From owner-freebsd-security Sun Mar 3 9:24:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from hub.FreeBSD.org (ANeuilly-102-1-3-182.abo.wanadoo.fr [80.11.12.182]) by hub.freebsd.org (Postfix) with SMTP id 0E25437B400 for ; Sun, 3 Mar 2002 09:23:33 -0800 (PST) From: jlyaich@comme-cv.com (jean-Louis Yaïch) To: FreeBSD-security@FreeBSD.org SUBJECT: Auteur propose et recherche MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0030_01C05A02.8AD62BA0" Message-Id: <20020303172334.0E25437B400@hub.freebsd.org> Date: Sun, 3 Mar 2002 09:23:34 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0030_01C05A02.8AD62BA0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0031_01C05A02.8AD62BA0" ------=_NextPart_001_0031_01C05A02.8AD62BA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =42=6f=6e=6a=6f=75=72=2c =20 =4a=65=20=6d=65=20=70=72=e9=73=65=6e=74=65=20=3a=20=4a=65=61=6e=2d=4c=6f=75=69=73=20=59=61=ef=63=68=2e=20=20=20=4a=27=61=69=20=70=75=62=6c=69=e9=20=75=6e=65=20=74=72=65=6e=74=61=69=6e=65=20=64=65=20=6c=69=76=72=65=73=2c=20=64=65=73=20=65=73=73=61=69=73=2c=20=64=65=73=20=72=e9=63=69=74=73=2c=20=64=65=73=20=6c=69=76=72=65=73=20=70=72=61=74=69=71=75=65=73=20=6d=61=69=73=20=6a=65=20=76=69=65=6e=73=20=64=65=20=6d=65=74=74=72=65=20=65=6e=20=6c=69=67=6e=65=20=6d=6f=6e=20=70=72=65=6d=69=65=72=20=72=6f=6d=61=6e=20=22=4c=65=20=4a=61=72=64=69=6e=20=64=75=20=50=e2=74=69=73=73=69=65=72=22=2e=20=53=69=20=76=6f=75=73=20=64=e9=73=69=72=65=7a=20=6c=65=20=6c=69=72=65=2c=20=76=6f=75=73=20=70=6f=75=76=65=7a=20=76=6f=75=73=20=72=65=6e=64=72=65=20=e0=20=6c=27=61=64=72=65=73=73=65=20=73=75=69=76=61=6e=74=65=20=3a =68=74=74=70=3a=2f=2f=70=65=72=73=6f=2e=77=61=6e=61=64=6f=6f=2e=66=72=2f=6c=65=2e=6a=61=72=64=69=6e=2e=64=75=2e=70=61=74=69=73=73=69=65=72=20 =20 =4a=65=20=63=68=65=72=63=68=65=20=e9=67=61=6c=65=6d=65=6e=74=20=75=6e=20=65=6d=70=6c=6f=69=20=28=6f=75=20=64=65=73=20=63=6f=6c=6c=61=62=6f=72=61=74=69=6f=6e=73=20=70=6f=6e=63=74=75=65=6c=6c=65=73=29=2e=20=56=6f=75=73=20=70=6f=75=76=65=7a=20=63=6f=6e=73=75=6c=74=65=72=20=6d=6f=6e=20=63=75=72=72=69=63=75=6c=75=6d=20=76=69=74=61=65=2e=20 =68=74=74=70=3a=2f=2f=77=77=77=2e=63=6f=6d=6d=65=2d=63=76=2e=63=6f=6d =20 =20=42=69=65=6e=20=63=6f=72=64=69=61=6c=65=6d=65=6e=74 =20 =20=4a=65=61=6e=2d=4c=6f=75=69=73=20=59=61=ef=63=68 =20 =20 =50=2e=2d=53=2e=20=4a=27=61=69=20=74=72=6f=75=76=e9=20=76=6f=74=72=65=20=6d=61=69=6c=20=65=6e=20=66=61=69=73=61=6e=74=20=75=6e=65=20=72=65=63=68=65=72=63=68=65=20=73=75=72=20=43=6f=70=65=72=6e=69=63=2c=20=65=6e=20=75=74=69=6c=69=73=61=6e=74=20=22=6c=65=63=74=75=72=65=22=20=63=6f=6d=6d=65=20=6d=6f=74=20=63=6c=e9=2e=20=20=20=53=75=72=20=63=65=20=72=e9=73=75=6c=74=61=74=2c=20=6a=27=61=69=20=65=6e=73=75=69=74=65=20=75=74=69=6c=69=73=e9=20=41=73=70=69=4d=61=69=6c=2c=20=75=6e=20=6c=6f=67=69=63=69=65=6c=20=70=65=72=6d=65=74=74=61=6e=74=20=64=27=65=78=74=72=61=69=72=65=20=74=6f=75=74=65=73=20=6c=65=73=20=61=64=72=65=73=73=65=73=20=e9=6c=65=63=74=72=6f=6e=69=71=75=65=73=20=70=72=e9=73=65=6e=74=65=73=20=73=75=72=20=6c=65=73=20=73=69=74=65=73=20=73=65=6c=65=63=74=69=6f=6e=6e=e9=73=2e ------=_NextPart_001_0031_01C05A02.8AD62BA0-- ------=_NextPart_000_0030_01C05A02.8AD62BA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 10:17:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id 9FDAD37B402 for ; Sun, 3 Mar 2002 10:17:38 -0800 (PST) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id g23IHbL99065 for ; Sun, 3 Mar 2002 13:17:38 -0500 (EST) (envelope-from behanna@zbzoom.net) Date: Sun, 3 Mar 2002 13:17:32 -0500 (EST) From: Chris BeHanna Reply-To: Chris BeHanna To: Subject: Re: ipfw and DHCP In-Reply-To: <200203011358.g21Dw6i06900@bunrab.catwhisker.org> Message-ID: <20020303131353.H98814-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 1 Mar 2002, David Wolfskill wrote: > >From: George.Giles@mcmail.vanderbilt.edu > >Date: Fri, 1 Mar 2002 07:52:26 -0600 > > >How do you get ipfw to pick-up DHCP value for oif in the rc.firewall script > >? > > >From "man ipfw": > > src and dst: > any | me | [not]
[ports] > > Specifying any makes the rule match any IP address. > > Specifying me makes the rule match any IP address configured on > an interface in the system. "me" can be somewhat expensive, however. For those rules for which I want to use my address instead of my external interface, I do this near the top of /etc/rc.firewall: oif=dc0 oip="`ifconfig ${oif} inet | grep inet | awk '{ print $2 }'`" onet="`echo ${oip} | sed -E 's/\.[0-9]{1,3}$/.0/'`" Note that this only works if your ISP (like mine) will continue to give you the same address over and over as long as you're powered up at lease renewal time. If that's not true, you're stuck with "me", unless you can rewrite your rules to use only your external interface. -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 11:36:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from FreeBSD.Happydays.DynDNS.Org (adsl-64-218-107-117.dsl.kscymo.swbell.net [64.218.107.117]) by hub.freebsd.org (Postfix) with ESMTP id 7034637B402 for ; Sun, 3 Mar 2002 11:36:10 -0800 (PST) Received: from win2kpro (win2kpro.happydays.local [10.240.98.11]) by FreeBSD.Happydays.DynDNS.Org (8.11.6/8.11.6) with SMTP id g23Ja9e33185 for ; Sun, 3 Mar 2002 13:36:09 -0600 (CST) (envelope-from dweimer@happydays.dyndns.org) Reply-To: From: "Dean E. weimer" To: Subject: RE: ipfw and DHCP Date: Sun, 3 Mar 2002 13:36:08 -0600 Message-ID: <000001c1c2ea$ab232eb0$0b62f00a@Happydays.Local> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <20020303131353.H98814-100000@topperwein.dyndns.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Chris BeHanna Sent: Sunday, March 03, 2002 12:18 PM To: security@FreeBSD.ORG Subject: Re: ipfw and DHCP On Fri, 1 Mar 2002, David Wolfskill wrote: > >From: George.Giles@mcmail.vanderbilt.edu > >Date: Fri, 1 Mar 2002 07:52:26 -0600 > > >How do you get ipfw to pick-up DHCP value for oif in the rc.firewall script > >? > I saw many diferent scripting solutions for this one, but one thing I haven't seen, since oif seems to be defined as a variable, is it a NIC, or a ppp interface (tun0)?? If your external interface is through ppp there is a simple way to rebuild the rules when your IP changes, simply use the ppp.linkup file. When I used ipfw I had the following in my ppp.linkup file. !bg /etc/firewall/ipfwrules Then I had the following at the begining of my ipfwrules script. # My Internet IP Address Defined numips=`ifconfig tun0 | grep -c "inet "` lastnum=$(($numips+2)) myip=`ifconfig tun0 | grep -n "inet " | grep "$lastnum:" | awk '{print $3}'` The script then proceded to flush the existing rule set, and load the new ones with th correct IP. > >From "man ipfw": > > src and dst: > any | me | [not]
[ports] > > Specifying any makes the rule match any IP address. > > Specifying me makes the rule match any IP address configured on > an interface in the system. > > "me" can be somewhat expensive, however. For those rules for >which I want to use my address instead of my external interface, I do >this near the top of /etc/rc.firewall: > > oif=dc0 > oip="`ifconfig ${oif} inet | grep inet | awk '{ print $2 }'`" > onet="`echo ${oip} | sed -E 's/\.[0-9]{1,3}$/.0/'`" > >Note that this only works if your ISP (like mine) will continue to >give you the same address over and over as long as you're powered up >at lease renewal time. If that's not true, you're stuck with "me", >unless you can rewrite your rules to use only your external interface. > >-- >Chris BeHanna >Software Engineer (Remove "bogus" before responding.) >behanna@bogus.zbzoom.net >I was raised by a pack of wild corn dogs. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 15:36:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from starbug.ugh.net.au (starbug.ugh.net.au [203.31.238.37]) by hub.freebsd.org (Postfix) with ESMTP id A201437B405 for ; Sun, 3 Mar 2002 15:36:34 -0800 (PST) Received: by starbug.ugh.net.au (Postfix, from userid 1000) id 3765DA809; Mon, 4 Mar 2002 10:36:33 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by starbug.ugh.net.au (Postfix) with ESMTP id 35E075426 for ; Mon, 4 Mar 2002 10:36:33 +1100 (EST) Date: Mon, 4 Mar 2002 10:36:33 +1100 (EST) From: Andrew To: freebsd-security@freebsd.org Subject: DES differences between Solaris and FreeBSD Message-ID: <20020304102730.L1953-100000@starbug.ugh.net.au> X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I am trying to sync passwords between Solaris and FreeBSD 4.5. For most users it works fine but certain users get authentication failures under FreeBSD. The encrypted passwords are the same on both OSs but crypt returns different results. Is this a bug? Is Solaris using something other than straight DES (I'm not a Solaris person so I'm not sure where to look for that)? The code I used to test is appended below. I've tried from C as well just to make sure it wasn't a perl bug (not to mention the users can't check their mail via POP etc). Thanks, Andrew -- #!/usr/bin/perl ($login, $spass, $uid) = getpwnam($ARGV[0]); print('Password: '); $upass = ; chomp($upass); print('System: ', $spass, "\n"); print('User: ', crypt($upass, $spass), "\n"); if (crypt($upass, $spass) eq $spass) { print("yes\n"); } else { print("no\n"); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 17: 6:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp-server1.tampabay.rr.com (smtp-server1.tampabay.rr.com [65.32.1.34]) by hub.freebsd.org (Postfix) with ESMTP id EEDE237B402 for ; Sun, 3 Mar 2002 17:06:33 -0800 (PST) Received: from mercenary (255.126.35.65.cfl.rr.com [65.35.126.255]) by smtp-server1.tampabay.rr.com (8.12.2/8.12.2) with SMTP id g2416RTW002270 for ; Sun, 3 Mar 2002 20:06:28 -0500 (EST) Message-ID: <006101c1c310$7b823b30$ff7e2341@mercenary> From: "David" To: Subject: http://users.uk.freebsd.org/~juha/ Date: Sun, 3 Mar 2002 19:06:49 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Disposition-Notification-To: "David" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What is the story with this site being compromised? Any facts behind this? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 18:19:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id 18B0437B400 for ; Sun, 3 Mar 2002 18:19:32 -0800 (PST) Received: from noc2 (d2i-dialin-65.kl.terranova.net [216.89.230.65]) by imation.homenetweb.com (8.12.2/8.12.2) with SMTP id g242JRou023532; Sun, 3 Mar 2002 21:19:28 -0500 (EST) Message-ID: <000c01c1c322$df0f22a0$0101a8c0@noc2> From: "Richard Ward" To: "David" , References: <006101c1c310$7b823b30$ff7e2341@mercenary> Subject: Re: http://users.uk.freebsd.org/~juha/ Date: Sun, 3 Mar 2002 21:17:50 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org David, From what I can see, it looks as if they've just guessed a possible weak password in the 'juha' account. Most defacement "hackers" wouldn't pass up an opportunity to deface the main domain, if they had access to it. I don't think that users.uk.freebsd.org was compromised to give these people any special access above a user account. That's just my opinion. However, I would alert the users.uk.freebsd.org administration about this as soon as possible; for it shouldn't be taken lightly. What always bugged me was how poor spelling these so called "hackers" display. -- Richard Ward, GM Home Net Web, Inc. http://homenetweb.com ----- Original Message ----- From: David To: Sent: Sunday, March 03, 2002 7:06 PM Subject: http://users.uk.freebsd.org/~juha/ > What is the story with this site being compromised? Any facts behind this? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 3 18:30:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from sigep.mattf.org (sigep.mattf.org [207.179.80.170]) by hub.freebsd.org (Postfix) with ESMTP id 24E6B37B400 for ; Sun, 3 Mar 2002 18:30:25 -0800 (PST) Received: from awwyeah.majorgeek.net ([161.57.217.116]) by sigep.mattf.org (8.11.1/8.11.1) with ESMTP id g242UID30452 for ; Sun, 3 Mar 2002 21:30:22 -0500 (EST) (envelope-from eric@majorgeek.net) Message-Id: <5.1.0.14.2.20020303212925.02343788@insanity.majorgeek.net> X-Sender: eharris@insanity.majorgeek.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sun, 03 Mar 2002 21:31:39 -0500 To: freebsd-security@FreeBSD.ORG From: Eric Harris Subject: Re: Changing Passwords through the web (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I use a CGI script that uses the poppassd and python ports on my small system (FreeBSD 4.5-S), so users can change their passwords via an web based interface. You MUST have poppassd AND python installed for this to work! This seems pretty safe to me (as safe as having users send their password to my POP3 server every 60 seconds). I didn't write the script, just using it from a friend that passed it on. If you use it, use it at your own risk :) ---------------------------------------------------------------------------------------------------------------------------------- Here is the HTML page (put this somewhere that is accessible on the web on your server): NOTE: You must change the FORM ACTION line "http://somesite.com/cgi-bin/change-password.cgi" to the actual URL the CGI script lives on. If your email client translates the HTML source into an actual HTML page, just view the source of the email to get it. ----------------------------------------------------------------------------------------------------------------------------------- BEGIN HTML SOURCE ---- Password Update

Change your password

User ID :
Current Password :
New Password :
Confirm New :



Please observe the following when choosing your new password

Make it at least 6 characters long.
Do not use names. Especially your's, your family's, or your pet's.
For example, "Christie" or "William" might be too obvious.
Do not use words that are found in the dictionary.
For example, "pumpkin" would not be a good password.
Do not use all lowercase letters.
With only lowercase letters, it is easy to read over your shoulder.
Examples of a sufficiently complex passwords are "MyPass", "caNTguess", and "not4You".
It is recommended that you do not use the examples. If someone were to try to break in, these are likely to be their first guesses.
Do not use the "Stop" button on your web browser.
Once you press the "submit" button, the command executes. Pressing the "Stop" button only stops the feedback.
------ END HTML SOURCE ------ ---------------------------------------------------------------------------------------------------------------------------------- Here is the CGI script (put this somewhere where you can run CGI scripts on your server): NOTE: You must change the HOST line from '127.0.0.1' to whatever IP/host that poppassd runs on. ----------------------------------------------------------------------------------------------------------------------------------- BEGIN CGI SOURCE ---- #!/usr/local/bin/python # Yeah, go ahead and use this script as you wish. # It would be great if you could leave these comments # line in though.... Why ? I'd really appreciate # it if you could email any bugs or feature requests # so that I can improve it. Thanks indeed, chas. # sweeting@neuronet.com.my # # ps. You need python - a gem of a scripting language. # Get it from www.python.org. from socket import * import cgi, string, os, time import sys # ++++++++ Customisation : +++++++++++++++ # Your mail server : HOST = '127.0.0.1' # The following 3 variables need only be set if you wish # error messages to be mailed to you. (Just in case someone's # trying to guess somebody else's password - although there # would be much quicker ways for them to run a script themselves # to do this.) # Your date and mail functions. (Type 'whereis date' and # 'whereis mail' if you are not sure.) # The address to mail these messages to. # NB: if you do not want error messages mailed to you, use : 'mailto=""' # Do not comment out the variable 'mailto' datefn = "/bin/date" mailfn = "/usr/bin/mail" mailto = " root@some.domain.com" # Probably do not want to change this (poppassd should run on port 106) PORT = 106 crlf = "\r\n" # -------------- Functions : -------------- # def outputhtml(msg): print "

" + msg + "

" def mailadmin(msgtosend): # only email us if there is a email address there. if (mailto <> "") : f = os.popen (mailfn + mailto, "w") mydate = os.popen(datefn).read() f.write("Date : " + mydate) f.write(msgtosend) f.close() def cgierror (msg): outputhtml(msg) f = os.popen (mailfn + mailto, "w") mydate = os.popen(datefn).read() f.write("Date : " + mydate) f.write("Error reading in data from the form :") f.write(msg) f.close() sys.exit() # ----------------- Main : ----------------- # (goes after the functions since we did not create a main as such) # Send out the HTTP header for error checking and also to prevent a time out : print "Content-type: text/html" print print "Changing Password" # ---- Process the CGI variables ---- myform = cgi.SvFormContentDict() if myform.has_key('username'): cgiuser = myform['username'] else: cgierror("CGI error reading in User ID from form.") if myform.has_key('oldpass'): cgipass = myform['oldpass'] else: cgierror("CGI error reading in old passwd from form.") if myform.has_key('newpass1'): cginew1 = myform['newpass1'] else: cgierror("CGI error reading in new passwd #1 from form.") if myform.has_key('newpass2'): cginew2 = myform['newpass2'] else: cgierror("CGI error reading in new passwd #2 from form.") # print "

Form variables received :" # print "

    " # print "
  • " + cgiuser # print "
  • " + cgipass # print "
  • " + cginew1 # print "
  • " + cginew2 # print "
" # ---- Check that the two new passwords match ---- if (cginew1 != cginew2) : errmsg = "New passwords do not match." outputhtml(errmsg) mailadmin(errmsg) s.close() sys.exit() # ---- Poppassd Step #0 : Open a connection ---- s = socket(AF_INET,SOCK_STREAM) s.connect((HOST,PORT)) data = s.recv(1024) if (string.find(data,'200') == -1) : errmsg = "An error occured opening the socket." # outputhtml(errmsg) mailadmin(errmsg) s.close() sys.exit() # print "Connection opened OK" # ---- Poppassd Step #1 : Send the user ID ---- s.send('user ' + cgiuser + crlf) data = s.recv(1024) if (string.find(data,'200') == -1) : errmsg = "An error occured while handling the User ID" # outputhtml(errmsg) mailadmin(errmsg) s.close() sys.exit() # print "Username sent OK
" # ---- Poppassd Step #2 : Send the old passwd ---- s.send('pass ' + cgipass + crlf) data = s.recv(1024) if (string.find(data,'200') == -1) : # actually, either the password or userid could be wrong, but let's assume # the guy knows his userid. errmsg = "Sorry, an error occurred. It looks like you entered
either your username or current password incorrectly.
Please try again." outputhtml(errmsg) mailadmin(errmsg) s.close() sys.exit() # print "Old password sent OK
" # ---- Poppassd Step #3 : Send the new passwd ---- s.send('newpass ' + cginew1 + crlf) data = s.recv(1024) if (string.find(data,'200') == -1) : errmsg = "An error occured with the new password. Please check with your system administrator." outputhtml(errmsg) mailadmin(errmsg) s.close() sys.exit() # ---- If we have got this far, then I assume that the passwd was changed : ---- outputhtml("Password Changed Successfully

Return to Email System") s.close() # --------------- LESSONS LEARNED --------------- # 01. Socket commands must end in "\r\n" # 02. If you use "import string" then later you need to qualify "string.find(...)" # But if you use "from string import *" then later you just use "find(...)" # --------------- REASONING --------------------- # # The shell output from telneting to the 106 port (poppassd) is # # Trying 202.184.153.15... # Connected to peace.com.my. # Escape character is '^]'. # 200 poppassd v1.2 hello, who are you? # user medusa # 200 your password please. # pass ElphtNse # 200 your new password please. # newpass Dnkyface # 200 Password changed, thank-you. # # If things go awfully Pete Tong then we get : # 200 poppassd v1.2 hello, who are you? # user freddy # 200 your password please. # pass Junglez # 500 Unknown user, freddu. # # In this case, neither the user or passwd existed. # # You can also get error messages from silly passwds. # You could write the CGI to check the security of a # passwd but I'll just leave it to the poppassd. # eg. # newpass happy # 500 Please enter a longer password. # # From which we could define some substrings to look out for : # prompt1 = 'who are you?' # prompt2 = 'your password please.' # etc etc etc # # But it is easier just to look out for error codes '500' # and OK codes '200' and respond accordingly. ------ END CGI SOURCE ------ That's about it. It works fine for my needs. Let me know if you have questions or problems running or obtaining the scripts I pasted above. Have a good day! Regards, Eric Harris eric@majorgeek.net At 09:08 AM 2/25/2002 -0500, you wrote: > Hello friends... > I was using webmin to create users by the web... but i need > to do an interface for users can change them passwords by the > web too. > I can not use webmin, because the webmin user need a password... > i need an open interface, for everyone who wants change his own > password, can do it by the web... > I was thinking on suexec apache service... but in the web site > i found that suexec doesn't support root scripts anymore... > so, i get lost... > > Any question or sugestion is welcome. > Thank you > >======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle >======================================================================= > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 5: 6:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 0BAD237B41A for ; Mon, 4 Mar 2002 05:06:10 -0800 (PST) Received: (qmail 30227 invoked by uid 1031); 4 Mar 2002 12:55:09 -0000 Date: Mon, 4 Mar 2002 12:55:09 +0000 From: Bruce M Simpson To: Ted Wisniewski Cc: freebsd-security@freebsd.org Subject: Re: PAM & LDAP - Pointer anyone? Message-ID: <20020304125509.G2325@spc.org> Mail-Followup-To: Bruce M Simpson , Ted Wisniewski , freebsd-security@freebsd.org References: <200202270356.g1R3u5u25254@ness.plymouth.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200202270356.g1R3u5u25254@ness.plymouth.edu>; from ted@ness.plymouth.edu on Tue, Feb 26, 2002 at 10:56:05PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ted, On Tue, Feb 26, 2002 at 10:56:05PM -0500, Ted Wisniewski wrote: > I was wondering... Has anyone done this successfully? > I have FreeBSD 4.5, OpenLdap 2.0.23 & pam_ldap-137 > I have LDAP running, and configured where I can successfully Authenticate > FTP sessions. However, when I try to authenticate any other > service - no go. > I am specifically intersted in: > ssh, telnet, pop3, imap I have successfully managed to authenticate all of the above services against an LDAP directory on FreeBSD 4.5-RELEASE. Note that FreeBSD has no nss_ldap support, therefore you will require entries for each user in /etc/passwd. This is not necessarily the case for daemons which can obtain user information via LDAP directly, and which do not use the getpwent() et al set of libc interfaces. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 5:10: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 0575A37B416 for ; Mon, 4 Mar 2002 05:09:56 -0800 (PST) Received: (qmail 26883 invoked by uid 1031); 4 Mar 2002 12:58:56 -0000 Date: Mon, 4 Mar 2002 12:58:56 +0000 From: Bruce M Simpson To: Martin Blapp Cc: freebsd-security@freebsd.org Subject: Re: implementing non-executable pages for IA-32 processors Message-ID: <20020304125855.H2325@spc.org> Mail-Followup-To: Bruce M Simpson , Martin Blapp , freebsd-security@freebsd.org References: <20020301125948.W40806-100000@levais.imp.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020301125948.W40806-100000@levais.imp.ch>; from mb@imp.ch on Fri, Mar 01, 2002 at 01:01:13PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 01, 2002 at 01:01:13PM +0100, Martin Blapp wrote: > > Hi, > Could this adapted to FreeBSD ? > http://pageexec.virtualave.net/pageexec.txt Yes, but it's got issues in that it relies upon the behaviour of a combination of page flags which is normally inconsistent on Intel processors. I know SecureWave offer such functionality as a product for Windows 2000 and NT, but the small print says 'Intel procesors supported only'. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 5:25:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from starbug.ugh.net.au (starbug.ugh.net.au [203.31.238.37]) by hub.freebsd.org (Postfix) with ESMTP id A6AD737B400 for ; Mon, 4 Mar 2002 05:25:37 -0800 (PST) Received: by starbug.ugh.net.au (Postfix, from userid 1000) id 0847AA809; Tue, 5 Mar 2002 00:25:31 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by starbug.ugh.net.au (Postfix) with ESMTP id 038F65426; Tue, 5 Mar 2002 00:25:31 +1100 (EST) Date: Tue, 5 Mar 2002 00:25:30 +1100 (EST) From: Andrew To: Fernando Schapachnik Cc: bms@spc.org, Subject: Re: DES differences between Solaris and FreeBSD In-Reply-To: <20020304095830.B69238@ns1.via-net-works.net.ar> Message-ID: <20020305002231.P7149-100000@starbug.ugh.net.au> X-WonK: *wibble* MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 4 Mar 2002, Fernando Schapachnik wrote: > When I migrated from Solaris 2.5.1 to FreeBSD 4.1 I use the same > hashes straight from Solaris /etc/shadow and I had no problem. Thanks for the mail. With the help of David Wolfskill I have worked it out...we had users with invalid characters in their crypted passwords. The passwords probably haven't been changed in many years and Solaris accepts them but FreeBSD doesn't. Thanks for all your help, Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 7:29: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from svs37.virtualis.com (svs37.virtualis.com [216.55.36.152]) by hub.freebsd.org (Postfix) with ESMTP id 1EB5937B41B for ; Mon, 4 Mar 2002 07:28:24 -0800 (PST) Received: from smtp018.mail.yahoo.com (smtp018.mail.yahoo.com [216.136.174.115]) by svs37.virtualis.com (8.9.3+Sun/8.9.3) with SMTP id DAA14656 for ; Mon, 4 Mar 2002 03:41:46 -0800 (PST) From: octavioescobartorres@yahoo.com Received: from octavioescobartorres (AUTH poptime) at unknown (HELO j1b7w7) (65.167.54.33) by smtp.mail.vip.sc5.yahoo.com with SMTP; 4 Mar 2002 11:41:32 -0000 To: octavioescobartorres@yahoo.com Subject: CD-16 PF + CD-VALANTI + SEGUNDO TALLER - BOGOTÁ, MARZ 21 - 22 Date: Sun, 03 Mar 2002 18:44:00 -0500 Message-Id: <37318.780557986112000.624@localhost> MIME-Version: 1.0 Content-Type: multipart/related; boundary=mfeijepdtjlfdkmp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --mfeijepdtjlfdkmp Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit PSYCOLOGIA.COM - SEMINARIO 16PF


Por favor, reenvíe este correo a psicólogos, GRACIAS

PSYCOLOGIA.COM está ahora distribuyendo para Colombia el Cuestionario VALANTI de valores y antivalores. Por tal motivo queremos compartir esta excelente noticia ofreciendo a nuestros colegas la oportunidad de obtener el CD-ROM del Cuestionario VALANTI, más el CD-ROM de Calificación Sistematizada del 16PF, más el SEMINARIO TALLER con su CERTIFICADO y ASESORÍA posterior; por el mismo precio del seminario taller.

Esta oferta es válida para las personas que se inscriban y hagan su consignación.

Oferta válida hasta el 11 marzo,
a las 12:00 p.m.

SEMINARIO + CD-ROM 16PF-SYS + CD-ROM VALANTI + CERTIFICADO + ASEORIA

Precio: $ 258 dólares americanos = $ 568.400 pesos colombianos. Incluido I.V.A.

- Para saber más acerca del Cuestionario VALANTI haga clic aquí:

http://www.psycologia.com/pruebas/index.htm

- Para saber más acerca del SEMINARIO haga clic aquí:

http://www.psycologia.com/sem_16sys/16sys_ 2.htm

- Para saber más acerca del Programa de Calificación sistematizada del 16PF haga clic aquí:

http://www.psycologia.com/sem_16sys/ 16sys_2.htm#16sys

WWW.PSYCOLOGIA.COM

Psicólogos que trabajan modelos de Competencias en Selección

SEGUNDO Seminario Taller en Bogotá
Marzo 21 y 22 de 2002

"PREDICCIÓN DE COMPETENCIAS LABORALES UTILIZANDO NUEVAS NORMAS COLOMBIANAS DEL 16PF"

EMPRESAS QUE YA SE BENEFICIARON DEL SEMINARIO:

Empresa Colombiana de Petróleos (ECOPETROL),
Universidad de los Andes, Promigas E.S.P, Interquim S.A, Banco de Bogotá, Corporación Escuela de Artes y Letras,
Wackenhut de Colombia S.A., Bancoldex, NESTLE de Colombia, Centelsa, Hospital María Inmaculada (Caquetá), Celar Ltda,
Leasing de Occidente, Incolbestos, Centelsa (Cali), Colchones Spring,
Fondo de Garantías de Instituciones Financieras (FOGAFIN),
Asesoría Gerencial y Empresarial Ltda., Centro Psicopedagógico Integrado, AIG Colombia Seguros de Vida, Red Multibanca COLPATRIA S.A., LISTOS S.A., Universidad del Norte, Vise Ltda., Cooperativa Colanta,
Universidad de La Sabana, Leasing de Occidente, 314 Ltda,
COMFENALCO (Antioquia), COMFENALCO (Bucaramanga), CONAVI, POSTOBON S.A., LAFAYETTE S.A., Monómeros Colombo Venezolanos, Universidad EAFIT, ASEGEMP HUNTERS Ltda., Consultoría en Desarrollo Humano (Brasil)., Fundación Universitaria Luis Amigó, PROCAPS S.A., DOMESA de Colombia S.A., Impulso y mercadeo.

Fotografías del primer seminario

LUGAR Y FECHA:

Fecha: Jueves 21 y viernes 22
de marzo de 2002

Horario: 8 a.m. a 5 p.m.

Lugar: Hotel Richmond Suites en Bogotá D.C.

Tenemos tarifas especiales para alojamiento.
Más información:

http://www.psycologia.com/sem_16sys/16sys_2.ht m

DIRIGIDO A:

Psicólogos graduados o estudiantes de último año que requieran para su trabajo el empleo de pruebas de personalidad.

Es requisito estar utilizando la prueba 16PF legalmente adquirida, con hojas de respuesta originales.


DIRECCIÓN:

Psicólogo OCTAVIO ESCOBAR.

Estudios sobre la prueba: "Perfil psicológico del Investigador del futuro", patrocinado por Colciencias. "Perfil del empresario exitoso", patrocinado por el Crece y la Corporación Financiera de Caldas. "Perfil de personalidad de secuestradores colombianos condenados por la justicia". "Perfil del estudiante universitario de semestre especial". "Perfil de empleados desvinculados por deshonestidad (en curso)"Ex Asesor de Ecopetrol y Promigás. Exjefe de Selección y Promoción, Universidad Javeriana. Ex Catedrático de Psicometría en Coruniversitaria. Estudios de posgrado en Análisis de Datos. Creador del cuestionario "VALANTI", para evaluar el perfil de valores y antivalores.


INVERSIÓN:

$ 258 dólares americanos = $ 568.400 pesos colombianos, incluido I.V.A.

Que incluye:

  • Seminario taller de 16 horas.
  • 2 almuerzos y 4 refrigerios.
  • Software en CD-ROM de calificación sistematizada del 16PF, para uso ilimitado, (sin pasos). Manual de información con más de 250 páginas.
  • Cuestionario VALANTI de valores y antivalores. Programa sistematizado de calificación con su respectiva licencia personal o corporativa. - Formato de hoja de resultados que usted puede imprimir y reproducir para aplicar la prueba. - Presentación dinámica donde se explican los detalles de la prueba. - Manual completo ( 37 páginas ).

  • Certificado de asistencia.
  • Asesoría vía telefónica o por E-Mail

 

Pago con tarjeta de crédito MASTERCARD
diferido en 3 cuotas
Haga Clic Aquí -- >
 
 
Consignación en
Banco Bilbao Vizcaya ,
cuenta corriente: 621003342 a nombre de PSICOM Ltda.

Consignación en CONAVI,
cuenta: 2023-15746390 a nombre de PSICOM Ltda.

Consignación en COLPATRIA,
cuenta: 011203713-6 a nombre de PSICOM Ltda.


INFORMES E INSCRIPCIONES:

PROCESO DE INSCRIPCIÓN:

1. Realizar la consignación en cualquiera de las anteriores cuentas.
2. Enviar vía Fax el recibo de consignación al teléfono:
3 628 828 con los siguientes datos de la persona que va a asistir al seminario:

  • Nombres y apellidos completos
  • Correo electrónico
  • Documento de identificación
  • Teléfono
  • Empresa
  • Ciudad

Las personas que hagan su pago con tarjeta de crédito MASTERCARD, deben enviar vía correo electrónico los datos de la persona que va a asistir al seminario.

MAYOR INFORMACIÓN

Teléfono/Fax: 3 628 828
Celular 033- 6 985 130

E-Mail: 16sys@psycologia.com

Bogotá D.C, Colombia


Suscríbase GRATIS al Boletín de PSYCOLOGIA.COM

HAGA CLICK AQUI

http://www.psycologia.com/sus_bol.htm

 

Por sección 301, párrafo (a) (2) (C) de S.1618. Bajo el decreto S.1618 titulo 3ro.
Aprobado por el 105 congreso base de las normativas Internacionales sobre SPAM,
un e-mail no podrá ser considerado SPAM mientras incluya una forma de ser removido.
Si usted desea ser removido de nuestra base de datos en forma definitiva por favor haga clic aquí y escriba "borrar" en el encabezado del mensaje.

Por favor, reenvíe este correo a psicólogos, GRACIAS
--mfeijepdtjlfdkmp Content-Type: image/gif; name="log_conavi.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="log_conavi.gif" R0lGODlhYwAbAPcAAAAAAOPEIYpqEkIyANfZ256UDRoWAqmrq2VaCdjMENSnHGZm ZubiE559E01JBxEVIAkHAf/XJkFCScSdG/nVJKqHGC4iBv///zU2PVFRU4ZpEue2 H/bQIw4OAFE9C4l7C62VGv7FIf/mKPDv72dQCggNGnheECchAvfrE5V1FXR2eEI6 BtmxHp6CFravD41yFL2UGs6kGzMzAGVOC//cJf/0KiQmLbO0t3lyCu++ILaNGPfF ISIaBRALAnNaEP/OIyYbBUg3Azo9RjcpCF1JC//9Fd2xH4JlESMfA5R0FBgQA/Dj E7ChD1dEC3BVDGprcL6bG5V5FTEnB9CnHqWEF66NGAABCP/WJKR/F0lCBtatHlpI DOm9IHtgD0ExCWRNDiAZA3dfECsoAzsuCP//LIJ6C/j4+QgICBwdH2pSDv/wFSog BrSTGcehG21YD319gcHBwO7FIt7e35OHC/TnEzpCSg0RHSkpK6OZDgcDAv/dJ5x8 Ft61IEo5CpR4FFJBC/4BAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAACH5BAQUAP8ALAAAAABjABsAAAj/AEMIHEiwoMGDCBMqXMiw oUOEPyI+nEixokWFETbouPLjosePIA9eueIBQAU9IVOqpPgjDhEAAHpUubKyps2D NHzAhNljgoibQFf+2AFFh5KdTdq04Ri06cWIJAA0mHL0Cx8pAGDo6ei0a8ORMwDc OUNFx5YYfdDYgACDhte3CcECeHMBA4AJZLwAODDCRlaUcAML/EHDCYAnF26U+BMD RAUIEszIQQOhDeCCETNLFLxQs+aCV7oAWHDhgJUgIf4A0AEDAAYzBB70iHGZMI3M O3Ln5vzxh2jEB84M2PAnz4kebNi4vhBbydKRLPx86TNEioXrQ7Rw5U0wYhMe4HnM /yRIIwoAIWZMDzBSkgmKLHlgtBZyAQ4AIHE2EOmRZ6d/Hjt4JmAIAhbIFUcGDkhg RDTE4YEF1Y0xBU0D/cDHGHaoUIIXGzQBgAsJzLHEClnBAFkGebQQAxj+9dCHG110 4UMFtxmhQxJHmHBEEjpsMJICAgjwwpBEDtkAHxEZocERGjTpJBZcKHBEkAJQEdEe QVawxwsppPACFgFuF8IVcQwAQBA7vMQEAyyWoYYMd7UGQAt6DOEfEFCMpKcIfPhw lH8wAbGHCGkAaqgFXNCggaE79bGHf2uIoBwAShjmXx+bEXQFHzMoUGgBKJwAgV5z FAEfDEloUAMb/e2kgwjb/f9gxBr+pREGBP7FUEEPlxaXqwhc6CAsDFTQCpMBOmAF 0woc6GUSVf69cBloIoiGAB1ifGgqAHgscdQGNNDQAqAViBDBuee+tNMYenDA4k4v XAHETkoEwAKuMK2xwxQv+ECEB44WCpMUOfSx0x8pwESECHHYCRMEULiFUARaDIEE Eh8mUAYDDgAgAwQmBHiFFn/CpIQfCrCgcg7KwhRGDTrgCwAEU0DRKgBeiOCHf25A YcDBflTR8sICA2DAz4iKAIXMa+RAIUI0bGABADgwwAPVCRx1RARcRfDCzTz1ILYO AvgHhhvvwnSECDrtZIIIBu9UxRfR8pHwTknUcPdOeUTgTEPZSHGdqUFXsCBFB0gY sEIPJwCwtZg/VOGFEhDIPLMCP7hBucwQKLFCFQ2OkcfoeYDwAw+k56EFG5tXXjnp PbQhAgz8kb51BDsUR7q0X/Ex9QdqYHzEbYSPzEYLeySfRAVhGlFFFEP6UYF2EeVA RQp7RNFAHHE0EMX3zBeuZfLkJ09FgNb7sYcf50e0QwVJkL+BmArRwAcQQCAAgA/E IzSSHgAM4ECuEK4Chms7BryNbQookP8F8IGXSeB2rvBA+i1EDyw4ihtGwp0OGkQP E9BAgDxIwu4MroQoTGFTAgIAOw== --mfeijepdtjlfdkmp Content-Type: image/gif; name="colpa.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="colpa.gif" R0lGODlhgAAZAOYAAAAAAN7e3oSEhN4AAEpKSu+CgutLSyEhIczMzKysrP///2Zm ZuUmJsXFxRAQEJmZme/v7zo6OtXV1e1jY2ZmZvi1teUREf/MzP3e3vWhobW1tTMz M+g7O1JSUoyMjAgICO9ycnt7e9rW1v3v7++5ue1TU6Wlpb29veYICObm5hkZGfSV lSkpKff391paWkJCQuYxMfavr5mZmfi/v/zm5uYAAPbT03Nzc+caGu9ra+lDQ/73 9+1aWu+KivvW1vF7e/4BAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAACH5BAQUAP8ALAAAAACAABkAAAf/gAqCg4SFhoeIiYqLjI2O j5CRkpOUlZaSOzMZBTmdBRUYO5ejpKWPNDM/Bgw1rTUWOAwMHDw5FaKOEgIuBAsJ uC0nIS4dvi2DGiEhGoMtD8ohHicBhAEC0dQKJtDcEg3QAg8IgwjKJoQQ1wIipz0w A/A4JQUZFRcY+BgXFTYtx4sQQjgAQBDAhmMICBQsSCDbAoICyA1ceMADrocQFUA4 sLCgBhcdHdw4FoLgDUI3CkZslOHdAA4gYoQ6pK/Cigk4YyRKAZLghw8ATp7gSFDF QgLHXgBwcGJQA6AfWAAlyAzBRAALFATYcGCigwMbAij9sMEoVQU9EwySMBWAi3+J /2hMgGcgwwhDI2b04MAAB4oBrlqBwFUI4wcBJzQQ8BCAKAsTCBIoJWgCAgsAKtgJ ekDQBQQNZtViJLghxQ4JElICCCGitdEDARBcBvCghUIHDQaNNphCEQ0DAyysIEwI Qw8eOA0YgGEBcOAJdwlpAOqAmaAWEHoS6C0IQgSCCyQYjQBhkICMCiZrsIrZqAoJ us8qOEGQgKAOBBOkuHxAc4OBKhjlwDiJ5DAACjodksEEOfRwiyAjYJCBASgE9kNh JhUigoAEDsIZVk8B0AFcGHkAgQkDORAARg/0ZJ1lS+WmgAYEdSCCB0CxkIIIA5Um CEYmAJnIDH+BcMgIJQRWA/8DKxQyAw+u4HDBICl8B4B1yBD0QnmEfCgAjUERMpkK RK0W4gYQqBaCICJwBJsg5/lE0AHMTCfiMRr02IIHGSIyQQ0ozHBIDkq6UoAhBVRY w4VszoblZlrCpYBt+X34wCAwFvSBCgtAoBAAArRQEgBIzQdUqQrsJiJ3fIZJKQAe 7ElQBJIOQgMONeCAgSEX4FroKz4Y8mcNPFA5mQuYBmCnA2qZRxALaQLwQVOCnADU BiZkm1sCBZE50XsKcIvVIEpVxBGtgqjmQbhTeUvQgIf40AoKGRgSg6KFWhBsIRXA kwMho7qVgAkbCADBBkWJo8Folyr0gcIIgHlSM5/+9JP/T7mNuq5Gl0GLX5gKfKxW xRZjfMgOHLTCwL62GvBrDSUcEgM8jAoSgJULnfPhu22t2QLC0gLlC3qCmDDrCUhr APQ5H5+jgHgGzfjuOAgPCCYLGiB9wmQbG5IBPAMwkAFxGLis5MqH/ABoBYVIgLO0 MobQ1pwbh7iQB61eyqZZ1KZb488EUQtmB5Na+YIEHLEQwGxOwzknl4WMkLIrOmTA sgIVgDABXzxcPkgMFhBLXHcJLODCDQnA1cANBBDQAWNUapCABrTrJ8Ls3CmQQrZ9 s5lAAg0Ek8AJXKYwMHwK3P67CBpABsHAGkhq/O+QF9KrkhboMEEBK2SwAgg/TClz /3M60GDK+eg/MsPk+TJQwgq7GmLDDxXqED8hqwtg/A0NNLBArIJAwKV+J4EHnKgB JkiBBxbwAMg8gH8aEUAAIOABBEDAgA14QUQaAMD0OWIEPIABDGjRoBj4YHSCsMGC QmeBHESnMATYgAci0IGbvWADa0qVCk7gAAa6QAQFi0AKBFCdCDygLCfh0wMkAIDD veCIC4ieC3DjQUjggwYYoAFxdoDFC6zAADiABwpKIChETHEBDWDBAhBAqxBEQHcR YIEcn5EABBQsiR2AwAsIJsMq4VBpBIjADYqxmQgYsYqR2MEKeGAAHejAACVYjgUU hQMD9EB8iEhBDKPogAc04IcALthAbh7QAQG8IAQCWAABXnADAbDgBAsIQQM6cMQO nI4FESBAKgOAFROwoIIviEAPEZlIH1SgACXwCwpQgAMO5GAG5mNEABgjgCCFIACs I5AJEiCByCRgK0hJwGI8iQATzPIGAQiBBKzxALV44FKq3EYLklErYtrznvjMpz73 yc9++tODgQAAOw== --mfeijepdtjlfdkmp Content-Type: image/gif; name="log_bbva.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="log_bbva.gif" R0lGODlhxwAcALMAAAcPguzv9Y+UwzxDm8PH3x8njGBnrf////4BAgAAAAAAAAAA AAAAAAAAAAAAAAAAACH5BAQUAP8ALAAAAADHABwAAAT/sIBJq734lnC6/2AojmRp nmiqriyZvXC2tXRt33iuxjw/68CgcAjsGWUconLJbB6O0MrPSa1aU9Hs9MrtXrPR rXdMHoKh4oNhzRYQkuVRQGAY2N1xwoDgPB/FARQFEhMDcHEfBBIFa4sCZAITfE0T BgKXl46YAgMFlwOCdACWAoQAgIscc4WIIASFSQGgAJNdkbR9AI8Hb7ynHQGTBnyv lWoAScWnhwcBqR6gUwR0lrXTu9OWIMFtzNmWzB3RtQe3Ax5z3R3XqnR4Ht/armsC q7jr1PLNl3xzu7zU6oWY8KgYh2UHQBlQszChpEDnVBFChbDDs2OMDBhzuMGAqYa8 /yQMKHVqUgCNGU/9AybS1bRJJAd4BGDomC5FgmCKnFmz2axBjCR1QLkGVE2cBmTR 9HlqzUYPBH0ZijQD1Jtf5Za9etRQY0V0qQLY23WLrNBondwQKtiy2SJxQrOOSiQB pIhANDkgldtpmNcCIZf6mmuz4S1ct2oZDVynqcN7xexG3TpnEIdOwaz6WqgxGK5i FE8NijrUzqRij34mKWuzVp2pTx9be5pPJq870H4d/pdKz0gPLUHDmfVG5KZZwQgN E3vL7jiougYXrBnt8rmEVzkTrr5tEYHv5phxM0YcHvkJ4WR/8PovMrzvbdFNS9X8 g9FDwWLKtev1e6FNmCQnGP9c93RwC2AdTGbMSZehl5Veq/QjloFfsYQVhYQRMNNo c3GH4ULlbRPiUKQFdp19gp30E30lOnQUSRwCVp8H/e0lgo0EruQVANAVVJJPDe6i 0T+g5MdPMw5+4MxXeJ0D4xvuebjfY3blFh2NJS65hVLn4KSLWCxeCZchXtazpJOx 9YdXGoyhKKZcCD5xZS9qIPjdOhsFoh1pnXX3VTF7EALTeVPU51VP67XI3gdUkcMl lcAtw1puG8yyy5mDnaiepTfWleibiyY4CibTREOqKBN4IoolpowkingXKXUTBf3M AuJX9S2ZlyusAAOLklK6KKthqY6FImDKkZiXrmYJBdrQSut4Ck98TcLhhxGACBLj QrIyYsd5yHgwo5eMXDJMOXV995wrtn5izGF2TGQspfbQ1EmxgY3SSYgk0WTJGp4R Jm66evwI3bUxpGHHwvTUchJQbuD2Ghy+/ZPOIiMlsyMj5CjJCVAci9sJIyouxMke 69lWzshJ1ZHUOjypizI+P2VccQgagizQBwj7kF4KP7MwYQhiBb3N0ETfYDQwKCxN 9M89J+x0K1RXfXDUGLBp9dZbY/2C1lyHjYjXSIhtttVkZz312WxTkrYFYLctdxMR AAA7 --mfeijepdtjlfdkmp Content-Type: image/gif; name="bonus01_2.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="bonus01_2.gif" R0lGODlhJAGOAPcAAAAAAAAA/1qtY/8AAPj++G5zPN/p8AD/AMDA/w9VD6Ki/f9m AKbA2PHt5f+zgEiAsy8oH/9mZmZm/2v/bhtXlp2yyXx/jZmdq62wvR4bFvS2lP8p Kcaun9Hf5v+MPwnRF5l9U3VWPGpqbTAwQoCAsPbOoDP/Mz8////171RUYNCghNLg 7Xt7e8zMzJmZmcbU4KLDpVRUf3Z3cjc3Vrv8uhEREv///1FUT5OT3f+vr+bn5YR/ 4u/v75n/mYN2XkY7K5+Gc//MzACZAPW4jl5TOf+Zmb68yB0+e/9PT31uT6Sjtl+R u1ROPMzM/+H/4R//H7W1///ZwB4eIIGB/7nM34Wjv/8/P7W5yf+PjzFrpI16Ta6u royNj2ZmmU1KPN7g3ra3tejo//+WUKWssP9/f66gjdTT2v95H//HesSTdTMzM/8P D2ZmZlL+UL2+vHNhTO70+Y1zS4WFz5mZzNra//+/v//f31c9KAkJDkJCQn1yU62t /6qnqP+ZZvf39x4eMP4BAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAACH5BAQUAP8ALAAAAAAkAY4AAAj/AG0IHEiwoMGDCBMqXMiw ocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEnyY4QBG0qqXMmypcuXBe3UwUJmwwAr dWA2rFOEjE8yOYJwtJPjJ1A7K3n+xFIHhc6nLlHUHEC1atUISCXmsFqVzME6XKlG OGgnwpqwVNdEyFlRqk20G4oktIO27oCxBsueRYtEKNS/InPstUtVbkQyaNkWRBw2 h8GThK861TrYrpXJBbFE5orFYJHKdQ0DHr1x6+aqoh1aQYsQCdqsAyGfRimxyOyb B13f9jvQ9mzHpINbRAEaZfG0mBsWT3nwrdU1mW93hRhE+oDUAq3HLL7GynLh4CfK /67q2CYS51U7O6QbFm9BFGitFFxepE6O8VWhP1zNdQ3TIuhRhURBps0mH0H4DYCE UygEOABs4UW4UIB4UYUFe1YN6JBvnH2FllcDgcXVBslxaJViC2FoFW/whVUQfhvU IeOMNEJog4OYJYiihDwaFJZXIuZEUw4zQpTgALwRxBhXwAm0ZFXMEeSgegxpxpV7 AvFnVUEUQhTWgU6GtWOPZNoQFolWYqTllrm9piRaESQXRB02PiQTFhFYEReX/RFU HVdjKgQamDboll+ZiA60JlUbrEYoRfEh5KB+vdWlVpIgJaihQFbmh0IRSOy1ARnJ IRhWViJaBWKiZZo4YhGlUv8H50EtcvWoivFhx9GRKC563ABrNEmQHaCplSCJrCbq 4HOkTtSpVbraUKCqj222J0coGGoVobXOFmgQv2YYq0QAlGvuueimq+667Lbr7rvw pnsQuJEFK9GRddrwZFVjNnjaZRoFsewayU17WpRKhisWQgBIcQMXXzjkhw5fVGzx xRhnrPHGHHfs8ccgW4yQwJtFq9CkCC1K1bgoHHnmuBF9htYamB65Vh1HJomCynUt aFALLrChBh55uJGscAAStka+CUV60HcJ1cGzrRe5vEG+Sp1HM0HaWjiQvyP65CCW BpnBBh438HB0cHWES7ZCuFK16rB8MRSEy+RRtHNdcU7/ZPAAqyY4t8qYlq1GDS2s TZqADiK8UKrQHuSq3A59uuxdE4Hdn7ARQU65DXE/+jeVCfEgQgaJKw5VkMS56JDn VAXKM4tK+YTEo9I6DZHm2zL9eljq7TsA57DPrZALiKteUQkeNN/H40XluQFzadqQ 4EOwA25Q9ghnH2uCuC/E+3Q7zVSn8GypXOrkpC8kQw1qKy9RHwvUL8aEYTl1EnP7 Og73zBBq26xChBZdJehtChlfYRZShEVx7kZ9ypLrTMWVwiXED3m4gfwk4oH6LcAB CxEcBPGyKAQmZGAREJtdbASXABbHZAg5UnesQMMa0hA4sCPbsxYmQa5A6E9W8d9C /76QgS1sECJn8GAUHvchC0lFTBAR3myMZz2++YRnQoyadQbAlm6hZiA7BBZmhIcs G5CMSRLhghSO+BAPLsB3irLLskyYkNZZp4x+2uLwINK101BwRN5Bi7DiBiw9DTAi PCgiQ+zggEYukXkeKIFAUOAAD4hhicOqZPPEMITkMNKRKOiDB6IQhUaa0pSSHEgJ xOA8ONogCm5sCLFug8eHAHE2tSTI5CIDQ7JskVCznI0Bb0NHhshAgwuBZf1W6cYS 2CGJHoRNCdzoRtgocwHMW2YHqVk/EIJum9VUyDXv15AzRsZnE6HXadCJkF3OrJcH CeNmyKZOwsQohqehIkS+AP+A+CXEAR4EZ/3OAE0PetMO3PTg8wQC0PrRr34oKCg1 h2ADFAjUjTB7pQcpWjkyhGsDD4yIW+yilkDlxSxy7FtE+liyk8qxfQbJweXU4sqG SMGICnloQhPqAYHo1AMOEEMsBSJUaj5vpwtYYkMTytGDXLOm22NMCuuT0YnIxChk qIMFF1kHrGp1NDNZSlPsVJSfBGUjeZDBQgRagqUuYJRFXQA5SyDKM0ymoAMR6BlG +UpSRgGcz0NBM20wzfr1FCFLpYiItsrGxlKEBXlYiBspes032mCp3nxPYRdwhoG4 0QOxGkJAnbLZhdoAr4h1KEUY49jWZoQPa6zjUDd7WJ3/NjUKdaXmYREaTYNUNis6 TaUNwPnPZa7WCsV0rXIX0gIAiDOgDDWoQMCJSZ1yc6HXPOywCorJ4fZWIKg9SEOh utzyboSfChFtN4mqRPB60CluXUAf+gBNby7VtHmVbn7r9zUPdhYhbc2seQcsEvQW d73erR9SBOtB99aPozrF5FKF61PoEgScWdksOfPiV/IS+MMSMTBCqCuQoWa3xA2u aDgTnFSCbNauBdEpCCPqQQoTJK7dBbGOMyLigxQUKbzlrEA2681qhnKop33vQILM TRBu9q0STQiGd0xljPTYICa2MGbZi1TPplgglaXmEmmc0BwXBMlVTnOInYuQE19W /78k1uhniSvntxIkvm7EZJiNi5Aga1fNgHbIlYfVPKAOudDVLbQ063vZQjvlr80T sCYLTelhxfWScCu0gAPN6YQMutOgTvOnQ01qEI+61Kgu76lTzWrHrrqxBGgIHAri BzfwodWufbVradCDXvu6BzSgtR+4IAIz4Lq1um4sryfA7DY4m9kTAPZAhn0DM8T6 2I1N9gaXPYE2mODb4DZBG6ItbTbcwA/YRjabzbtsbz/h3QeI97u/Pe4epIANX7h2 utmobeX1oNsmgHe8B36AebchASLgAQ8IwPB9H7HfiqMBwJ9A8IoX/AMJYIMf/OAE PzTc4fKD+Nr+HXCLVxzjIv/QgRNo4ISPg1x5Ik8Wr9sgcJMfAOP4JkCvWa7vlysu 5qz6N81tHm+Mn9sG/54Az30O83X/xQgWiMEI/oCuP4wgBhYwAkRIXnQh9GDo8k5A tW3gBG9Hu+VMVx3QOcIDEsygBjX4wwy6IAccKODuCpBDF2bwBzzgYQYk8GdCvk7x m4u9AT0wQbyFoIYWEIAHE3iCCc7e87Tb4AVXyLzmr6CE1JFm7RnBQAoA8Icu2B3v qE/93XEQAykAIAUYUMjXS37zGrhA4RMQAuo23oN5T4DslTeIxxlO/OIb//jIT77y l8/85hs/I5jffOaVoPXggN4iGBhBDWJwegXs4fvgxwH/4MFP/j3kPQU1GEHsDzJ7 ggtBCmBAAQpasAWGO4Hikv892hWy8f77//8A6H/ON4ADGBEbB33Sl3kYgAGC9xfX NxFmoH3cd3fkBwUWaIExUC44cIEWWH6sl37GVhDtR3AJ8AMRMxBOMAHyNnnAtxAB +IIw2H9wMIM0OIMKxwMGkIM6uIM82IM92AFAGIQvMIREWIQGYAPohhHRJ30YoAQ6 YH1ORxJdUAMzgHfgx4EciAflEgMIgAAcOAckQH7iVwMiIIITQHtFl3ENYAMMRwOF 9wTj1oIKQXxwoIMrcId3yINBCIRFOIRU8IeAGIgMMIiEWIiGaIgVkIhVsIiLuASO /+iIDxCJkpgFlJgFD3CECJiAnOd5gPGAD8EDU0cCFEgCIwAAewAFXZiKCNB6FgAA eICKqkgCADACHfh9JJB+/jRzaHhzeKAE9gdv+dcDwBd8BMF8KKADyOgUBJh8MfiC NfiM0PiMOpgFFaARLaCJnHcFUFgSRkCFdmeL5SIFqtiFTYAANSAFowcAJNAE7FiO GaiOF/h9OKB91bdsu3gAjJc4PTBwcPh7cpgQDLdxxtcAV7CIC1gFV6A2y7iQykcR D8AAGmEE2NiEDfgUnsgQ3RgDFHiKe/COJIAA7ciOUzgCpQgAeRCS5lguKYAAcwcF 4BcDNVCPE1dxCSAAbriCbf8gjC1HjMVIADNIfChwBQ+wBFfwBRXAAxWwBA9wBQHZ jE75lFAJgw+pEWMwBhKZgBcQgp0YhR5xi11AgRfYha43AuxYA1RAB7JYA1dABTVQ LlxAB3DJBgDQluJIdV1QizGAByRgA+0WcIV3cx+geAbnjzu5EAyncIdZBRRQBTyw BFXwAItIAIpZASjQfw9BjEl4gBcUlf03lRnBBRdABZrYeZ/HlRxhBHrpfd8Hi10o iwCgBLKoBHCpBLK5AhbAAixwBXTQBHLJAq34egBwl/G4B12AB1rXl+8mcPMmbtH2 j3NIADlYUVdAAUsgEBVQiVQgEEtAAdqIhEr5AkPJAA//UAEMkAVUUJ4vUAUvQAXm yZ5UUAXvuQToxgORaABDuQKPSACc6XGeiREswAWimYBKgAFJ+BB+8AU6wAMJel6m GZE18JWryZrt2JYquQJhcKEYmqFhsAJq8JpUYC4zUI5diJcxyZdJF27LOW7N6ZwA CZ1H+AVZQAEdYANfUAUVMJ6MSaMUkAVr+AJHkAWKyQBBSonXuZhZ8AIxWgVEmgUM sKMCoZiOSQGQeQRHUJ0M2Z8XgZsByoRKgImC5gNE8AZv4AU34AJaaREXeRA8IAUa GaGp2I504Hop8AIaWqcZ6gIrEKdzCZIi6oUuqQCtpzY00G7dBm3kNqhOUJgMwXB3 /2gDFSClAmEEiwiZVRCC26mNS3CkivkCjtmkiSilVbAEVACqUpqUS3AEVRAFdmCJ 4EkBN0oBMsqGC4mlFhE0GLClm3cBL/AQW/AGPwABEJABwpoBP1AGFRkRaWoQM1CF q0kCc8AAcAqXFnABGVqD/leDGSoCAHABcNmOI+qSezACMzAQg/prvoaoitoQjLoC NgClskoA1wmRxKeYVeAHWbACfiClK3CJkxmkjvioDPCojPgA5hlJlIikD8CeWVCd 70qAtFoRYJACujqaV1CgCmEGRHAHwOoFvwoBTPADGeADx/oQyUoQFlADOLCa7ziX eSACXHAFGooAEiABU0AHBP8RBgowswgQBjT4AiIQBnC5m01AAiQQjzggBRZQEIO6 tIm6ky63qATQqO7acKO6q/O6mATQATlIBVrbtVTAA2ZgBjzwAnxoAB3wAma7h1Sw AmRrAGS7hwYAB1cKkRnRAmzAAku4eQs4sgVRBiEQAncQByCQBETwAz/wsRAgshVR sgLBAzUgiqvZBeqCARm6B1OwAziwA1OgAHAJBZeLAziwuWGwcXCAoUFbAeXSBX5K nPDzEetqA9P5AMWnAw+wcMT3ABSQnTbwk8+4u9Dou9HYuzTok3Grn5z5sBRhBizA Bi1wldKnBCd4sT4QB0AABCBwvWnwBsDasUZDEYxrAyn/wKyniIojILHmcgMXOoMK MAUcMATuywGhe7lKoAH0ywGaGwZI6AemC5cVIAXi6KcKUL6uG7W7qgMxOqMMpwP1 eoBfsKML5wZmgIzIWDENMMF+YAYIKsFf0AII+gUTg4w8cDEUY8H7uXHIOxEdwAU3 sJajeaYI4QZJEAcqoALXCwJpkAYhAKwQUAM+sLgNWhHdmLLj24WomwdScAFqsAI0 2ATsiwZoMAQO4MQc0L5O7L5oYL9QgG6ka6G26XrqOKJ7gAPG6RGMuqs2MKoMawMK PHySmbs2wAMtYAZG0AJ0TMduAAZmAAZw/AVu4AZ0bAZ1rMd+LLaBHLYtgMclbMJ0 /4sRHXABNzCxAuoGPDkQZXAHIKACaQAEcRAC1KvJwHoHd8CJ+/TDFJECKaCasMiO owez6esHcKAAO4AGDkC/GjAETlzF7mvFSjAF+CsQcMACXlwu5/itezADKUDGUbsC xGcEiykQZpAF8fOo2bl8iMmQ1rx8JywRHSB6LNC8CYgBY8C3AuEGgXvDcfCrgVu9 IcAEIHAHQOC9pCwRZoAHQgwFOLCO7PihAGAEcFCOo7sHc/DEuTzQBG3L8Itus2YD Y2AuI6AEozcHYCzGLowR61p8ZuCYZvCoRbmIxnbNHn3N2RwRL2AEMsAGRuC8mSeR 0DtEYgoC1QvKNly9m/y3If8QvaPMEeGLyq0HrXA5AjdAB+u7A96nAHPgAAV91La8 y154dzt7OEYAtDVwkiLqksbcER53h8XHhtFXASf9ArH20WA9q4t8EWZABSqMAdco oBNtEFyQBHcQAmlgw5hcvTUMuBwwESVbA3IQoTMwl7JJBxdwAZfLB1MsBxIQy2hQ y0idy2iwAzQ7B5At1FcgAhYKtEILxnJQA1adzMYrkAKR1Z3djAznwQp6gzzgBw3Q AAmcyFAZ0hDRvErwMFTgvCdtBFY5yQLxBWXQyXHQ24Jbw0SQsW/whMgazxBxAVKA ygjAAAiQBwAgA0B7uRxwy2igBBKgBE+s2Eh9xYdNxVf/LNQZGrTsCMBHzBEbtwIG ENoCWXycqQMQ/AV8YARgAAZccMj1zQcQ7N5GxNpSOdYWIcdGcLe1PeBGsLcM8QUl oAI0fQc/EALXGwLEqrFlsGYbYcreZ4EMkAIkcAFtmQd7IAHTPQT068RbAOJPDARe 0KFR7QMqUMuNvQO2/MRRbL8IULoX2q1TXczHvBEbp7Xqzd8HugUU4wKHDAZ8AN8u 8AVcAAY6QH94nL9A7n+u/RBmcAUknQJWTuAnPQZrbRAKrslx8AZv3dt3QKy/+gYU rhFSsNenuIrpMgMwnti0HMVzIAFAIAVq0M1w7AI3gDZDYN0hTstOPAcK4Mo3ftle /7gHJBBbGtHjMxrl/vfGYlsxCVrpOuAHClcxp60DPw7kCasRVW4EKjwG16jlpN4Q HHAHSWC9vr3JGkusGcAEaY4QCnACtn4CTXCxeKDcJcmyLJC5GiDQ7qsBjZQCELAF FuvMeaDXAS3iBL3LKTAGC4gBLJAC422BCoAHXT4QtX7ruX5BNgCEDet8A/zZLdp8 n07rt47rCxHqsV3fWl7gBMoQfgACIQAEnGy9f7vJwvrcs34QUxAAAh8ACKAQJPAH F46KMZACsomhULADIU7Q2mvTtMYCGaACSE3o6fIH453of7CXChHwA1/wLUq24858 NsAH9S0Dt/Z4F8wHEyMQLv8gA8g4MQuHmJfO6WrjBxbABTGvoHwQ9FywBbbLfOkO 8ANP8O2ueWwgA80b72NA8QiBAph8w/Yepr0dsWpA3DedECIv8CSPEHuX8HwKl+mL ABAv7O7rA2og9QYhAmpQ0Eat8ehSAx1P1V2wEF+v9OBu8szYf0VvA0bMBWqQ5+Z2 AzKgBluQB7eXB4ecQXnA+HyQB2wgApCVAjfQx9XmBmpgblwAAfd2A3mQAlxw8sUH B0dvEHsf9ghR5VZe7VfQAm5g6tv+Hi2Aw6DMySEw4TrABxx86cnuaaS8+goxAl2w muTYBGbPs3uwA8FO0DUABg2hA4lL0HM/BXnABW6wgBf/wAJ335EjoPdJz/oGEWt+ f3xfgMEbzOmx9gWRb8qIfwPyb7d8oAalLwMsrwYQIP8s4AKFzwcAwUJKnjxbeKTg AgZCihtcRKRgIeNGHhY2LNogkFEjAThLqFwEaXFKAJIBEIREaebKFSMuboxp4cbI TJpjjKDEadEPkBA9QcQJ4QaODRE1IKi5gdCNjpwXvwBoamNkyZNNR5DYswcKAgRN mtChEyZMkylK0AxBi9aHGj9RQbqQkjYtGg5TmtjwA0csWK8IoEDpMsLtVJJVc2Z8 0YGAH8aN/Zhx48YMmC8EdOj48kVHiy8tMJvRbEaHaMyezYDO/OV0Axd5WpA+PTr2 /+nTqi9f5rHYMeMlL5oSNunWjBGWGBq2YElzJgYMbd1e5FEiTRygPgzAMSMFz3Y8 ALyrARP1aVTghnHiwZF1a9evYcNMkTMEjQa5eVw8v+gHjwq58tHMmQKOvPaio6+/ 5KhhsJKCawoxxXZjjAfNeLjMstt04CFDDSnk8DYON9wQwwxx+7BEDS/UQbfdevtt QfNwGo4mEURQTjkwxmAKPxu+8CENnohwIwwbWAAgAymOPLIGAGpwo6nxQFowSikD CAkABdTjqj2xFNhBvv6GAOALHS2SAogvz9phjwHD4KsJrqDAAaqQpqSTSpAcVHE3 jDbis0+UNLLIz5A2uqhPQ/8h5M23i+qcMiWaWrDgBjBqrMkM/PxwwQUIklAhBB+G aiEDPIxEEkkA8nBSzkUZjbLKK7XKEqwwFJCAg7PokwuPMS3Kw4f+6KNrCgT0YrNA N/3aQ9VVWS1pUAJeeMFQaQ1tYMQvJFwstxF18ANEbjG8tjEKMZy2XAJ4YHFZZu0E KcYrWrjghgtaoNQIJW5yS4cbargihgyo+wIOLiAoklQkMxC1hhZyelJdZl3Vaiuv ZJWgyy/RAoCAXXv9UgMHHNghQAL78ksBZS1at9k7n33BD3MNtSEmN8BooQWar3Vj Cz++yBkMMLaI7GegQasZjNNs3qKFl6VFV1GUU2b3Inf/Z0rBgnqNYI6HqMBQAwAp rqjCqCYx6K5Us6XIAAALGD4Z6qhtsBLLriiWAw0HNMA7bzAtHRMCM/FOC1ccJCC2 zTfjRMltZ6F1eWk+M6sZtcwkdEOzmi/vzIzXQKNQtctf+6LxjeAgvXRDm4YSakdX elcGNpKrEQM+csTJhRrw0C4FKi4QYYswLljSbIQNBuAGtkM6Ifnko1Re+ZBqSA/W ucOaolY05sP7ejTy4GJM/VS4Hq28rw+5cGPfJCFB5JtnvvkTnO2gZcelDZRQvJw7 jFD9M4LDAP///98KBLgCOGgEdRdxX/uat7qVtIALKdjC1ZSwMJyEqgZJqoEIWqAE /xbMpAYXLNXwhocHCGBAayFpGE7KE5WryG1iYJnCDmylvfkooQtq0Bh+4LIFDdBQ e3VpgvkMBBjBkMdFUclI/BDlmBw2hTGDcmJG8FM60jmLIwZ4ARWo0IEMpUuFR4xK jGiihBS4ADmUuldOROC1IyEsBWBQQkKMoB3hGWx4NRjBBVB4spCs0CpdcKGWEBBD PshHBXPYQcVqsAX86EAKLKiYEjjAAS8pYQpQWJPh/hKDIraIKlFhTAc6sMQnbuEG N3CBDBDCBS6wgA98EAELuNACF0QEaKyUAQtYkIJYtpINruSCC9ggg0wljQUiYMMF 2GAfEcjADBFhQWM0gsUXrP/AAF5EiR+bIkbWDfNqWUMJD/KAuyThgQXWNMBw/gDC gxkMbVL4w3YsgL8UZhOMOenCDAIpqzAgQAFTwAEiK0bJtYjJLSJQgwaUkMiK7QCR U9iDDUg3sjftYQZdUNAnnegHUQqoMSjZQit9GUxWboEPspxlLVkQmUzJUpYu4IIb UpmpTKWAmC7gQy3ZwIYtIJMLrgupBWRwwpDA4QUMeEAHPFkY4cyEdUawwOuudgG+ geQLaiDnkQAgApC0YJ3tdOc7/zDWGrDBKXwEiTZxQoI/XOkv7OHnUMgiATmAT3sp gEBVw1kUu9KFA3OQgASmQAeLCPFYUNhDDUiQUaZutKP/fNJQRnjgmNzcj7Lnup9l n2iDybZliRTqlmdDG9pqqgiLBsiIASqQ1KUyaJvEeeoFUgCTek0QJS2QAjvTVhGJ cnac7axjqdZ5ViNqNCdmwINbJaYlsfgBATiYYX9SIAUXEPUiLVBDDfgzl+txYAcK 0Ilh32QyvX7RuDhJ4goaZwM3/LKZXOADKxvyQBlYgAXPhIgMYskGEViAD25w3QNn xIIbEFMHESEmHxDChhSwgQtqYCWBLQDfX3LPBlzY6QjUwIc9reABTrPneWG0kkdh ACEqgd1MlKAE67I3A+xUUvf6Z4AWpCCrCAsuksZK3KbQgStcGUpUpIAV6U1MLGOZ /8IWznIxIByJDXyomQW6lgJKXixYJyFWsYbYBSk8x8c/DnL+EiO6L8ggZxdwJUyJ uYWXukAHtaQpTFnggi2YAc6sxCV83xzMTFlgDCJ1QRnZPGcXXMACLpgRHNwwo0wt TLLYDMmXgdzUmjjkBxqMHXOM0GIwfJBUSnKBH6CFgUh9sI23404NwgpPHu+qKSlI wT7ds4cd9PBiaQGCF7pWg15t99ZnwYECMnk+ZM0gBa52C2LkJ0VkNxu9zEaJAVYg 0QEa1WnTXIJSnR0SWv70Bj+AQLhvYIQYYQC+LcAfSLgwKlJ15wJwWIkS0Gzq20nh BjvNQ27P1mWL1HPbNriAFP+UC1dZccnWt5bLHMyC8P5Y8shaPuwe8KDHfy+OCqTE eMY1vhsqehRCK3gBD0BOBWsyoGW7uaa2K35hJqgh3BmAALh/wIeWqJIPRAXtRdbI ne4A4AI6wMALrjAZnt8gaaI0wwXycEERZqDVK7dBDeQg61l1CXsID9YcloxwYDmc QOf7S/qgvrIsMnF+fNo4xk23RJD7YeQENHme/JDysbPgB2r4Abhjnvc3vMELEJBB DhsQBRWkQQVKI8DSkTIjNqihziZUqhmUlIfZfQFaLzBCB2yn6g9e8OkrT4E+I0Zw H1sPe7jqD10cuvVfAQ5NCjiy4ZA1gmOPXSeipkJuMtL/ADv03ve/Bz7w044oKmLc mjZYgRaVCnK50x3qds979H/gBS/kXdfd4wHh0wCCwgOBAz3VpQtS87na2LmM5KYX iYUeT3iO4AhH+HzFkRu99byQDlyaIevlonqtY/16KpCDwRoZkoETACivlWOMo9K9 KBiCEnBADXDABkQLFcibCJSLBjg7/qGipTEALVoB/hGd1Mq2uiOIG6C+EzxBJvAC PeCANDC8NCiDMlCzWDqmDrocmvAZDHgXQ5sRJdAcKrgCQ3s/CiDC94u/igs99Viu 9rg/h5Kk8Ek9DVg9K6MLPngoBBjAiDM22ysUAugABhgKFECDDvQfkDMADAC5IFwJ /5IjgCvAACMwAAfMwLzYQEOBgw5ALY7QIgPAiA7IvT0hAOdbOUSrLzZAwRO8Ny6I QZjiAqGSAdfZqRtgAkmhF+WoRCMwNAsQgRFgAbDpghh4v1A8gj/AuyP8NyMAAPrL EiakAyiYghiagx5CvbTAARygwoV6xT1wD7AgtgPBA3zhwiQCQ4xwwGI0xmNExgjE wPmBEGmhptLyQipADAagxlFiDEGsOAzIlAvggm+bvhsQAS64AHlrRP1CJjY4JRU8 wR+wAM1JDm20AE3srxn4gxFwvyMYgbHSx5gjAuowxX8LvYEjvb1wxfg4PY/5D6vL m66bAgVogofjRa+IONrjwv8uXAEw1Ag7iIKN5MiO9EiPdJnhY4yOk7trBCADiJ9q GqAB0r1rmjaow8QL4MYU8II1cwMM4EYWiERJZIKenL430AM98Lsf2CkHayVdigF6 /ER9vKBwy7s7CIEkiAMQAAEt+Mdt4wHFUkL2YMIjawIJ6L/xGYJEspX92wIJwCQ/ iL02OSzAqIEWG7uMWIEKKKDNaraSzLiOq8vd6BMeoAJqZAA+vBPG0IEleMmVgxeZ XDHOUAmdegMigMzIJAIm+AEiAAIZUMFfOiU2iIEUsMc86C8LiIGf2jsieIMk8IHU pMqqpI44uAgdQKuVswApUEWu5MUjgwLrcQD/ABD4gEL/upAA2INItnwTOMGDtanI +pnLvRTJ5oQQvcRLRBGlzkIUbPw3nCS3gIEDWtLJvntMyLyDOwC3DCgwL5ACNbCp c6THdUIYCGACH4hBH+g71AQCIPCB1WzN1nzN2Fy5GZgBgZRIXnSPV6yyIcCBwaKD KZiDtPAuAVxLY2lLBRiBGUjO/HgWuoxO59TQ4ROga7RGvrTObasZyGkBPrDPvoNM vYOAFwMAPFgwcHQdcKNMCPACItADH7BPHK3P1AzK1cRP6tACLSCCO7jKf+MBKYgB ALW/sLi/isGBkEEAxiALgEoku3hQCC3OPYgBKYBL23OZF6iCocjAMe0TKjIA3XsZ /y36Sz40lGsCsX8zAw4ogx1NAu98zB9oT6RgCBFQMzZ4zDuAzL6rz0GtzxicUx/1 US0AUi0IATxVnx3hz5UzghoApNFbRVZsxcCy0tirnuB8yGIhziyNgRoAxgptCyoI 0z1JjVXNjNvQjMtgVTNAUw4EoAKyDMlh1cygggrgVc1YVW6xATcduzIQSh94RBaY sG48ijy4NxlgJZj6TtP0ziSgzx1NTUJF1J+IgyDVgiQgAkf1vH6LVEnFgy4QSK5k xYdTV3UVUIk8Fr9ArC4AgFKt0IxAVTElAJ6hDDOIoMuJDM1xg5oJwQy8jv+x1XLB DCOogiq4Ah7YHNrQGGGFuv8x0KV4jEc8GzAEmxERkM/5pNaP/VgcTc1rBYJs1Vaq 9FYI6LzhKdKVIwEAqFTpuVRMFdCabVeJ/DF43YMuwIPFqlCQaAsGSNWM6AzPKFoS FQ3aMIMmGlPoLBfOqhmZdAOH9VfEk9iVuwKhqlhdyiVd0slTCtQkuNGg1IOPndaR NdnW9NE3uAOV9TQRallJrYEkjZj1QNcltVm2xNniRKwUINWfDYmgXYKDjYnCNQM/ iAzO+BzFjYmlbc4Z+58MpdrTwIAKkA3N6YzKCFaPGDtSY6V41KUZeQOwDdsbHVmy tVOpNFmTZVRwbTqWFVfABYlJHQH6e6sfc9fc1d295dv/PcCBEfhF2QVaG2CAwdUI zbkcWVVazcFc1YiNDF0iyPUfyQ2aFhgDyw3Ywg3YiH2Aj5hYroU10g1Ujx3Z0wXZ JNCC1c1WLXgD131d2IVU4YUO4CWyv7hd3N1dd81ZeP0LBeCyEejSn22LCjBeu+xC PjngjNDQACKgDAWJDjyMYH0ABhg7l+jJnpTW8xVbsuXgoLxP9c3WlEU1VXtf+PU3 2e2CGpgB273f/XXhnLVfxMKBGaBU+Q1cG1itJrJh6KhVHcGiqDCALKBgqAOC8e3g oARZskVbEM5WoGjblS3hpotbLjSDEZjb6Klb+31h/rXfrJhhABiBA5TftqiCJSjD /5UUpTTugJVkYwBCp5P0H70snQCC4zNmYwaogDRmY2t6ASEeOzBwAUMV5EEm5Bic pEOepEI2VPssyo115Ed25CmuSAwA3hmYuqzI4hjWZMTKCjmYATwYAQzYYZQ41SV4 gFNG5SVQ5VVmZVNG5Qdo5ViW5VZ+5Vq25QfIglzOAgrQ5V7eZSLMApUb5WHGiRPe YRPzmhi4ZExm5mZWABKYLgBIAVEm5pV5FjXVImhZ4wFSY1G6vG8G53DG5nEm53I2 53EGTMBUKh2u5mo25lHmARL4ZDz4gxmIARIINgXAATkggaSMJzyYARII4GH+qGcD lHb+NwNG6GF+52qGKk76A//vkOh6jAGrWWicGFgy1eiNHtOLdudx9eiQFumRJmnZ beiSRumUVumVDiOQZumXhumYRugt4DeZtumb9uiA7aomsYjIiAyD0mmnmFqL4AGf NijO6LehdgsWQBWcduqY4Wn2Mmqp1umiNuqi3pGpVuqiNijOqhyi9umQCGqEfoqa Lgo14FK4UQOCuA+0tjeLYAFeWyT2OpWlExOKsAg2AID7cIs8kAHEjGqfbjGeiQyc +2qvXhie6erOAOuepiCsBgmubuyYwZmrjmouFIEjUQOtAYC1tg+1XrqkyTdecwE3 gIq4Zmu4aZIv4LW9tggXAACzous8UIPN3pHzHIiF5gL/KQAACgIARpKC7gGAwAYA CentFujtC0sQ07YINagIvI66t3aLuXZsZMvs8+TstVYYkEDt2raILZDrijBtNSAK AOAtG9gCOWEB8i7rnj4Z2JZt074PimiB0bYP5q5I5NYaKWCk4QYJ/xaBpmZq9x6S prYI/wZHG3AB8raBG8gtArcBCGtw4znS7mlncJRwG7C3qAaAmJrap2ABCnowoh5u 5q5wG8Br5LYd4Sju5j4S4xkT/dbw/m4SEYBxuEYVHvDvGuge5I6JJUHxGjjvqGMk 0Lww3l4Y/L4IB1cf0+4y6B5wuk5OLjDwA/dwzm6SU8JxAo/yA28SJnke2E5y9UYV /+oOcIT+7TOPmRvo7OwmiIXZgq4xqy4vcYnOA63B6/XW8ctGCXS8iOJ+CgrCDyqv kiZR8gKPmeNu8QhfqVNxA14b8nuDG0bC8O459KgTc7rmbyhv6kt/vioHbdeAG++Q AgqKcuYmEu/wctUGCdPmAeeWckT3b0Sv5vSm7RZngWsJblbvt4rw8d0WV56BimXi lYpA66XjqpzQAeqGmxB3tS5f9UNP9a2KdRRv9FgiiCGHC1ef9DM/dFeHddOmck6H cC4ccfbC8v+WqbfccimH9h1nJMYuinwjb/y2cUzPa9km5gCPjLl27hOfdc4abh9n 7ftoPCnPyvlmAR0vbYRqCv+BAIk4j+1dOfeh9m/wHnU3YOpX9/UwIZPS3us8WKYh f4obIG9b75qiVpZ5P0+6zkohb3dPX7lAV3FeX3WRj/nTrnL/9nMHj3ARkKniNnHq IorNbgFmH+Zdb3Czwq1T4WyJrgjboXb05m1Rx28ueEuKWPFE7+p2yQBGuoiOF/Tn oHnXRnB9R3TTFhM1MCvbEXbTZuohj3Bq5/dHBxplUQOgh22VHxLzzvkKlfpkl2i/ 92/kbpJT13l19y2v4YzkxnTT9o5k5wG9hvmnrlBmLXQf35XAP3DvuHPubuqJiJk8 8BpGYu7hhu6w/20Nt/B7g3zvCHSLqAGQF3jeQnzLx32vkvYDGWD3t1CSZM/94Bd+ y8f6sR/+40d+nOYBGcgA40/+54f+lK7v7Y7+6rf+kP4Cvb6Bgc7V7vf+7wf/8Bf/ 8Sf/8jf/80f/9Ff/9Wf/9id/MEAoPMgDPkeJwbf/+8f//Nf//ef//vf//wcIAAIH Eixo8CDChAoXMmzo8CHEiBILSrnB5YuNjBo3cuzo8SPIkCJHkixp8iTKlCpXsmzp 8iXMmDJn0qxp8ybOnBkDAgA7 --mfeijepdtjlfdkmp Content-Type: image/gif; name="bonus01_1.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="bonus01_1.gif" R0lGODlhHgGOAPcAAAAAAP//AKKiAMwAAG4wDT2ZwP9mAAAA/5mZmf///8xsEC0p DO3u76yhbW9vb/K/v3JZTMelUPfuzeyfn/+MP93d3dYnJ+V/f+2eH2BGOj9BQ/+g Yf72gczMzN5nZxIODKtNBsegMX9//zB6m4RtXPzhTb29vX19APXPz/DMaf/6XdxP T0c0EIaDhMzMALCsqf+zgP+WUP/Fn//MM5I1CX5eNf9wEZS539k/P++vr+LAbh4f JbTO50lKTvX390E9OD8////gIv/cbWZmAO3k32ZmZv/wRfjNVnl6e6x8WeGHHjMz M//Zv+WqU+WYE//2vYuKiaCgn+/ce/Lfqb68688PD0g5MOGnKf3GJKRxO4eoz65p HdWOSi0gCvK4V83Y34ZjUby2pVBSWf/17914LYN1KJ+GcuKlUbq6ANrk7rO2xyUp KnRRQGt+kJp2WfivIXJCHOPjAPf++P/Pr/zw2cSob+nRlOB4F//cN3yjxv//mYOc q5ZSGU5OALW2tXBSG/4BAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAACH5BAQUAP8ALAAAAAAeAY4AAAj/ABMIHEiwoMGDCBMqXMiw ocOHECNKnEixosWLGDNq3Mixo8ePIEOKHEmypMmTKFOqXMmypcuXMGPKnEmzps2b OHPq3Mmzp8+fQIMKHUq0qNGjSJMqXcq0qdOnUKNKnUq1qtWrWLNq3coVYwUoYnYA GEu2rNmzaNOqXcu2rdu3cOPKnUu3rt27chWa0PBhiYMXFXx0HZyVgRgARYgQXpy1 w4ceFRhLttphRwvBkzNHdQxFogQmYxZ+RjqGiWnNMk0zoZNQNeuBDD4ggEhng4Hb BmzAOCjBBm4KczRKkJAyxm0ZBCVQWL5BoHLmCGUsp4C84pzp1UcOL/mcQnOGMHAH /z8Y/vZ4gWLEQJThGzfu7wTb42aSMXxKJrfhCyxvYHcC/v4ZZJt5FgFIkn0lGbiQ DO7RZxCD8w30wg6ROTSHexgakF0CEmQYmkXK5ZYSBQboJ9CAGp6I24YEkXibgxS5 aACMH4Vog0kosvgghgdBiBtBO8zm0BjyZSjiQD5SwAQMxFXU4W0UoESHdwfJ6OAG 0zVpkHsXyfhajb+ZZGVCY6B4240ElYkhmgm88AFmDZkJHHvuacmfjhP5aGJL8j00 Bm5sUsRlSHqa1CdCdBQJJUGJZhglep3tB8OkCBH524dP3rYbHTDIt0GACcgQA3M0 cjopaFguKSMFMMDI6XQxwP/w4UFLTvqlDJMyOdCry8U6659nCjRGrgEysZys+C26 KwywyqpQplFKx2pBvFLgK7XMMvcls7+1umyzsyokKqkFAXtkj0aC6qN7/sWmmECD 7hjhQDLGEKqRwsr43kAXHucif+6Nty6gXxbko4PmGvDhwGe+lqwBjz786LrU4RYg w7kVXFC/BsRgnMVIGmnDl3MoagNxdBgpsMgal6tvfgRJnBDAKxJE83EC+bHGQNAi 9PG5Ki56c5RjvCzefu+dyXGdCaRsZIkIPVxdoU0/DfW9MGMNdaaA1lz103sOxJ/J Ajlt5Hdcuxflw0ybnWHY+T59HtUHfcztiwTZPWYCDhT/MdDD9h7kaUE/R/nzvmPD ULhAP7f3Kb4JoMhq45WCnICXQUOsOKBIa9p5f5G7p+iV3VKOkJkZZj4556HnNkfJ uA0LueSbB4tQ4ot/DmpB3rEmX7i9J/C7QBoI+Z/l5brHYr2hrtqqpbc1KWNo+tqg JBMo6uafDFja8OGhB4GcaeChdv/9j5fPa2XCxOm7sPkCgW+QjDbgOij3FHgfP/qO C/R6k9gDFKXKl7/z3aZS8pFe7ASyt4PMinUDeaDtErCDDvwtV1qKWYMKIh//KMhH 5PsZfdQ2K47BLQFj4FigeOc5FNEoTSrc321eIx86UM1HK4xgDBHCrgQ8LIco3KEA /zPov31Vaofy6thARChDA7TMIDKjVZgEAoB3CcQ0T/ShewrmtuowsXWam5R8VrNF myHvit3D0KPqtqj2rBGN+VMjvNCXAC7l6IpThKOi3sgo94Qmij5Mo9oYuKYNzEpB fxNkHgtCOzHOK17iMmIS4QMAOCVrd3/zoxlx8xoZKdBqMwJk5s4DxrfNDEo+IiXq 3NOcnnEoTHsz4UBWKcmCRJFqtMza0vKIIlVaDW5GwxB9XLkQRBYEkQDYJCk1eLSB yGeN8Qoml/hjIk+KTXQb2EB7MBkyiH0sUACzQTa3mQCOBc6c6Ttg5jyITW16Dl1Z u9PxADXOd/rQaOOx5udyU/9P0FUJlAYo4m3Ip5AGshBvVGwRQsOHG/IBrDpmW6M+ BeS1gUBSPtVxYWvOVFHheU2jCjIQ5tI5oyZmdF4UxRlJ6YPRzL3QhjLyz0U/itKD GoCIm/TnQkY6P04OJJnCqqlNO1a7M30IkHfk0BxgZNA6xu5Dg4LeTcm0poJENYFg HM8dZRQctjXpqrjBKSERWkOnqlOqEqDDHCZVHanN8TZjgCr60Ho6r0lgqQTpZUMg aVU6JgCo5RQqQTCmvGvaU4WvkxFyhpdJHpn1pmryK0PP+FgJRFadextT9joVrzpd NqAIKetj3wpZM2nNe2P4GXHYpk7PmhYhiL2O15rKm0X/JmeRgEVRuHoKtrx2VFGs g2BQRcc4UO4UULs9XOpGS1qBGmmNynXsZEHryuhyyW1yRGFVE2BdyXLwaWziK2wb Ot6BEgSw8nNgMKtZ095k6GRaVJZCp7jL5XiXcLV0LpRk9LUjmY1N+kIR+erLXykq C52BVVuBaUmBWenrUQS+L8+AC9/+AtEgxswpqIDqtoZI50wxeCF3p7Pb2rRHN0ed DiaLdqbs0Ek3kSOxuKbzxBfvBkvLGUN30DYd+LBYnN3ZkI1jnGNaqVgg0qIOknwD Yxw3GMnOCxeLc+NiJt9Yxgkx8Zmc5ZweNyRbSrrddGgEVCSi5sxGASp/+IjmNgMF /6g/O6Gb54wToMaUznjuCVA3mOc+19nPgOYJYANN6JoMutCIhsmhE83olSy60ZA2 yaMjTemQTLrSmObIpTMdkSfoYbdT8QEDKvCFDqhBDR34QhoY8JFNc9ohT+CAHvQg Vqb4oAMvgELfIMDrDGSA10UgARIQoIYvbMTVr06AHexgRYJM4QhHKAEHhDAFORhk DE94QlF8oIYWFAECNcgCF85wBi94AdpH0IEXzpCELNQgA0VAgLEvgmxOjyEEW8hC HUAzkCnMYAZBCAIehDADOzDA2ih8ggrwUAKEAyUNCBADG7JQbnNDOwUYzzjGhcDx FOggAmWAtx/gJJF6Z3oK5P+OwBa2wAU7SEAKWAC4wI1gBDy8QQcVeMIUOFACmhtB D0CpQBsyQHF0X1zjSE96CoSQghD8AQIvoIjJQfKAqlv9ARipemjGUPWb2KEJs266 AsbuBCwEHA9GUIHasfCGGZSA4zRf+AyIwABW68QHCOhBFs6tgzo0wA11WLrSB69x IUTgD2IwQclbgoIBOP7xA6jCBCrS+AEoZgIDsIBFMA95y2NEAimQAgd4/u8rOOEN AU+72ldfgtavXu0218EXApMTNYihBk0QQh16sIQ1rGEHa9BAHTggheIb//jIPz7H Q5ABJNjdIVP3COargIPq46AKka/IA6ovEA8MYAUWWUH/56uAER/oQAfTLsG/aR4E LGDB6Oh+vQp8XvM3NIEHsyf5TBBghRAcQQgksAMC6Hu+J4AkIHrJl4DJR3w10AMW BH0t4X04QBBE4HhYJyxdZxAo8ADNVhAWMAAXwHUoYBBEkIEIgX0XYHUjeBESEAFe UAJ4EIMzEAJlAAcs0AU4mINdsAAs8Adl0ASqR3MlgAVXEAbF9nwywQBF8AdLp3sD SIBQ+AE/oIBUeHyyFgE/EHUNEX0dgQMgmCYWiELe53hVkAMD8QAf6Hg48CFeeAEC 4XgrgH2Z9yEokIaRN3kG8QCOt4GgxhBPYAdTEIiCWAf+hwczyAdd8AFv8QFd8Ach /+BzQ3gFEaADUiCIHFBrJ5EGPVAGHMd0GgB8vweFBPgBEEB8xjd6gjgFeiB6OqeK ozd6eqADGWA8CsGFHOF4Zigs3kd+CfCBFnABXlgFoaGHA4ADF4B9HvCGA2CGxDgA HjCGyUgE2GeMXuh5BTGGZIiHD5EC72d8KcBuV4AHIUAAilgXLBACJbBwWNB60sZz V2AHLqGJWdBxKQABwCeA+CiKv9cApqgHYdAGRYAEBdAGYcABU9ACWZAFUdCKU2AC q5gBLcAQtqgRlWcB1vd4kzd9H/KBk/eB4JcAmDeBlXd5joeHF5B9RDAB2hiGHliM wOh4HbgQR/AGeuBpeiAEav93BXBQjnjxB6I3ehw3fzPwjj6gfyZRAXonBEfgBU5I gL72A09IgDswhVKgBy8wAgWgASOwlVDwBFFAAyAAAnDAa7wGBy2gBxyQAZGSEBOZ EZwHeRbgAe/ikVb3gRcwkgaBeZqXAN63lwlAjBh4AS85AKBmgnYJESlAk2jJcyoQ Al2AF2axAPzIc63XfncQBhVQAUhYEj7QA3xAAXVQB1wQA0kAikSXBWDABhmwBFG5 AyQwemFQAAUgBgUwAj2AAB2ABAYABz+gAGAJliCQAXawilaghQjRlhjhfR95klVg RZ33eIKZeQehnALxgckoEDngeHz5eFXgiwzRhhChA2//AJQqUAJbwJOQWRYhIJQB hwF3UAcd0AGaiRJFQABkcAZiAAFcQAZZ8Hs9AAZg4AZJkARuAAYZ8Hug+APnZge1 uZVZSQMEsARbYABWwAe7CQcGQABIkAJe8I1W8IAHgZwXAZ4C4YUTqIwTcHUPMAYn eaIFQaKO54bd933ZOQATEBrid50EMQEroI3Yl4sO0QROwHGttwXpqRZlYAQBhwUY cAV18AJ+0AExGRIIAAcUoAPfRm5cYI9LAKBgYAZRYAYDWgck0Hu+lwExsAEIMJu1 OZtZwAYgwAcKwAIKYAAsIKcKYAb7SQYUsAU/sJk/xRIs+Zd7WJ1fmAAo4AEZKZ0o /0R9WBeGxHii0mijLSoQFWijBiGBMyqM4ekE0VYCfHCka1EG7YcBTWoGCBAG8mmU H9EBVkABUoAEGdAE5pYEbNClbuAGWQCmYpoEDdAAB8qaJHAEUrAHtlmbYkCJLxCW cGAFBsAHYqAAIFADZ8AF1soFXlADDnCcK1F54WKd2Ol4z4iMjfp9HoB9muetIBl5 Lomu6+qM5zqoZ+h4FpCG2ugQUtB2MwACosoWfMCkd3AHbrAHUWACXwCoHuEDYrAF KdACYlBxXmCrGWCgbGAGFturA8oGBTh8/tgAdtAAZmAH0yYFv4oA7mYGU/CrdiAE yccGfhCiK6GXBcF5HzIBcv9YBTKKqHboAaEhs9upqI+3Ah8yhpKHffc6EDZLr0Da ENiWAjFopP3KFlvgnk7gpFGgBmnAqh2BADUgBGHQA0lwBBinA0kABhCQAVawBBpw se2WBbb6exmQcZ1Ij3IrBOe3cUJgbue3tykQARkAqCJaEiZIEFrHEFzXgXxouA+w gg5BB55WfCUQAugZtWjxAVtwB0rgdh43BVPKEWlgBWSQAg7AButWblwQoACaAT/w AxBgsQNathkggA3AdITHoU1wu01AblpKAdc6buX2B2sZqJCGbWjJcUdgiCxAuW3R BQoQsBhwbhjHuSEBBQQQA1EgBnxKBnzKBWXrpSSQAST/AAFL8AMTCwZWsANuwLLF V7seZ27rdq0DKqBJEAERcLsZkAYFEbiSMQYz+X+GCHBQq7xsAQdKgLkY4H5nEAIR gLAYkQYZAKtFAAZegLujeQYBWqAAmgSruQTja74/0IS0G3rrq3R9ZwYtgABQemqn 9gJRAAUNcJv5G2l2UHb/GwRX8JgCzBYfoACm+gZvgAVOAAINsGoegQB/IAQRdwZL uW5ecLoBGqbyCwYOQJZnCwY6wKHu6wV7m8XmVgeo+gIdsGo+4HAJIAeiVgF+IAZI qL81UbgK4cYaQQdO4AT/FnChmsNtQQA+/MNYIK0v8AUH2xH6qQN6l8VHEAHBF6Dx /9sAtpqrBeprLni71Wqtutu7XICqJnBwBCEHnNzJBPEX58UUeJkQo7wRKUDHARcE yYvHbREC7jcDGAACWfACJpBqDDwRHQAHXlAHGpAEWZwEHAwBF4zBbMAGuQoGNWDM SMfFE5y7SYCbWisQZpwARSkYJrCtwqsU2+eiCLHNHkEHM2B2RiC5APABfdAHCwAX 5pzOb9EFfTC5AJAF/zYDdwACZkCwtUx7GQEFDNsCEtwEsOt7bUACXpqrbACgBRpu WaADeau77otx51YHUOAHdmdtFWACGB2l8dkBUTrG1qaEFfJXK1GCK6qBHIgQKMC4 DlGCKn0QJO1AVde5BOEDif8ZBEZQBgDQBWgQADwtAG+xAGhwAnAxBGjQB2fxB//2 BiCwBUgABSi8qhpRBFtQB0hQtj/QexysAW2A0G5QAzXgyKnJBrSqlGdwn3s7ybsM zWXMyQnQAS2MAFHgBy8w17S81taGBC+bUChRh5CXszlgh0JrqB5goj86ECaaACRK BNWYeStIoiiw2DgbQeIXtH04ED5gB1hAc8k7BAEQBycgAELdB2iABkMAACxwAp+N 2kX9AQIwBAuA2qANAAsgAGggAAvwAbAtALaN2y4gAI/5AU2AB0EMBkhwwmAs0xFR Ab7nsAi6BqurtnlQoMdczAcNAappBWCQBQ0wBRLQyXL/wABMQLYIUCHVXN7VDMYY LZ8V4MlRYDxsDBHYtwKDiXU1Oq6HSoaOSqI1qhi4WK6/6J0J0N+T+otjiIfiR+Ax uhBTkI4l8NsCEAdxgAYLsABx4AIuEAB9cAIB4AJxsOEBUNS9reEQHgAs0AcVHgAC YOIo/uAZjuIfroghMANOoAQk0AYtENcdcMsJcANA0ONAgL8J0QEAsARQAJUEqLYc nAdRwAYkYAZuQN3UDZUfUARATs1FKc3yaeXlXRB4h8Lt7Qd+4Mm5iRnv7RDE+C4p qhgoKBAyS4wW8CEneZ2HiZd9GRoVaAEpDZMJcOBwzqgliZ050NIFIQGvGAGK6M5D /6DhLrDTve3ZGv7ZcTAEFj4EcdDaAfDZGC7aO03aEc7al17hALDT6VwGeOB+TWDC tKzPCCECB9DqB0AFCoEAQy4GZup7SL4Ee8ADqUkCYF3MPcAXSCAQHu3dbE3snQwn ncwARVl3B8fWROAAFVLmDXGpxXij4bqMVcd572pF2TmBetmzjGq0eSmdY/DnAgGY vUivcrkQdDB6amfoAEDpnr3hiq7brx0AQ/Dgku4ClA7al/7gJ8DhAvDh/Q4AA0/U kQ7hj0nq85wCcJ3lCsHqrg7rCeEAHxB8oqi2GrAGRcADanC2v3a2ura62GzsJk/s DBAFUIprcQ3m7R3XnuwDDv/wgNLeEH/NnZN3ks85ANvJzY0njIW9neB35pn6fYRK mANRowLx2JCno9eGlqsH7wAQ8BVu1AHf2/Fe1J/dB7rN9Scg2kNA1Ble6bUt2kJN 1BOOBlU/FmWgfv/GdKqaBmRsEBLf6hSPEEWAGEigjz+gAWqrBTygBSAPkTzQA2ug xlpu3opv3gxA1xwN5iYw11EQ11veAnld8w6RA/FKfidpASo6godJEDFajIb9hej+ oqavnQOhqQORqGko6E0D9atHzmSBnh8Az6KKnm0/z/McBoGcEHX/6gohBh/gAGKg jxqP6zzAAzfgAC2gBsy/BLKR+Itf/VfOEFvu1HpdEhP/8IxJr53Zyal8eQH8PQAX WPp6roxYd6nvggMWMHlhWO7mv/Ql+QAXENgoJK8CoQeu93q0z8oAAUDgQIICy5SY kRDPmzsKwqRJEFHiRBEHLB6gMlGjDw0fWohZs2TNyJAaNCxpw4PHnh49tKxcs6ND Ajk1bd7EmVPnzpoJECCICEDjUKJFjU7MMWAAjgseqgzwENHCAAsXcAyoQuSB0jEa PSiNGhEF14hXq07NOnZA1wRfq3hwujQBkadVL0y1QPTJESd4VPxVEeJDQcKFDR9G TLAGHoUz7oDIEuYLg4kXLV+2PJHBjw8IioRcEtqkySVi9rQBuabHjSgaxFDmGVv2 /06fQBMIPZpb99AJT5VClTjmqlIcKBJMoMobK9vjySMK/128ed7nX397YItianTm GhmEcDIDsODE5c2br6HwDR8CcKL4MVHBh0TM9S9qXrIDSg/SS1qONqmIG/ZYQoMe 8tgjQQbk8KFBBx+EMEIJeZrvp6B2wzBDFB54oLuItCIiQ902DPGoMTj0cC4OSzSK iDPuEC+wwc6jscaBDmKMhvaQQOC9Diqgz776JuJIvx8KPMlAADVo44Y2dhAjjxu0 0GKPBSXEMssGa/KBAS+/9KEnKGzDTUQzz0QzTTWL8qGDEGCU0UY5zysDjyvYg8MB B1pA4IUfgxTysonkEGMHJP+QCE0MDX4w8D/X8uhhjSKk5MFJ2GaTrcE0Nv3Sy02/ gAiKKC5cs1RTT0W1gi/84EIJI5roYk5ZEQsBCxBoqKEIPfn0E8iIgAAW2MuCDVaj IjxqIbSWlnVUjDZCK2KPG6YUYyZMY2OA0zBz8iGNL3hwwARSUSW3XHONalONMLzA A49YZ4WXoA8ieEMJJfR0AAlR/fiTqIouysgoBwDQVaRGmRWjtGcNbHJaMYDSMuJO 5aCppmy5nC8BBoqY6bZz09TKuI9N5NBUIjroQAgVjPgDsT7QgBnmEwo6wYUFThBg RjnXuAIDDK5wI98xe814qH8tCrgoBADoAdGQmG1J0QL/Veuh4RuK6IGyiCXMdtMw vbTJ220Z+MIHIhzwtcyRM1wBuLWLQo66NX2oIIUZSojTMBYEcCGAOAQYoosTTmAB AAEC6MOFOD74YAjCAeiChSGG0LmwGt7w+Y0Q9uwzPsqKOhqjo0xg2oEfQhIDagNF QlKMabV4FoqItr0WTC5BrSkNHihjQKUETEAiY7Xf1m2qCYgnagIcwipVgoTwPmKB xIYIQAAAPkAjjjgQPzzxOLpAI4C++zghgADQqJywLOpV4oorzGghChM6+Bx0y5Im qoIdDO1BWWYNhAAYzAAFB/BHSrA7yQsSsKXZdIp2cuhdGuSgkjT4QCUUi4LsxmWU /w0RZUVGeQCLJnKiB4xQKSXkIAqHopXglGwoJMrNhkQmIiG8oQRCEAIHajC96l0P Z+FzHOIURz0XnOBv5ZsZYrrQMwzYSwkR6FO/jBI6/BGlBx+AghhOd7AeZAAMbjCD GRpgBhJUbUp5SJgYgMQgiW0qDQyI0BfKRsE03AAiCUCCHyQyPIlMxQPbqcIML+Cb pYhsDEqZwFQuoJExWAcrOYjIVgZAFD8CUmRfWd5yGvmbKkAykttZCltOGJEcgNIC ntwNHd4QIyHoQQfpo9n5ANAH8fVtCN3bHi3/hoY+HG4IiSkD+3zmBCf0qAMSPEoa qLBMKhStKC34ABIS5j8DJf8hjGb4ohmsKS0qJQwBIdpal9zIRgfJ4Vu948GmbkAZ IhTBVx4byiHBEhfqWMcDd3GOJKtgARx4CC9WWU4CLuAcE86zLmXBylKO98+rVKEr kmTKU6Iiya4kZSkAHYAIjyKE8ORQDxzgQMsOMwQXWK8P2kODCxwXh5e54ANGdAH6 hsBSJTLRZxi4wx2S0KtydeADGijgSf4DAWuSIANuSIIb3GAFaeUBUtWqmGwcqBPc qWSOEPGDAybCxwRI8nhdVQoK1PLVMTwFkgN1m0aQ41CpDOB4bWOeRLwaybAmQCmB jMha2WK8BExlBXmVS9wi8pS/IjSuR0mBExSggDOoTAX/JUDMBxYwowX0YQGTlSzj 3tUHy15vsojZAhYwpwQQlBYEO42PM03VETEUIUkmYQMbwJCBDLAhjGBACZW0gABx 7aZrXoOQxRZYKYh0KQEOUOAeiTJQudl1AA/4SnOvssi2NXcifuXQAxTZV7cOhbkT OeFY+ziAFWRXkWrRaFuAY1EWDRQHGPLBFLiwBRAoQAkzMEIZ4jUnK8xACQq4FQ1w BYF9dSC9a1paDwo4kkXRNgNWAEMS2OAGNkhqD3n4wgviUwEOV+BHHa4AESrQqTeS 00FypNgX7KgxlYjBmVyFa3BOeJW4bne7RPlNjgdwAXnOUCIxfs4JkTNJiej4Nxf4 /+5Q+JrkiGBSRGnoQAP4UFoFBEGk+z3PAmaAAT4IGA5sKEIRkMAnfr3zVAzYX2tL 0wMrOLjNYWRDfqKkhS+suQgJ+8EOxNwDRWlRdp56IARVwoOy6a5BN+BBETSoXCXv WCJDTsB0JUKEE8pThRpBZHZRJElKOhqwk3Rykd2q6Q65F8fPFahcxrtIDDHAw35A AAn4cAfRFg7L5elCrRRAAz5AQFe7IrMUUdUCACwhzEWwQptpC4EMLOFI+2uDU01Q BD8UwQShWcMHOvAZA2W7BeaUY6AheOJp2bFbYtAoH+X53gSMwY/qZXcCqgtWInea 1SjwwPFMzUjiPOfdkl61WP/yPZ3nVAEHHFIKKQPanIxmiG4d8MMLoJAEL7yBIba+ tWE+UCsMALgG+DoUr0wwGXMRYQc/xVqy25yFCpNkB0vIQxvcCSQgoSwKM/EwylBW ATm4cUI2QScyW9CCofBRkhdFS1cofdHhlJDJQ7EoXCQq77TKNTr4ZKtSUJmAqMcl KmUlLz0J3taqWIfVGSKbCUwQhTpIAac5xXjG5VUrJXQcBB/PVwtE9YIyU8xcS9OA NCGQ7Njuz/B6NgEC/ECxEEfkSzwnkohNnCVQdQvK6C66d6ky5EJKpJS/sQAKgQw3 31SB1XzVCHM5Lx30qrX0Z9fOdbryFeahYDhY+aqZ0m7/Ajsc4b8KyCkB5E6QBYSA ff+9u9A6N3L5fMwHodlDypeQgZGIJCZL8EMUFIy2h7VgT67VExL2NGYHiMH8a6RN Hae1seRqhI8xPpGPJSJDNLkwN/B/gPxBeGm5dig3WuE/M+mWDui9hlisO1ACOICl eGGBJsACe8kpAGODoeucHyEC1eqpNZA580uNHigCEhA/JGAAJHiaLwi803EtD1wC BxiJpjmSD1gDcZGNKeEBBNAqouAj1EOeo9DBHSwXBrADx8gpBLS4LZAeLPuAMpgB zGkie/E4kQsxDDwXBPgAZzG/mHi5DDgUKKgAE4CCF4gCBuiRKFC8KOC7DPrCHoG1 /59YoyxJgEphiQODJxlDNR8sCkuzw3NJrMXiQ/vCgiv4g3eZlSXIAv/agkM8RACj ATCIn/mpH+QRgyo0v0jZnzVQNiT4gjWpoMl7EI3JAw3oGBzUCCJAsjwsClI8O1NE lSYAsAATMBC4gna5gjIQRBr5ABbIgjOoFxpggS4ggF/8RVzhk5F7ROLxgR8AAA24 M5JwOQdwNUesgBcIMRHzEiLgOw67wPmpgE3kCY1ZgvYTRVXcvxQRx1NBgTBogCQg AQiAADbIAikoASxolxDIgjJYggUkvj8ogxC4AibcNTjoIgfLAAhwAFFJrTysgHvk M2aMCQ0Ql/3gEQPBGtcqgv8W6J+HuTMHAKoeUIMFoQ0fEINFKwquKsfWK8dzYQCI QwAoQIKK7D0sUIh2SQh6LIOatMkyyAJ+tLibaiIQ6DV8yZdD4RENa748JIJ7bDZs 24E1QADKgAJlhALVwBpFWR0DEb81MAmQMIEwkRCNEQOiyw2SFMe1OsmPScm1gwKW RII6aIKEcEtZnIF2wQOYtDiLs5ebciIlwJVfE0q92zths8MK+AEWgICT2B8kaD6I 64BVQZmRm58OULvI5Bf4eAE50ppOrICQ3A2x9MENmT1ViyT/WxPPZCQUeZuzjDgy hIIGaIIjcMsZCAH6gkXGsKmO+8X6qjt78UmCzLuf+An/vnPEcmQAMYCwSEFMB/GO 2TEuMBGhb0E0nEgAP+gBcDwKziSe2FMKgGK1QToyorAoiQA4RBqOrKiOHMOOtTkZ yPSD9fSDOmAXLNg1AZsyWLyCuvOZf4QDOCAAGtgC4OMDONAVfekT9lQ7A/M7cZSD FuiCDIiCC8yJ6GyaMPsC8kOU1rqUb1GJ+vGBjwhF3bDOtQG7s/gNSHILuBil1APN UdKnFbCntnoLrztNDlvML1ADtryCW4EDXysCMDhE++w4Xju2DNDP/aQBgtQXM3xM OWq8sowI6USCEoEQPHo5Z6sABNCiH9CTIuhEspGjJhWD4BGRDx2Z6OoKd1MKIlAL /xSivaGgMbEgiyH7qjYdMpGhKGPsEiKAsgjYghogAaDUkyywLwzYAgHzNaAkgSHt TQ37ES9pECYlEittSuWcD+Ahw28ygTVszAV6EBUbkDDrUAwR0495itxrKPUKPQ4J NfAaAE8SLFMdr4WquhPdQVcLgyggQ6EUSjOYsl3jg18Lv6HzPgjYQg2bDCl01Iio gJZEADPbDZuYCO0TA+rMkFA1lzpFqPe6vRyLNzdtOPUqrBvDQ62jwwA8zS9QybRM S1uNAiQorV4NvzHzzZVEVx8pxmPNnywqAmk01lPsACjQla1UE2otF06TiKdYJBoj NY0iy7ZitRMlWFmFNFPksP+IA0NbXc8XeAEzyAIQDLke4bvUtFW++5F9tVci8YOW LMibGzE4mh0GELHEQ9llNRWBJZc0/bQSCrVGmgAP2bchKyGCTTXqANd3I6EPyT+x CKFyeTi1gw+dg8wX+Imh27vH1Ln1nJ8vkMOSLQoGWLsWED9fzZcwOxTFY9Y1oVly QYum+A2lewqmwAvNg4q2eVOCArIhu6ekGzsgMytzoZucW1QvMdfU7BNiXVkZ3bkL 1Fo0cdmcW8+dY1lzAYADzUMU8A0LiK75A6XzHEXfyKR6Sisd5E7iKJE15a7jWbqs XRNGbVTH87BLhQ9izBiLcTWSTVytBQDUJR77eyHRJIr/+EuTD6rd2THcRaXd4DXe iJCJ41VeH3S1EVve5y0KDbAN6KVejVG76sXecnGAIsje542CGdG2NAEAJDBb8u3e PPSDNTjf42WAZDSBF7jHNNGAUVGT+V1fO2SAD8Dd+xVH0kmuKACA3gKe3kqAnUMC +hEViYiPiIgP4HknBmDJ3uLaCoACcVlgBkYC+i0VyFRgtSvGLvRgiZhgx5ufBOjC si2KyPycyCRgBe4YlGHgd/pK/k3cCrieA54IKBgI+tWAk7ueJRAIDRrfoADi65GI Ig7g3yk2ANCqIT6ugViCUnGA/VkCyii2juhQJPip0IiIF/ipaFLiKB4Y85UIJNCA /4j43h0AkmK7xzVGEo3Ijx3ogQT4Xq4FgHfygx0oXhrOw4ERCFCMiA+Y4yuKCA0A gA4A4KzZgTO+DfMFgB0YwSTWHyhoX/IlnSUo4SG2Ye4FYA0+kw4AAMrYAQVK4gKa CDPWmCTGogI+ZNL5gAToCDLGo2QM5G0TlyReAvJNYo0gHVc75ATQDw/8HYnYgenl 42OdtsHYASWuYB2eCZNQYnGB5kYOCkve5d8ZYyXW4CHW4c/xDzV5SvezYLVBZVBG mVCOiFwmHYf8KVk+lDMmHVsNCnHJ5dtoYWQd31CMgh24YxOWCD/4gHo9ZlUEHokY GLUrCGmG5ySeZiceYtIRF/8GAGJ+tmYCHmIkKJNpRhNU3qpxPuWB0CrSkYjAI518 MQlZxqOFviJdDo0PWGOBQGn4JRhi5t6hSJ09Hui1eYFd3un5AQAFcrVCXmiFruai hugE0OFbrug9Il8A9hU9A+co/h0rFhcvvo0ANmOJJl9Qfmr5AYDWcC2URmWRRmUA qODPuWZDRsyt/mVYNl8zy1+RzGlTzN9vhN9XBmZM7oF+huajbmhHXmqMJqCHvmZN /gBMLoJrPhMbPudRSWJhLuOFBhJjo2OXhujxDTyN4Ghtwxp77uihaF+f7pjM1hiN 6IBilty5tsPvFYgPSC4vFggeHmpYZmSHXuoKUOa+LmyV82VtJi4V1r7BgdCAR+Ro /ihgQx5lJbZn0o5sNP6A5FVsxZYI4B5plJ4In7pB1abr69WMCzYVrkU779ZuVPGp HkDh8Ubv9Eae4dwBtFHv94bvtzGBjljBXgGx+8bv/Nbv/ebv/vbv/wbwABfwASfw AjfwA0fwA9cNCi6U4XPwB4fwCJfwCadwxIjvC8fwDNfwDWfSgAAAOw== --mfeijepdtjlfdkmp Content-Type: image/gif; name="CCmc.gif" Content-ID: Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="CCmc.gif" R0lGODlhWAA5AOcAACIiJPKSM/bKlF5eXPKuYvBaBO52B/bm0O4eDO4+BO52X/Ki T/a+fPLatO5qCPKSbO5OBPKGF+6GbPr28Paume4uEvLSqO5GBO5aQPa+rPKaOe5+ DPbu3POijPra1O5qUO42BfCahOpiTPa2bu5+ZPBONO6OfPbSyOpGNPKaT+pWPPJ2 HPbGvPrm5fKqXPbGjPriyu6GPPKGhPa2pP3u7O5yYPJGMPZ2BOo+JPJ+JPKqoPKS RPbKtPJ2dPLClPnaxO4uHPjStPKudO4mDPKSjPKOH/aGbPJ+FO42HPaeoO5iWfJ6 BP7+/O5aTPbCx/JqZPaSMPBiBPbq1+56XO5yBPausPKeQfaipPbi1Paaifa2hO9S Oe1KMe4mFPKiXPXCifKGJPKKef36+fIyFP7u3PJ+ePrWz/SeUPBWTvSWiPKWN2Zm ZPOyZ+w+GPratO4yCvq+t/ry5PFuXPOqZvzy7vJCLPnKx/jWufI6HPFmWvbOo/J2 FPrm3PJuBPCGfPbWrPKONPa2tPZ+DPJiSvaCFPaiXPaCdPXCuvWmmfne2e5CNO06 IvaOhPKWfPaypPa6dvJKOPKCNPaKd/aekGJiYvbevPBeRPKCDPKejPvq5fKKRPne yO0yH/Oyd+4qCfKCGPBeUu4qFe6mZPKKJ/CCeepCGPnOzPe6uCYmJO9eBO5mTO9m BPJWRPrCnPKmVO5SBPKKHO5KBe46BvKKiPZ6BvKWSPJ6dfJuafayr/amp/a6h/re vO4iDO5CBPamXPfKpPaubPJ2bPW+jPOaRPru5PJqXO9ORPKOjPrS1O5GPPnGxO4+ NPaqrPF6FPJ6bPJSRO5KPPKeXPKWlO0yFPre5O46LPKSPPKSfPaupPa+vPa2fPJ2 LPbGnPJGPPKOLPaalPJ2Bfrm0fJ2ZPbauvJqBPKGcP728/bSqPJaRPaaNPJ+BPru 2vJqVPJ+bPKOfvrSzO5GL+5WQPrGufaqWPJyYO4+KvaqnPbClvaShPrCxPrq3PJ6 X/JyBPaePPri2Rx2FCH5BAEKAP8ALAAAAABYADkAAAj+AP8JHEiwoMGDCBMqXMiw ocOHECNKPIhqjcWLGDNq3LiGEqWOHkF6HEmyZEmOFk2q9AiA4AAmMGPKnEmzps2b OHPqlDnA5c6fQIMKrdlz4MuhSJMqjVlU4FGhYqidSiLDVjBbs644aSFmqBhiP34J 06Xr3q8fxLoibfrv6U4xdkgl64Kgrl27oYzNQqYW54Q7cwBdUreksGF1lwJ0+tH3 J1u3OM0xM0b3rmXLXdCcaiyTmK5RhA2LHq1OHZR75oA+1ikGDqTLsGHzQmNqpjlh EUbr3r1EnbdfnG2uxkmjR6jYyC+HOpaaySY1oXlLP3xGn87hNs10S879Mih/9z7+ TR8vWt2oOzmx08xXrbv7u4v4kZ9v+NMvnOplOuH0vj+vIW+AQ9986hxxz035wWRG e/25J0sfffAj4IDzHXEfUT7NRIMxDfrHy4cJUEieOhHAgKFRNJXBS4fc8SKLLAnE GCM5Ik5XmhoT0JQfC8exmFwCq5AjpJBBTlijbqWpo4WOGcJkDho+RhnikUiW9kk4 M6kXyIpRxpYABGCGGeYrVFZZ2hyNYScGK10idwGYr8QZZ5gFlFleklfy1CQylbXZ 4RBGlplkabroiSJMjPgJWwER8iMhOJBCKqGdhw0aQI4wDSfGM4peNsSnoIYKai+U 9jboEVhmmmEm/CHASzz+6FjyGgKLDGJrPe4Bgc4WIPTq66++kkqiGlaoEUF0BBah QQCl6cFUhqZwaYM5XcHxqSMwiSGHe8WIwcceEIYrrriffBFHV2KsMwqF6pwjRhC9 jfDsodjYRQ8TqckzRgl0pLYpO0ZIEoYcFSAAhDhppOHOIGkwQUcHOOAwRSMScDFE KCSYEI8CIvAAE1ibhDPKPCM8MoIVJD7yiBpsaFDECAwQUIR19/TmyrxOwfSNXZMw YYfPePSsDBOZlJCJTBnUw4JMYRwCEx1y+BMTMargcHQidJjQFTeflDbKAn2JMcIZ MK0jxhfrxGQ2E8CUpoFaw+FTFy9LpyHGOzbwQYP+PUyYUkcZeeRRBb77dEUEKHmg kAgT2fix+ClK6MAECxigi8spTOgjnmEadOILMGQwEY422YbMhBh3oAfTMDfCnaHc BnN1izlmGMIEInAwYc+++0iShRhiONNVBpZMA09qctQAUxgfNJwJKaf7sYjUNZen BgEjuJG5s2IUMszWn4BhnTmgqXOpqodmURcX5tCwBR2JmGHOd0xI0gG1xKRGDBe4 dGUOBR9gAjG2EYSYqKUFktvECiLRFWGIBhZ/AF5zTLeJTwADJmc4widMpI/BqANH 6MuZ7uoiBya8ox5HY8IpntGVhtGhGPXgmymmMQ1QDM0ciGCCGUqRQzrUIA/+SlBC E5xGgTaU4gRMGEd0hCG6WgCCGEzQQ2qEcYROwCQFGwDhHQKghktYwXWHksenGoaL RbTgdMUooTkaRoNB7IMOtytBG5BwDYfhggktUIUCTueOLWzhAyrgAxMeUIpSdAAm AtCABtgwDibsQgMvgMkXujKHI5yhK+NgwwFgcodOdMILBMBZW2DiDySEwmlhQMLi TIGHhpkhD80xxxnd4YH2wQQXYciWKgZnQFJQKwYOcIAm4BgTGBzISTA5kBissYRP /MCAMOFGJ4QgCh+I8ihi4AIvblGGZfDiCbZ4xmxsAYou5CEXSUBDHkgBDRlcgRm5 sAUQgCANJ1SBE13+uEUVThHPZJCiDJxYkSx2cAc6iIEOugCDMO7AjVqQpRCt0MUR lgCOUXAjLNG4xz2skQIvjKIS14xJOzplmV6I6aRhSgWkmpGDZkCqMAKiRaQkRQVw GMCmMzWAAUZBTCZg5xBcIikCZBGLWECgqGAyalFj0QdwOOpRApopOG5wA0lJVapL QFNInaQIoV7mQ2AFawWeSgUJPYqqaE0rVK8KjiOoLoSjjAkmvFqXWERhFXjNa14d 8FRHzTStgK0qWwszjJ76tElEw5VXAfSGxjq2sQnoa18hFVi0rnWmSziCswwlwpgg Iqgk5YUnRkva0b6CH2Wlgmr9OtWqCnaqbH3+6RJSgKmtxsQc8aDrEKIwJCE5oFGq De5T/ypZ1mL2E43MEmIV1CqvhhUBQ1hFX4Vr3Eih1alXzewjgpMgJlCgTyQdQgJ6 Qd5UDNepq70sZa+L2cIsgAOVqIRhu8sETIC2U7FIhXmr61T+Wre1WF3CMKRwAD3o IblwhYwB3XHfTkFAvf296msBHKnCWEEKYojDHeLL2bjaBBE96lQFQmCNSEnoppMF By0qS9UKH8EFHIhJHNLWYQXPRB7w6BQ8DjEBKRCAopAyQHorzOIKl8uwJ+rsTYhR jhCzKBTlSCETJmCBAAAZHKvFrnVde91mWKESwWHSoXRiBno42T0VUMCXCYLDAR9Y OchWte6Kb0ALWgjCCueobXqWmxN/ZGELZ1bOFkLgjzDL2AIuAMOVKVvnOhMCCiOA gaGFw2fW+GMGYWBHPErAhRJg4ANhmAEW9JwTMXCgAV8gwAIUmY5+zOMReggHqR1T 6aAAbwLUWsrpbj0B4E2a1mPWtbCHneR/VAQlyE62spfNbGWjYiLQjra0p03talM7 IAA7 --mfeijepdtjlfdkmp-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 11:54:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from bart.bignose.ca (nat38.70.mpoweredpc.net [142.177.38.70]) by hub.freebsd.org (Postfix) with ESMTP id 929ED37B405 for ; Mon, 4 Mar 2002 11:54:43 -0800 (PST) Received: by bart.bignose.ca (Postfix, from userid 1001) id A0DFB52F; Mon, 4 Mar 2002 15:54:49 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by bart.bignose.ca (Postfix) with ESMTP id 9F81B52E for ; Mon, 4 Mar 2002 15:54:49 -0400 (AST) Date: Mon, 4 Mar 2002 15:54:49 -0400 (AST) From: Jeff X-X-Sender: bignose@bart.bignose.ca Reply-To: jeff@tsunamicreek.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Vulnerabilities in PHP fileupload In-Reply-To: <20020228173513.E456@straylight.oblivion.bg> Message-ID: <20020304155331.U9389-100000@bart.bignose.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm trying to do this upgrade, however it keeps complaining that it cannot find freetype.8 ===> mod_php4-4.1.2 depends on shared library: freetype.8 - not found ===> Verifying install for freetype.8 in /usr/ports/print/freetype2 ===> Returning to build of mod_php4-4.1.2 Error: shared library "freetype.8" does not exist and sure enough i do a locate.updatedb;locate freetype.8 and nothing comes up. I even went into the freetype2 ports dir and tried a make deinstall;make reinstall Anyone else encounter the same problem ? jeff On Thu, 28 Feb 2002, Peter Pentchev wrote: > On Thu, Feb 28, 2002 at 03:55:49PM +0100, Oliver Rompcik wrote: > > CERT reported several vulnerabilities in all PHP Versions <= 4.1.1. > > See advisory at http://www.cert.org/advisories/CA-2002-05.html > > > > Fixed version of PHP 4.1.2 is available at http://www.php.net. > > Until fixed FreeBSD binary package is available, users should build 4.1.2 > > from source. > > ..or from the www/mod_php port, which was updated to include a fix for > this vulnerability 17 hours ago, at Wed Feb 27 22:17:22 2002 UTC. > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > When you are not looking at it, this sentence is in Spanish. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 17:31: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by hub.freebsd.org (Postfix) with ESMTP id CF84837B400 for ; Mon, 4 Mar 2002 17:30:55 -0800 (PST) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id AF0E928B57; Mon, 4 Mar 2002 20:30:54 -0500 (EST) Date: Mon, 4 Mar 2002 20:30:54 -0500 (EST) From: Peter Leftwich X-X-Sender: To: Richard Ward Cc: David , Subject: Re: http://users.uk.freebsd.org/~juha/ In-Reply-To: <000c01c1c322$df0f22a0$0101a8c0@noc2> Message-ID: <20020304202541.U91555-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What has always bugged me is the disgraceful grammar that both the so-called "hackers" and their critics employ flagrantly. Case-in-point: I would change the following, 'What always bugged me was how poor spelling these so called "hackers" display,' to 'What always bugs me is the poor spelling habits of these so-called "hackers."' ;-) -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 On Sun, 3 Mar 2002, Richard Ward wrote: > Return-Path: > Received: from mail1.registeredsite.com (mail1.registeredsite.com > [64.224.9.10]) > by russian-caravan.cloud9.net (Postfix) with ESMTP id CC88D28DD5 > for ; Sun, 3 Mar 2002 21:21:55 -0500 (EST) > Received: from mail.video2video.com (mail.video2video.com [209.35.10.22]) > by mail1.registeredsite.com (8.11.6/8.11.4) with ESMTP id > g242Ltg06325 > for ; Sun, 3 Mar 2002 21:21:55 -0500 > Received: from mx2.freebsd.org [209.35.10.22] by mail.video2video.com > (SMTPD32-6.06) id AA424B5005A; Sun, 03 Mar 2002 21:21:54 -0500 > Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18]) > by mx2.freebsd.org (Postfix) with ESMTP > id C7829559B4; Sun, 3 Mar 2002 18:19:42 -0800 (PST) > (envelope-from owner-freebsd-security@FreeBSD.ORG) > Received: by hub.freebsd.org (Postfix, from userid 538) > id A8DC537B404; Sun, 3 Mar 2002 18:19:35 -0800 (PST) > Received: from localhost (localhost [127.0.0.1]) > by hub.freebsd.org (Postfix) with SMTP > id D03702E807D; Sun, 3 Mar 2002 18:19:34 -0800 (PST) > Received: by hub.freebsd.org (bulk_mailer v1.12); Sun, > 3 Mar 2002 18:19:34 -0800 > Delivered-To: freebsd-security@freebsd.org > Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com > [216.7.67.90]) > by hub.freebsd.org (Postfix) with ESMTP id 18B0437B400 > for ; Sun, 3 Mar 2002 18:19:32 -0800 (PST) > Received: from noc2 (d2i-dialin-65.kl.terranova.net [216.89.230.65]) > by imation.homenetweb.com (8.12.2/8.12.2) with SMTP id > g242JRou023532; > Sun, 3 Mar 2002 21:19:28 -0500 (EST) > Message-ID: <000c01c1c322$df0f22a0$0101a8c0@noc2> > From: "Richard Ward" > To: "David" , > References: <006101c1c310$7b823b30$ff7e2341@mercenary> > Subject: Re: http://users.uk.freebsd.org/~juha/ > Date: Sun, 3 Mar 2002 21:17:50 -0500 > MIME-Version: 1.0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 5.00.2615.200 > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 > Sender: owner-freebsd-security@FreeBSD.ORG > List-ID: > List-Archive: (Web Archive) > List-Help: (List Instructions) > List-Subscribe: > > List-Unsubscribe: > > X-Loop: FreeBSD.org > Precedence: bulk > > David, From what I can see, it looks as if they've just guessed a possible weak > password in the 'juha' account. Most defacement "hackers" wouldn't pass up > an opportunity to deface the main domain, if they had access to it. I don't > think that users.uk.freebsd.org was compromised to give these people any > special access above a user account. That's just my opinion. However, I > would alert the users.uk.freebsd.org administration about this as soon as > possible; for it shouldn't be taken lightly. > > What always bugged me was how poor spelling these so called "hackers" display. > -- > Richard Ward, GM > Home Net Web, Inc. > http://homenetweb.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 17:51:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from core.usrlib.org (cc2-24.217.114.114.charter-stl.com [24.217.114.114]) by hub.freebsd.org (Postfix) with ESMTP id 045E237B405 for ; Mon, 4 Mar 2002 17:51:10 -0800 (PST) Received: by core.usrlib.org (Postfix, from userid 1001) id 13B19A811; Mon, 4 Mar 2002 19:51:05 -0600 (CST) Date: Mon, 4 Mar 2002 19:51:04 -0600 From: Andrew Hesford To: Peter Leftwich Cc: Richard Ward , David , freebsd-security@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ Message-ID: <20020305015104.GA40292@core.usrlib.org> Reply-To: Andrew Hesford References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020304202541.U91555-100000@earl-grey.cloud9.net> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 04, 2002 at 08:30:54PM -0500, Peter Leftwich wrote: > > What has always bugged me is the disgraceful grammar that both the > so-called "hackers" and their critics employ flagrantly. > > Case-in-point: I would change the following, 'What always bugged me was how > poor spelling these so called "hackers" display,' to 'What always bugs me > is the poor spelling habits of these so-called "hackers."' ;-) That isn't the same sentiment. 'Poor spelling habits' can refer to any number of spelling problems: consistent, improper spelling, inconsistent spelling, or the use of foreign spelling (since users.uk.freebsd.org is a British server, an example of this would be use of the American spelling 'theater' instead of 'theatre'). It is best to say, "It always bugs me that these so-called 'hackers' display such poor spelling." Move the verb, 'bug', into the present-tense (since otherwise you are no longer bugged), preserve the object (an action performed by the hackers, rather than their character traits) and keep the sentence active. Of course this matter should die now. I offer my apology for keeping the thread alive long enough to submit my own point of view, but I couldn't resist. :) -- Andrew Hesford, Washington University ajh3@cec.wustl.edu, jester@usrlib.org :- Fortune of the Moment -: Psychiatrists say that one out of four people are mentally ill. Check three friends. If they're OK, you're it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 18:19: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from pstis.com (196.216-123-202-0.interbaun.com [216.123.202.196]) by hub.freebsd.org (Postfix) with SMTP id 510AE37B41C for ; Mon, 4 Mar 2002 18:18:45 -0800 (PST) Received: (qmail 89887 invoked from network); 5 Mar 2002 01:51:35 -0000 Received: from unknown (HELO there) (216.123.202.195) by 0 with SMTP; 5 Mar 2002 01:51:35 -0000 Content-Type: text/plain; charset="iso-8859-1" From: "Dalin S. Owen" Reply-To: dowen@pstis.com Organization: Packetstorm Technologies To: freebsd-security@freebsd.org Subject: ESP + IPFW Date: Mon, 4 Mar 2002 18:15:16 -0700 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020305021845.510AE37B41C@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have IPsec running between two FreeBSD machines (over an 802.11b link), they are manually keyed (not using an IKE daemon). First question, is it more secure to use an IKE? I mean, doesn't it rotate keys, instead of just using static ones? And if I use an IKE, can those generated keys be sniffed, or are they encrypted with the last key? Now, another issue. I have the following rules on each machine with ipfw (I am only going to show the relevant ones for simplicity): #nat box (I have a seperate interface for the 802.11 AP) ipfw add 10 allow esp from any to any via dc1 #this stops anyone from using my AP ipfw add 20 deny ip from any to any via dc1 #workstation ipfw add 10 allow esp from any to any Now, everything works fine. But I would like to be able to firewall the packets *after* they are translated by IPSec (ESP) with IPFW? How would I do that? They seem to only pass into IPFW once, not twice.. Can you run IPF with IPFW to do it, and in that case which firewalling system gets matched first? Thanks! Dalin Owen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 20:36:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 12B8437B402 for ; Mon, 4 Mar 2002 20:36:06 -0800 (PST) Received: from localhost (kame197.kame.net [203.178.141.197]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g254eZQ91667; Tue, 5 Mar 2002 13:40:35 +0900 (JST) (envelope-from sakane@kame.net) To: frank@mini.chicago.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Fri, 8 Feb 2002 23:57:26 -0800 (PST)" <20020212021302.B70C89F016@okeeffe.bestweb.net> References: <20020212021302.B70C89F016@okeeffe.bestweb.net> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020305133645Z.sakane@kame.net> Date: Tue, 05 Mar 2002 13:36:45 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 26 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Since sending my first message I've found that FBSD/racoon<->FBSD/racoon > only works till the first time the keys are renegotiated. At that point > I get the message about the security association expiring but from then > on I always get the 'policy not found' error. The following is part of > the log from one side of the FBSD<->FBSD case. > 2002-02-08 23:47:31: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Aggressive mode. > 2002-02-08 23:47:33: NOTIFY: oakley.c:2036:oakley_skeyid(): couldn't find pskey, try to get one by the peer's address. it seems you didn't define the pre-shared key file properly. you should add a single line into the psk file like, "sakane@kame.net presharedkey". in this case. "sakane@kame.net" is the identifier of both of nodes as you used exactly same configuration. but it's not much problem. > 2002-02-08 23:47:33: ERROR: proposal.c:965:set_proposal_from_policy(): not supported nested SA. > 2002-02-08 23:47:33: ERROR: isakmp_quick.c:2070:get_proposal_r(): failed to create saprop. the message means the SPD entry to be used this negotiation has different ipsec tunnel end points, such like spdadd X Y any -P out ipsec esp/tunnel/A-B/use esp/tunnel/A-C/use; do you have it ? if so, racoon doesn't support this configuration. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 4 21:29:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 39B7537B41D for ; Mon, 4 Mar 2002 21:28:52 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020305052851.BVMB2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Tue, 5 Mar 2002 05:28:51 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g255Sow89420; Mon, 4 Mar 2002 21:28:50 -0800 (PST) (envelope-from cjc) Date: Mon, 4 Mar 2002 21:28:50 -0800 From: "Crist J. Clark" To: "Dalin S. Owen" Cc: freebsd-security@FreeBSD.ORG Subject: Re: ESP + IPFW Message-ID: <20020304212850.M87533@blossom.cjclark.org> References: <20020305021845.510AE37B41C@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020305021845.510AE37B41C@hub.freebsd.org>; from dowen@pstis.com on Mon, Mar 04, 2002 at 06:15:16PM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 04, 2002 at 06:15:16PM -0700, Dalin S. Owen wrote: > > I have IPsec running between two FreeBSD machines (over an 802.11b link), > they are manually keyed (not using an IKE daemon). First question, is it > more secure to use an IKE? I mean, doesn't it rotate keys, instead of just > using static ones? And if I use an IKE, can those generated keys be sniffed, > or are they encrypted with the last key? Don't worry. Keys don't go over the network in the clear. It would kind of break the whole system wouldn't it. > Now, another issue. I have the following rules on each machine with ipfw (I > am only going to show the relevant ones for simplicity): > > #nat box (I have a seperate interface for the 802.11 AP) > ipfw add 10 allow esp from any to any via dc1 > #this stops anyone from using my AP > ipfw add 20 deny ip from any to any via dc1 > > #workstation > ipfw add 10 allow esp from any to any > > Now, everything works fine. But I would like to be able to firewall the > packets *after* they are translated by IPSec (ESP) with IPFW? How would I > do that? They seem to only pass into IPFW once, not twice.. Can you run IPF > with IPFW to do it, and in that case which firewalling system gets matched > first? Yep. They go through ipfw(8) once. If you run ipf(8), they go through ipf(8) then ipfw(8)... once. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 0:50:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from esplanaden.cybercity.dk (esplanaden.cybercity.dk [212.242.40.114]) by hub.freebsd.org (Postfix) with ESMTP id 8BF3B37B400; Tue, 5 Mar 2002 00:50:15 -0800 (PST) Received: from windot.cybercity.dk ([172.16.2.163]) by esplanaden.cybercity.dk with Microsoft SMTPSVC(5.0.2195.3779); Tue, 5 Mar 2002 09:50:08 +0100 Message-Id: <5.1.0.14.2.20020305094742.058185d8@mx00.cybercity.dk> X-Sender: sch@mx00.cybercity.dk X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 05 Mar 2002 09:50:07 +0100 To: Ted Wisniewski , freebsd-questions@freebsd.org, freebsd-security@freebsd.org From: Soeren Schroeder Subject: Re: PAM & LDAP - Pointer anyone? In-Reply-To: <200202270356.g1R3u5u25254@ness.plymouth.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 05 Mar 2002 08:50:08.0663 (UTC) FILETIME=[C0DB8A70:01C1C422] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 22:56 26-02-2002 -0500, Ted Wisniewski wrote: >I was wondering... Has anyone done this successfully? > >I have FreeBSD 4.5, OpenLdap 2.0.23 & pam_ldap-137 > >I have LDAP running, and configured where I can successfully Authenticate >FTP sessions. However, when I try to authenticate any other >service - no go. > >I am specifically intersted in: > > ssh, telnet, pop3, imap > >Since I have been able to do "ftp" I must be doing something correctly. > >pam.conf entry (for telnetd): > ># "telnetd" is for SRA authenticated telnet only. Non-SRA uses 'login' >telnetd auth required pam_ldap.so try_first_pass > >I also have ftpd: > >ftpd auth sufficient pam_skey.so >ftpd auth requisite pam_cleartext_pass_ok.so >ftpd auth sufficient pam_ldap.so >try_first_pass > > >Perhaps I am missing something obvious? If someone has done this and can >point me in the right direction, it would be much appreciated. A workaround is installing ypldapd: http://www.padl.com/ldap-nis_gateway.html A nis server on top of ldap. Works like a charm ! Then all your deamons works out of the box. We tried PAM LDAP and ditched it. -- Søren Schrøder - sch@cybercity.dk - PGP-key available on request "To define recursion, we must first define recursion." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 1:44: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe040.worldonline.dk (fe040.worldonline.dk [212.54.64.205]) by hub.freebsd.org (Postfix) with SMTP id A7CA137B402 for ; Tue, 5 Mar 2002 01:44:01 -0800 (PST) Received: (qmail 29655 invoked by uid 0); 5 Mar 2002 09:43:14 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe040.worldonline.dk with SMTP; 5 Mar 2002 09:43:14 -0000 Message-ID: <002401c1c42a$29b4cd70$0301a8c0@dpws> From: "Dennis Pedersen" To: "Shoichi Sakane" Cc: References: <20020212021302.B70C89F016@okeeffe.bestweb.net> <20020305133645Z.sakane@kame.net> Subject: Re: Racoon/sainfo - 'no policy found' Date: Tue, 5 Mar 2002 10:43:10 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: "Shoichi Sakane" Sent: Tuesday, March 05, 2002 5:36 AM Subject: Re: Racoon/sainfo - 'no policy found' > the message means the SPD entry to be used this negotiation has > different ipsec tunnel end points, such like > > spdadd X Y any -P out ipsec > esp/tunnel/A-B/use > esp/tunnel/A-C/use; Uhm, i've read and kind of docs about the last parameter on the spdadd (use/unique/etc/) but is it explained anywhere when i use what and why? If i wanna set up a box as a concentrator what parm do i use then? Regards, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 1:44:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe040.worldonline.dk (fe040.worldonline.dk [212.54.64.205]) by hub.freebsd.org (Postfix) with SMTP id 67EC037B41A for ; Tue, 5 Mar 2002 01:44:08 -0800 (PST) Received: (qmail 29652 invoked by uid 0); 5 Mar 2002 09:43:13 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe040.worldonline.dk with SMTP; 5 Mar 2002 09:43:13 -0000 Message-ID: <002301c1c42a$298a13f0$0301a8c0@dpws> From: "Dennis Pedersen" To: "Crist J. Clark" Cc: References: <20020305021845.510AE37B41C@hub.freebsd.org> <20020304212850.M87533@blossom.cjclark.org> Subject: Re: ESP + IPFW Date: Tue, 5 Mar 2002 10:40:12 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Crist J. Clark" Sent: Tuesday, March 05, 2002 6:28 AM Subject: Re: ESP + IPFW > > Now, everything works fine. But I would like to be able to firewall the > > packets *after* they are translated by IPSec (ESP) with IPFW? How would I > > do that? They seem to only pass into IPFW once, not twice.. Can you run IPF > > with IPFW to do it, and in that case which firewalling system gets matched > > first? > > Yep. They go through ipfw(8) once. If you run ipf(8), they go through > ipf(8) then ipfw(8)... once. I'm currently running natd,racoon (with gif) and ipfw on the same box. I can't seem to figure what process to packets go throug right before ipfw (as in : i don't now what ip number i have to allow the packets from - is it the peer gif ip, peer wan ip , peer lan , gif?) Anyone got a hint? Regards, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 2: 4:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 6D67937B402 for ; Tue, 5 Mar 2002 02:04:47 -0800 (PST) Received: from localhost (kame197.kame.net [203.178.141.197]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g25A9LQ96002; Tue, 5 Mar 2002 19:09:21 +0900 (JST) (envelope-from sakane@kame.net) To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Tue, 5 Mar 2002 10:43:10 +0100" <002401c1c42a$29b4cd70$0301a8c0@dpws> References: <002401c1c42a$29b4cd70$0301a8c0@dpws> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020305190525E.sakane@kame.net> Date: Tue, 05 Mar 2002 19:05:25 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 17 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > the message means the SPD entry to be used this negotiation has > > different ipsec tunnel end points, such like > > spdadd X Y any -P out ipsec > > esp/tunnel/A-B/use > > esp/tunnel/A-C/use; > Uhm, i've read and kind of docs about the last parameter on the spdadd > (use/unique/etc/) but is it explained anywhere when i use what and why? > If i wanna set up a box as a concentrator what parm do i use then? although i haven't understood what you mean, the kernel can understand the SP entry which is defined different ipsec tunnel end points. when you configure propoer SAs by using setkey(8) against such SP entry, you will get a nested IPsec tunnel. but racoon just doesn't support it as i said. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 2:59:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe000.worldonline.dk (fe000.worldonline.dk [212.54.64.194]) by hub.freebsd.org (Postfix) with SMTP id C153037B405 for ; Tue, 5 Mar 2002 02:59:32 -0800 (PST) Received: (qmail 30508 invoked by uid 0); 5 Mar 2002 10:46:28 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe000.worldonline.dk with SMTP; 5 Mar 2002 10:46:28 -0000 Message-ID: <005701c1c432$ff531b50$0301a8c0@dpws> From: "Dennis Pedersen" To: "Shoichi Sakane" Cc: References: <002401c1c42a$29b4cd70$0301a8c0@dpws> <20020305190525E.sakane@kame.net> Subject: Re: Racoon/sainfo - 'no policy found' Date: Tue, 5 Mar 2002 11:46:24 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Shoichi Sakane" To: Cc: Sent: Tuesday, March 05, 2002 11:05 AM Subject: Re: Racoon/sainfo - 'no policy found' > > > the message means the SPD entry to be used this negotiation has > > > different ipsec tunnel end points, such like > > > > spdadd X Y any -P out ipsec > > > esp/tunnel/A-B/use > > > esp/tunnel/A-C/use; > > > Uhm, i've read and kind of docs about the last parameter on the spdadd > > (use/unique/etc/) but is it explained anywhere when i use what and why? > > > If i wanna set up a box as a concentrator what parm do i use then? > > although i haven't understood what you mean, the kernel can understand > the SP entry which is defined different ipsec tunnel end points. Okai i'll try drawing it then: VPN Office 1--------- \ \ === Main office VPN / Offic 2----------/ Then my question is do i have to set any special parm. in order for the box at the main office to accept both tunnels? (I've seen several conf examples where the last part variates from require/use/unique and so on. But the function of those cmd's i could'nt find anything about?) Regards, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 3:16: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 5B2B537B402 for ; Tue, 5 Mar 2002 03:15:59 -0800 (PST) Received: (qmail 25609 invoked by uid 1031); 5 Mar 2002 11:04:53 -0000 Date: Tue, 5 Mar 2002 11:03:06 +0000 From: Bruce M Simpson To: Soeren Schroeder Subject: Re: PAM & LDAP - Pointer anyone? Message-ID: <20020305110306.A494@spc.org> References: <200202270356.g1R3u5u25254@ness.plymouth.edu> <5.1.0.14.2.20020305094742.058185d8@mx00.cybercity.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.1.0.14.2.20020305094742.058185d8@mx00.cybercity.dk>; from sch@cybercity.dk on Tue, Mar 05, 2002 at 09:50:07AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 05, 2002 at 09:50:07AM +0100, Soeren Schroeder wrote: > > >Perhaps I am missing something obvious? If someone has done this and can > >point me in the right direction, it would be much appreciated. > > A workaround is installing ypldapd: > http://www.padl.com/ldap-nis_gateway.html > A nis server on top of ldap. Works like a charm ! > Then all your deamons works out of the box. We tried PAM LDAP and ditched it. If you are worried about security, I would not recommend running NIS. The combination of the FreeBSD integrated NIS client, together with pam_ldap.so running over LDAP/SSL, may be a more acceptable solution in terms of security. This way, the function which would normally be served by nss_ldap is served instead by the FreeBSD ypbind and ypldapd. pam.conf and the LDAP backend ACLs can be tightened so as to ensure password authentication only ever happens over an SSL session. Client side certificates can be used if one wishes to verify the identity of machines binding to a DN with privileges to do password authentication, or SASL can be used with users binding to their own DN in order to authenticate to each system. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 3:24:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 06D0737B402 for ; Tue, 5 Mar 2002 03:24:18 -0800 (PST) Received: from localhost (kame197.kame.net [203.178.141.197]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g25BSrQ96503; Tue, 5 Mar 2002 20:28:53 +0900 (JST) (envelope-from sakane@kame.net) To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Tue, 5 Mar 2002 11:46:24 +0100" <005701c1c432$ff531b50$0301a8c0@dpws> References: <005701c1c432$ff531b50$0301a8c0@dpws> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020305202455H.sakane@kame.net> Date: Tue, 05 Mar 2002 20:24:55 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 35 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Okai i'll try drawing it then: > VPN > Office 1--------- > \ > \ > === Main office > VPN / > Offic 2----------/ > > > Then my question is do i have to set any special parm. in order for the box > at the main office to accept both tunnels? (I've seen several conf examples > where the last part variates from require/use/unique and so on. But the > function of those cmd's i could'nt find anything about?) suppose that the security gateway for the office 1 is named SG1 and it's outernal ipv4 address is sg1. similarly, one for office 2 is named SG2 and sg2, one for main office is named SGM, and sgm. the network address of office 1 is net1, similarly net2 and netm. then the security policy configuration on each security gateway is the following, on SG1: spdadd net1 netm any -P out esp/tunnel/sg1-sgm/require; spdadd netm net1 any -P in esp/tunnel/sgm-sg1/require; on SG2: spdadd net2 netm any -P out esp/tunnel/sg2-sgm/require; spdadd netm net2 any -P in esp/tunnel/sgm-sg2/require; on SGM: spdadd netm net1 any -P out esp/tunnel/sgm-sg1/require; spdadd net1 netm any -P in esp/tunnel/sg1-sgm/require; spdadd netm net2 any -P out esp/tunnel/sgm-sg2/require; spdadd net2 netm any -P in esp/tunnel/sg2-sgm/require; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 3:46:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from post-20.mail.nl.demon.net (post-20.mail.nl.demon.net [194.159.73.1]) by hub.freebsd.org (Postfix) with ESMTP id 94A9237B400 for ; Tue, 5 Mar 2002 03:46:34 -0800 (PST) Received: from [212.238.194.207] (helo=mailhost.raggedclown.net) by post-20.mail.nl.demon.net with esmtp (Exim 3.35 #2) id 16iDOo-000DMT-00 for freebsd-security@FreeBSD.ORG; Tue, 05 Mar 2002 11:46:30 +0000 Received: from angel.raggedclown.net (angel.raggedclown.intra [192.168.1.7]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [buffy]) with ESMTP id 26AA313040 for ; Tue, 5 Mar 2002 12:46:29 +0100 (CET) Received: by angel.raggedclown.net (Ragged Clown Host [angel], from userid 1005) id 4ADDB22593; Tue, 5 Mar 2002 12:46:25 +0100 (CET) Date: Tue, 5 Mar 2002 12:46:25 +0100 From: Cliff Sarginson To: freebsd-security@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ Message-ID: <20020305114625.GA11426@raggedclown.net> References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020305015104.GA40292@core.usrlib.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Mar 04, 2002 at 07:51:04PM -0600, Andrew Hesford wrote: > On Mon, Mar 04, 2002 at 08:30:54PM -0500, Peter Leftwich wrote: > > > > What has always bugged me is the disgraceful grammar that both the > > so-called "hackers" and their critics employ flagrantly. > > > > Case-in-point: I would change the following, 'What always bugged me was how > > poor spelling these so called "hackers" display,' to 'What always bugs me > > is the poor spelling habits of these so-called "hackers."' ;-) > > That isn't the same sentiment. 'Poor spelling habits' can refer to any > number of spelling problems: consistent, improper spelling, inconsistent > spelling, or the use of foreign spelling (since users.uk.freebsd.org is > a British server, an example of this would be use of the American > spelling 'theater' instead of 'theatre'). > > It is best to say, "It always bugs me that these so-called 'hackers' > display such poor spelling." Move the verb, 'bug', into the > present-tense (since otherwise you are no longer bugged), preserve the > object (an action performed by the hackers, rather than their character > traits) and keep the sentence active. > > Of course this matter should die now. I offer my apology for keeping the > thread alive long enough to submit my own point of view, but I couldn't > resist. :) What always bugs me is people who should know better referring to "crackers", as "hackers" :) -- Regards Cliff Sarginson -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 3:51:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe000.worldonline.dk (fe000.worldonline.dk [212.54.64.194]) by hub.freebsd.org (Postfix) with SMTP id AF99A37B400 for ; Tue, 5 Mar 2002 03:51:24 -0800 (PST) Received: (qmail 25937 invoked by uid 0); 5 Mar 2002 11:51:12 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe000.worldonline.dk with SMTP; 5 Mar 2002 11:51:12 -0000 Message-ID: <008801c1c43c$0a09a290$0301a8c0@dpws> From: "Dennis Pedersen" To: "Shoichi Sakane" Cc: References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> Subject: Re: Racoon/sainfo - 'no policy found' Date: Tue, 5 Mar 2002 12:51:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Shoichi Sakane" To: Cc: Sent: Tuesday, March 05, 2002 12:24 PM Subject: Re: Racoon/sainfo - 'no policy found' > > Okai i'll try drawing it then: > > VPN > > Office 1--------- > > \ > > \ > > === Main office > > VPN / > > Offic 2----------/ [snip fine conf example] Okai that made it very clear for me then , thanx :) But have many tunnels can the main office hold? , is there some rule of thumb? What about the hardware (cpu/ram/io/etc) is there some rule of thumb here to? Regards, Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 4:17:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id F29EA37B400 for ; Tue, 5 Mar 2002 04:17:15 -0800 (PST) Received: (qmail 4882 invoked by uid 1031); 5 Mar 2002 12:06:10 -0000 Date: Tue, 5 Mar 2002 12:06:10 +0000 From: Bruce M Simpson To: Rasputin Cc: freebsd-security@freebsd.org Subject: Re: SSH Message-ID: <20020305120610.B494@spc.org> Mail-Followup-To: Bruce M Simpson , Rasputin , freebsd-security@freebsd.org References: <20020212021144.AB98D9EE47@okeeffe.bestweb.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020212021144.AB98D9EE47@okeeffe.bestweb.net>; from rasputin@submonkey.net on Tue, Feb 05, 2002 at 02:26:58PM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Feb 05, 2002 at 02:26:58PM +0000, Rasputin wrote: > * Michael Vince [020205 08:05]: > > I just wanted to know how dangerous are ssh keys with no password phrases? > You need to keep them safe, since any old monkey can use them to get into > boxes as you ( although you can restirct that slightly - see the AUTHORIZED_KEYS > part in sshd(8) ) Generally I keep my SSH keys and personal X.509 certs on a floppy which is carried on my person at all times, although I am shortly going to be converting to either Memory Stick or CompactFlash now that readers (and media) are so easily available. Passwords are important - always keep physical control over your keys. Keeping them encrypted with IDEA is an important time buying measure if you do lose them, unless the password is also compromised (careless!), in which case you lose all security. I find it helpful to use multiple SSH keys for different domains of trust- i.e. never mix business with pleasure. BMS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 5:23:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id 38B3F37B400 for ; Tue, 5 Mar 2002 05:23:46 -0800 (PST) Received: by tao.org.uk (Postfix, from userid 100) id 5DB804A7; Tue, 5 Mar 2002 13:23:07 +0000 (GMT) Date: Tue, 5 Mar 2002 13:23:07 +0000 From: Josef Karthauser To: Cliff Sarginson Cc: freebsd-security@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ Message-ID: <20020305132307.GB15040@genius.tao.org.uk> Mail-Followup-To: Josef Karthauser , Cliff Sarginson , freebsd-security@FreeBSD.ORG References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> <20020305114625.GA11426@raggedclown.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yEPQxsgoJgBvi8ip" Content-Disposition: inline In-Reply-To: <20020305114625.GA11426@raggedclown.net> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --yEPQxsgoJgBvi8ip Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 05, 2002 at 12:46:25PM +0100, Cliff Sarginson wrote: >=20 > What always bugs me is people who should know better referring to "cracke= rs", > as "hackers" :) >=20 I've only just noticed this thread. That machine was broken into in the days of the bad telnetd. It's secure now, but there are still a number of index.html files in users public_html directories that contain the "we cracked this" message. I'm going through now with a fine tooth comb and will remove them all. Joe --yEPQxsgoJgBvi8ip Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyExroACgkQXVIcjOaxUBbOKwCfajHRWpdhOiQjOrHZbli41ERq FzQAoMKfp6YCbksT+Xn2rPR5RyLI4qHq =KneB -----END PGP SIGNATURE----- --yEPQxsgoJgBvi8ip-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 5:47:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 098D237B400; Tue, 5 Mar 2002 05:47:31 -0800 (PST) Received: by energyhq.homeip.net (Postfix, from userid 1001) id AF63A3FC51; Tue, 5 Mar 2002 14:47:26 +0100 (CET) Date: Tue, 5 Mar 2002 14:47:26 +0100 From: Miguel Mendez To: Cliff Sarginson Cc: freebsd-security@FreeBSD.ORG, chat@freebsd.org Subject: Re: http://users.uk.freebsd.org/~juha/ Message-ID: <20020305144726.B89475@energyhq.homeip.net> Mail-Followup-To: Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@freebsd.org References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> <20020305114625.GA11426@raggedclown.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="1LKvkjL3sHcu1TtY" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020305114625.GA11426@raggedclown.net>; from csfbsd@raggedclown.net on Tue, Mar 05, 2002 at 12:46:25PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --1LKvkjL3sHcu1TtY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 05, 2002 at 12:46:25PM +0100, Cliff Sarginson wrote: Moving this to chat: > What always bugs me is people who should know better referring to "cracke= rs", > as "hackers" :) Troll, but I'll bite :-) Cracker: salted cookie. Hacker: what you meant as hacker. Cracker is nothing, just a stupid term made up by journalists and clueless people like Suckomu Shimomura. ;-P And yes, I'll shut up now. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --1LKvkjL3sHcu1TtY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8hMxtnLctrNyFFPERAvYbAJ47nDZjoVtiT4OVva3hiEvZIkglnwCfUtvB /8BiVBmvApB+oNVO4ap8lKw= =HNPO -----END PGP SIGNATURE----- --1LKvkjL3sHcu1TtY-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 5:48:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 4C7D237B402 for ; Tue, 5 Mar 2002 05:48:24 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g25DmNK25029; Tue, 5 Mar 2002 07:48:23 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id HAA14446; Tue, 5 Mar 2002 07:48:23 -0600 (CST) Message-ID: <3C84CC9A.E506D746@centtech.com> Date: Tue, 05 Mar 2002 07:48:10 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Cliff Sarginson Cc: freebsd-security@freebsd.org Subject: Re: http://users.uk.freebsd.org/~juha/ References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> <20020305114625.GA11426@raggedclown.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cliff Sarginson wrote: > What always bugs me is people who should know better referring to "crackers", > as "hackers" :) > So are you saying that crackers are the password breaking, system comprimising people? Or hackers? Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 6: 3:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id B418437B402 for ; Tue, 5 Mar 2002 06:03:14 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g25E3DK25370; Tue, 5 Mar 2002 08:03:13 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id IAA14784; Tue, 5 Mar 2002 08:03:13 -0600 (CST) Message-ID: <3C84D014.D8DFE65C@centtech.com> Date: Tue, 05 Mar 2002 08:03:00 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Dennis Pedersen Cc: Shoichi Sakane , freebsd-security@freebsd.org Subject: Re: Racoon/sainfo - 'no policy found' References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have about 60 vpn's connected to one host right now, all using cable modems, ADSL, or SDSL connections. All work well, and are fast. It barely uses any ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the "server" (or at the main office), which is overkill for its needs. Eric Dennis Pedersen wrote: > > ----- Original Message ----- > From: "Shoichi Sakane" > To: > Cc: > Sent: Tuesday, March 05, 2002 12:24 PM > Subject: Re: Racoon/sainfo - 'no policy found' > > > > Okai i'll try drawing it then: > > > VPN > > > Office 1--------- > > > \ > > > \ > > > === Main office > > > VPN / > > > Offic 2----------/ > > [snip fine conf example] > > Okai that made it very clear for me then , thanx :) > But have many tunnels can the main office hold? , is there some rule of > thumb? > What about the hardware (cpu/ram/io/etc) is there some rule of thumb here > to? > > Regards, > Dennis > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 6:16:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe030.worldonline.dk (fe030.worldonline.dk [212.54.64.197]) by hub.freebsd.org (Postfix) with SMTP id D508937B405 for ; Tue, 5 Mar 2002 06:16:20 -0800 (PST) Received: (qmail 13016 invoked by uid 0); 5 Mar 2002 14:16:15 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe030.worldonline.dk with SMTP; 5 Mar 2002 14:16:15 -0000 Message-ID: <00cd01c1c450$4d627350$0301a8c0@dpws> From: "Dennis Pedersen" To: Cc: References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> Subject: Re: Racoon/sainfo - 'no policy found' Date: Tue, 5 Mar 2002 15:16:11 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Eric Anderson" Sent: Tuesday, March 05, 2002 3:03 PM Subject: Re: Racoon/sainfo - 'no policy found' > I have about 60 vpn's connected to one host right now, all using cable modems, > ADSL, or SDSL connections. All work well, and are fast. It barely uses any > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the "server" (or > at the main office), which is overkill for its needs. Okai sweet.. What about CPU load in peek? Are all 60 vpns connected at the same time? What speed do you have at the office? I'm looking for some guidelines about how big my box at the Main should be :) /Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 6:34:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 14BC537B425 for ; Tue, 5 Mar 2002 06:34:18 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g25EYHK25996; Tue, 5 Mar 2002 08:34:18 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id IAA15421; Tue, 5 Mar 2002 08:34:17 -0600 (CST) Message-ID: <3C84D75B.C9E415FF@centtech.com> Date: Tue, 05 Mar 2002 08:34:03 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Dennis Pedersen Cc: freebsd-security@freebsd.org Subject: Re: Racoon/sainfo - 'no policy found' References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> <00cd01c1c450$4d627350$0301a8c0@dpws> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org We have a T1, and when the T1 is full with people using the vpn's (which barely ever happens), the load is only slightly noticeable on the work server. All vpn's are always connected. bsdsar shows the machine about 95% idle throughout the day. Eric Dennis Pedersen wrote: > > ----- Original Message ----- > From: "Eric Anderson" > Sent: Tuesday, March 05, 2002 3:03 PM > Subject: Re: Racoon/sainfo - 'no policy found' > > > I have about 60 vpn's connected to one host right now, all using cable > modems, > > ADSL, or SDSL connections. All work well, and are fast. It barely uses > any > > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the > "server" (or > > at the main office), which is overkill for its needs. > > Okai sweet.. > What about CPU load in peek? > Are all 60 vpns connected at the same time? > What speed do you have at the office? > > I'm looking for some guidelines about how big my box at the Main should be > :) > > /Dennis > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 7:10:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id C565837B402 for ; Tue, 5 Mar 2002 07:10:34 -0800 (PST) Received: from localhost (cj3209864-a.ntkyo1.kn.home.ne.jp [61.25.26.212]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g25FFDQ97392; Wed, 6 Mar 2002 00:15:13 +0900 (JST) (envelope-from sakane@kame.net) To: mlists@daydreamer.dk Cc: freebsd-security@FreeBSD.ORG Subject: Re: Racoon/sainfo - 'no policy found' In-Reply-To: Your message of "Tue, 5 Mar 2002 12:51:08 +0100" <008801c1c43c$0a09a290$0301a8c0@dpws> References: <008801c1c43c$0a09a290$0301a8c0@dpws> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020306001115P.sakane@kame.net> Date: Wed, 06 Mar 2002 00:11:15 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 6 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > But have many tunnels can the main office hold? , is there some rule of > thumb? > What about the hardware (cpu/ram/io/etc) is there some rule of thumb here > to? please try and report it. it can definitely help us. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 7:36:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe030.worldonline.dk (fe030.worldonline.dk [212.54.64.197]) by hub.freebsd.org (Postfix) with SMTP id 0DABE37B405 for ; Tue, 5 Mar 2002 07:36:11 -0800 (PST) Received: (qmail 9903 invoked by uid 0); 5 Mar 2002 15:36:10 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe030.worldonline.dk with SMTP; 5 Mar 2002 15:36:10 -0000 Message-ID: <011b01c1c45b$7721dae0$0301a8c0@dpws> From: "Dennis Pedersen" To: Cc: References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> <00cd01c1c450$4d627350$0301a8c0@dpws> <3C84D75B.C9E415FF@centtech.com> Subject: Re: Racoon/sainfo - 'no policy found' Date: Tue, 5 Mar 2002 16:36:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Okai that was'nt so bad. are you using racoon or what other deamon or you using? Regards, Dennis ----- Original Message ----- From: "Eric Anderson" To: "Dennis Pedersen" Cc: Sent: Tuesday, March 05, 2002 3:34 PM Subject: Re: Racoon/sainfo - 'no policy found' > We have a T1, and when the T1 is full with people using the vpn's (which barely > ever happens), the load is only slightly noticeable on the work server. All > vpn's are always connected. bsdsar shows the machine about 95% idle throughout > the day. > > Eric > > > Dennis Pedersen wrote: > > > > ----- Original Message ----- > > From: "Eric Anderson" > > Sent: Tuesday, March 05, 2002 3:03 PM > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > I have about 60 vpn's connected to one host right now, all using cable > > modems, > > > ADSL, or SDSL connections. All work well, and are fast. It barely uses > > any > > > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the > > "server" (or > > > at the main office), which is overkill for its needs. > > > > Okai sweet.. > > What about CPU load in peek? > > Are all 60 vpns connected at the same time? > > What speed do you have at the office? > > > > I'm looking for some guidelines about how big my box at the Main should be > > :) > > > > /Dennis > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > ------------------------------------------------------------------ > Eric Anderson Systems Administrator Centaur Technology > If at first you don't succeed, sky diving is probably not for you. > ------------------------------------------------------------------ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 7:45:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id CC85237B416 for ; Tue, 5 Mar 2002 07:45:09 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g25Fj9K27736; Tue, 5 Mar 2002 09:45:09 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id JAA17219; Tue, 5 Mar 2002 09:45:08 -0600 (CST) Message-ID: <3C84E7F6.44D54DD9@centtech.com> Date: Tue, 05 Mar 2002 09:44:54 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Dennis Pedersen Cc: freebsd-security@freebsd.org Subject: Re: Racoon/sainfo - 'no policy found' References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> <00cd01c1c450$4d627350$0301a8c0@dpws> <3C84D75B.C9E415FF@centtech.com> <011b01c1c45b$7721dae0$0301a8c0@dpws> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I am using Racoon.. with ipnat and ipfilter. Eric Dennis Pedersen wrote: > > Okai that was'nt so bad. > are you using racoon or what other deamon or you using? > > Regards, > Dennis > ----- Original Message ----- > From: "Eric Anderson" > To: "Dennis Pedersen" > Cc: > Sent: Tuesday, March 05, 2002 3:34 PM > Subject: Re: Racoon/sainfo - 'no policy found' > > > We have a T1, and when the T1 is full with people using the vpn's (which > barely > > ever happens), the load is only slightly noticeable on the work server. > All > > vpn's are always connected. bsdsar shows the machine about 95% idle > throughout > > the day. > > > > Eric > > > > > > Dennis Pedersen wrote: > > > > > > ----- Original Message ----- > > > From: "Eric Anderson" > > > Sent: Tuesday, March 05, 2002 3:03 PM > > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > > > I have about 60 vpn's connected to one host right now, all using cable > > > modems, > > > > ADSL, or SDSL connections. All work well, and are fast. It barely > uses > > > any > > > > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the > > > "server" (or > > > > at the main office), which is overkill for its needs. > > > > > > Okai sweet.. > > > What about CPU load in peek? > > > Are all 60 vpns connected at the same time? > > > What speed do you have at the office? > > > > > > I'm looking for some guidelines about how big my box at the Main should > be > > > :) > > > > > > /Dennis > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > ------------------------------------------------------------------ > > Eric Anderson Systems Administrator Centaur Technology > > If at first you don't succeed, sky diving is probably not for you. > > ------------------------------------------------------------------ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 5 9:12: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id ECA8237B402; Tue, 5 Mar 2002 09:11:52 -0800 (PST) Received: from pool0452.cvx40-bradley.dialup.earthlink.net ([216.244.43.197] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16iITb-0002c6-00; Tue, 05 Mar 2002 09:11:47 -0800 Message-ID: <3C84FC43.607F91E6@mindspring.com> Date: Tue, 05 Mar 2002 09:11:31 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Miguel Mendez Cc: Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@freebsd.org Subject: Re: http://users.uk.freebsd.org/~juha/ References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> <20020305114625.GA11426@raggedclown.net> <20020305144726.B89475@energyhq.homeip.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Miguel Mendez wrote: > On Tue, Mar 05, 2002 at 12:46:25PM +0100, Cliff Sarginson wrote: > > What always bugs me is people who should know better referring to "crackers", > > as "hackers" :) > > Troll, but I'll bite :-) > > Cracker: salted cookie. > Hacker: what you meant as hacker. > > Cracker is nothing, just a stupid term made up by journalists and > clueless people like Suckomu Shimomura. ;-P Well, "troll" back at you... A hacker looks, but does not touch; hacking is a result of a curious nature. A cracker touches; cracking is a result of poor potty training. A hacker learns in order to learn. A cracker learns in order to exploit. Any true hacker has a Bushido-style sense of honor. A hacker is a Samurai. Crackers generally have no honor. A cracker is Ronin. Ken Thompson is a hacker. Dennis Ritchie is a hacker. Kirk McKusick is a hacker. The term "cracker" was not chosen lightly; it was chosen by hackers, not by journalists. "Cracking" intentionally implies breakage, damage, or exploitation of some kind. In fact, it is journalists who use the terms as if they were the same thing, which pisses hackers off immensely, and delights crackers no end, in the same way that a person who habitually wore black in order to impersonate a tortured young artist would be delighted to be mistaken for one. The "freebsd-hackers" mailing list was named correctly, even if some idiots don't get the point and post asking for "W4R3Z" occasionally. We usually point them to the top "W4R3Z" site on the net, one so secret it has no DNS name: 127.0.0.1. And no, we aren't going to change the FreeBSD mascot to something other than the BSD Daemon, thanks. And yes, we have all your personal information on file, we just aren't going to do anything with it. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 0:16:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe170.worldonline.dk (fe170.worldonline.dk [212.54.64.199]) by hub.freebsd.org (Postfix) with SMTP id D50A337B402 for ; Wed, 6 Mar 2002 00:16:40 -0800 (PST) Received: (qmail 7285 invoked by uid 0); 6 Mar 2002 08:16:38 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe170.worldonline.dk with SMTP; 6 Mar 2002 08:16:38 -0000 Message-ID: <001801c1c4e7$39156f00$0301a8c0@dpws> From: "Dennis Pedersen" To: "Shao Hui" Cc: References: <005701c1c432$ff531b50$0301a8c0@dpws> <20020305202455H.sakane@kame.net> <008801c1c43c$0a09a290$0301a8c0@dpws> <3C84D014.D8DFE65C@centtech.com> <00cd01c1c450$4d627350$0301a8c0@dpws> <3C84D75B.C9E415FF@centtech.com> <011b01c1c45b$7721dae0$0301a8c0@dpws> <3C84E7F6.44D54DD9@centtech.com> <00f501c1c4bc$6efc5190$ce00a8c0@fs> Subject: Re: Racoon/sainfo - 'no policy found' Date: Wed, 6 Mar 2002 09:16:27 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dynamic IP is a real b*** On the net list the was posted a link. It can solve the problem with dynaminc IP but it is'nt pretty ;) /Dennis ----- Original Message ----- From: "Shao Hui" To: ; "Dennis Pedersen" Cc: Sent: Wednesday, March 06, 2002 4:10 AM Subject: Re: Racoon/sainfo - 'no policy found' > can you tell me how you configure your vpn? I am working on such a vpn too. > the SGM has public ip, and the SG1 and SG2 have only dynamic ip. both SG1 > and SG2 can connect to SGM, but how to make SG1 connect SG2? > > thanks! > > ----- Original Message ----- > From: "Eric Anderson" > To: "Dennis Pedersen" > Cc: > Sent: Tuesday, March 05, 2002 11:44 PM > Subject: Re: Racoon/sainfo - 'no policy found' > > > > Yes, I am using Racoon.. with ipnat and ipfilter. > > > > Eric > > > > > > Dennis Pedersen wrote: > > > > > > Okai that was'nt so bad. > > > are you using racoon or what other deamon or you using? > > > > > > Regards, > > > Dennis > > > ----- Original Message ----- > > > From: "Eric Anderson" > > > To: "Dennis Pedersen" > > > Cc: > > > Sent: Tuesday, March 05, 2002 3:34 PM > > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > > > We have a T1, and when the T1 is full with people using the vpn's (which > > > barely > > > > ever happens), the load is only slightly noticeable on the work server. > > > All > > > > vpn's are always connected. bsdsar shows the machine about 95% idle > > > throughout > > > > the day. > > > > > > > > Eric > > > > > > > > > > > > Dennis Pedersen wrote: > > > > > > > > > > ----- Original Message ----- > > > > > From: "Eric Anderson" > > > > > Sent: Tuesday, March 05, 2002 3:03 PM > > > > > Subject: Re: Racoon/sainfo - 'no policy found' > > > > > > > > > > > I have about 60 vpn's connected to one host right now, all using cable > > > > > modems, > > > > > > ADSL, or SDSL connections. All work well, and are fast. It barely > > > uses > > > > > any > > > > > > ram, and I have a VIA C3 600MHz (Celeron 600MHz equivalent) as the > > > > > "server" (or > > > > > > at the main office), which is overkill for its needs. > > > > > > > > > > Okai sweet.. > > > > > What about CPU load in peek? > > > > > Are all 60 vpns connected at the same time? > > > > > What speed do you have at the office? > > > > > > > > > > I'm looking for some guidelines about how big my box at the Main should > > > be > > > > > :) > > > > > > > > > > /Dennis > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > -- > > > > ------------------------------------------------------------------ > > > > Eric Anderson Systems Administrator Centaur Technology > > > > If at first you don't succeed, sky diving is probably not for you. > > > > ------------------------------------------------------------------ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > ------------------------------------------------------------------ > > Eric Anderson Systems Administrator Centaur Technology > > If at first you don't succeed, sky diving is probably not for you. > > ------------------------------------------------------------------ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 3:52:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [217.106.235.141]) by hub.freebsd.org (Postfix) with ESMTP id 08C7137B417; Wed, 6 Mar 2002 03:52:21 -0800 (PST) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id D163566BC8; Wed, 6 Mar 2002 14:52:18 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id AEA69CD23; Wed, 6 Mar 2002 14:52:18 +0300 (MSK) Date: Wed, 6 Mar 2002 14:52:18 +0300 (MSK) From: Alexey Zakirov X-X-Sender: To: "Crist J. Clark" Cc: "Dalin S. Owen" , Subject: Re: ESP + IPFW In-Reply-To: <20020304212850.M87533@blossom.cjclark.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 4 Mar 2002, Crist J. Clark wrote: > > #workstation > > ipfw add 10 allow esp from any to any > > > > Now, everything works fine. But I would like to be able to firewall the > > packets *after* they are translated by IPSec (ESP) with IPFW? How would I > > do that? They seem to only pass into IPFW once, not twice.. Can you run IPF > > with IPFW to do it, and in that case which firewalling system gets matched > > first? > > Yep. They go through ipfw(8) once. If you run ipf(8), they go through > ipf(8) then ipfw(8)... once. You _can't_ fliter packets "*after* they are translated by IPSec". It's because of the change in ip_input.c which happened about summer. This is a patch that I have to apply to the most of my natd/gateways machines to get NAT work: ======================================================================= --- ip_input.c.orig Thu Jan 17 20:32:21 2002 +++ ip_input.c Thu Jan 17 20:32:58 2002 @@ -391,10 +391,12 @@ m_adj(m, ip->ip_len - m->m_pkthdr.len); } +/* XXX breaks tunnels/nat/etc #ifdef IPSEC if (ipsec_gethist(m, NULL)) goto pass; #endif +*/ /* * IpHack's section. ======================================================================= *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8: 7:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 5697737B404 for ; Wed, 6 Mar 2002 08:07:32 -0800 (PST) Received: (from mwlucas@localhost) by blackhelicopters.org (8.11.6/8.11.6) id g26G7VE00759 for security@freebsd.org; Wed, 6 Mar 2002 11:07:31 -0500 (EST) (envelope-from mwlucas) Date: Wed, 6 Mar 2002 11:07:31 -0500 From: Michael Lucas To: security@freebsd.org Subject: ssh keys not working? Message-ID: <20020306110730.A720@blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Folks, I just installed -current on my laptop so I can start to document the bugger, and have everything installed and running properly, except SSH key handling. When I try to SSH somewhere, the local key is obviously not being picked up. I show ssh-agent is running, and a check of my environment shows SSH_AGENT_PID and SSH_AUTH_SOCK. /etc/ssh/ssh_config explicitly lists "RSAAuthentication yes". Any other suggestions on what to check? (Of course, this means that my commit bit is now useless unless I boot into -stable... found myself with time to work today, and I just can't, dang it! And it's only worse because I know there's some stupid little thing I'm missing.) Thanks, Michael -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:14: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by hub.freebsd.org (Postfix) with ESMTP id BCE8637B404 for ; Wed, 6 Mar 2002 08:14:02 -0800 (PST) Received: from pc4-card4-0-cust162.cdf.cable.ntl.com ([80.4.14.162] helo=rhadamanth.private.submonkey.net ident=mailnull) by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2) id 16ie3B-0000TZ-00 for security@freebsd.org; Wed, 06 Mar 2002 16:13:57 +0000 Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.35 #1) id 16ie2p-000EzL-00; Wed, 06 Mar 2002 16:13:35 +0000 Date: Wed, 6 Mar 2002 16:13:35 +0000 From: Ceri To: Michael Lucas Cc: security@freebsd.org Subject: Re: ssh keys not working? Message-ID: <20020306161335.GC57440@submonkey.net> Mail-Followup-To: Ceri , Michael Lucas , security@freebsd.org References: <20020306110730.A720@blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020306110730.A720@blackhelicopters.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 06, 2002 at 11:07:31AM -0500, Michael Lucas wrote: > > Folks, > > I just installed -current on my laptop so I can start to document the > bugger, and have everything installed and running properly, except SSH > key handling. > > When I try to SSH somewhere, the local key is obviously not being > picked up. > > I show ssh-agent is running, and a check of my environment shows > SSH_AGENT_PID and SSH_AUTH_SOCK. /etc/ssh/ssh_config explicitly lists > "RSAAuthentication yes". > > Any other suggestions on what to check? You did remember to run ssh-add ? Other than that, check that your Protocol line is 1,2 instead of 2,1. Ceri -- keep a mild groove on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:18:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from bunrab.catwhisker.org (adsl-63-193-123-122.dsl.snfc21.pacbell.net [63.193.123.122]) by hub.freebsd.org (Postfix) with ESMTP id DEE6D37B416 for ; Wed, 6 Mar 2002 08:18:10 -0800 (PST) Received: (from david@localhost) by bunrab.catwhisker.org (8.11.6/8.11.6) id g26GI8N20045; Wed, 6 Mar 2002 08:18:08 -0800 (PST) (envelope-from david) Date: Wed, 6 Mar 2002 08:18:08 -0800 (PST) From: David Wolfskill Message-Id: <200203061618.g26GI8N20045@bunrab.catwhisker.org> To: mwlucas@blackhelicopters.org, setantae@submonkey.net Subject: Re: ssh keys not working? Cc: security@FreeBSD.ORG In-Reply-To: <20020306161335.GC57440@submonkey.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Date: Wed, 6 Mar 2002 16:13:35 +0000 >From: Ceri >Other than that, check that your Protocol line is 1,2 instead of 2,1. I would be somewhat surprised if that were effective, as I have Protocol 2,1 explicitly in my ~/.ssh/ssh_config, and relay on ssh for connecting to other machines routinely. Use of "-v" when invoking ssh can often help spot the problem. Cheers, david (links to my resume at http://www.catwhisker.org/~david) -- David H. Wolfskill david@catwhisker.org I believe it would be irresponsible (and thus, unethical) for me to advise, recommend, or support the use of any product that is or depends on any Microsoft product for any purpose other than personal amusement. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:21:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from raven.bjn.net (raven.bjn.net [193.73.230.20]) by hub.freebsd.org (Postfix) with ESMTP id 6D45737B419 for ; Wed, 6 Mar 2002 08:21:47 -0800 (PST) Received: from raven (raven [193.73.230.20]) by raven.bjn.net (8.10.2+Sun/8.10.2) with ESMTP id g26GLNM22398; Wed, 6 Mar 2002 17:21:23 +0100 (MET) Date: Wed, 6 Mar 2002 17:21:23 +0100 (MET) From: X-X-Sender: To: Michael Lucas Cc: Subject: Re: ssh keys not working? In-Reply-To: <20020306110730.A720@blackhelicopters.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Michael, Is your publickey in the ~/.ssh/authorized_keys file on the server you are ssh'ing to? What kind of output do you get with ssh -v ? Bruce On Wed, 6 Mar 2002, Michael Lucas wrote: > > Folks, > > I just installed -current on my laptop so I can start to document the > bugger, and have everything installed and running properly, except SSH > key handling. > > When I try to SSH somewhere, the local key is obviously not being > picked up. > > I show ssh-agent is running, and a check of my environment shows > SSH_AGENT_PID and SSH_AUTH_SOCK. /etc/ssh/ssh_config explicitly lists > "RSAAuthentication yes". > > Any other suggestions on what to check? > > (Of course, this means that my commit bit is now useless unless I boot > into -stable... found myself with time to work today, and I just > can't, dang it! And it's only worse because I know there's some > stupid little thing I'm missing.) > > Thanks, > Michael > > -- > Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org > my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons > > http://www.blackhelicopters.org/~mwlucas/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:22:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id 6D7CC37B404 for ; Wed, 6 Mar 2002 08:22:13 -0800 (PST) Received: (from mwlucas@localhost) by blackhelicopters.org (8.11.6/8.11.6) id g26GKqb00873; Wed, 6 Mar 2002 11:20:52 -0500 (EST) (envelope-from mwlucas) Date: Wed, 6 Mar 2002 11:20:52 -0500 From: Michael Lucas To: Ceri , security@freebsd.org Subject: Re: ssh keys not working? Message-ID: <20020306112052.A847@blackhelicopters.org> References: <20020306110730.A720@blackhelicopters.org> <20020306161335.GC57440@submonkey.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020306161335.GC57440@submonkey.net>; from setantae@submonkey.net on Wed, Mar 06, 2002 at 04:13:35PM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 06, 2002 at 04:13:35PM +0000, Ceri wrote: > You did remember to run ssh-add ? Yep, I'm dumb but not that dumb. :-) > Other than that, check that your Protocol line is 1,2 instead of 2,1. Aha! Life just got much better, thank you! Now to go fix my bonehead mistake in the FDP... -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:32:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by hub.freebsd.org (Postfix) with ESMTP id 082CC37B400 for ; Wed, 6 Mar 2002 08:32:36 -0800 (PST) Received: from pc4-card4-0-cust162.cdf.cable.ntl.com ([80.4.14.162] helo=rhadamanth.private.submonkey.net ident=mailnull) by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2) id 16ieLD-0000tg-00 for security@freebsd.org; Wed, 06 Mar 2002 16:32:35 +0000 Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.35 #1) id 16ieKq-000F6h-00; Wed, 06 Mar 2002 16:32:12 +0000 Date: Wed, 6 Mar 2002 16:32:12 +0000 From: Ceri To: David Wolfskill Cc: mwlucas@blackhelicopters.org, security@FreeBSD.ORG Subject: Re: ssh keys not working? Message-ID: <20020306163212.GA57856@submonkey.net> Mail-Followup-To: Ceri , David Wolfskill , mwlucas@blackhelicopters.org, security@FreeBSD.ORG References: <20020306161335.GC57440@submonkey.net> <200203061618.g26GI8N20045@bunrab.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200203061618.g26GI8N20045@bunrab.catwhisker.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 06, 2002 at 08:18:08AM -0800, David Wolfskill wrote: > >Date: Wed, 6 Mar 2002 16:13:35 +0000 > >From: Ceri > > >Other than that, check that your Protocol line is 1,2 instead of 2,1. > > I would be somewhat surprised if that were effective, as I have > > Protocol 2,1 > > explicitly in my ~/.ssh/ssh_config, and relay on ssh for connecting to > other machines routinely. Seeing Michael's follow-up, I would suggest you prepare to be surprised. I have often found RSA key authentication to fail when version 2 is used first. Ceri -- keep a mild groove on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:45: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 19EE937B405 for ; Wed, 6 Mar 2002 08:44:53 -0800 (PST) Received: (qmail 72947 invoked by uid 1000); 6 Mar 2002 16:45:09 -0000 Date: Wed, 6 Mar 2002 18:45:09 +0200 From: Peter Pentchev To: Michael Lucas Cc: security@freebsd.org Subject: Re: ssh keys not working? Message-ID: <20020306184509.C14052@straylight.oblivion.bg> Mail-Followup-To: Michael Lucas , security@freebsd.org References: <20020306110730.A720@blackhelicopters.org> <20020306161335.GC57440@submonkey.net> <20020306112052.A847@blackhelicopters.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="lCAWRPmW1mITcIfM" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020306112052.A847@blackhelicopters.org>; from mwlucas@blackhelicopters.org on Wed, Mar 06, 2002 at 11:20:52AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --lCAWRPmW1mITcIfM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 06, 2002 at 11:20:52AM -0500, Michael Lucas wrote: > On Wed, Mar 06, 2002 at 04:13:35PM +0000, Ceri wrote: > > You did remember to run ssh-add ? >=20 > Yep, I'm dumb but not that dumb. :-) >=20 > > Other than that, check that your Protocol line is 1,2 instead of 2,1. >=20 >=20 > Aha! Life just got much better, thank you! >=20 > Now to go fix my bonehead mistake in the FDP... If the problem was that SSH was using protocol 2 instead of 1, and you only had an SSHv1 key, please note that all the machines in the FreeBSD cluster accept SSHv2 keys now, too :) I personally prefer to go with v2 anywhere I can, so I just generated a v2 key (ssh-keygen -t dsa) and copied the public key over to freefall:.ssh/authorized_keys2. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence would be seven words long if it were six words shorter. --lCAWRPmW1mITcIfM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyGR5UACgkQ7Ri2jRYZRVPCUgCfXZf12quR8nsQQG2ACidLl5ca uYgAnj4U6jAqAHeOvRM7n7lCuFw4uQMg =v7Bo -----END PGP SIGNATURE----- --lCAWRPmW1mITcIfM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:50:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from blackhelicopters.org (geburah.blackhelicopters.org [209.69.178.18]) by hub.freebsd.org (Postfix) with ESMTP id A320F37B400 for ; Wed, 6 Mar 2002 08:50:19 -0800 (PST) Received: (from mwlucas@localhost) by blackhelicopters.org (8.11.6/8.11.6) id g26GoJw01228 for security@freebsd.org; Wed, 6 Mar 2002 11:50:19 -0500 (EST) (envelope-from mwlucas) Date: Wed, 6 Mar 2002 11:50:19 -0500 From: Michael Lucas To: security@freebsd.org Subject: Re: ssh keys not working? Message-ID: <20020306115019.A1208@blackhelicopters.org> References: <20020306110730.A720@blackhelicopters.org> <20020306161335.GC57440@submonkey.net> <20020306112052.A847@blackhelicopters.org> <20020306184509.C14052@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020306184509.C14052@straylight.oblivion.bg>; from roam@ringlet.net on Wed, Mar 06, 2002 at 06:45:09PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 06, 2002 at 06:45:09PM +0200, Peter Pentchev wrote: > If the problem was that SSH was using protocol 2 instead of 1, and you > only had an SSHv1 key, please note that all the machines in the FreeBSD > cluster accept SSHv2 keys now, too :) I personally prefer to go with v2 > anywhere I can, so I just generated a v2 key (ssh-keygen -t dsa) and > copied the public key over to freefall:.ssh/authorized_keys2. Ah, good to know. I'll put this near the top of my "copious free time" list. Thanks! ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org my FreeBSD column: http://www.oreillynet.com/pub/q/Big_Scary_Daemons http://www.blackhelicopters.org/~mwlucas/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:58:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 5558C37B41A for ; Wed, 6 Mar 2002 08:58:10 -0800 (PST) Received: (qmail 17785 invoked by uid 1000); 6 Mar 2002 16:58:04 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Mar 2002 16:58:04 -0000 Date: Wed, 6 Mar 2002 08:58:01 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: ssh keys not working? In-Reply-To: <20020306184509.C14052@straylight.oblivion.bg> Message-ID: <20020306085357.E17654-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > If the problem was that SSH was using protocol 2 instead of 1, and you > only had an SSHv1 key, please note that all the machines in the > FreeBSD cluster accept SSHv2 keys now, too :) I personally prefer to > go with v2 anywhere I can, so I just generated a v2 key (ssh-keygen -t > dsa) and copied the public key over to freefall:.ssh/authorized_keys2. The current version of openssh has deprecated the use of authorized_keys2, known_hosts2, etc, and they threaten that future version will completely ignore the *2 files. So it's probablly a good idea to keep all your keys in authorized_keys, and symlink that to authorized_keys2 for now. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8hkqcswXMWWtptckRAgnFAKC8cj4VA1MF+pGee4IQ+0rgANNf3wCgo+DH 2P2fqRRk5/MEqi/QyfLEWPg= =tZre -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 8:59:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from post-11.mail.nl.demon.net (post-11.mail.nl.demon.net [194.159.73.21]) by hub.freebsd.org (Postfix) with ESMTP id 20B4C37B404 for ; Wed, 6 Mar 2002 08:59:23 -0800 (PST) Received: from [212.238.194.207] (helo=mailhost.raggedclown.net) by post-11.mail.nl.demon.net with esmtp (Exim 3.33 #1) id 16iel8-000FXj-00 for freebsd-security@freebsd.org; Wed, 06 Mar 2002 16:59:22 +0000 Received: from angel.raggedclown.net (angel.raggedclown.intra [192.168.1.7]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [buffy]) with ESMTP id 99F4513040 for ; Wed, 6 Mar 2002 17:59:21 +0100 (CET) Received: by angel.raggedclown.net (Ragged Clown Host [angel], from userid 1005) id 11B9E22595; Wed, 6 Mar 2002 17:59:16 +0100 (CET) Date: Wed, 6 Mar 2002 17:59:16 +0100 From: Cliff Sarginson To: freebsd-security@freebsd.org Subject: Re: http://users.uk.freebsd.org/~juha/ Message-ID: <20020306165915.GB4962@raggedclown.net> References: <000c01c1c322$df0f22a0$0101a8c0@noc2> <20020304202541.U91555-100000@earl-grey.cloud9.net> <20020305015104.GA40292@core.usrlib.org> <20020305114625.GA11426@raggedclown.net> <3C84CC9A.E506D746@centtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C84CC9A.E506D746@centtech.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Mar 05, 2002 at 07:48:10AM -0600, Eric Anderson wrote: > Cliff Sarginson wrote: > > What always bugs me is people who should know better referring to "crackers", > > as "hackers" :) > > > > So are you saying that crackers are the password breaking, system comprimising > people? Or hackers? > Ok, clarification time. Hackers are the nice people who brought you FreeBSD, they may be "crackers" in the sense of being unstable, unreasonable, anti-social, self-opinionated, ego-maniac synchronised swimming fans. But they don't break things for fun, profit or revenge. Crackers are people who break things, for fun, because it's cool in some circles, because they have nothing better to do -- there are phasers in the ports collection, you can use them to see if your system can resist attack, or you can just shoot at any passing target with them. These are the JDs. Then there are the crackers who crack systems as professionals, for political, monetary or idealogical reasons. If they are very good they probably never get prosecuted but end up working for the government :) Then there is a character in Italy who syn scans me once a week or so. He might be a cracker who is crackers as well. If he is listening there is nothing interesting on port 512 either. -- Regards Cliff Sarginson -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 16:33:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by hub.freebsd.org (Postfix) with ESMTP id 3187C37B404; Wed, 6 Mar 2002 16:33:32 -0800 (PST) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 7C27028D3E; Wed, 6 Mar 2002 19:33:31 -0500 (EST) Date: Wed, 6 Mar 2002 19:33:31 -0500 (EST) From: Peter Leftwich X-X-Sender: To: Terry Lambert Cc: Miguel Mendez , Cliff Sarginson , , Subject: Re: http://users.uk.freebsd.org/~juha/ In-Reply-To: <3C84FC43.607F91E6@mindspring.com> Message-ID: <20020306191854.C2150-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Humour below: On Tue, 5 Mar 2002, Terry Lambert wrote: > Return-Path: > Received: from mail2.registeredsite.com (mail2.registeredsite.com > [64.224.9.11]) > by russian-caravan.cloud9.net (Postfix) with ESMTP id 7D4CC28B06 > for ; Tue, 5 Mar 2002 12:13:09 -0500 (EST) > Received: from mail.video2video.com (mail.video2video.com [209.35.10.22]) > by mail2.registeredsite.com (8.11.6/8.11.4) with ESMTP id > g25GIgV19461 > for ; Tue, 5 Mar 2002 11:18:42 -0500 > Received: from mx2.freebsd.org [209.35.10.22] by mail.video2video.com > (SMTPD32-6.06) id ACA5206F00B0; Tue, 05 Mar 2002 12:13:09 -0500 > Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18]) > by mx2.freebsd.org (Postfix) with ESMTP > id C8EE055F74; Tue, 5 Mar 2002 09:12:30 -0800 (PST) > (envelope-from owner-freebsd-security@FreeBSD.ORG) > Received: by hub.freebsd.org (Postfix, from userid 538) > id DA51E37B41C; Tue, 5 Mar 2002 09:12:09 -0800 (PST) > Received: from localhost (localhost [127.0.0.1]) > by hub.freebsd.org (Postfix) with SMTP > id 287CF2E800C; Tue, 5 Mar 2002 09:12:05 -0800 (PST) > Received: by hub.freebsd.org (bulk_mailer v1.12); Tue, > 5 Mar 2002 09:12:03 -0800 > Delivered-To: freebsd-security@freebsd.org > Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net > [207.217.120.22]) > by hub.freebsd.org (Postfix) with ESMTP > id ECA8237B402; Tue, 5 Mar 2002 09:11:52 -0800 (PST) > Received: from pool0452.cvx40-bradley.dialup.earthlink.net > ([216.244.43.197] helo=mindspring.com) > by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) > id 16iITb-0002c6-00; Tue, 05 Mar 2002 09:11:47 -0800 > Message-ID: <3C84FC43.607F91E6@mindspring.com> > Date: Tue, 05 Mar 2002 09:11:31 -0800 > From: Terry Lambert > X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) > X-Accept-Language: en > MIME-Version: 1.0 > To: Miguel Mendez > Cc: Cliff Sarginson , > freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG > Subject: Re: http://users.uk.freebsd.org/~juha/ > References: <000c01c1c322$df0f22a0$0101a8c0@noc2> > <20020304202541.U91555-100000@earl-grey.cloud9.net> > <20020305015104.GA40292@core.usrlib.org> > <20020305114625.GA11426@raggedclown.net> > <20020305144726.B89475@energyhq.homeip.net> > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > Sender: owner-freebsd-security@FreeBSD.ORG > List-ID: > List-Archive: (Web Archive) > List-Help: (List Instructions) > List-Subscribe: > > List-Unsubscribe: > > X-Loop: FreeBSD.org > Precedence: bulk > > Miguel Mendez wrote: > > On Tue, Mar 05, 2002 at 12:46:25PM +0100, Cliff Sarginson wrote: > > > What always bugs me is people who should know better referring to "crackers", as "hackers" :) That's why I [originally months-ago] used "so-called." ;) > > Troll, but I'll bite :-) > > Cracker: salted cookie. > > Hacker: what you meant as hacker. > > Cracker is nothing, just a stupid term made up by journalists and clueless people like Suckomu Shimomura. ;-P Do your research. > Well, "troll" back at you... What is this about trolls biting Saltines now? > A hacker looks, but does not touch; hacking is a result of a curious nature. Heisenberg's Uncertainty Principle. The nature of the act of observation alters what it is you are observing, thus curiosity can crash a system and/or land your butt in jail near Big Joe's... > A cracker touches; cracking is a result of poor potty training. A cracker cracks a safe. A cracker is a "whitey," a "honky" such as myself. This term has never been offensive to me so get over it *grins*. A locksmith is a good cracker, good meaning benevolent. A hacker can be good or bad; a hacker who is "a HACK" is an over-paid under-skilled coder/programmer. A hacker who hacks code and is very skilled at it is someone who takes issue and bitches and moans when the media uses the word "hacker" in the "wrong way." They want the word back, but it is damaged goods. This seems to all come down to two ideas: [1] People want "intent" or "motive" to be part of the noun, just as we have two different words for those who steal your money: taxman and thief. [2] The Eskimo-like tribe Ki'illi-Mo%tocka Timbe of the Russian Siberian plains have 13 words for "dayummn it is phreakin' cold out today!" > A hacker learns in order to learn. A cracker learns in order to exploit. {Well said!! Although some crackers just forgot their password to a zip disk or zip file or M$FT Office file...} > Any true hacker has a Bushido-style sense of honor. A hacker is a Samurai. > Crackers generally have no honor. A cracker is Ronin. Ronin? > Ken Thompson is a hacker. Dennis Ritchie is a hacker. Kirk McKusick is a hacker. I'm glad you didn't mention Kevin Mitnick. So I will: Kevin Mitnick is a god. > The term "cracker" was not chosen lightly; it was chosen > by hackers, not by journalists. "Cracking" intentionally > implies breakage, damage, or exploitation of some kind. > > In fact, it is journalists who use the terms as if they > were the same thing, which pisses hackers off immensely, > and delights crackers no end, in the same way that a > person who habitually wore black in order to impersonate > a tortured young artist would be delighted to be mistaken > for one. > > The "freebsd-hackers" mailing list was named correctly, > even if some idiots don't get the point and post asking > for "W4R3Z" occasionally. We usually point them to the > top "W4R3Z" site on the net, one so secret it has no DNS > name: 127.0.0.1. > > And no, we aren't going to change the FreeBSD mascot to > something other than the BSD Daemon, thanks. > > And yes, we have all your personal information on file, > we just aren't going to do anything with it. 8-). > > -- Terry I'm done. Sorry about the chubby headers; one day I will shift back to saving originals and sent-mail and not just sent-mail ;-\ -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 16:57: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 884A937B402 for ; Wed, 6 Mar 2002 16:56:59 -0800 (PST) Received: (qmail 79463 invoked by uid 100); 7 Mar 2002 00:56:56 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15494.47832.176199.693783@guru.mired.org> Date: Wed, 6 Mar 2002 18:56:56 -0600 To: Peter Leftwich Cc: Terry Lambert , Miguel Mendez , Cliff Sarginson , , Subject: Re: http://users.uk.freebsd.org/~juha/ In-Reply-To: <20020306191854.C2150-100000@earl-grey.cloud9.net> References: <3C84FC43.607F91E6@mindspring.com> <20020306191854.C2150-100000@earl-grey.cloud9.net> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.48 (Python 2.2 on freebsd4) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter Leftwich types: > Humour below: [3K of unneeded headers deleted here. Please trim your followups of such.] > > Miguel Mendez wrote: > > > On Tue, Mar 05, 2002 at 12:46:25PM +0100, Cliff Sarginson wrote: > > A hacker looks, but does not touch; hacking is a result of a curious nature. > Heisenberg's Uncertainty Principle. The nature of the act of observation > alters what it is you are observing, thus curiosity can crash a system > and/or land your butt in jail near Big Joe's... Right. Tresspassing is a crime, even if you don't touch anything. Just because you're tresspassing in cyberspace doen't make it any less of a crime. > A cracker cracks a safe. A cracker is a "whitey," a "honky" such as > myself. Or white trash. You know, I'd forgotten that usage of the term. Thanks for reminding me of it. > This term has never been offensive to me so get over it *grins*. A > locksmith is a good cracker, good meaning benevolent. A hacker can be good > or bad; a hacker who is "a HACK" is an over-paid under-skilled > coder/programmer. A hacker who hacks code and is very skilled at it is > someone who takes issue and bitches and moans when the media uses the word > "hacker" in the "wrong way." They want the word back, but it is damaged > goods. Unfortunately correct. That doesn't make the old meaning obsolete, though. So I'll keep right on using it with pride, and correcting people who think it only has one meaning, by giving them the second meaning of cracker. After all, if the media can hijack our word, we can hijack one. > This seems to all come down to two ideas: [1] People want "intent" or > "motive" to be part of the noun, just as we have two different words for > those who steal your money: taxman and thief. [2] The Eskimo-like tribe > Ki'illi-Mo%tocka Timbe of the Russian Siberian plains have 13 words for > "dayummn it is phreakin' cold out today!" I don't think hackers - in the original sense - wnat "intent" or "motive" to be part of the noun. They realize that some crackers are also very skilled hackers. What I - and I assume they - want is for the media to recognize that not all hackers are crackers, and to convey that message to the public in some way. > > Ken Thompson is a hacker. Dennis Ritchie is a hacker. Kirk McKusick is a hacker. > I'm glad you didn't mention Kevin Mitnick. So I will: Kevin Mitnick is a god. Loki? > > -- Terry > > I'm done. Sorry about the chubby headers; one day I will shift back to > saving originals and sent-mail and not just sent-mail ;-\ Ugh. I'd still like to see them trimmed. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 17:24:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by hub.freebsd.org (Postfix) with ESMTP id 6F1F137B404; Wed, 6 Mar 2002 17:24:18 -0800 (PST) Received: from pool0533.cvx21-bradley.dialup.earthlink.net ([209.179.194.23] helo=mindspring.com) by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16imdW-0001uH-00; Wed, 06 Mar 2002 17:24:03 -0800 Message-ID: <3C86C11C.8A31C8BB@mindspring.com> Date: Wed, 06 Mar 2002 17:23:40 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Leftwich Cc: Miguel Mendez , Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ References: <20020306191854.C2150-100000@earl-grey.cloud9.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter Leftwich wrote: > > A hacker looks, but does not touch; hacking is a result of a curious nature. > > Heisenberg's Uncertainty Principle. The nature of the act of observation > alters what it is you are observing, thus curiosity can crash a system > and/or land your butt in jail near Big Joe's... Heisenberg's Uncertainty Principle doesn't apply to macro events, only to quantum events. Specifically, it states that you can not simultaneously know the momentum of an electron, and it's position within h-bar/2. Unless you have a Schroedinger's Cat device hooked up to your computer, observations are not going to collapse any probability wwaves to a certainty, thus effecting the outcome of later observations. 8^p. > This seems to all come down to two ideas: [1] People want "intent" or > "motive" to be part of the noun, just as we have two different words for > those who steal your money: taxman and thief. [2] The Eskimo-like tribe > Ki'illi-Mo%tocka Timbe of the Russian Siberian plains have 13 words for > "dayummn it is phreakin' cold out today!" Just as William Gibson, the person who coined the word "cyberspace" indicated that "It's not ``cyberspace'' until you can torture someone to death in it, and they die in the real world". While we're at it, I want "Operating System" back, too. > > Any true hacker has a Bushido-style sense of honor. A hacker is a Samurai. > > Crackers generally have no honor. A cracker is Ronin. > > Ronin? A Samurai without a house. Someone who doesn't have a higher power to which they answer, and so has no reasonable constraints on their actions to prevent them from becoming sociopaths like Theodore "Ted" Kazinski or Jeffrey Dahlmer. > > Ken Thompson is a hacker. Dennis Ritchie is a hacker. Kirk > > McKusick is a hacker. > > I'm glad you didn't mention Kevin Mitnick. So I will: Kevin Mitnick is a god. So are Baal, Loki, and Hades... 8^p. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 18:15:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 283BC37B402 for ; Wed, 6 Mar 2002 18:15:17 -0800 (PST) Received: (qmail 80381 invoked by uid 100); 7 Mar 2002 02:15:12 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15494.52528.125952.145716@guru.mired.org> Date: Wed, 6 Mar 2002 20:15:12 -0600 To: Terry Lambert Cc: Peter Leftwich , Miguel Mendez , Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ In-Reply-To: <3C86C11C.8A31C8BB@mindspring.com> References: <20020306191854.C2150-100000@earl-grey.cloud9.net> <3C86C11C.8A31C8BB@mindspring.com> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.48 (Python 2.2 on freebsd4) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Terry Lambert types: > Peter Leftwich wrote: > > > A hacker looks, but does not touch; hacking is a result of a curious nature. > > Heisenberg's Uncertainty Principle. The nature of the act of observation > > alters what it is you are observing, thus curiosity can crash a system > > and/or land your butt in jail near Big Joe's... > > Heisenberg's Uncertainty Principle doesn't apply to macro > events, only to quantum events. Specifically, it states > that you can not simultaneously know the momentum of an > electron, and it's position within h-bar/2. While Heisenberg's uncertainty doesn't apply as described to macro events, the concept certainly works. If you instrument a kernel to find performance problems, you've just slowed the kernel down, and changed what routines get used when. And I'm sure we've all had the experience of adding a print to try and catch a bug, and the bug vanishes. Anyone who breaks into a computer system they aren't legally allowed to use is a cracker. The mere act of logging in takes cycles, which effects other processes on the system, especially if they are participating in a distributed computing project. Given that computers are so blasted cheap these days, and the availability of open source software, there's a lot of learning that can be done without stealing cycles from someone else. > Unless you have a Schroedinger's Cat device hooked up to > your computer, observations are not going to collapse any > probability wwaves to a certainty, thus effecting the > outcome of later observations. No, they'll just slow them donw, possibly screw up the accounting, and similar things that can make peoples lifes miserably. Read the book by the guy at LBL who helped track down a couple of crackers, even though they mostly used a "look but don't touch" methodology on his computers. His web site seems to be gone, or I'd send over there to order a Kleine bottle from him as well. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 18:29:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id E1ADB37B402; Wed, 6 Mar 2002 18:28:54 -0800 (PST) Received: from isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.6/8.11.2) with ESMTP id g272Q1141571; Thu, 7 Mar 2002 13:26:08 +1100 (EST) (envelope-from marka@isc.org) Message-Id: <200203070226.g272Q1141571@drugs.dv.isc.org> To: "Mike Meyer" Cc: freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG From: Mark.Andrews@isc.org Reply-To: chat@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ In-reply-to: Your message of "Wed, 06 Mar 2002 20:15:12 MDT." <15494.52528.125952.145716@guru.mired.org> Date: Thu, 07 Mar 2002 13:26:01 +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As much as I'm enjoying the discussions about the meanings of hacker and cracker or the uncertaintly principle they really are not freebsd-security fodder. Please remove freebsd-security@FreeBSD.ORG from the follow ups. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 19: 1:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 52B3837B402; Wed, 6 Mar 2002 19:01:09 -0800 (PST) Received: from pool0032.cvx21-bradley.dialup.earthlink.net ([209.179.192.32] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16io9J-0006G4-00; Wed, 06 Mar 2002 19:00:58 -0800 Message-ID: <3C86D7D6.C11D7E@mindspring.com> Date: Wed, 06 Mar 2002 19:00:38 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Meyer Cc: Peter Leftwich , Miguel Mendez , Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ References: <20020306191854.C2150-100000@earl-grey.cloud9.net> <3C86C11C.8A31C8BB@mindspring.com> <15494.52528.125952.145716@guru.mired.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Meyer wrote: > While Heisenberg's uncertainty doesn't apply as described to macro > events, the concept certainly works. If you instrument a kernel to > find performance problems, you've just slowed the kernel down, and > changed what routines get used when. And I'm sure we've all had the > experience of adding a print to try and catch a bug, and the bug > vanishes. This only happens if you don't know what you are doing. It's very easy to do instrumentation which subtracts itself out of the overall count, if the instrumentation is for profiling. For debugging of timing sensitive problems, you have to use non-invasive techniques in order to avoid changing the timing. It isn't rocket science. As to the idea that the observer always changes the thing being observed, that's silly. It's only true if the observer isn't copetent, until you get down to the quantum level. > Given that computers are so blasted cheap these days, and the > availability of open source software, there's a lot of learning that > can be done without stealing cycles from someone else. Actually, the use of individual equipment is one of the things that's wrong with todays CS classes. If you do your work on your own machine at home, rather than using shared resources, you never learn to "play nice" with other software on the system that you didn't plan on. It's one of the reasons Windows Systems are so fragile these days, when programs from different vendors are loaded on them: the programmers responsible never had to learn to "play nice with the other kids". > No, they'll just slow them donw, possibly screw up the accounting, and > similar things that can make peoples lifes miserably. Read the book by > the guy at LBL who helped track down a couple of crackers, even though > they mostly used a "look but don't touch" methodology on his > computers. His web site seems to be gone, or I'd send over there to > order a Kleine bottle from him as well. You mean Clifford Stoll's "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage", in which he used non-invasive observational teqniques that did not impact what he was observing? 8-). I think his neo-luddite books "Silicon Snake Oil: Second Thoughts on The Information Highway" and "High Tech Heretic: Why Computers Don't Belong in the Classroom and Other Reflections by a Computer Contrarion" are a lot more telling, don't you? "Ultimately, though, Stoll contradicts himself too often: in one sentence, he fears the demise of libraries; in the next, he states why book-based libraries won't disappear. What's more, he undermines his argument's seriousness with comic footnotes and deliberately improper grammar. Still, his book signals the first wave in the backlash against the race to the future that computer technology now represents." -- Benjamin Segedin PS: The people he was writing about in "The Cuckoo's Egg" we definitely not just observers... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 19:53:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mired.org (dsl-64-192-6-133.telocity.com [64.192.6.133]) by hub.freebsd.org (Postfix) with SMTP id 938AD37B417 for ; Wed, 6 Mar 2002 19:53:12 -0800 (PST) Received: (qmail 81467 invoked by uid 100); 7 Mar 2002 03:53:11 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15494.58407.33613.314390@guru.mired.org> Date: Wed, 6 Mar 2002 21:53:11 -0600 To: Terry Lambert Cc: Mike Meyer , Peter Leftwich , Miguel Mendez , Cliff Sarginson , freebsd-security@FreeBSD.ORG, chat@FreeBSD.ORG Subject: Re: http://users.uk.freebsd.org/~juha/ In-Reply-To: <3C86D7D6.C11D7E@mindspring.com> References: <20020306191854.C2150-100000@earl-grey.cloud9.net> <3C86C11C.8A31C8BB@mindspring.com> <15494.52528.125952.145716@guru.mired.org> <3C86D7D6.C11D7E@mindspring.com> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ From: "Mike Meyer" X-Delivery-Agent: TMDA/0.48 (Python 2.2 on freebsd4) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Terry Lambert types: > Mike Meyer wrote: > > While Heisenberg's uncertainty doesn't apply as described to macro > > events, the concept certainly works. If you instrument a kernel to > > find performance problems, you've just slowed the kernel down, and > > changed what routines get used when. And I'm sure we've all had the > > experience of adding a print to try and catch a bug, and the bug > > vanishes. > This only happens if you don't know what you are doing. > It's very easy to do instrumentation which subtracts > itself out of the overall count, if the instrumentation > is for profiling. For debugging of timing sensitive > problems, you have to use non-invasive techniques in > order to avoid changing the timing. It isn't rocket > science. Of course it's not rocket science. It's computer science. You haven't got it right yet. To make sure you're not changing the paging behavior of the system, you can't use any memory on the system, meaning you have to be watching it on a hardware monitor. And even that isn't good enough in all cases. I had bugs in horizontal microcode that the extra timing to grab the trace information hid, because the time used to sample the lines allowed the bus to settle before the next subword executed, so it read the correct values when run that way, but read random values run at full speed. > As to the idea that the observer always changes the thing > being observed, that's silly. It's only true if the > observer isn't copetent, until you get down to the quantum > level. I'll grant you that a sufficiently careful observer can probably get away without changing what's being observed above the quantum level. I wouldn't guarantee it until someone conclusively disproves the Bell hypothesis. If you are a careful enough hacker that you don't even leave footprints on the instruction trace of the machine you're breaking into, I'll grant you're probably not a cracker. I also want to know how you did it. > > Given that computers are so blasted cheap these days, and the > > availability of open source software, there's a lot of learning that > > can be done without stealing cycles from someone else. > Actually, the use of individual equipment is one of the > things that's wrong with todays CS classes. If you do > your work on your own machine at home, rather than using > shared resources, you never learn to "play nice" with > other software on the system that you didn't plan on. > It's one of the reasons Windows Systems are so fragile > these days, when programs from different vendors are loaded > on them: the programmers responsible never had to learn > to "play nice with the other kids". Can't argue with that. I'd place it right behind sharing code being considered cheating in school as a problem. But we're talking about people breaking into computers to ostensibly "learn things". Given that they can buy a used computer for a lot less than a used car, if not get them for free when their parents upgrade, why are they breaking into other people systems? > > No, they'll just slow them donw, possibly screw up the accounting, and > > similar things that can make peoples lifes miserably. Read the book by > > the guy at LBL who helped track down a couple of crackers, even though > > they mostly used a "look but don't touch" methodology on his > > computers. His web site seems to be gone, or I'd send over there to > > order a Kleine bottle from him as well. > You mean Clifford Stoll's "The Cuckoo's Egg: Tracking a Spy > Through the Maze of Computer Espionage", in which he used > non-invasive observational teqniques that did not impact > what he was observing? 8-). Yes, that's the book. And what he did wasn't non-invasive, it was just below the level of the people breaking into his system noticed. > PS: The people he was writing about in "The Cuckoo's Egg" > we definitely not just observers... True. They were hopscotching to another system. But the clue that started him on the case was simply cycles that hadn't been accounted for. So even if they had done nothing more than look around for $.75 cents worth of cpu time (about 10 minutes back then), he would have noticed them. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 6 21:14:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from lozz.beam.dropbear.id.au (038.c.003.mel.iprimus.net.au [210.50.33.38]) by hub.freebsd.org (Postfix) with ESMTP id 8A35B37B400 for ; Wed, 6 Mar 2002 21:14:20 -0800 (PST) Received: from commit (commit [192.168.0.1]) by lozz.beam.dropbear.id.au (8.12.1/8.12.1) with ESMTP id g2757xTn024018 for ; Thu, 7 Mar 2002 16:08:09 +1100 (EST) From: "april" To: Subject: RE: http://users.uk.freebsd.org/~juha/ Date: Thu, 7 Mar 2002 16:14:29 +1100 Message-ID: <005501c1c596$fa6788a0$0100a8c0@commit> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3311 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org way to be annoying and keep a stupid thread going. p.s: if you feel the need to reply make it off list To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 6:39:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from jochem.dyndns.org (cc40670-a.groni1.gr.nl.home.com [217.120.131.23]) by hub.freebsd.org (Postfix) with ESMTP id B0E5537B41C for ; Thu, 7 Mar 2002 06:39:21 -0800 (PST) Received: (from jochem@localhost) by jochem.dyndns.org (8.11.6/8.11.6) id g27EdDD28265 for security@FreeBSD.org; Thu, 7 Mar 2002 15:39:13 +0100 (CET) (envelope-from jochem) Date: Thu, 7 Mar 2002 15:39:12 +0100 From: Jochem Kossen To: security@FreeBSD.org Subject: OpenSSH root hole Message-ID: <20020307143912.GA28250@jochem.dyndns.org> Mail-Followup-To: security@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yup, a new hole has been found in OpenSSH... Impact: HIGH: Existing users will gain root privileges. The advisory at http://www.pine.nl/advisories/pine-cert-20020301.txt says the FreeBSD OpenSSH port has been updated. Does anyone know when OpenSSH in base will be updated? The hole scares me a bit, although the patch is extremely small :) --- channels_old.c Mon Mar 4 02:07:06 2002 +++ channels.c Mon Mar 4 02:07:16 2002 @@ -151,7 +151,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 6:45:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 5E77437B422 for ; Thu, 7 Mar 2002 06:45:30 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id DD8A144; Thu, 7 Mar 2002 08:45:26 -0600 (CST) Date: Thu, 7 Mar 2002 08:45:26 -0600 From: "Jacques A. Vidrine" To: Jochem Kossen Cc: security@FreeBSD.org Subject: Re: OpenSSH root hole Message-ID: <20020307144526.GQ36653@hellblazer.nectar.cc> References: <20020307143912.GA28250@jochem.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020307143912.GA28250@jochem.dyndns.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 03:39:12PM +0100, Jochem Kossen wrote: > The advisory at http://www.pine.nl/advisories/pine-cert-20020301.txt > says the FreeBSD OpenSSH port has been updated. Does anyone know when > OpenSSH in base will be updated? FreeBSD-CURRENT was fixed Tuesday. FreeBSD-STABLE was fixed yesterday. The security branches (4.5-RELEASEp2 and 4.4-RELEASEp9) were updated just a few minutes ago. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 6:52: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from probsd.ws (ilm25-53-085.ec.rr.com [24.25.53.85]) by hub.freebsd.org (Postfix) with ESMTP id 3F64537B400 for ; Thu, 7 Mar 2002 06:52:05 -0800 (PST) Received: from probsd.ws (www@localhost [127.0.0.1]) by probsd.ws (8.11.6/8.11.6) with SMTP id g27Ere180762 for ; Thu, 7 Mar 2002 09:53:40 -0500 (EST) (envelope-from ms@probsd.ws) Received: from 192.168.1.2 (SquirrelMail authenticated user ms) by probsd.ws with HTTP; Thu, 7 Mar 2002 09:53:40 -0500 (EST) Message-ID: <3744.192.168.1.2.1015512820.squirrel@probsd.ws> Date: Thu, 7 Mar 2002 09:53:40 -0500 (EST) Subject: Berkley Packet Filter From: "Michael Sharp" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If I disable; pseudo-device bpf in the kernel, this will prevent my Ethernet Device from going into Promiscious mode, thus preventing a sniffer from running on my machine correct? But wont it also kill ipfw functionality? michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 6:57:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (support.nanolink.com [217.75.134.33]) by hub.freebsd.org (Postfix) with SMTP id E02BE37B420 for ; Thu, 7 Mar 2002 06:57:20 -0800 (PST) Received: (qmail 5378 invoked by uid 1000); 7 Mar 2002 14:57:37 -0000 Date: Thu, 7 Mar 2002 16:57:37 +0200 From: Peter Pentchev To: Michael Sharp Cc: security@FreeBSD.ORG Subject: Re: Berkley Packet Filter Message-ID: <20020307165737.F377@straylight.oblivion.bg> Mail-Followup-To: Michael Sharp , security@FreeBSD.ORG References: <3744.192.168.1.2.1015512820.squirrel@probsd.ws> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="MZf7D3rAEoQgPanC" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3744.192.168.1.2.1015512820.squirrel@probsd.ws>; from ms@probsd.ws on Thu, Mar 07, 2002 at 09:53:40AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --MZf7D3rAEoQgPanC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 07, 2002 at 09:53:40AM -0500, Michael Sharp wrote: > If I disable; pseudo-device bpf >=20 > in the kernel, this will prevent my Ethernet Device from going into > Promiscious mode, thus preventing a sniffer from running on my machine > correct? But wont it also kill ipfw functionality? It will not really prevent your Ethernet device from going into promisc mode; all it will do is, it will disable one of the ways userland programs may snoop on (or sniff) packets going through any of your system's network interfaces (not just Ethernet). A Netgraph node or a specially-crafted kernel module could still intercept packets, but yes, disabling the Berkeley packet filter would indeed make it more difficult for the average script kiddie out there. And no, it will not affect ipfw functionality in any way. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. --MZf7D3rAEoQgPanC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjyHf+EACgkQ7Ri2jRYZRVP8ggCfUk4O/5uiL+Q5KeR5AOTl6RV+ MEoAnAx2sTaizqYE6Nbu66/F7LOE/5Up =H2bc -----END PGP SIGNATURE----- --MZf7D3rAEoQgPanC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7: 0:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 164DC37B41C; Thu, 7 Mar 2002 06:59:50 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g27ExoP68069; Thu, 7 Mar 2002 06:59:50 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Thu, 7 Mar 2002 06:59:50 -0800 (PST) Message-Id: <200203071459.g27ExoP68069@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:13 Security Advisory FreeBSD, Inc. Topic: OpenSSH contains exploitable off-by-one bug Category: core, ports Module: openssh, ports_openssh, openssh-portable Announced: 2002-03-07 Credits: Joost Pol Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE FreeBSD 4.5-STABLE prior to the correction date openssh port prior to openssh-3.0.2_1 openssh-portable port prior to openssh-portable-3.0.2p1_1 Corrected: 2002-03-06 13:57:54 UTC (RELENG_4) 2002-03-07 14:40:56 UTC (RELENG_4_5) 2002-03-07 14:40:07 UTC (RELENG_4_4) 2002-03-06 13:53:38 UTC (ports/security/openssh) 2002-03-06 13:53:39 UTC (ports/security/openssh-portable) CVE: CAN-2002-0083 FreeBSD only: NO I. Background OpenSSH is a free version of the SSH protocol suite of network connectivity tools. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. `ssh' is the client application, while `sshd' is the server. II. Problem Description OpenSSH multiplexes `channels' over a single TCP connection in order to implement X11, TCP, and agent forwarding. An off-by-one error in the code which manages channels can result in a reference to memory beyond that allocated for channels. A malicious client or server may be able to influence the contents of the memory so referenced. III. Impact An authorized remote user (i.e. a user that can successfully authenticate on the target system) may be able to cause sshd to execute arbitrary code with superuser privileges. A malicious server may be able to cause a connecting ssh client to execute arbitrary code with the privileges of the client user. IV. Workaround Do one of the following: 1) The FreeBSD malloc implementation can be configured to overwrite or `junk' memory that is returned to the malloc arena. Due to the details of exploiting this bug, configuring malloc to junk memory will thwart the attack. To configure a FreeBSD system to junk memory, execute the following commands as root: # ln -fs J /etc/malloc.conf Note that this option will degrade system performance. See the malloc(3) man page for full details on malloc options. 2) Disable the base system sshd by executing the following command as root: # kill `cat /var/run/sshd.pid` Be sure that sshd is not restarted when the system is restarted by adding the following line to the end of /etc/rc.conf: sshd_enable="NO" AND Deinstall the openssh or openssh-portable ports if you have one of them installed. V. Solution Do one of the following: [For OpenSSH included in the base system] 1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2, or 4.5-STABLE after the correction date and rebuild. 2) FreeBSD 4.x systems prior to the correction date: The following patch has been verified to apply to FreeBSD 4.4-RELEASE, 4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It may or may not apply to older, unsupported versions of FreeBSD. Download the patch and the detached PGP signature from the following locations, and verify the signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc Execute the following commands as root: # cd /usr/src # patch < /path/to/sshd.patch # cd /usr/src/secure/lib/libssh # make depend && make all # cd /usr/src/secure/usr.sbin/sshd # make depend && make all install # cd /usr/src/secure/usr.bin/ssh # make depend && make all install [For the OpenSSH ports] One of the following: 1) Upgrade your entire ports collection and rebuild the OpenSSH port. 2) Deinstall the old package and install a new package obtained from the following directory: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ [other platforms] Packages are not automatically generated for other platforms at this time due to lack of build resources. 3) Download a new port skeleton for the openssh or openssh-portable port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Path Revision Branch - ------------------------------------------------------------------------- [Base system] src/crypto/openssh/channels.c HEAD 1.8 RELENG_4 1.1.1.1.2.6 RELENG_4_5 1.1.1.1.2.5.2.1 RELENG_4_4 1.1.1.1.2.4.4.1 src/crypto/openssh/version.h HEAD 1.10 RELENG_4 1.1.1.1.2.8 RELENG_4_5 1.1.1.1.2.7.2.1 RELENG_4_4 1.1.1.1.2.5.2.2 src/sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.3 RELENG_4_4 1.44.2.17.2.8 [Ports] ports/security/openssh/Makefile 1.81 ports/security/openssh/files/patch-channels.c 1.1 ports/security/openssh-portable/Makefile 1.21 ports/security/openssh-portable/files/patch-channels.c 1.1 - ------------------------------------------------------------------------- Branch Version string - ------------------------------------------------------------------------- HEAD OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4 OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20020307 RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20020307 - ------------------------------------------------------------------------- To view the version string of the OpenSSH server, execute the following command: % /usr/sbin/sshd -\? The version string is also displayed when a client connects to the server. To view the version string of the OpenSSH client, execute the following command: % /usr/bin/ssh -V VII. References The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0083 to this issue. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPId+x1UuHi5z0oilAQGvpAP+NDgcpdZAo8aB2ptAbbS7h3MzJULCnPlN BqnQ+AylR8HTcPt7XduF6Sh8KSpu75Y5uCJcrNvAoF2jmnH3DFa79GY4hEj7VvCl DiAzN3bwcTFBAPWSNaCXK6odyqCjumMOL3drgtibuMHZuQSKn5ZOvNKquVSXuaY+ 86MXQwGukUU= =csOr -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7:19:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by hub.freebsd.org (Postfix) with ESMTP id CFA7937B443; Thu, 7 Mar 2002 07:18:51 -0800 (PST) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.11.6/8.11.4) id g27FI1A19834; Thu, 7 Mar 2002 16:18:01 +0100 (CET) (envelope-from stijn) Date: Thu, 7 Mar 2002 16:18:00 +0100 From: Stijn Hoop To: FreeBSD Security Advisories Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020307161800.J16645@pcwin002.win.tue.nl> References: <200203071459.g27ExoP68069@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ffoCPvUAPMgSXi6H" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200203071459.g27ExoP68069@freefall.freebsd.org>; from security-advisories@freebsd.org on Thu, Mar 07, 2002 at 06:59:50AM -0800 X-Bright-Idea: Let's abolish HTML mail! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ffoCPvUAPMgSXi6H Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wrote: [snip a lot] > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.p= atch [stijn@pcwin002] <~> fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/S= A-02:13/openssh.patch fetch: openssh.patch: File unavailable (e.g., file not found, no access) Or are you guys still busy uploading? --Stijn --=20 I really hate this damned machine I wish that they would sell it. It never does quite what I want But only what I tell it. --ffoCPvUAPMgSXi6H Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8h4SoY3r/tLQmfWcRAuYdAJ9H8FragAk8oahoRyANnMy/uV/FLwCgiLjK X4IpLqDBWrn7vxYd8n1NMBY= =Bq+A -----END PGP SIGNATURE----- --ffoCPvUAPMgSXi6H-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7:21: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from star.rila.bg (star.rila.bg [194.141.1.32]) by hub.freebsd.org (Postfix) with ESMTP id B5C1937B4BD for ; Thu, 7 Mar 2002 07:20:32 -0800 (PST) Received: from star.rila.bg (vlady@localhost [127.0.0.1]) by star.rila.bg (8.11.6/8.11.4) with SMTP id g27FJxp09575 for ; Thu, 7 Mar 2002 17:19:59 +0200 (EET) (envelope-from vlady@rila.bg) Date: Thu, 7 Mar 2002 17:19:59 +0200 From: Vladimir Terziev To: security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-Id: <20020307171959.4212c3fc.vlady@rila.bg> In-Reply-To: <200203071459.g27Exo168082@freefall.freebsd.org> References: <200203071459.g27Exo168082@freefall.freebsd.org> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.7; i386-unknown-freebsd4.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Where is the patch directory? /pub/FreeBSD/CERT/patches/SA-02:13/ on ftp.FreeBSD.org doesn't exist! Vladimir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7:24:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 7C51437B416 for ; Thu, 7 Mar 2002 07:24:24 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id CFC4913668; Thu, 7 Mar 2002 10:23:35 -0500 (EST) Date: Thu, 7 Mar 2002 10:23:35 -0500 From: Chris Faulhaber To: Stijn Hoop Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020307152335.GA82709@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Stijn Hoop , freebsd-security@freebsd.org References: <200203071459.g27ExoP68069@freefall.freebsd.org> <20020307161800.J16645@pcwin002.win.tue.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline In-Reply-To: <20020307161800.J16645@pcwin002.win.tue.nl> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 07, 2002 at 04:18:00PM +0100, Stijn Hoop wrote: > Hi, >=20 > On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wro= te: >=20 > [snip a lot] >=20 > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh= .patch >=20 > [stijn@pcwin002] <~> fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches= /SA-02:13/openssh.patch > fetch: openssh.patch: File unavailable (e.g., file not found, no access) >=20 > Or are you guys still busy uploading? >=20 The patch, advisory, and signatures were placed on ftp-master less than an hour ago and should be sync'd to the ftp servers shortly. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyHhfcACgkQObaG4P6BelBx+gCfQeuGNM+wd5rJC2DhoFrETpLQ 2tMAn0eU79MLcSOblMuvOK4/bd0GhcM+ =hULD -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7:24:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 400E737B404 for ; Thu, 7 Mar 2002 07:24:31 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g27FQ8B68930; Thu, 7 Mar 2002 07:26:08 -0800 (PST) (envelope-from fasty) Date: Thu, 7 Mar 2002 07:26:08 -0800 From: faSty To: Stijn Hoop Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020307072608.A68751@i-sphere.com> References: <200203071459.g27ExoP68069@freefall.freebsd.org> <20020307161800.J16645@pcwin002.win.tue.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020307161800.J16645@pcwin002.win.tue.nl>; from stijn@win.tue.nl on Thu, Mar 07, 2002 at 04:18:00PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi.. same here no file exist in patches directory. :( -trev On Thu, Mar 07, 2002 at 04:18:00PM +0100, Stijn Hoop wrote: > Hi, > > On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wrote: > > [snip a lot] > > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > > [stijn@pcwin002] <~> fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > fetch: openssh.patch: File unavailable (e.g., file not found, no access) > > Or are you guys still busy uploading? > > --Stijn > > -- > I really hate this damned machine > I wish that they would sell it. > It never does quite what I want > But only what I tell it. -- Power, n: The only narcotic regulated by the SEC instead of the FDA. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 7:28:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 07B1537B627 for ; Thu, 7 Mar 2002 07:27:57 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id 534ED59; Thu, 7 Mar 2002 09:27:41 -0600 (CST) Date: Thu, 7 Mar 2002 09:27:41 -0600 From: "Jacques A. Vidrine" To: Stijn Hoop , freebsd-security@freebsd.org Cc: Chris Faulhaber Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-ID: <20020307152741.GZ36653@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Stijn Hoop , freebsd-security@freebsd.org, Chris Faulhaber References: <200203071459.g27ExoP68069@freefall.freebsd.org> <20020307161800.J16645@pcwin002.win.tue.nl> <20020307152335.GA82709@peitho.fxp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020307152335.GA82709@peitho.fxp.org> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 10:23:35AM -0500, Chris Faulhaber wrote: > On Thu, Mar 07, 2002 at 04:18:00PM +0100, Stijn Hoop wrote: > > Hi, > > > > On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wrote: > > > > [snip a lot] > > > > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > > > > [stijn@pcwin002] <~> fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > > fetch: openssh.patch: File unavailable (e.g., file not found, no access) > > > > Or are you guys still busy uploading? > > > > The patch, advisory, and signatures were placed on ftp-master less > than an hour ago and should be sync'd to the ftp servers shortly. Meanwhile, as always, the patch is readily available via CVSweb: That's one reason we include revision numbers in the advisories. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 8:18: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from softwareonly.com (mail.trgco.com [63.226.136.198]) by hub.freebsd.org (Postfix) with SMTP id 88CB037B404 for ; Thu, 7 Mar 2002 08:18:02 -0800 (PST) Received: (qmail 28388 invoked by uid 8); 7 Mar 2002 16:14:53 -0000 Received: from pc-00110.softwareonly.com (192.168.1.110, claiming to be "pato") by mail.softwareonly.com with SMTP id smtpdvOE49z; Thu, 07 Mar 2002 11:14:47 EST Message-ID: <02b101c1c5f3$a26b7280$6e01a8c0@pato> From: "Patrick O'Donnell" To: References: <200203071459.g27ExoP68069@freefall.freebsd.org> <20020307161800.J16645@pcwin002.win.tue.nl> <20020307152335.GA82709@peitho.fxp.org> <20020307152741.GZ36653@hellblazer.nectar.cc> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Date: Thu, 7 Mar 2002 10:17:53 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just got it from the au mirror.... # fetch ftp://ftp.au.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch Receiving openssh.patch (530 bytes): 100% 530 bytes transferred in 0.0 seconds (305.35 kBps) ----- Original Message ----- From: "Jacques A. Vidrine" To: "Stijn Hoop" ; Cc: "Chris Faulhaber" Sent: Thursday, March 07, 2002 9:27 AM Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh > On Thu, Mar 07, 2002 at 10:23:35AM -0500, Chris Faulhaber wrote: > > On Thu, Mar 07, 2002 at 04:18:00PM +0100, Stijn Hoop wrote: > > > Hi, > > > > > > On Thu, Mar 07, 2002 at 06:59:50AM -0800, FreeBSD Security Advisories wrote: > > > > > > [snip a lot] > > > > > > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > > > > > > [stijn@pcwin002] <~> fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > > > fetch: openssh.patch: File unavailable (e.g., file not found, no access) > > > > > > Or are you guys still busy uploading? > > > > > > > The patch, advisory, and signatures were placed on ftp-master less > > than an hour ago and should be sync'd to the ftp servers shortly. > > Meanwhile, as always, the patch is readily available via CVSweb: > > > That's one reason we include revision numbers in the advisories. > Cheers, > -- > Jacques A. Vidrine http://www.nectar.cc/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 8:19:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from h1.net.zone.pl (h1.net.zone.pl [62.233.136.31]) by hub.freebsd.org (Postfix) with ESMTP id C7C5537B420 for ; Thu, 7 Mar 2002 08:19:13 -0800 (PST) Received: from amavis by h1.net.zone.pl with scanned-ok (ESMTP) id 16j0be-0001Mn-00 for security@freebsd.org; Thu, 07 Mar 2002 17:19:02 +0100 Received: from office.net.zone.pl ([62.233.136.18] helo=matrix.office.net.zone.pl) by h1.net.zone.pl with smtp (ESMTP) id 16j0bd-0001Me-00 for security@freebsd.org; Thu, 07 Mar 2002 17:19:01 +0100 Date: Thu, 7 Mar 2002 17:18:51 +0100 From: £ukasz Dudek To: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-Id: <20020307171851.22be7f98.lukasz@zone.pl> In-Reply-To: <200203071459.g27ExoP68069@freefall.freebsd.org> References: <200203071459.g27ExoP68069@freefall.freebsd.org> Organization: ZONE.PL X-Mailer: Sylpheed version 0.7.0claws (GTK+ 1.2.8; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 7 Mar 2002 06:59:50 -0800 (PST) FreeBSD Security Advisories wrote: > > Download the patch and the detached PGP signature from the following > locations, and verify the signature using your PGP utility. > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc why there is no directory SA=02:13 ? pozdr mocart To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 8:40:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 9BCE437B417 for ; Thu, 7 Mar 2002 08:40:31 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id JAA10168 for ; Thu, 7 Mar 2002 09:40:28 -0700 (MST) Message-Id: <4.3.2.7.2.20020307093957.01f65ad0@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 07 Mar 2002 09:40:20 -0700 To: security@FreeBSD.ORG From: Brett Glass Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd like to install OpenSSH 3.1 instead of merely applying the patch. Can this be brought into the ports tree? I could install from the portable OpenSSH source, but of course some subtle changes made for better integration would be missing. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 8:42:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id D945537B402 for ; Thu, 7 Mar 2002 08:42:28 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id 4D4D92DDDB4 for ; Thu, 7 Mar 2002 10:42:21 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g27GgKa66947; Thu, 7 Mar 2002 10:42:20 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 7 Mar 2002 10:42:20 -0600 (CST) Message-Id: <200203071642.g27GgKa66947@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020307161800.J16645_pcwin002.win.tue.nl@ns.sol.net> <20020307152335.GA82709_peitho.fxp.org@ns.sol.net> In-Reply-To: <20020307152335.GA82709_peitho.fxp.org@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh X-Original-Newsgroups: sol.lists.freebsd.security To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <20020307152335.GA82709_peitho.fxp.org@ns.sol.net>, jedgar@fxp.org writes: > > The patch, advisory, and signatures were placed on ftp-master less > than an hour ago and should be sync'd to the ftp servers shortly. Slightly off-topic, but how stable is -STABLE these days? I have boxes that are running 4.5-RELEASE, and serve as firewall/gateways and X workstations. I would upgrade to -STABLE if it really is, but otherwise will go with 4.5-RELEASEp2, for the OpenSSH fix. These boxes are ATA/ATAPI, ICH, PCM, and AGP equipped, and are using the "dc" network drivers; nothing "exotic". I certainly don't mean to insult, but there appears to have been some lapses of late - unless it's been faulty configs by the users/admins - I can't really run a risk. > Chris D. Faulhaber Please reply or CC: me directly, as I'm not subscribed to this list. Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 8:47:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from globalrelay.com (h216-18-71-77.gtcust.grouptelecom.net [216.18.71.77]) by hub.freebsd.org (Postfix) with ESMTP id C4D1837B400 for ; Thu, 7 Mar 2002 08:47:08 -0800 (PST) Received: from [24.83.78.94] (HELO cns) by globalrelay.com (CommuniGate Pro SMTP 3.4.7) with SMTP id 902630 for freebsd-security@freebsd.org; Thu, 07 Mar 2002 08:47:07 -0800 Message-ID: <012f01c1c5f7$ee24fd00$5e4e5318@cns> From: "Eric Parusel" To: Subject: OpenSSH root hole - What version of FreeBSD does it affect? Date: Thu, 7 Mar 2002 08:48:38 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From the advisory: "Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE FreeBSD 4.5-STABLE prior to the correction date openssh port prior to openssh-3.0.2_1 openssh-portable port prior to openssh-portable-3.0.2p1_1" Does this affect FreeBSD's releng_4_3?? Just wondering why there's no mention of it at all... Thanks, Eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 9: 8:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-66-67-16-161.stny.rr.com [66.67.16.161]) by hub.freebsd.org (Postfix) with ESMTP id 7915C37B41D for ; Thu, 7 Mar 2002 09:08:32 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id g27H8SY53764; Thu, 7 Mar 2002 12:08:28 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 7 Mar 2002 12:08:28 -0500 (EST) From: Matt Piechota To: Eric Parusel Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH root hole - What version of FreeBSD does it affect? In-Reply-To: <012f01c1c5f7$ee24fd00$5e4e5318@cns> Message-ID: <20020307120444.L53519-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 7 Mar 2002, Eric Parusel wrote: > >From the advisory: > "Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE > FreeBSD 4.5-STABLE prior to the correction date > openssh port prior to openssh-3.0.2_1 > openssh-portable port prior to > openssh-portable-3.0.2p1_1" > > Does this affect FreeBSD's releng_4_3?? Just wondering why there's > no mention of it at all... Someone else posted OpenSSH 2.0 thru current was affected, so that's a yes (4.3 had openssh, right?) There's probably no mention since 4.3-rel is officially 'unsupported', so it was never tested. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 10:21:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from jgj.org.uk (public1-leed1-4-cust166.leed.broadband.ntl.com [80.0.0.166]) by hub.freebsd.org (Postfix) with SMTP id 11D7837B41E for ; Thu, 7 Mar 2002 10:21:23 -0800 (PST) Received: (qmail 28318 invoked from network); 7 Mar 2002 18:21:31 -0000 Received: from sean.jgj.org.uk (192.168.243.89) by rufus.jgj.org.uk with SMTP; 7 Mar 2002 18:21:31 -0000 Date: Thu, 7 Mar 2002 18:21:21 +0000 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v481) From: James Jeffrey To: security@FreeBSD.ORG Content-Transfer-Encoding: 7bit In-Reply-To: <4.3.2.7.2.20020307093957.01f65ad0@nospam.lariat.org> Message-Id: <1FF73D5A-31F8-11D6-960D-003065A1F05E@jgj.org.uk> X-Mailer: Apple Mail (2.481) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org There probably are some subtle changes I'm missing, but I just built and installed 3.1p1. I set the prefix to /usr built and installed it... so far it seems to be working great. Someone who knows more about this than me - am I missing anything important? thanks, James On Thursday, March 7, 2002, at 04:40 , Brett Glass wrote: > I'd like to install OpenSSH 3.1 instead of merely applying the patch. > Can this be brought into the ports tree? I could install from the > portable OpenSSH source, but of course some subtle changes made for > better integration would be missing. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:18:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mb1i0.ns.pitt.edu (mb1i0.ns.pitt.edu [136.142.186.35]) by hub.freebsd.org (Postfix) with ESMTP id CBEDE37B41A for ; Thu, 7 Mar 2002 11:18:13 -0800 (PST) Received: from ashley5 ("port 4248"@[136.142.94.62]) by pitt.edu (PMDF V5.2-32 #41462) with ESMTP id <01KF2YQZIBZ0002DE9@mb1i0.ns.pitt.edu> for freebsd-security@freebsd.org; Thu, 7 Mar 2002 14:15:47 EST Date: Thu, 07 Mar 2002 14:15:46 -0500 From: Ilya Goldin Subject: SA-02:13 - make depend fails To: freebsd-security@freebsd.org Message-id: <000001c1c60c$7c139590$3e5e8e88@lrdc.pitt.edu> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook, Build 10.0.3416 Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm following the directions applying the SA-02:13 patch, but I get an error. Namely, after > # cd /usr/src/secure/usr.sbin/sshd > # make depend && make all install I get # make depend && make all install make: don't know how to make login_access.c. Stop Any ideas? P.S. running 4.5-RELEASE. Thanks, Ilya -- Ilya Goldin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:22:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 8B27A37B400 for ; Thu, 7 Mar 2002 11:22:07 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id D67E91366A; Thu, 7 Mar 2002 14:22:01 -0500 (EST) Date: Thu, 7 Mar 2002 14:22:01 -0500 From: Chris Faulhaber To: Ilya Goldin Cc: freebsd-security@freebsd.org Subject: Re: SA-02:13 - make depend fails Message-ID: <20020307192201.GA44981@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Ilya Goldin , freebsd-security@freebsd.org References: <000001c1c60c$7c139590$3e5e8e88@lrdc.pitt.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline In-Reply-To: <000001c1c60c$7c139590$3e5e8e88@lrdc.pitt.edu> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 07, 2002 at 02:15:46PM -0500, Ilya Goldin wrote: > I'm following the directions applying the SA-02:13 patch, but I get an > error. Namely, after >=20 > > # cd /usr/src/secure/usr.sbin/sshd > > # make depend && make all install >=20 > I get >=20 > # make depend && make all install > make: don't know how to make login_access.c. Stop >=20 > Any ideas? >=20 The patching instructions assume a full source tree. In this case you appear to not have src/usr.bin/login sources which sshd depends on. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --UugvWAfsgieZRqgk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjyHvdkACgkQObaG4P6BelDTQACfXBiqbkDAxKZh5hayUBax2/DN 9RgAoID1/qkh/Yany1Dqnhb2gEt2vyzP =iF/V -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:50:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from priv-edtnes16-hme0.telusplanet.net (defout.telus.net [199.185.220.240]) by hub.freebsd.org (Postfix) with ESMTP id E270837B42C for ; Thu, 7 Mar 2002 11:50:25 -0800 (PST) Received: from Jeff ([161.184.39.165]) by priv-edtnes16-hme0.telusplanet.net (InterMail vM.5.01.04.02 201-253-122-122-102-20011128) with SMTP id <20020307195025.YMFF5907.priv-edtnes16-hme0.telusplanet.net@Jeff> for ; Thu, 7 Mar 2002 12:50:25 -0700 From: lewwid To: freebsd-security@freebsd.org Date: Thu, 07 Mar 2002 12:50:48 -0700 X-Priority: 3 (Normal) Reply-To: lewwid@telusplanet.net Message-Id: Subject: OpenSSH Updated from base releng_4_5, problem. MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" X-Mailer: Opera 6.01 build 1041 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tag was SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011201 (or whatever) now it's SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20020307. Why is it still showing 2.9 ? I wanted to stay with base but do I need the port? Thanks guys. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:52:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id 85AEE37B404 for ; Thu, 7 Mar 2002 11:52:15 -0800 (PST) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g27JqEG03124 for ; Thu, 7 Mar 2002 13:52:15 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200203071952.g27JqEG03124@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Patched openssh Date: Thu, 07 Mar 2002 13:52:14 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I thought it was a good time to update my ports collection so I got the latest ports.tar.gz file from Freebsd/ports. It appears to have the latest openssh distribution so I figured I would do as little harm as possible to the running system and try a make to be sure it was going to be able to build the new openssh. After that, I could stop the existing sshd and install the new version. I went to /usr/ports/security/openssh and did a make (no install) and here is what happened. ===> Extracting for openssh-3.0.2_1 >> Checksum OK for openssh-3.0.2.tgz. >> Checksum OK for openbsd28_3.0.2.patch. ===> Patching for openssh-3.0.2_1 ===> Applying distribution patches for openssh-3.0.2_1 ===> Applying FreeBSD patches for openssh-3.0.2_1 3 out of 3 hunks failed--saving rejects to channels.c.rej 1 out of 1 hunks failed--saving rejects to channels.h.rej 11 out of 12 hunks failed--saving rejects to session.c.rej >> Patch patch-cookie failed to apply cleanly. >> Patch(es) patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap patch-ar patch-as patch-at patch-au patch-av patch-channels.c applied cleanly. *** Error code 1 Stop in /usr/ports/security/openssh. *** Error code 1 Game over! I must have done something seriously wrong. This is FreeBSD4.4. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:57:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id CCCDF37B400 for ; Thu, 7 Mar 2002 11:57:10 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id 5FCEA44; Thu, 7 Mar 2002 13:57:10 -0600 (CST) Date: Thu, 7 Mar 2002 13:57:10 -0600 From: "Jacques A. Vidrine" To: lewwid Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH Updated from base releng_4_5, problem. Message-ID: <20020307195710.GA41605@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , lewwid , freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 12:50:48PM -0700, lewwid wrote: > Tag was SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20011201 (or whatever) > now it's > SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20020307. > > Why is it still showing 2.9 ? I wanted to stay with base but do I need the port? Because it is still OpenSSH 2.9. However, it is 2.9 with all known bugs fixed, including the one to which the advisory referred. That is why the `localisations' string was bumped: so that one can distinguish it from the unpatched version. -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 11:58: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 69CE437B428 for ; Thu, 7 Mar 2002 11:57:48 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id 1266944; Thu, 7 Mar 2002 13:57:48 -0600 (CST) Date: Thu, 7 Mar 2002 13:57:48 -0600 From: "Jacques A. Vidrine" To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: Patched openssh Message-ID: <20020307195748.GB41605@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Martin McCormick , freebsd-security@FreeBSD.ORG References: <200203071952.g27JqEG03124@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200203071952.g27JqEG03124@dc.cis.okstate.edu> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 01:52:14PM -0600, Martin McCormick wrote: > I thought it was a good time to update my ports > collection so I got the latest ports.tar.gz file from > Freebsd/ports. Did you remove /usr/ports before extracting ports.tar.gz? -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 13:16: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from prserv.net (asmtp1.prserv.net [32.97.166.51]) by hub.freebsd.org (Postfix) with ESMTP id 4E33637B404 for ; Thu, 7 Mar 2002 13:15:51 -0800 (PST) Received: from oemcomputer (207.suda.wash.washdctt.dsl.att.net[12.98.99.207]) by prserv.net (asmtp1) with SMTP id <2002030721154425102kgg2ue> (Authid: dsldg.dsldgs1); Thu, 7 Mar 2002 21:15:44 +0000 Message-ID: <001f01c1c61c$b7b8a580$cf63620c@dsl.att.net> Reply-To: "Derek Gawrys - HydroHosting" From: "Derek Gawrys - HydroHosting" To: Subject: id like to signup Date: Thu, 7 Mar 2002 16:11:57 -0500 Organization: HydroHosting MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001C_01C1C5F2.CE532EC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_001C_01C1C5F2.CE532EC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable please add me thanks Best Regards, Derek Gawrys - Owner HydroHosting Internet Services Voice - 1-866-889-1327 www.HydroHosting.com ------=_NextPart_000_001C_01C1C5F2.CE532EC0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

please add me thanks
 
 
Best Regards,
Derek Gawrys -=20 Owner
HydroHosting Internet Services
Voice - 1-866-889-1327
www.HydroHosting.com ------=_NextPart_000_001C_01C1C5F2.CE532EC0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 13:19:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id 38C7C37B400 for ; Thu, 7 Mar 2002 13:19:50 -0800 (PST) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g27LJnG12274 for ; Thu, 7 Mar 2002 15:19:49 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200203072119.g27LJnG12274@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: Patched openssh Date: Thu, 07 Mar 2002 15:19:49 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Jacques A. Vidrine" writes: >Did you remove /usr/ports before extracting ports.tar.gz? No I did not. After you asked the question, I did and it appears that the build worked this time. I did see one warning at the end of the build which reported: gzip -cn /usr/ports/security/openssh/work/ssh/sftp/../sftp.1 > sftp.1.gz ===> scard uudecode /usr/ports/security/openssh/work/ssh/scard/Ssh.bin.uu Warning: Object directory not changed from original /usr/ports/security/openssh/work/ssh/scard That is the last line printed. This brings up another question. Why did leaving the old ports distribution ruin the new one? When you unpack a tar ball, any file with the same name as an older one clobbers the older file so the only things left from previous distributions would be files that aren't used in the new distribution so they certainly will waste space, but What could have hung around from the old stuff that polluted the new build? Should the new sshd work with the same old keys we are now using? I have a bunch of automated processes that would at least temporarily break if I had to remake keys or the system key changed. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 13:47:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from patrocles.silby.com (d133.as21.nwbl0.wi.voyager.net [169.207.139.199]) by hub.freebsd.org (Postfix) with ESMTP id CBDA137B404 for ; Thu, 7 Mar 2002 13:47:09 -0800 (PST) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.2/8.12.2) with ESMTP id g27FpVNu003945; Thu, 7 Mar 2002 15:51:31 GMT (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.2/8.12.2/Submit) with ESMTP id g27FpPPP003942; Thu, 7 Mar 2002 15:51:30 GMT X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Thu, 7 Mar 2002 15:51:25 +0000 (GMT) From: Mike Silbersack To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: Patched openssh In-Reply-To: <200203072119.g27LJnG12274@dc.cis.okstate.edu> Message-ID: <20020307155037.M3443-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 7 Mar 2002, Martin McCormick wrote: > This brings up another question. Why did leaving the old > ports distribution ruin the new one? When you unpack a tar ball, > any file with the same name as an older one clobbers the older > file so the only things left from previous distributions would be > files that aren't used in the new distribution so they certainly > will waste space, but What could have hung around from the old > stuff that polluted the new build? If there are fewer patches now than there were before, some old patches might survive. Presumably, these old patches would not apply correctly, which is what your previous error indicated. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 15: 7:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.rdsnet.ro [213.157.163.8]) by hub.freebsd.org (Postfix) with SMTP id D512937B400 for ; Thu, 7 Mar 2002 15:07:36 -0800 (PST) Received: (qmail 89803 invoked by uid 666); 7 Mar 2002 23:07:28 -0000 Date: Fri, 8 Mar 2002 01:07:28 +0200 From: Alex Popa To: freebsd-security@freebsd.org Subject: ssh version string Message-ID: <20020308010728.A82325@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. I finished a build/installworld on -stable a few hours ago, and I noticed that the ssh version string had not been bumped at the moment I did the cvsup, however the fix *is* in channels.c. next is output from ls; times are UTC+2 -rw-r--r-- 1 root wheel 74727 Mar 7 19:11 channels.c -rw-r--r-- 1 root wheel 11705 Feb 3 16:29 channels.h -rw-r--r-- 1 root wheel 2061 Sep 28 04:33 version.c -rw-r--r-- 1 root wheel 431 Feb 3 16:29 version.h So I seem to have caught the moment between the updating of channels.c and version.h. [confirmed: a new cvsup changed just version.h, not the rest] This is useful to use as a honeypot-like system. I wonder if you could tell me what the signs of trying to exploit the (now fixed) vulnerability are, so I could pay extra care with those. Thank you Alex ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 15:41:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from router.drapple.com (12-225-2-26.client.attbi.com [12.225.2.26]) by hub.freebsd.org (Postfix) with ESMTP id 5663C37B417 for ; Thu, 7 Mar 2002 15:41:48 -0800 (PST) Received: from work.drapple.com (work [192.168.1.10]) by router.drapple.com (8.9.3/8.9.3) with ESMTP id PAA03521 for ; Thu, 7 Mar 2002 15:41:00 -0800 (PST) (envelope-from mark@work.drapple.com) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200203071459.g27ExoP68069@freefall.freebsd.org> Date: Thu, 07 Mar 2002 15:41:47 -0800 (PST) From: Mark Hartley To: freebsd-security@freebsd.org Subject: RE: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > The following patch has been verified to apply to FreeBSD 4.4-RELEASE, > 4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It > may or may not apply to older, unsupported versions of FreeBSD. > > Download the patch and the detached PGP signature from the following > locations, and verify the signature using your PGP utility. > ># fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch ># fetch ># ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc > > Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/sshd.patch ># cd /usr/src/secure/lib/libssh ># make depend && make all ># cd /usr/src/secure/usr.sbin/sshd ># make depend && make all install ># cd /usr/src/secure/usr.bin/ssh ># make depend && make all install OK, I followed what the advisory said, and I ran the patch. It seems to have applied fine, but it did not update src/crypto/openssh/version.h, so that it (sshd) still reports itself as the older version. It seems to me that this might cause some confusion for people in knowing if they've patched their systems or not. Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 18: 2:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id C163F37B417 for ; Thu, 7 Mar 2002 18:02:22 -0800 (PST) Received: by gw.nectar.cc (Postfix, from userid 1001) id 6960D59; Thu, 7 Mar 2002 20:02:22 -0600 (CST) Date: Thu, 7 Mar 2002 20:02:22 -0600 From: "Jacques A. Vidrine" To: Alex Popa Cc: freebsd-security@freebsd.org Subject: Re: ssh version string Message-ID: <20020308020222.GB41852@hellblazer.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Alex Popa , freebsd-security@freebsd.org References: <20020308010728.A82325@ldc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020308010728.A82325@ldc.ro> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 08, 2002 at 01:07:28AM +0200, Alex Popa wrote: > Hello. I finished a build/installworld on -stable a few hours ago, and > I noticed that the ssh version string had not been bumped at the moment > I did the cvsup, however the fix *is* in channels.c. > > next is output from ls; times are UTC+2 > -rw-r--r-- 1 root wheel 74727 Mar 7 19:11 channels.c > -rw-r--r-- 1 root wheel 11705 Feb 3 16:29 channels.h > -rw-r--r-- 1 root wheel 2061 Sep 28 04:33 version.c > -rw-r--r-- 1 root wheel 431 Feb 3 16:29 version.h > > So I seem to have caught the moment between the updating of channels.c > and version.h. [confirmed: a new cvsup changed just version.h, not the > rest] That's no surprise. For FreeBSD-CURRENT and FreeBSD-STABLE there were large windows of time (approximately 2 and 1 days respectively) between the update to channels.c and the update to version.h. For the security branches, the window was only for a few seconds. > This is useful to use as a honeypot-like system. I wonder if you could > tell me what the signs of trying to exploit the (now fixed) > vulnerability are, so I could pay extra care with those. I cannot. There are no publicly available exploits at this time. I suspect you'd see something similar to previous types of attacks ... lots of sshd's dying as the exploit hunted for the right payload, but I cannot be certain. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 18:21:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from shell-0.anet.com (shell-0.anet.com [207.112.196.106]) by hub.freebsd.org (Postfix) with ESMTP id 162EA37B405; Thu, 7 Mar 2002 18:21:35 -0800 (PST) Received: from localhost (circut@localhost) by shell-0.anet.com (8.9.3/8.9.3) with ESMTP id UAA02932; Thu, 7 Mar 2002 20:23:10 -0600 (CST) Date: Thu, 7 Mar 2002 20:23:09 -0600 (CST) From: circut@anet.com To: "Jacques A. Vidrine" Cc: Alex Popa , Subject: Re: ssh version string In-Reply-To: <20020308020222.GB41852@hellblazer.nectar.cc> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You all need to check out this ssh article to learn about ssh and features and stuff. http://zeus.anet.com/~circut/Phrak.txt Then if your questions arent answerd then good luck. :~Short_circut~: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 20: 1:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14803.mail.yahoo.com (web14803.mail.yahoo.com [216.136.224.219]) by hub.freebsd.org (Postfix) with SMTP id D99D737B402 for ; Thu, 7 Mar 2002 20:01:30 -0800 (PST) Message-ID: <20020308040130.88177.qmail@web14803.mail.yahoo.com> Received: from [68.60.199.48] by web14803.mail.yahoo.com via HTTP; Thu, 07 Mar 2002 20:01:30 PST Date: Thu, 7 Mar 2002 20:01:30 -0800 (PST) From: krzysztof Strzelczyk Subject: suspicious ssh logs To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I am getting some suspicious logs in /var/log/messages and also in my httpd logs. Since the ssh exploit went public today this worries me. Here are the logs, can anyone clarify. messages: Mar 7 17:58:10 server sshd[8783]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:21 server sshd[8786]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:36 server sshd[8791]: fatal: Local: Corrupted check bytes on input. Mar 7 17:58:51 server sshd[8798]: fatal: Local: Corrupted check bytes on input. httpd log: (It looks like maybe someone is trying to run scripts that aren't really there?) [Thu Mar 7 22:04:02 2002] [error] [client 195.252.149.234] File does not exist: /usr/local/www/data/default.ida [Thu Mar 7 22:18:41 2002] [error] [client 144.134.227.126] File does not exist: /usr/local/www/data/gall/kellyashton/gall1.shtml [Thu Mar 7 22:23:05 2002] [error] [client 67.201.235.198] File does not exist: /usr/local/www/data/gall/nia/gall1.shtml [Thu Mar 7 22:36:08 2002] [error] [client 68.60.16.31] File does not exist: /usr/local/www/data/default.ida Thanks -Chris __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 20: 9:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id A641C37B416 for ; Thu, 7 Mar 2002 20:09:06 -0800 (PST) Received: (qmail 3526 invoked by uid 1001); 8 Mar 2002 04:08:21 -0000 Date: Thu, 7 Mar 2002 23:08:21 -0500 From: "Peter C. Lai" To: krzysztof Strzelczyk Cc: freebsd-security@freebsd.org Subject: Re: suspicious ssh logs Message-ID: <20020307230821.A3464@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020308040130.88177.qmail@web14803.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020308040130.88177.qmail@web14803.mail.yahoo.com>; from cs052279@yahoo.com on Thu, Mar 07, 2002 at 08:01:30PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 08:01:30PM -0800, krzysztof Strzelczyk wrote: > Hello, > > I am getting some suspicious logs in /var/log/messages > and also in my httpd logs. Since the ssh exploit went > public today this worries me. > > Here are the logs, can anyone clarify. > > messages: > > Mar 7 17:58:10 server sshd[8783]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:21 server sshd[8786]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:36 server sshd[8791]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:51 server sshd[8798]: fatal: Local: > Corrupted check bytes on input. > > httpd log: (It looks like maybe someone is trying to > run scripts that aren't really there?) > > [Thu Mar 7 22:04:02 2002] [error] [client > 195.252.149.234] File does not exist: > /usr/local/www/data/default.ida > [Thu Mar 7 22:18:41 2002] [error] [client > 144.134.227.126] File does not exist: > /usr/local/www/data/gall/kellyashton/gall1.shtml > [Thu Mar 7 22:23:05 2002] [error] [client > 67.201.235.198] File does not exist: > /usr/local/www/data/gall/nia/gall1.shtml > [Thu Mar 7 22:36:08 2002] [error] [client > 68.60.16.31] File does not exist: > /usr/local/www/data/default.ida > The .ida one is the standard nimda/codered attack. sounds like someone clobbered your address with whatever site has /gall (i've had that happen a few times) dunno about the sshd entries... > > Thanks > -Chris > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 20:49:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id D01A837B400 for ; Thu, 7 Mar 2002 20:49:13 -0800 (PST) Received: from noc2 (dial-18.kl.TerraNova.net [216.89.227.19]) by imation.homenetweb.com (8.12.2/8.12.2) with SMTP id g284mwhA000606; Thu, 7 Mar 2002 23:49:00 -0500 (EST) Message-ID: <000b01c1c65c$4814d420$0101a8c0@noc2> From: "Richard Ward" To: "krzysztof Strzelczyk" , References: <20020308040130.88177.qmail@web14803.mail.yahoo.com> Subject: Re: suspicious ssh logs Date: Thu, 7 Mar 2002 23:46:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That message would most likely indicated a scan in progress. If you've already patched OpenSSH, you shouldn't have to worry. It might be worth looking through your traffic logs and finding out which IP address that came from. I've been receiving a lot of connections from machines scanning for the vulnerability. And Mr. Lai is correct. There are surprisingly quite a few exploited Windows machines whom are still scanning from the Nimda/Code Red worm. If you find yourself with nothing better to do, start up MRTG and make fun graphs of all the attempts the worms make to find Microsoft IIS. -- Richard Ward, GM Home Net Web, Inc. http://homenetweb.com ----- Original Message ----- From: krzysztof Strzelczyk To: Sent: Thursday, March 07, 2002 11:01 PM Subject: suspicious ssh logs > Hello, > > I am getting some suspicious logs in /var/log/messages > and also in my httpd logs. Since the ssh exploit went > public today this worries me. > > Here are the logs, can anyone clarify. > > messages: > > Mar 7 17:58:10 server sshd[8783]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:21 server sshd[8786]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:36 server sshd[8791]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:51 server sshd[8798]: fatal: Local: > Corrupted check bytes on input. > > httpd log: (It looks like maybe someone is trying to > run scripts that aren't really there?) > > [Thu Mar 7 22:04:02 2002] [error] [client > 195.252.149.234] File does not exist: > /usr/local/www/data/default.ida > [Thu Mar 7 22:18:41 2002] [error] [client > 144.134.227.126] File does not exist: > /usr/local/www/data/gall/kellyashton/gall1.shtml > [Thu Mar 7 22:23:05 2002] [error] [client > 67.201.235.198] File does not exist: > /usr/local/www/data/gall/nia/gall1.shtml > [Thu Mar 7 22:36:08 2002] [error] [client > 68.60.16.31] File does not exist: > /usr/local/www/data/default.ida > > > Thanks > -Chris > > __________________________________________________ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 20:51:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 5040037B405 for ; Thu, 7 Mar 2002 20:51:42 -0800 (PST) Received: from randy by rip.psg.com with local (Exim 4.00) id 16jCLp-000GS0-00; Thu, 07 Mar 2002 20:51:29 -0800 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Brett Glass Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh Message-Id: Date: Thu, 07 Mar 2002 20:51:29 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I'd like to install OpenSSH 3.1 instead of merely applying the patch. cd /usr/ports/security/openssh-portable make clean make -DOPENSSH_OVERWRITE_BASE make -DOPENSSH_OVERWRITE_BASE install To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 21:56:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14805.mail.yahoo.com (web14805.mail.yahoo.com [216.136.224.221]) by hub.freebsd.org (Postfix) with SMTP id 2571E37B402 for ; Thu, 7 Mar 2002 21:56:40 -0800 (PST) Message-ID: <20020308055639.62629.qmail@web14805.mail.yahoo.com> Received: from [68.60.199.48] by web14805.mail.yahoo.com via HTTP; Thu, 07 Mar 2002 21:56:39 PST Date: Thu, 7 Mar 2002 21:56:39 -0800 (PST) From: krzysztof Strzelczyk Subject: Code Red?? To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I've been going through docs and all signs indicate that this is a system infected with code red. [Fri Mar 8 00:00:50 2002] [error] [client 195.218.232.26] File does not exist: /usr/local/www/data/default.ida [Fri Mar 8 00:06:47 2002] [error] [client 217.128.238.66] File does not exist: /usr/local/www/data/default.ida [Fri Mar 8 00:09:46 2002] [error] [client 24.61.208.188] File does not exist: /usr/local/www/data/default.ida [Fri Mar 8 00:17:40 2002] [error] [client 61.132.208.81] File does not exist: /usr/local/www/data/default.ida [Fri Mar 8 00:26:55 2002] [notice] caught SIGTERM, shutting down If so, does anybody know how to break this down? Back to docs for me...... Thanks in advance -Chris __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 7 22: 3:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id C239D37B400 for ; Thu, 7 Mar 2002 22:03:46 -0800 (PST) Received: from boredom (dickie.ST.HMC.Edu [134.173.59.94]) by odin.ac.hmc.edu (8.11.0/8.11.0) with SMTP id g2863k829023; Thu, 7 Mar 2002 22:03:46 -0800 Message-ID: <000401c1c666$e87b19b0$5e3bad86@boredom> From: "Jeff Jirsa" To: "krzysztof Strzelczyk" , References: <20020308055639.62629.qmail@web14805.mail.yahoo.com> Subject: Re: Code Red?? Date: Thu, 7 Mar 2002 22:03:03 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello, > > I've been going through docs and all signs > indicate that this is a system infected with code red. Heh, no. > [Fri Mar 8 00:00:50 2002] [error] [client > 195.218.232.26] File does not exist: > /usr/local/www/data/default.ida > [Fri Mar 8 00:06:47 2002] [error] [client > 217.128.238.66] File does not exist: > /usr/local/www/data/default.ida > [Fri Mar 8 00:09:46 2002] [error] [client > 24.61.208.188] File does not exist: > /usr/local/www/data/default.ida > [Fri Mar 8 00:17:40 2002] [error] [client > 61.132.208.81] File does not exist: > /usr/local/www/data/default.ida > [Fri Mar 8 00:26:55 2002] [notice] caught SIGTERM, > shutting down > > If so, does anybody know how to break this down? You're slightly misled. The default.ida scans are probably looking for a vulnerable IIS server, but apache certainly isn't vulerable. It happens almost daily, to everyone (Its happened 73 times to me, since my logs were rotated last): # ~ : grep default.ida /usr/local/etc/apache/logs/httpd-access-log | wc -l 73 The message you're seeing is apache not finding the file default.ida (it would return 404 to the client). It's nothing to be worried about (annoyed, irritated, maybe, but not worried). I'm assuming the term signal was something unrelated, like a planned shutdown. - Jeff Jirsa jjirsa@hmc.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 2:42:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.voljatel.si (mail.voljatel.si [217.72.64.15]) by hub.freebsd.org (Postfix) with ESMTP id 4282B37B404 for ; Fri, 8 Mar 2002 02:42:17 -0800 (PST) Received: from pxna.hide.voljatel.si (pehta.voljatel.si [217.72.64.8]) by mail.voljatel.si (Postfix) with SMTP id 72ADC53503 for ; Fri, 8 Mar 2002 11:42:15 +0100 (CET) Date: Fri, 8 Mar 2002 11:44:26 +0100 From: Damir Horvat To: freebsd-security@freebsd.org Subject: openssh 3.1 port broken? Message-Id: <20020308114426.29c0d676.damir@voljatel.si> Reply-To: damir@voljatel.si Organization: Voljatel telekomunikacije d.d. X-Mailer: Sylpheed version 0.7.2 (GTK+ 1.2.10; i386-portbld-freebsd4.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! I've just updated security ports and got this error while compilig openssh 3.1: --- install -c -m 444 -o root -g wheel Ssh.bin /usr/local/lib ===> Generating temporary packing list >> Generating an RSA1 secret host key. /usr/local/bin/ssh-keygen -N "" -f /usr/local/etc/ssh_host You must specify a key type (-t). Usage: ssh-keygen [options] Stop in /usr/ports/security/openssh. *** Error code 1 Stop in /usr/ports/security/openssh. *** Error code 1 Stop in /usr/ports/security/openssh. --- bash-2.05a$ uname -a FreeBSD pxna.hide.voljatel.si 4.4-RELEASE FreeBSD 4.4-RELEASE #2: Tue Mar 5 10:01:44 CET 2002 damir@voljatel.si:/usr/src/sys/compile/PXNA i386 regards, Damir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 2:45:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id E896D37B404 for ; Fri, 8 Mar 2002 02:45:54 -0800 (PST) Received: (qmail 5427 invoked by uid 1001); 8 Mar 2002 10:45:06 -0000 Date: Fri, 8 Mar 2002 05:45:06 -0500 From: "Peter C. Lai" To: Damir Horvat Cc: freebsd-security@freebsd.org Subject: Re: openssh 3.1 port broken? Message-ID: <20020308054506.B5374@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020308114426.29c0d676.damir@voljatel.si> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020308114426.29c0d676.damir@voljatel.si>; from damir@voljatel.si on Fri, Mar 08, 2002 at 11:44:26AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You are using the options to overwrite the base installation of ssh? It looks like it's trying to generate a key, but usually, the port make prevents that since it doesn't want to clobber your existing one. (or something like that) On Fri, Mar 08, 2002 at 11:44:26AM +0100, Damir Horvat wrote: > Hello! > > I've just updated security ports and got this error while > compilig openssh 3.1: > > --- > install -c -m 444 -o root -g wheel Ssh.bin /usr/local/lib > ===> Generating temporary packing list > >> Generating an RSA1 secret host key. > /usr/local/bin/ssh-keygen -N "" -f /usr/local/etc/ssh_host > You must specify a key type (-t). > Usage: ssh-keygen [options] > > Stop in /usr/ports/security/openssh. > *** Error code 1 > > Stop in /usr/ports/security/openssh. > *** Error code 1 > > Stop in /usr/ports/security/openssh. > --- > > bash-2.05a$ uname -a > FreeBSD pxna.hide.voljatel.si 4.4-RELEASE FreeBSD 4.4-RELEASE #2: Tue Mar > 5 10:01:44 CET 2002 > damir@voljatel.si:/usr/src/sys/compile/PXNA i386 > > regards, > Damir > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 5: 6:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from terral.com.br (ATuileries-102-2-3-159.abo.wanadoo.fr [217.128.18.159]) by hub.freebsd.org (Postfix) with SMTP id 1017337B41D; Fri, 8 Mar 2002 05:04:38 -0800 (PST) From: =?iso-8859-1?Q?L&C_Inform=E1tica?= Subject: =?iso-8859-1?B?UHJvbW/n428=?= Date: Fri, 8 Mar 2002 09:23:53 -0300 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_002A_01C1C682.F8F46960" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020308130438.1017337B41D@hub.freebsd.org> To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_002A_01C1C682.F8F46960 Content-Type: multipart/alternative; boundary="----=_NextPart_001_002B_01C1C682.F8F46960" ------=_NextPart_001_002B_01C1C682.F8F46960 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Processadores e Motherboards Intel! =20 Processador Pre=E7o Garantia=20 Processador Intel Celeron FC-PGA 766Mhz-BOX R$ 225,00 3 anos = =20 Processador Intel Celeron FC-PGA 1000Mhz TUALATIN BOX R$ = 338,00=20 Processador Intel Celeron FC-PGA 1100Mhz TUALATIN BOX R$ = 390,00=20 Processador Intel Celeron FC-PGA 1200Mhz TUALATIN BOX R$ = 416,00=20 Processador Intel Pentium III 800/100MHz FCPGA Bandeja R$ = 436,00 1 ano =20 Processador Intel Pentium III 850/100MHz FCPGA Bandeja R$ = 449,00=20 Processador Intel Pentium III 933MHz FCPGA BOX R$ 533,00 3 = anos=20 Processador Intel Pentium III 1Ghz FCPGA BOX 133Mhz R$ = 579,00=20 Processador Intel Pentium 4 - 1.4Ghz PGA BOX 423P R$ 540,00=20 Processador Intel Pentium 4 - 1.5 Ghz PGA BOX 423P R$ 610,00 = Processador Intel Pentium 4 - 1.9 Ghz BOX 478P R$ 1.095,00=20 Placa M=E3e Pre=E7o Garantia=20 Placa Intel D845HVL Pentium 4 som e LAN R$ 595,00 3 anos=20 Placa Intel D850GBCAL Pentium 4 som e LAN R$ 670,00=20 Placa Intel D850MVL Pentium 4 som e LAN R$ 688,00=20 Placa Intel Server Dual L440GXG R$ 1.359,00=20 CD/Rom e Gravadora LG =20 =20 CD Rom Pre=E7o Garantia=20 CD ROM DRIVE LG CRD-8521B OEM 52X IDE R$ 129,00 = 1 ano=20 CDRW Pre=E7o Garantia=20 16W/10RW/40R IDE BOX R$ 445,00 1 ano=20 Discos R=EDgidos IDE=20 Mod. Pre=E7o Garantia =20 Maxtor IDE 10.2 GB ATA 100 SLIM R$ = 312,00 1 ano =20 Maxtor IDE 20.4 GB ATA 100 SLIM R$ = 335,00 1 ano=20 Maxtor IDE 40 GB ATA 100 R$ 370,00 1 = ano=20 =20 =20 Garantia Toda e qualquer mercadoria que por = ventura venha a se encaixar nas cita=E7=F5es a seguir, ter=E3o sua = garantia invalidada e ser=E3o automaticamente RECUSADAS por nossa = empresa;=20 Lacre violado e ou rasurado;=20 Prazo de garantia vencido ;=20 Dano f=EDsico (Batido, queimado, = riscado, quebrado, entortado);=20 Precedente suspeito e ou = desconhecido;=20 =20 =20 Devolu=E7=F5es somente ser=E3o efetuadas = se:=20 A mercadoria estiver em perfeitas = condi=E7=F5es de uso (assim como saiu da loja);=20 A mercadoria estiver com sua = embalagem e acess=F3rios originais;=20 O respons=E1vel pela mercadoria = estiver portando sua respectiva NOTA FISCAL DE COMPRA;=20 =20 =20 Pagamento =E0 vista em Reais =20 Para saber mais, ligue para a L&C Inform=E1tica: = (19)3432-3900=20 Piracicaba - SP suacompra@ig.com.br Caso voc=EA n=E3o queira mais receber nossos = e-mail de um "REPLY" com o "SUBJECT" "REMOVER" =20 =20 =20 =20 ------=_NextPart_001_002B_01C1C682.F8F46960 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 

Processadores e Motherboards = Intel!
Processador
Pre=E7o
Garantia
Processador Intel Celeron = FC-PGA=20 766Mhz-BOX
R$ = 225,00
3 anos =
Processador Intel Celeron = FC-PGA=20 1000Mhz TUALATIN BOX
R$ 338,00
Processador Intel Celeron = FC-PGA=20 1100Mhz TUALATIN BOX
R$ 390,00
Processador Intel Celeron = FC-PGA=20 1200Mhz TUALATIN BOX
R$ 416,00
Processador Intel Pentium = III=20 800/100MHz FCPGA Bandeja
R$ 436,00
1 ano =
Processador Intel Pentium = III=20 850/100MHz FCPGA Bandeja
R$ 449,00
Processador Intel Pentium = III 933MHz=20 FCPGA BOX
R$ 533,00
3 = anos
Processador Intel Pentium = III 1Ghz=20 FCPGA BOX 133Mhz
R$ 579,00
Processador Intel Pentium = 4 - 1.4Ghz=20 PGA BOX 423P
R$ 540,00
Processador Intel Pentium = 4 - 1.5 Ghz=20 PGA BOX 423P
R$ 610,00
Processador Intel Pentium = 4 - 1.9 Ghz=20 BOX 478P
R$ 1.095,00
Placa=20 M=E3e
Pre=E7o
Garantia
Placa Intel D845HVL = Pentium 4 som e=20 LAN
R$ 595,00
3 = anos
Placa Intel D850GBCAL = Pentium 4 som e=20 LAN
R$ 670,00
Placa Intel D850MVL = Pentium 4 som e=20 LAN
R$ 688,00
Placa Intel Server Dual=20 L440GXG
R$ 1.359,00


CD/Rom  e Gravadora=20 LG

CD Rom =
Pre=E7o Garantia
CD ROM DRIVE LG = CRD-8521B OEM 52X=20 IDE  R$=20 129,00 1=20 ano
CDRW =
Pre=E7o Garantia
16W/10RW/40R IDE=20 BOX  R$=20 445,00 1=20 ano
Discos = R=EDgidos=20 IDE
Mod. =
Pre=E7o=20

Garantia

Maxtor IDE 10.2 = GB ATA 100=20 SLIM
R$ = 312,00=20

1=20 ano

Maxtor IDE 20.4 = GB ATA 100=20 SLIM
 R$ = 335,00=20
1 = ano
Maxtor IDE 40 = GB ATA=20 100
 R$ = 370,00=20
1=20 = ano
 <= /TD>
Garantia=20
Toda e qualquer mercadoria que = por ventura=20 venha a se encaixar nas cita=E7=F5es a = seguir, ter=E3o=20 sua garantia invalidada e ser=E3o = automaticamente=20 RECUSADAS por=20 nossa empresa;
=
  Lacre violado e ou=20 rasurado;
=
  Prazo de garantia vencido=20 ;
=
  Dano f=EDsico (Batido, = queimado, riscado,=20 quebrado, = entortado);
=
  Precedente suspeito e ou=20 = desconhecido;
 
Devolu=E7=F5es somente ser=E3o = efetuadas=20 se:
=
  A mercadoria = estiver em=20 perfeitas condi=E7=F5es de uso (assim = como saiu da=20 loja);
=
  A mercadoria = estiver com=20 sua embalagem e acess=F3rios=20 originais;
=
  O respons=E1vel = pela=20 mercadoria estiver portando sua = respectiva NOTA=20 FISCAL DE=20 = COMPRA;

 

Pagamento =E0 = vista em=20 = Reais

Para saber = mais, ligue=20 para a L&C Inform=E1tica:  = (19)3432-3900=20
Piracicaba - SP
 suacompra@ig.com.br

Caso voc=EA = n=E3o queira mais=20 receber nossos e-mail de um "REPLY" com o = "SUBJECT"=20 "REMOVER"

=

 

------=_NextPart_001_002B_01C1C682.F8F46960-- ------=_NextPart_000_002A_01C1C682.F8F46960 Content-Type: application/octet-stream; name="ball.jpg" Content-Transfer-Encoding: base64 Content-Location: http://www.compubras.com/img/ball.jpg /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4ADkFkb2JlAGTAAAAAAf/b AIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxsc Hx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f Hx8fHx8fHx8fHx8fHx8fHx8f/8AAEQgADgAOAwERAAIRAQMRAf/EAHIAAQEBAAAAAAAAAAAAAAAA AAQFBwEAAwEAAAAAAAAAAAAAAAAAAQIDBRAAAAUCBAQHAAAAAAAAAAAAAQISAwQhBwARMRQiBQYW UWFxYhMjJBEAAQMCBgMAAAAAAAAAAAAAEgARAgEDIWGBQhQFEyME/9oADAMBAAIRAxEAPwDZbwXc i28hxHHGQdfmg4LKwMJc28qcIlqKvHG103VU+uUikMYM+qncmKMW8hjWTPcgOXfaRpQwFCle4CPm rVGYq9MR4Vrl+E/WTFkiVRdsVbuYW2ZuWsB14eKSEv8AOMvRftoOM+2e19E1UwA6E7FMAGjdobfi NTb/AAU8tMJi+aK//9k= ------=_NextPart_000_002A_01C1C682.F8F46960-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 6:34: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from zeno.cirqular.com (zeno.sopko.net [209.195.183.243]) by hub.freebsd.org (Postfix) with ESMTP id D401737B405 for ; Fri, 8 Mar 2002 06:34:04 -0800 (PST) Received: from thematrixhasyou (3.nwkn1.xdsl.nauticom.net [209.195.175.164]) by zeno.cirqular.com (Postfix) with ESMTP id 8426F46D for ; Fri, 8 Mar 2002 09:49:23 -0500 (EST) From: "Jason Sopko" To: Subject: RE: openssh 3.1 port broken? Date: Fri, 8 Mar 2002 09:34:53 -0500 Message-ID: <000601c1c6ae$69dc29d0$1c00a8c0@thematrixhasyou> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <20020308114426.29c0d676.damir@voljatel.si> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Edit the Makefile in the openssh ports and modify line 106 to the following: ${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${PREFIX}/etc/ssh_host_key You just need to add '-t rsa1' to the line, that is all that needs changed. I had the same problem and this worked for me. ///Jason -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Damir Horvat Sent: Friday, March 08, 2002 5:44 AM To: freebsd-security@freebsd.org Subject: openssh 3.1 port broken? Hello! I've just updated security ports and got this error while compilig openssh 3.1: --- install -c -m 444 -o root -g wheel Ssh.bin /usr/local/lib ===> Generating temporary packing list >> Generating an RSA1 secret host key. /usr/local/bin/ssh-keygen -N "" -f /usr/local/etc/ssh_host You must specify a key type (-t). Usage: ssh-keygen [options] Stop in /usr/ports/security/openssh. *** Error code 1 Stop in /usr/ports/security/openssh. *** Error code 1 Stop in /usr/ports/security/openssh. --- bash-2.05a$ uname -a FreeBSD pxna.hide.voljatel.si 4.4-RELEASE FreeBSD 4.4-RELEASE #2: Tue Mar 5 10:01:44 CET 2002 damir@voljatel.si:/usr/src/sys/compile/PXNA i386 regards, Damir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 6:37:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from citi.umich.edu (citi.umich.edu [141.211.92.141]) by hub.freebsd.org (Postfix) with ESMTP id 1E26537B405 for ; Fri, 8 Mar 2002 06:37:52 -0800 (PST) Received: by citi.umich.edu (Postfix, from userid 104123) id 4394F207C1; Fri, 8 Mar 2002 09:37:47 -0500 (EST) Date: Fri, 8 Mar 2002 09:37:47 -0500 From: Niels Provos To: krzysztof Strzelczyk Cc: freebsd-security@freebsd.org Subject: Re: suspicious ssh logs Message-ID: <20020308143746.GY10142@citi.citi.umich.edu> Mail-Followup-To: krzysztof Strzelczyk , freebsd-security@freebsd.org References: <20020308040130.88177.qmail@web14803.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020308040130.88177.qmail@web14803.mail.yahoo.com> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 07, 2002 at 08:01:30PM -0800, krzysztof Strzelczyk wrote: > Mar 7 17:58:10 server sshd[8783]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:21 server sshd[8786]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:36 server sshd[8791]: fatal: Local: > Corrupted check bytes on input. > Mar 7 17:58:51 server sshd[8798]: fatal: Local: > Corrupted check bytes on input. The logs indicates that somebody is trying to exploit the crc32 deattach problem that has been fixed in OpenSSH in November 2000, IIRC. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 12:36:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from stealth.extremenetworkz.net (ns1.extremenetworkz.net [198.92.229.84]) by hub.freebsd.org (Postfix) with ESMTP id 1352E37B404 for ; Fri, 8 Mar 2002 12:36:50 -0800 (PST) Received: from rogue (e0g1xj7y.erin.utoronto.ca [142.150.146.31]) by stealth.extremenetworkz.net (8.11.6/8.11.6) with SMTP id g28Kc0X90144 for ; Fri, 8 Mar 2002 14:38:01 -0600 (CST) (envelope-from maxmouse@maxmouse.org) Message-ID: <015001c1c6e0$85247ee0$1f92968e@maxmouse.org> Reply-To: "Max Mouse" From: "Max Mouse" To: Subject: PHP 4.1.2 Date: Fri, 8 Mar 2002 15:33:31 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey hey, After reading the security risks of anything previous to php 4.1.2, I upgraded my ports so I could install the lastest version. I have the following problem during the make: [root@stealth:/usr/ports/www/mod_php4]# make ===> Building for mod_php4-4.1.2 make: cannot open Makefile. *** Error code 2 The file doesn't exists. I'm not sure why. Any ideas? Max To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 12:46:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 8E52C37B419 for ; Fri, 8 Mar 2002 12:46:38 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020308204638.IGN2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Fri, 8 Mar 2002 20:46:38 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g28KkbM13683; Fri, 8 Mar 2002 12:46:37 -0800 (PST) (envelope-from cjc) Date: Fri, 8 Mar 2002 12:46:37 -0800 From: "Crist J. Clark" To: Damir Horvat Cc: freebsd-security@FreeBSD.ORG Subject: Re: openssh 3.1 port broken? Message-ID: <20020308124637.E57999@blossom.cjclark.org> References: <20020308114426.29c0d676.damir@voljatel.si> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020308114426.29c0d676.damir@voljatel.si>; from damir@voljatel.si on Fri, Mar 08, 2002 at 11:44:26AM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 08, 2002 at 11:44:26AM +0100, Damir Horvat wrote: > Hello! > > I've just updated security ports and got this error while > compilig openssh 3.1: > > --- > install -c -m 444 -o root -g wheel Ssh.bin /usr/local/lib > ===> Generating temporary packing list > >> Generating an RSA1 secret host key. > /usr/local/bin/ssh-keygen -N "" -f /usr/local/etc/ssh_host > You must specify a key type (-t). > Usage: ssh-keygen [options] Looks like the maintainer has not updated the Makefile to deal with the fact ssh-keygen(1) now always requires a '-t' option. Please submit a PR. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 12:58:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from otaku.freeshell.org (otaku.freeshell.org [207.202.214.131]) by hub.freebsd.org (Postfix) with ESMTP id E2C6437B416 for ; Fri, 8 Mar 2002 12:58:25 -0800 (PST) Received: by otaku.freeshell.org (8.11.3/8.11.6) id g28KwOr27318; Fri, 8 Mar 2002 20:58:24 GMT Date: Fri, 8 Mar 2002 20:58:23 +0000 (UTC) From: what X-X-Sender: To: Subject: openssh problems (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thursday@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org ---------- Forwarded message ---------- Date: Fri, 8 Mar 2002 17:33:27 +0000 (UTC) From: what To: freebsd-questions@freebsd.org Subject: openssh problems Hi, This is on a FreeBSD 4.4-RELEASE machine. I upgraded my installation of openssh from 3.0.2 to 3.1 today. got new ports skeleton for /usr/ports/security/openssh pkg_delete openssh-3.0.2 cd /usr/ports/security/openssh make make install it compiles nicely and installs fine but when i try to ssh out of the machine to my isp, or into the machine from anywhere, it returns crc error, and won't connect... here's a little bit from ssh -v some.host.com debug1: Remote protocol version 1.5, remote software version 1.2.32 debug1: no match: 1.2.32 debug1: Local version string SSH-1.5-OpenSSH_3.1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'some.host.com' is known and matches the RSA1 host key. debug1: Found key in /home/thursday/.ssh/known_hosts:1 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. Disconnecting: Corrupted check bytes on input. debug1: Calling cleanup 0x805921c(0x0) Help? What makes this worse, is I'm doing this over anSSH connection, so if I lose the 2 sessions I have open, I'm screwed. Thanks, -- thursday@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 13:13:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from priv-edtnes10-hme0.telusplanet.net (mtaout.telus.net [199.185.220.235]) by hub.freebsd.org (Postfix) with ESMTP id 7777437B404 for ; Fri, 8 Mar 2002 13:13:07 -0800 (PST) Received: from Jeff ([161.184.39.165]) by priv-edtnes10-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020308211306.GDGO5577.priv-edtnes10-hme0.telusplanet.net@Jeff>; Fri, 8 Mar 2002 14:13:06 -0700 From: lewwid To: freebsd-security@freebsd.org, "Max Mouse" Date: Fri, 08 Mar 2002 14:13:41 -0700 X-Priority: 3 (Normal) Reply-To: lewwid@telusplanet.net In-Reply-To: <015001c1c6e0$85247ee0$1f92968e@maxmouse.org> Message-Id: Subject: Re: PHP 4.1.2 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Opera 6.01 build 1041 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You could try; cvsup -g -L 2 /usr/share/examples/cvsup/ports-supfile -h cvsup3.freebsd.org 3/8/2002 1:33:31 PM, "Max Mouse" wrote: >Hey hey, > >After reading the security risks of anything previous to php 4.1.2, I >upgraded my ports so I could install the lastest version. I have the >following problem during the make: > >[root@stealth:/usr/ports/www/mod_php4]# make >===> Building for mod_php4-4.1.2 >make: cannot open Makefile. >*** Error code 2 > >The file doesn't exists. I'm not sure why. Any ideas? > >Max > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 14:24:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from luna.affordablehost.com (ns7.affordablehost.com [64.23.37.135]) by hub.freebsd.org (Postfix) with SMTP id 3165337B400 for ; Fri, 8 Mar 2002 14:23:31 -0800 (PST) Received: (qmail 12147 invoked by uid 0); 8 Mar 2002 22:25:13 -0000 Received: from 174.113.sn.ct.dsl.thebiz.net (HELO winbloat) (216.238.113.174) by 0 with SMTP; 8 Mar 2002 22:25:13 -0000 Message-ID: <200203081723500944.0026DB72@luna.affordablehost.com> In-Reply-To: References: X-Mailer: Calypso Version 3.20.01.01 (4) Date: Fri, 08 Mar 2002 17:23:50 -0500 Reply-To: myraq@mgm51.com From: "MikeM" To: freebsd-security@freebsd.org Subject: Re: openssh problems (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 3/8/2002 at 8:58 PM what wrote: | [snip] |debug1: Sent encrypted session key. |debug1: Installing crc compensation attack detector. |Disconnecting: Corrupted check bytes on input. |debug1: Calling cleanup 0x805921c(0x0) | |Help? | |What makes this worse, is I'm doing this over anSSH connection, so if I |lose the 2 sessions I have open, I'm screwed. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D I can't help you with your current problem. However, a trick that I use on= my remote servers may help you in the future. I run two totally separate instances of sshd, each with is own config= directory and each listening on a different port. One of them is sshd,= the other I've copied sshd to adminsshd. When I am playing with a new= version of openssh, I only replace sshd. That way, when I get in a= situation such as you are currently in, I always have the adminsshd to= fall back on. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 16: 9:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 70A7837B419 for ; Fri, 8 Mar 2002 16:09:26 -0800 (PST) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA00796; Fri, 8 Mar 2002 17:08:50 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms and other "malware." Message-Id: <4.3.2.7.2.20020308170716.02b7d820@nospam.lariat.org> X-Sender: brett@nospam.lariat.org X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 08 Mar 2002 17:08:44 -0700 To: "Jason Sopko" , From: Brett Glass Subject: RE: openssh 3.1 port broken? In-Reply-To: <000601c1c6ae$69dc29d0$1c00a8c0@thematrixhasyou> References: <20020308114426.29c0d676.damir@voljatel.si> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 07:34 AM 3/8/2002, Jason Sopko wrote: >Edit the Makefile in the openssh ports and modify line 106 to the >following: > >${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${PREFIX}/etc/ssh_host_key > >You just need to add '-t rsa1' to the line, that is all that needs >changed. I had the same problem and this worked for me. > >///Jason Better still, if you're replacing the version in the base install, shouldn't you skip the ssh-keygen altogether? Otherwise, every client will receive a message suggesting that your system may have been compromised..... Not reassuring. And some clients make it difficult to update a host key. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 17:13:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from majordomo.vol.cz (smtp4.vol.cz [195.250.128.43]) by hub.freebsd.org (Postfix) with ESMTP id A3D6337B41C for ; Fri, 8 Mar 2002 17:13:52 -0800 (PST) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by majordomo.vol.cz (8.11.6/8.11.3) with ESMTP id g291Dn639623 for ; Sat, 9 Mar 2002 02:13:50 +0100 (CET) (envelope-from dan@obluda.cz) Message-ID: <3C8945FB.CD9CFC7D@obluda.cz> Date: Sat, 09 Mar 2002 00:15:07 +0100 From: Dan Lukes X-Sender: "Dan Lukes" (Unverified) X-Mailer: Mozilla 4.79 [en]C-CCK-MCD {FIO} (Windows NT 5.0; U) X-Accept-Language: cs,sk,en,* MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: ESP + IPFW References: <20020305021845.510AE37B41C@hub.freebsd.org> Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Dalin S. Owen" wrote: > I have IPsec running between two FreeBSD machines (over an 802.11b link), > they are manually keyed (not using an IKE daemon). First question, is it > more secure to use an IKE? I mean, doesn't it rotate keys, instead of just > using static ones? The vulnerability of any key is growing for every second the key is used and for every byte passed throught the key. Also note, the compromising of a key mean all data encrypted by the key during recent transmissions should be counted compromised. So, from paranoid point of view - yes, it is more secure to use IKE and rotate the keys. > And if I use an IKE, can those generated keys be sniffed, or > are they encrypted with the last key? The IKE's session is covered by (one-time) cipher-key established during Diffie-Hellman handshake and authenticated (for example) by preshared-key or X509 key/certificate. Preshared key nor X509 private key are never send over channel in clear nor encrypted form. It doesn't mean you should think the pre-shared key nor private key is secure forever (another word of paranoia) ... Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 18: 5: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id CBCA937B402 for ; Fri, 8 Mar 2002 18:04:54 -0800 (PST) Received: (qmail 39319 invoked by uid 1000); 9 Mar 2002 02:04:49 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 9 Mar 2002 02:04:49 -0000 Date: Fri, 8 Mar 2002 18:04:46 -0800 (PST) From: Jason Stone X-X-Sender: To: Subject: Re: ESP + IPFW In-Reply-To: <3C8945FB.CD9CFC7D@obluda.cz> Message-ID: <20020308171818.G2192-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The vulnerability of any key is growing for every second the key > is used and for every byte passed throught the key. Also note, the > compromising of a key mean all data encrypted by the key during recent > transmissions should be counted compromised. > > So, from paranoid point of view - yes, it is more secure to use > IKE and rotate the keys. Uh, doesn't IKE use public keys to share symmetric keys? Doesn't that imply that if you crack the private keys, you can then go back and decrypt the symmetric key exchange and finally decrypt the traffic? Isn't this why people expire their PGP keys and SSL CA's encourage you to expire your ssl keys? So it would seem to me that failing to expire your symmetric keys is not so different from failing to expire your public keys, and that this is a key management issue and doesn't effect the security of the system directly. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8iW3BswXMWWtptckRAjnDAKCEn4yqTyi8Z4smyYkInAcSK7Y6KQCfVZih Js7V5CskWFtzZYO96PC0xko= =7sh8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 19:22:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from russian-caravan.cloud9.net (russian-caravan.cloud9.net [168.100.1.4]) by hub.freebsd.org (Postfix) with ESMTP id 00F7637B405 for ; Fri, 8 Mar 2002 19:22:12 -0800 (PST) Received: from earl-grey.cloud9.net (earl-grey.cloud9.net [168.100.1.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 6731928CCE; Fri, 8 Mar 2002 22:22:11 -0500 (EST) Date: Fri, 8 Mar 2002 22:22:11 -0500 (EST) From: Peter Leftwich X-X-Sender: To: Randy Bush Cc: Brett Glass , FreeBSD Security Advisory Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:13.openssh In-Reply-To: Message-ID: <20020308222108.M68770-100000@earl-grey.cloud9.net> Organization: Video2Video Services - http://Www.Video2Video.Com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 7 Mar 2002, Randy Bush wrote: > > I'd like to install OpenSSH 3.1 instead of merely applying the patch. > cd /usr/ports/security/openssh-portable > make clean > make -DOPENSSH_OVERWRITE_BASE > make -DOPENSSH_OVERWRITE_BASE install Is there a way of doing this using pkg_add -r openssh? I just tried and it only got me up to version 2.9 - thanks kindly. -- Peter Leftwich President & Founder Video2Video Services Box 13692, La Jolla, CA, 92039 USA +1-413-403-9555 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 8 20:56:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id A036737B402 for ; Fri, 8 Mar 2002 20:56:36 -0800 (PST) Received: (qmail 10319 invoked by uid 1001); 9 Mar 2002 04:55:37 -0000 Date: Fri, 8 Mar 2002 23:55:37 -0500 From: "Peter C. Lai" To: Brett Glass Cc: Jason Sopko , freebsd-security@FreeBSD.ORG Subject: Re: openssh 3.1 port broken? Message-ID: <20020308235536.B10178@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <20020308114426.29c0d676.damir@voljatel.si> <000601c1c6ae$69dc29d0$1c00a8c0@thematrixhasyou> <4.3.2.7.2.20020308170716.02b7d820@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20020308170716.02b7d820@nospam.lariat.org>; from brett@lariat.org on Fri, Mar 08, 2002 at 05:08:44PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Mar 08, 2002 at 05:08:44PM -0700, Brett Glass wrote: > At 07:34 AM 3/8/2002, Jason Sopko wrote: > > >Edit the Makefile in the openssh ports and modify line 106 to the > >following: > > > >${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${PREFIX}/etc/ssh_host_key > > > >You just need to add '-t rsa1' to the line, that is all that needs > >changed. I had the same problem and this worked for me. > > > >///Jason > > Better still, if you're replacing the version in the base install, > shouldn't you skip the ssh-keygen altogether? Otherwise, every > client will receive a message suggesting that your system may > have been compromised..... Not reassuring. And some clients make > it difficult to update a host key. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message and furthermore, if you actually used the old keys for any scripts, they'll be broken. Always back up your keypairs onto floppies. -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message