +0800 (MYT) From: "Muhammad Najib" Reply-to: najib@csi-x.net To: sanpei@sanpei.org (MIHIRA Yoshiro) Cc: freebsd-security@FreeBSD.ORG, sanpei@sanpei.org Date: Fri, 12 Feb 1999 18:31:12 -800 Subject: Re: IP Filter 3.2.10 Message-id: <36c402f0.64df.0@csi-x.net> X-User-Info: 202.184.73.8 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I use 3.2.10 under FreeBSD-3.0-stable, but not support LKM and KLM. > >http://www.yy.cs.keio.ac.jp/~sanpei/ipfilter.html > > I send about this to Peter Wemm who is last >committer of IP Filter 3.2.7 on FreeBSD-3.0 source tree and >Darren Reed who wrote IP Filter. But I do not have any response..... > kewl .. that help much ... :) regards, ****************************************************************** MUHAMMAD NAJIB ABDUL MUKTHI member of My-Linux.ORG SYSTEM ADMINISTRATOR http://www.my-linux.org Kolej Damansara Utama 32, Jalan Anson najib@mrsm.org 10400, Pulau Pinang. najib@csi-x.net http://www.kaypo.net najib@kdupg.edu.my Tel : 042280053 ext332 najib@my-linux.org ****************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 02:28:52 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA18719 for freebsd-security-outgoing; Fri, 12 Feb 1999 02:28:52 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from csi-x.net (csi-x.net [202.184.73.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA18546 for ; Fri, 12 Feb 1999 02:28:48 -0800 (PST) (envelope-from najib@csi-x.net) Received: from csi-x.net (nobody@csi-x.net [202.184.73.5]) by csi-x.net (8.9.2/8.9.2) with SMTP id SAA25908 for ; Fri, 12 Feb 1999 18:35:50 +0800 (MYT) From: "Muhammad Najib" Reply-to: najib@csi-x.net To: freebsd-security@FreeBSD.ORG Date: Fri, 12 Feb 1999 18:35:51 -800 Subject: IP-Filter header files ... Message-id: <36c40407.6530.0@csi-x.net> X-User-Info: 202.184.73.8 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was wondering ... I did install ipfilter on my very FreeBSD 3.0 box ... I'm trying to configure the box to do transparent proxying+firewalling ... so now . I try to get squid+ipf to work together while I was compiling squid .. I got this error secure# ./configure --enable-ipf-transparent ... checking for srand48... (cached) yes checking for srandom... (cached) yes checking for statvfs... (cached) no checking for sysconf... (cached) yes checking for syslog... (cached) yes checking for tempnam... (cached) yes checking for timegm... (cached) yes checking for vsnprintf... (cached) yes checking if setresuid is implemented... (cached) no checking if IP-Filter header files are installed... no WARNING: Cannot find necessary IP-Filter header files Transparent Proxy support WILL NOT be enabled ...... secure# can anybody please explain ? Thanx in advance :) regards, ****************************************************************** MUHAMMAD NAJIB ABDUL MUKTHI member of My-Linux.ORG SYSTEM ADMINISTRATOR http://www.my-linux.org Kolej Damansara Utama 32, Jalan Anson najib@mrsm.org 10400, Pulau Pinang. najib@csi-x.net http://www.kaypo.net najib@kdupg.edu.my Tel : 042280053 ext332 najib@my-linux.org ****************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 04:31:42 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA03644 for freebsd-security-outgoing; Fri, 12 Feb 1999 04:31:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA03637 for ; Fri, 12 Feb 1999 04:31:36 -0800 (PST) (envelope-from paulo@nlink.com.br) Received: from localhost (paulo@localhost) by mirage.nlink.com.br (8.9.3/8.9.1) with SMTP id JAA23654 for ; Fri, 12 Feb 1999 09:31:25 -0300 (EST) Date: Fri, 12 Feb 1999 09:31:25 -0300 (EST) From: Paulo Fragoso To: freebsd-security@FreeBSD.ORG Subject: Sendmail? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, In RootShell site I found small program for test DoS in sendmail-8.9.2. This program increases load average during attack if it found the exploit. After upgrade to sendmail-8.9.3 load increase during attack too. Can anyone help-me? Many thanks, Paulo Fragoso. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 05:16:18 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA08694 for freebsd-security-outgoing; Fri, 12 Feb 1999 05:16:18 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA08685 for ; Fri, 12 Feb 1999 05:16:15 -0800 (PST) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id XAA19304; Fri, 12 Feb 1999 23:46:11 +1030 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA05477; Fri, 12 Feb 1999 23:46:09 +1030 Date: Fri, 12 Feb 1999 23:46:09 +1030 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Paulo Fragoso Cc: freebsd-security@FreeBSD.ORG Subject: Re: Sendmail? In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Feb 1999, Paulo Fragoso wrote: > In RootShell site I found small program for test DoS in sendmail-8.9.2. > This program increases load average during attack if it found the exploit. > After upgrade to sendmail-8.9.3 load increase during attack too. > > Can anyone help-me? You'll probably have better luck from one of the sendmail lists (or bugtraq, where the DoS was first announced). Kris ----- (ASP) Microsoft Corporation (MSFT) announced today that the release of its productivity suite, Office 2000, will be delayed until the first quarter of 1901. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 05:17:00 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA08724 for freebsd-security-outgoing; Fri, 12 Feb 1999 05:17:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA08718 for ; Fri, 12 Feb 1999 05:16:57 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id AAA15971; Sat, 13 Feb 1999 00:16:38 +1100 (EDT) From: Darren Reed Message-Id: <199902121316.AAA15971@cheops.anu.edu.au> Subject: Re: IP-Filter header files ... To: najib@csi-x.net Date: Sat, 13 Feb 1999 00:16:37 +1100 (EDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <36c40407.6530.0@csi-x.net> from "Muhammad Najib" at Feb 12, 99 06:35:51 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Muhammad Najib, sie said: > > I was wondering ... I did install ipfilter on my very FreeBSD 3.0 box ... I'm > trying to configure the box to do transparent proxying+firewalling ... so now > . I try to get squid+ipf to work together while I was compiling squid .. I > got this error > > secure# ./configure --enable-ipf-transparent > ... > checking for srand48... (cached) yes > checking for srandom... (cached) yes > checking for statvfs... (cached) no > checking for sysconf... (cached) yes > checking for syslog... (cached) yes > checking for tempnam... (cached) yes > checking for timegm... (cached) yes > checking for vsnprintf... (cached) yes > checking if setresuid is implemented... (cached) no > checking if IP-Filter header files are installed... no > WARNING: Cannot find necessary IP-Filter header files > Transparent Proxy support WILL NOT be enabled > ...... > secure# > > can anybody please explain ? Thanx in advance :) Amusing. I'd fetch the most recent IP Filter beta and run the kinstall script. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 05:46:37 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA12256 for freebsd-security-outgoing; Fri, 12 Feb 1999 05:46:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pmpro.com (dyn001043.belt.digex.net [199.125.237.27]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA12251 for ; Fri, 12 Feb 1999 05:46:35 -0800 (PST) (envelope-from thomas@pmpro.com) Received: from squash.pmpro.com (squash.pmpro.com [192.168.201.254]) by pmpro.com (8.6.13/8.6.12) with SMTP id HAA09917; Fri, 12 Feb 1999 07:48:31 -0500 Message-Id: <3.0.6.32.19990212075446.00a5b280@pmpro.com> X-Sender: thomas@pmpro.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Fri, 12 Feb 1999 07:54:46 -0500 To: najib@csi-x.net, freebsd-security@FreeBSD.ORG From: Mark Thomas Subject: Re: IP Filter 3.2.10 In-Reply-To: <36c3916b.47ec.0@csi-x.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:26 AM 2/12/99 -800, Muhammad Najib wrote: >anybody compiled ip filter 3.2.10 successfully on FreeBSD 3.0 !? Wondering why >I get this error .... grr .. anybody !? >cc -g -I../.. -c ../../ip_auth.c -o ip_auth_u.o >In file included from ../../ip_auth.c:78: >/usr/include/netinet/in_var.h:49: field `ia_ifa' has incomplete type >*** Error code 1 > >Stop. >*** Error code 1 > >Stop. >*** Error code 1 > >Stop. >$ >well .... anybody with the same error(s) !? >thanx in advance :) Yep. I have the exact same problem. Posted to freebsd-questions yesterday as a matter of fact. I'm going to be trying Mihira Yoshiro's patch today. ----- Mark Mark Thomas -- pmpro, inc. -- thomas@pmpro.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 06:13:50 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA15523 for freebsd-security-outgoing; Fri, 12 Feb 1999 06:13:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA15509 for ; Fri, 12 Feb 1999 06:13:46 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id AAA16011; Sat, 13 Feb 1999 00:19:38 +1100 (EDT) From: Darren Reed Message-Id: <199902121319.AAA16011@cheops.anu.edu.au> Subject: Re: IP Filter 3.2.10 To: najib@csi-x.net Date: Sat, 13 Feb 1999 00:19:37 +1100 (EDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <36c3916b.47ec.0@csi-x.net> from "Muhammad Najib" at Feb 12, 99 10:26:51 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You get that change because somebody decided to make an arbitrary change to the way certain structures were placed in include files, doing nothing more than breaking compatibility with various packages such as IP Filter, tcpdump, etc. To those who made it, don't bother trying to brainwash me, we've already been through the explanation cycle (which I still don't accept but with which you guys now need to live with). Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 08:52:51 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA05384 for freebsd-security-outgoing; Fri, 12 Feb 1999 08:52:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p54-max8.wlg.ihug.co.nz [209.79.142.246]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA05374 for ; Fri, 12 Feb 1999 08:52:42 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id FAA14099 for ; Sat, 13 Feb 1999 05:52:31 +1300 (NZDT) Message-Id: <199902121652.FAA14099@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: security@FreeBSD.ORG Subject: packet from port 65535 to IMAP? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 13 Feb 1999 05:52:31 +1300 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >From port 65535. Anyone know what it's about? Feb 12 12:03:37 dawn /kernel: ipfw: 50010 Accept TCP them.them.them.them:65535 me.me.me.me:143 in via de0 Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 10:24:13 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA15559 for freebsd-security-outgoing; Fri, 12 Feb 1999 10:24:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pmpro.com (dyn001043.belt.digex.net [199.125.237.27]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA15554 for ; Fri, 12 Feb 1999 10:24:11 -0800 (PST) (envelope-from thomas@pmpro.com) Received: from squash.pmpro.com (squash.pmpro.com [192.168.201.254]) by pmpro.com (8.6.13/8.6.12) with SMTP id NAA11952 for ; Fri, 12 Feb 1999 13:21:34 -0500 Message-Id: <3.0.6.32.19990212132744.00903220@pmpro.com> X-Sender: thomas@pmpro.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Fri, 12 Feb 1999 13:27:44 -0500 To: freebsd-security@FreeBSD.ORG From: Mark Thomas Subject: Re: IP Filter 3.2.10 In-Reply-To: <199902121319.AAA16011@cheops.anu.edu.au> References: <36c3916b.47ec.0@csi-x.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:19 AM 2/13/99 +1100, Darren Reed wrote: > >You get that change because somebody decided to make an arbitrary change >to the way certain structures were placed in include files, doing nothing >more than breaking compatibility with various packages such as IP Filter, >tcpdump, etc. > >To those who made it, don't bother trying to brainwash me, we've already >been through the explanation cycle (which I still don't accept but with >which you guys now need to live with). Er, what does this imply for the status of ipfilter in the near future? ----- Mark Mark Thomas -- pmpro, inc. -- thomas@pmpro.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 12 16:28:09 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA00776 for freebsd-security-outgoing; Fri, 12 Feb 1999 16:28:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.149.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00727 for ; Fri, 12 Feb 1999 16:28:00 -0800 (PST) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id LAA22086; Sat, 13 Feb 1999 11:27:48 +1100 (EDT) From: Darren Reed Message-Id: <199902130027.LAA22086@cheops.anu.edu.au> Subject: Re: IP Filter 3.2.10 To: thomas@pmpro.com (Mark Thomas) Date: Sat, 13 Feb 1999 11:27:48 +1100 (EDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <3.0.6.32.19990212132744.00903220@pmpro.com> from "Mark Thomas" at Feb 12, 99 01:27:44 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Mark Thomas, sie said: > > At 12:19 AM 2/13/99 +1100, Darren Reed wrote: > > > >You get that change because somebody decided to make an arbitrary change > >to the way certain structures were placed in include files, doing nothing > >more than breaking compatibility with various packages such as IP Filter, > >tcpdump, etc. > > > >To those who made it, don't bother trying to brainwash me, we've already > >been through the explanation cycle (which I still don't accept but with > >which you guys now need to live with). > > Er, what does this imply for the status of ipfilter in the near future? There is already an adapted version for 3.0 available now which will be merged soon. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 13 04:31:34 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA02768 for freebsd-security-outgoing; Sat, 13 Feb 1999 04:31:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from merlin.vk8ah.org (ppp82.accessnt.com.au [203.39.3.82]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA02754; Sat, 13 Feb 1999 04:31:26 -0800 (PST) (envelope-from ahodges@ozemail.com.au) Received: from scooby (scooby.vk8ah.org [10.0.3.4]) by merlin.vk8ah.org (8.8.8/8.8.5) with SMTP id WAA00339; Sat, 13 Feb 1999 22:05:54 +0930 (CST) Message-ID: <001d01be574c$e992de00$0403000a@scooby.vk8ah.org> From: "Andrew Hodges" To: , Subject: Using Interface Aliases on FreeBSD with ipfw Date: Sat, 13 Feb 1999 22:02:23 +0930 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001A_01BE579C.891DD160" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_001A_01BE579C.891DD160 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, for purely availability reasons I am using on old DECpc 433W as a = filtering Firewall with ipfw on 2.2.8. This sytem has only one ethernet interface and I have been using = in with ppp through the serial port. I am putting ISDN in place and the TA I have has an = ethernet interface.=20 I am wondering if it would be feasible to use the same interface le0 = with 2 ip addresses on different subnets using something like:=20 ifconfig_le0_alias0=3D"inet 139.100.1.1 netmask 255.255.255.0" ifconfig_le0_alias1=3D"inet 192.168.2.1 netmask 255.255.255.0" and use rc.firewall with the same interface and natd. Is this possible? Are there any issues? Thanks Andrew ahodges@ozemail.com.au ------=_NextPart_000_001A_01BE579C.891DD160 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
for purely availability reasons I am = using on=20 old DECpc 433W as a filtering Firewall with ipfw on
2.2.8. This sytem has only one ethernet interface = and I have=20 been using in with ppp through the
serial port. I am putting ISDN in place and the TA I = have has=20 an ethernet interface.
 
I am wondering if it would be feasible to use the = same=20 interface le0 with 2 ip addresses on different
subnets using something like:
 
 ifconfig_le0_alias0=3D"inet 139.100.1.1 = netmask=20 255.255.255.0"
 ifconfig_le0_alias1=3D"inet = 192.168.2.1 netmask=20 255.255.255.0"
 
and use rc.firewall with the same interface and=20 natd.
 
Is this possible? Are there any issues?
 
Thanks
Andrew
 
ahodges@ozemail.com.au<= /DIV>
 
 
 
------=_NextPart_000_001A_01BE579C.891DD160-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message