From owner-freebsd-isp@FreeBSD.ORG Sun Mar 30 08:34:12 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1254F37B401 for ; Sun, 30 Mar 2003 08:34:12 -0800 (PST) Received: from pop3.psconsult.nl (ps227.psconsult.nl [213.222.19.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id B814443FBD for ; Sun, 30 Mar 2003 08:34:10 -0800 (PST) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id SAA35617; Sun, 30 Mar 2003 18:34:06 +0200 (CEST) (envelope-from paul) Date: Sun, 30 Mar 2003 18:34:06 +0200 From: Paul Schenkeveld To: "Arie J. Gerszt" Message-ID: <20030330183406.A35239@psconsult.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from arie@gerszt.ch on Tue, Mar 25, 2003 at 06:14:59PM +0100 cc: freebsd-isp@FreeBSD.ORG Subject: Re: file system help needed X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2003 16:34:13 -0000 Hi all, I just saw this thread, hence this late reaction. Hopefully I'm late and you got your system in shape again but in case you still didn't find the culprit, here are my $0.02. First, did you ever "ktrace" a process and remove the ktrace.out file? In that case, "ktrace -C" will instruct the kernel to stop tracing and release all ktrace.out files, including those that you already removed. Then, I'd check for files that were removed but are still open by some process and continue to occupy diskspace. To check this: compare the output of "du -skx /" to the value reported under Used in the output of "df -l /". If the two are (almost) the same, all space is occupied by files that are still around in some directory, in that case you really have to look though all directories of the root filesystem to find what's there but should not be there (a common culprit is a regular file in /dev, possibly with a name looking like the name of a tape drive or even /dev/null). If however these two numbers are very different you've got removed files still occupying disk space because they are open. In that case you can either reboot the machine compelete if possible (make sure /sbin and /bin are back first otherwise you even don't have a mount command anymore and got yourself a chicken and egg situation), or stop processes one by one (and restart them afterwards) until df suddenly shows free space again (hopefully you've not enabled soft updates on / in which case recovery of free space will not show up in df until up to half a minute or so after stopping the process which kept the file open). Or you can take a more deterministic approach by looking au the output of fstat. The MOUNT column will show / for all inodes (files) open that are on the root filesystem. Concentrate on regular files (lines with a '-' as the first character of the MODE column) and look at the SZ|DV column. Huge numbers here indicate huge files. Skip lines with "text" in the FD column and try to find suspicious files using "find / -xdev -inum " using the inode number from the INUM column. This should reveal processes keeping deleted files open, kill those culprits and if they served a purpose, restart them again. Regards, Paul Schenkeveld, Consultant PSconsult ICT Services BV On Tue, Mar 25, 2003 at 06:14:59PM +0100, Arie J. Gerszt wrote: > Hi Everybody > > I have a huge problem as you see ... > > Filesystem 1K-blocks Used Avail Capacity Mounted on > /dev/ad0s1a 99183 96309 -5060 106% / > /dev/ad0s1e 5458605 2866595 2155322 57% /usr > /dev/ad0s1g 17876344 1085421 15360816 7% /usr/www > /dev/ad0s1f 4465853 212592 3895993 5% /var > procfs 4 4 0 100% /proc > > This server is a production server and I can't add any dns zonefiles or > passwords, > because they sit in /etc which is full, evidently. > > What can I do to solve that rather quickly? The disk ad0 has free space: > > caramba# fdisk /dev/ad0 > ******* Working on device /dev/ad0 ******* > parameters extracted from in-core disklabel are: > cylinders=3649 heads=255 sectors/track=63 (16065 blks/cyl) > > Figures below won't work with BIOS for partitions not in cyl 1 > parameters to be used for BIOS calculations are: > cylinders=3649 heads=255 sectors/track=63 (16065 blks/cyl) > > Media sector size is 512 > Warning: BIOS sector numbering starts with sector 1 > Information from DOS bootblock is: > The data for partition 1 is: > sysid 165,(FreeBSD/NetBSD/386BSD) > start 63, size 58621122 (28623 Meg), flag 80 (active) > beg: cyl 0/ head 1/ sector 1; > end: cyl 1023/ head 254/ sector 63 > The data for partition 2 is: > > The data for partition 3 is: > > The data for partition 4 is: > > caramba# > > > --> but i am not sure what to do, because I can't have any long downtime, > understandibily. > Thanks for help, > > Arie > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp@FreeBSD.ORG Sun Mar 30 12:25:50 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C2C837B401 for ; Sun, 30 Mar 2003 12:25:50 -0800 (PST) Received: from mobile.hub.org (u173n136.eastlink.ca [24.224.173.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF58C43FBD for ; Sun, 30 Mar 2003 12:25:49 -0800 (PST) (envelope-from scrappy@hub.org) Received: by mobile.hub.org (Postfix, from userid 1000) id 7DFF33F8B; Sun, 30 Mar 2003 16:25:48 -0400 (AST) Received: from localhost (localhost [127.0.0.1]) by mobile.hub.org (Postfix) with ESMTP id 708433F7F; Sun, 30 Mar 2003 16:25:48 -0400 (AST) Date: Sun, 30 Mar 2003 16:25:48 -0400 (AST) From: The Hermit Hacker X-X-Sender: scrappy@localhost To: Greg Hurrell In-Reply-To: <741171F3-5A52-11D7-A61F-000393BC25EC@hurrell.cc> Message-ID: <20030330162532.L563@localhost> References: <741171F3-5A52-11D7-A61F-000393BC25EC@hurrell.cc> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: Re: [OT] Unsubscribing due to spam X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2003 20:25:54 -0000 Why not install Spamassassin and filter appropriately? On Thu, 20 Mar 2003, Greg Hurrell wrote: > Sorry to say it, but due to the high volume of spam I am receiving on > this list I am unsubscribing. > > The policy of allowing non-subscribers to post (which applies to the > majority of FreeBSD mailing lists) means that those lists now generate > the majority of all my spam traffic. > > Many of these spam messages have as their Return-Path > "owner-freebsd-isp@FreeBSD.ORG" (etc, depending on the list) and so > this means I can't even block repeat offenders at the SMTP server based > on the Return-Path. > > I've made these protests before and have always been told that the > policy is not going to change, but in the year 2003 and with the spam > problem the way it is, I just can't see any justification for allowing > this "accept all-comers" policy to continue. In order to provide people > with the convenience of posting from anywhere at any time, you are also > affording these spammers with the convenience of an efficient, > consequence-free mass-distribution mechanism for their unwanted and > annoying spam. > > If people are subscribed to these lists and want to read the replies > their need access to the subscribed email account anyway. > > If people are not subscribed and want answers, well perhaps they should > be subscribing too. > > Anyway, this is, regretfully, adios (and goodbye to all of my > subscriptions but freebsd-announce for this very reason). > > Cheers, > Greg > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From owner-freebsd-isp@FreeBSD.ORG Sun Mar 30 17:02:46 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BC4B37B401 for ; Sun, 30 Mar 2003 17:02:46 -0800 (PST) Received: from mordrede.visionsix.com (mordrede.visionsix.com [65.202.119.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8AF943F93 for ; Sun, 30 Mar 2003 17:02:43 -0800 (PST) (envelope-from lists@visionsix.com) Received: from vsis169 (unverified [65.202.119.169]) by mordrede.visionsix.com for ; Sun, 30 Mar 2003 19:02:43 -0600 Message-ID: <004101c2f721$3f88b320$a977ca41@vsis169> From: "Lewis Watson" To: Date: Sun, 30 Mar 2003 19:02:48 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Bind 9 and FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 01:02:47 -0000 Hey folks, I currently have two DNS servers running Bind 9 compiled from source on RH Linux. I would like to move each of these to FreeBSD and am reading the various suggestions that I have found on the web for building from src. vs using the port vs building or having it where it works with the flags in rc.conf (this is my preferred choice). I then read where someone recommended using 8 over 9!!? Just curious as to what the opinions are on the list. Personally I would like to use 9 as I am familiar with it already and at the same time I would like to use the rc.conf config flags. Thanks for your thoughts and shared experiences. Lewis From owner-freebsd-isp@FreeBSD.ORG Sun Mar 30 18:45:40 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 023E937B401 for ; Sun, 30 Mar 2003 18:45:40 -0800 (PST) Received: from alistair.scapegoats.org (alistair.scapegoats.org [64.40.92.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C1D343F75 for ; Sun, 30 Mar 2003 18:45:39 -0800 (PST) (envelope-from denny@alistair.scapegoats.org) Received: by alistair.scapegoats.org (Postfix, from userid 1001) id 74A0B241; Sun, 30 Mar 2003 20:45:23 -0600 (CST) Date: Sun, 30 Mar 2003 20:45:23 -0600 From: Denny Reiter To: Lewis Watson Message-ID: <20030331024523.GA354@reiters.org> References: <004101c2f721$3f88b320$a977ca41@vsis169> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004101c2f721$3f88b320$a977ca41@vsis169> X-Uptime: 8:39PM up 2 days, 10:14, 8 users, load averages: 0.11, 0.04, 0.01 X-Message-Flag: Flagged by Genisys - http://www.darpa.mil/iao/Genisys.htm X-PGP-Key: http://pgp.dtype.org:11371/pks/lookup?op=get&search=0x997F9D70 User-Agent: Mutt/1.5.1i cc: freebsd-isp@FreeBSD.ORG Subject: Re: Bind 9 and FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 02:45:41 -0000 On Sun, Mar 30, 2003 at 07:02:48PM -0600, Lewis Watson wrote: > I then read where someone recommended using 8 over 9!!? Just curious as to > what the opinions are on the list. Personally I would like to use 9 as I > am familiar with it already and at the same time I would like to use the > rc.conf config flags. I've built it from the ports and from src. You can use the flags in rc.conf just fine either way. The only "problem" that I can say I've run into is other people who have broken DNS. Bind 9 is more of a stickler for the standards than 8 was, so there's a lot of DNS servers out there that were set up until they worked, not until they were right. Trying to convince these people that they're broken, especially when it works for the majority of the rest of the internet, is frustrating, to say the least. -- Denny Reiter denny@reiters.org So I don't hurt your feelings: happydenny@reiters.org Your ad here. From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 09:06:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4045F37B405 for ; Mon, 31 Mar 2003 09:06:42 -0800 (PST) Received: from swisseasy.net (dns1.swisseasy.net [195.134.144.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B26E43F3F for ; Mon, 31 Mar 2003 09:06:41 -0800 (PST) (envelope-from arie@gerszt.ch) Received: (qmail 68307 invoked by uid 85); 31 Mar 2003 16:21:55 -0000 Received: from arie@gerszt.ch by caramba.gerszt.ch by uid 82 with qmail-scanner-1.16 (sweep: 2.14/3.66 NSV. spamassassin: 2.44. Clear:. Processed in 1.188303 secs); 31 Mar 2003 16:21:55 -0000 Received: from unknown (HELO DELLARIE) (212.41.70.73) by mail.swisseasy.net with SMTP; 31 Mar 2003 16:21:53 -0000 From: "Arie J. Gerszt" To: Date: Mon, 31 Mar 2003 19:06:33 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Subject: ntp / ntpdate X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 17:06:46 -0000 Hi List How do you update your servers with ntp? I have seen ntpd, ntpdate, xntpd and are a bit confused. Aside that, ntpdate never seems to work ( get the offset, but the time stays the same, securelevel -2, done as root). Thanks for hints, arie From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 09:09:55 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 907D637B401 for ; Mon, 31 Mar 2003 09:09:55 -0800 (PST) Received: from dragon.realtime.net (dragon.realtime.net [205.238.132.78]) by mx1.FreeBSD.org (Postfix) with SMTP id BA45443FDD for ; Mon, 31 Mar 2003 09:09:54 -0800 (PST) (envelope-from freebsd@realtime.net) Received: from r00t.realtime.net ([205.238.159.6]) by dragon.realtime.net ; Mon, 31 Mar 2003 10:48:47 -0600 Message-Id: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> X-Sender: freebsd@none (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 31 Mar 2003 10:38:09 -0600 To: freebsd-isp@freebsd.org From: Albert Meyer Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Sendmail exploit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 17:09:56 -0000 The CERT advisory on the new Sendmail exploit seems to be saying that Sendmail machines behind a firewall can still be exploited. Am I interpreting the advisory correctly, or are they just saying that machines behind the firewall can be subjected to DOS attacks? From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 09:22:18 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E05337B401 for ; Mon, 31 Mar 2003 09:22:18 -0800 (PST) Received: from bilver.wjv.com (user38.net339.fl.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1889B43F3F for ; Mon, 31 Mar 2003 09:22:17 -0800 (PST) (envelope-from bv@wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by bilver.wjv.com (8.12.6/8.12.6) with ESMTP id h2VHM81g021710 for ; Mon, 31 Mar 2003 12:22:14 -0500 (EST) (envelope-from bv@wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.6/8.12.6/Submit) id h2VHM8Vj021709 for freebsd-isp@freebsd.org; Mon, 31 Mar 2003 12:22:08 -0500 (EST) Date: Mon, 31 Mar 2003 12:22:07 -0500 From: Bill Vermillion To: freebsd-isp@freebsd.org Message-ID: <20030331172207.GA21589@wjv.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.1i X-Spam-Status: No, hits=-3.2 required=5.0 tests=IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01,USER_AGENT,USER_AGENT_MUTT version=2.43 Subject: Re: ntp / ntpdate X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 17:22:19 -0000 Ashes to ashes, and DOS to DOS Arie J. Gerszt was heard to say on or about Mon, Mar 31, 2003 at 19:06 : > Hi List > How do you update your servers with ntp? I have seen ntpd, > ntpdate, xntpd and are a bit confused. Aside that, ntpdate > never seems to work ( get the offset, but the time stays the > same, securelevel -2, done as root). Read man 8 init . You will see that if secure level is set above 1 that time changes are restricted to less than one second. You just may need to run your ntp programs more often to ensure you stay within that time window. I run my hourly and normally get only about .2 or .3 second offset. iNTEL based HW clocks are not known for long time stability. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 09:43:23 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8465437B401 for ; Mon, 31 Mar 2003 09:43:23 -0800 (PST) Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32E1B43FB1 for ; Mon, 31 Mar 2003 09:43:21 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 1901o4-0000cC-00; Mon, 31 Mar 2003 08:06:44 -0800 Date: Mon, 31 Mar 2003 08:06:31 -0800 (PST) From: Tom Samplonius To: Bill Vermillion In-Reply-To: <20030331172207.GA21589@wjv.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: ntp / ntpdate X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 17:43:24 -0000 On Mon, 31 Mar 2003, Bill Vermillion wrote: > Ashes to ashes, and DOS to DOS Arie J. Gerszt was heard to say > on or about Mon, Mar 31, 2003 at 19:06 : > > > Hi List > > > How do you update your servers with ntp? I have seen ntpd, > > ntpdate, xntpd and are a bit confused. Aside that, ntpdate > > never seems to work ( get the offset, but the time stays the > > same, securelevel -2, done as root). > > Read man 8 init . You will see that if secure level is set above > 1 that time changes are restricted to less than one second. > > You just may need to run your ntp programs more often to ensure you > stay within that time window. Or just use ntpd, which will do this continuously. ntpdate is deprecated so don't use that. xntpd and ntpd are basically the same thing. > I run my hourly and normally get only about .2 or .3 second offset. > iNTEL based HW clocks are not known for long time stability. Isn't it a software clock though? gettimeofday() is described as using a "virtual" clock. > Bill > -- > Bill Vermillion - bv @ wjv . com > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > Tom From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 10:16:13 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D225237B404 for ; Mon, 31 Mar 2003 10:16:13 -0800 (PST) Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D1D743F93 for ; Mon, 31 Mar 2003 10:16:12 -0800 (PST) (envelope-from nate@yogotech.com) Received: from emerger.yogotech.com (emerger.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3p2/8.9.3) with ESMTP id LAA00183; Mon, 31 Mar 2003 11:16:05 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by emerger.yogotech.com (8.12.8/8.12.8) id h2VHpYa7019043; Mon, 31 Mar 2003 10:51:34 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16008.32806.270326.501687@emerger.yogotech.com> Date: Mon, 31 Mar 2003 10:51:34 -0700 To: Albert Meyer In-Reply-To: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> References: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> X-Mailer: VM 7.07 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid cc: freebsd-isp@freebsd.org Subject: Re: Sendmail exploit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nate Williams List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 18:16:15 -0000 > The CERT advisory on the new Sendmail exploit seems to be saying that > Sendmail machines behind a firewall can still be exploited. If I understand things correctly, if you allow your machine to connect to outside boxes through the firewall, then it can be exploited, since it will initiate connections to external boxes that can use the connection to do bad things to your box. Nate From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 10:57:15 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C06F937B425 for ; Mon, 31 Mar 2003 10:57:15 -0800 (PST) Received: from dragon.realtime.net (dragon.realtime.net [205.238.132.78]) by mx1.FreeBSD.org (Postfix) with SMTP id ECC2643FAF for ; Mon, 31 Mar 2003 10:57:14 -0800 (PST) (envelope-from albert@realtime.net) Received: from r00t.realtime.net ([205.238.159.6]) by dragon.realtime.net ; Mon, 31 Mar 2003 12:56:53 -0600 Message-Id: <5.1.1.6.2.20030331123724.038c3008@pop3.realtime.net> X-Sender: albert@pop3.realtime.net X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Mon, 31 Mar 2003 12:48:14 -0600 To: freebsd-isp@freebsd.org From: Albert Meyer In-Reply-To: <16008.32806.270326.501687@emerger.yogotech.com> References: <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> <5.1.1.6.2.20030331103102.04fd5770@pop3.realtime.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Sendmail exploit X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Mar 2003 18:57:17 -0000 At 10:51 AM 3/31/2003 -0700, Nate Williams wrote: >If I understand things correctly, if you allow your machine to connect >to outside boxes through the firewall, then it can be exploited, since >it will initiate connections to external boxes that can use the >connection to do bad things to your box. The advisory seemed to be saying that the exploit was message-based, so that a message could pass through a patched machine, then through the firewall to an unpatched machine. If that's the case, there would be no danger relating to the unpatched box making outgoing connections. If I understood the advisory correctly, the danger would arise when a malicious message comes in, is checked for viruses and spam, and then gets passed to an unpatched machine behind the firewall. If this could occur, but could only cause DOS conditions, I could live with it. If this could allow an attacker to gain root access to machines behind the firewall, then I would have to drop everything I'm doing and spend the next few days patching sendmail machines. From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 16:57:29 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0956937B401; Mon, 31 Mar 2003 16:57:29 -0800 (PST) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14C3D43FA3; Mon, 31 Mar 2003 16:57:28 -0800 (PST) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost [127.0.0.1]) by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h3112tb3035620; Mon, 31 Mar 2003 18:02:55 -0700 (MST) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost)h3112sRX035617; Mon, 31 Mar 2003 18:02:55 -0700 (MST) X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Mon, 31 Mar 2003 18:02:53 -0700 (MST) From: Nick Rogness To: Domain Administrator In-Reply-To: <20030320010036.P2559-100000@ns1.3tec.com> Message-ID: <20030331174400.B35284-100000@skywalker.rogness.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG cc: freebsd-question@FreeBSD.ORG Subject: Re: Multiple Internet connection with failover/load-balancing X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 00:57:29 -0000 On Thu, 20 Mar 2003, Domain Administrator wrote: > Hello all, > > We've been offering commercial Internet failover/load-balancing products > to our clients, but we occasionally receive requests by some clients to > provide less costly solution. While full redundancy for both inbound > and outbound traffic will require BGP or OSPF, these clients simply wish > to join multiple Internet connections (DSL, ISDN or T1) from different > providers to gain failover capability should one of their links failed. > Without ISPs' support, this type of redundancy only applies to outbound > traffic, but that will suffice the clients' requirements already. > > I searched through the mailing lists and forums but found only very > limited resources on how to accomplish such gateway/firewall setup using > FreeBSD (or other BSD). It seeems for this type of setup requires > running of multiple NAT daemons. Has anyone done something like this? > or point me to any HOW-TOs? > Load balancing "may" be done using some tricks with ipfw and natd, but for most practical and straight forward approaches it should be left up to route peering with ISPs. Without tremendous work, failover is very difficult to do with the basic routing tools supplied with BSD. You can do failover with different tools but be mindfull of routing as you may route IPs provided by ISP-A through your ISP-B connection. Search the archives for suggestions on how to do failover. Proper care and consideration needs to be made before failover can work. Nothing pisses off ISPs more than some jackass with misconfigured routing causing unnecessary traffic on their network. This would not be a problem if you only get one IP from your ISPs. So yes, failover can be accomplished with lots of work and for all practical purposes (no route peering) load balancing can not. (I'm making a blanket statement here because load balancing "may" be accomplished with some thought and use of ipfw/nat interworkings). My plain and simple answer is to buy a basic router and route peer to avoid the headache. You get failover and load balancing at the same time. Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips From owner-freebsd-isp@FreeBSD.ORG Mon Mar 31 21:52:50 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F57137B401 for ; Mon, 31 Mar 2003 21:52:50 -0800 (PST) Received: from flash.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8765443FB1 for ; Mon, 31 Mar 2003 21:52:46 -0800 (PST) (envelope-from artem@mipk-kspu.kharkov.ua) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241])h315o987017391; Tue, 1 Apr 2003 08:50:10 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3E892894.90202@mipk-kspu.kharkov.ua> Date: Tue, 01 Apr 2003 08:50:12 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: ru, uk, en MIME-Version: 1.0 To: "Arie J. Gerszt" References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: ntp / ntpdate X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 05:52:50 -0000 Arie J. Gerszt wrote: > Hi List > > How do you update your servers with ntp? I have seen ntpd, ntpdate, xntpd > and > are a bit confused. Aside that, ntpdate never seems to work ( get the > offset, > but the time stays the same, securelevel -2, done as root). My approach is as follows. 1. Run ntpdate: ntpdate -b time-server-address ... This make current time as on time-server. With option -b you can step time more than 1 second immediately. 2. Start ntpd daemon. In config file /etc/ntp.conf you should provide at least one time server. But much better two or three. Use 'server' keyword. Place in your /etc/rc.conf file: ntpdate_enable="YES" ntpdate_flags="-b time-server-1 time-server-2 time-server-3" xntpd_enable="YES" and replace 'time-server-x' with yours addresses. You can use, for example, time-a.nist.gov, time-b.nist.gov. Your Internet provirer may be allos have local time server. init sets securelevel after executing ntpdate and ntpd. I have small router (for testing) on 486-based machine with Y2K problem in hardware clock. Using metod described above it's possible to maintain correct time on it. -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== From owner-freebsd-isp@FreeBSD.ORG Thu Apr 3 13:21:03 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0164C37B401 for ; Thu, 3 Apr 2003 13:21:03 -0800 (PST) Received: from bsd1.sytex.net (bsd1.sytex.net [205.147.191.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28F0743FCB for ; Thu, 3 Apr 2003 13:21:02 -0800 (PST) (envelope-from rcramer@sytex.net) Received: from cscfx.sytex.net (cscfx.sytex.net [205.147.190.131]) by bsd1.sytex.net (Postfix) with ESMTP id 77D92A56A for ; Thu, 3 Apr 2003 16:21:01 -0500 (EST) Received: from cscfx.sytex.net (rwc@localhost [127.0.0.1]) by cscfx.sytex.net (8.12.6/8.12.6) with ESMTP id h33LL02i011950 for ; Thu, 3 Apr 2003 16:21:01 -0500 (EST) (envelope-from rcramer@sytex.net) Received: (from rwc@localhost) by cscfx.sytex.net (8.12.6/8.12.6/Submit) id h33LKxWJ011949 for freebsd-isp@freebsd.org; Thu, 3 Apr 2003 16:20:59 -0500 (EST) (envelope-from rcramer@sytex.net) X-Authentication-Warning: cscfx.sytex.net: rwc set sender to rcramer@sytex.net using -f Date: Thu, 3 Apr 2003 16:20:59 -0500 From: Richard Cramer To: freebsd-isp@freebsd.org Message-ID: <20030403212059.GA93359@sytex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: Exchange secondary name service X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2003 21:21:03 -0000 I would being interested in trading secondary name service with a ISP geographically disparate from Virginia and the Mid Atlantic Region. Kind Regards, Richard Cramer Sytex Access Ltd. From owner-freebsd-isp@FreeBSD.ORG Fri Apr 4 03:32:26 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DAB237B401 for ; Fri, 4 Apr 2003 03:32:26 -0800 (PST) Received: from nmts.smrtlc.ru (nmts.smrtlc.ru [217.66.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F44943FD7 for ; Fri, 4 Apr 2003 03:32:25 -0800 (PST) (envelope-from apetrov@nmts.smrtlc.ru) Received: from nmts.smrtlc.ru (localhost.smrtlc.ru [127.0.0.1]) by nmts.smrtlc.ru (8.12.1/8.12.1) with ESMTP id h34BWQAT048874 for ; Fri, 4 Apr 2003 16:32:26 +0500 (SAMST) Received: (from root@localhost) by nmts.smrtlc.ru (8.12.1/8.12.1/Submit) id h34BWQ7P048873 for freebsd-isp@freebsd.org.KAV; Fri, 4 Apr 2003 16:32:26 +0500 (SAMST) Received: from nmts.smrtlc.ru (nmts.smrtlc.ru [217.66.64.4]) by nmts.smrtlc.ru (8.12.1/8.12.1) with ESMTP id h34BWPAU048865 for ; Fri, 4 Apr 2003 16:32:25 +0500 (SAMST) X-Envelope-To: Date: Fri, 4 Apr 2003 16:32:25 +0500 (SAMST) From: "Anton V. Petrov" To: freebsd-isp@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: bootstrap loader runs slowly X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2003 11:32:26 -0000 Dear readers, bootstrap loader (revision 0.8) runs very slow after updating system by cvs from 4.6-RELEASE to the latest 4.7 (4.7-RELEASE-p9 as uname says). Generic and custom kernels are booting slowly too. How can I solve this problem? It was ok with booting before. Thanks. Regards, Anton V. Petrov http://www.smrtlc.ru/~apetrov