From owner-freebsd-security Sun Jun 9 17:57:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from law-cs1.hotmail.com (law-cs1.hotmail.com [209.185.130.56]) by hub.freebsd.org (Postfix) with ESMTP id A5DDC37B409 for ; Sun, 9 Jun 2002 17:57:39 -0700 (PDT) Received: (from root@localhost) by law-cs1.hotmail.com (8.9.3/8.9.3) id RAA22285 for freebsd-security@freebsd.org; Sun, 9 Jun 2002 17:57:39 -0700 (PDT) Date: Sun, 9 Jun 2002 17:57:39 -0700 (PDT) Message-Id: <200206100057.RAA22285@law-cs1.hotmail.com> From: MSN Hotmail To: freebsd-security@freebsd.org Subject: wchelp MIME-Version: 1.0 X-Originating-IP: [209.185.130.56] Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-transfer-encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is an auto-generated response designed to answer your question as quickly as possible. Please note that you will not receive a reply if you respond directly to this message. We hope the directions below answer your question. If after following the directions your problem is still unresolved, please click the link to the Hotmail Customer Support form at the end of this message to submit your issue and a Customer Support Representative will help you. MSN Hotmail WebCourier is an online content delivery service that enables you to request that rich, graphical e-mail messages be delivered daily to your Inbox. Check regularly for additions because Hotmail constantly adds new titles to this list. For your convenience, we've divided current WebCourier services into these categories: - Business & Investing - Entertainment & Music - Games - Health & Fitness - News & Sports - Personal Interests - Shopping - Teens & Young Adults - Women >>> To subscribe to WebCourier 1. On the right navigation bar under "Hotmail Services", click the "Free Newsletters" link. The "WebCourier FREE Subscriptions" page appears. 2. Scroll down to see the list of possible subscriptions. 3. Select the check box next to each service to which you want to subscribe. 4. Click "OK" to subscribe to these services. >>> To unsubscribe from WebCourier 1. On the right navigation bar under "Hotmail Services", click the "Free Newsletters" link. The "WebCourier FREE Subscriptions" page appears. 2. Clear the check box next to each service to which you're subscribed. 3. Click "OK" to unsubscribe to these services. ************************* Still Didn't Solve Your Problem? Complete the Hotmail Customer Support request form at: http://www.hotmail.com/cgi-bin/support Remember that MSN Hotmail also has comprehensive online help available--just click "Help" in the upper right corner. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 9 18: 3: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 0D73937B404; Sun, 9 Jun 2002 18:02:59 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id TAA13733; Sun, 9 Jun 2002 19:02:38 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. If you value your time, privacy, or data, do not use Microsoft e-mail clients or browsers. Message-Id: <4.3.2.7.2.20020609190201.00dd5e00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sun, 09 Jun 2002 19:02:36 -0600 To: Kris Kennaway From: Brett Glass Subject: Re: MPD & MPPE LCP not converging Cc: kris@obsecurity.org, DougB@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, patrickb@advantagegroup.co.nz In-Reply-To: <20020607161627.A73261@xor.obsecurity.org> References: <200206072312.RAA23495@lariat.org> <20020607161013.A72786@xor.obsecurity.org> <200206072312.RAA23495@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:16 PM 6/7/2002, Kris Kennaway wrote: >Support questions about security, like the ever-popular >"How do I use IPFW?" absolutely do not belong here. I happen to agree with you. But his wasn't a newbie question. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 4:45:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from scan.ji-net.com (scan.ji-net.com [203.130.156.3]) by hub.freebsd.org (Postfix) with ESMTP id 3BAC937B405 for ; Mon, 10 Jun 2002 04:45:37 -0700 (PDT) Received: from net1.ji-net.com ([203.156.15.52]) by scan.ji-net.com (8.11.2/8.11.2) with SMTP id g5ABjSL25638 for ; Mon, 10 Jun 2002 18:45:29 +0700 Message-Id: <200206101145.g5ABjSL25638@scan.ji-net.com> Date: Mon, 10 Jun 2002 18:47:40 To: FreeBSD-security@FreeBSD.org From: goodhealthgoodjob@yahoo.com (foodforhealth) Subject: Çѹ¹Õé¤Ø³´ÙáÅÊØ¢ÀÒ¾áÅéÇËÃ×ÍÂѧ X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org á¹Ð¹Óâ»Ãá¡ÃÁ¤Çº¤ØÁ¹éÓ˹ѡ à¾ÔèÁ¹éÓ˹ѡ ÃÑ¡ÉÒÊØ¢ÀÒ¾ ¤Ø³ËÃ×ͤ¹·Õè¤Ø³ÃÑ¡¡ÓÅѧÁͧËÒÇÔ¸Õ´ÙáÅÊØ¢ÀÒ¾·Õèà»ç¹¸ÃÃÁªÒµÔÍÂÙèãªèäËÁ? ËÒ¡¤Ø³àº×èÍ˹èÒ¡Ѻ¤ÇÒÁ¾ÂÒÂÒÁ·ÕèäÁè»ÃÐʺ¤ÇÒÁÊÓàÃ稤ÃÑé§áÅéǤÃÑé§àÅèÒ ã¹¡ÒôÙáÅÊØ¢ÀÒ¾à¾×èÍÃÙ»ÃèÒ§·Õè´Õ àÃÒÁÕâ»Ãá¡ÃÁâÀª¹Ò¡ÒÃà¾×èÍÊØ¢ÀÒ¾ ·ÕèªèǤسä´é ÊÓËÃѺ¼Ùé·ÕèÁջѭËÒ ¹éÓ˹ѡà¡Ô¹ËÃ×ÍÍéǹ, ¼ÍÁà¡Ô¹ä», ÁջѭËÒÊØ¢ÀÒ¾ (¼ÍÁáËé§áç¹éÍÂ, ¾Ø§ËéÍÂÍ×´ÍÒ´, ¢Ò´¤ÇÒÁÁÑè¹ã¨, âäÀѶÒÁËÒ,ãºË¹éÒà»ç¹ÊÔÇ, ¼ÔǾÃóàËÕèÂÇÂè¹, ¤¹àÅ蹡ÕÌÒ, ¤Ø³»éÒÇÑ·ͧ, ¤Ø³¹éÍ§æ ·ÕèÍÂÒ¡ÊÇÂ)à»ç¹¼ÅÔµÀѳ±ì¨Ò¡¸ÃÃÁªÒµÔ 100 % äÁèãªèÂÒ äÁèµéͧʹÍÒËÒà äÁèÁռŢéÒ§à¤Õ§ äÁèµéͧÍÍ¡¡ÓÅѧ¡Ò ¿Ñ§´ÙäÁè¹èÒàª×èÍáµè¡çµéͧàª×èÍà¾ÃÒмèÒ¹ ÍÂ.·Ø¡»ÃÐà·È·Õèà¢éÒ仢ÒÂâ´Â੾ÒлÃÐà·Èä·ÂáÅÐÍàÁÃÔ¡Ò ãËéÊÒÃÍÒËÒäú¶éǹ »ÃѺÊÁ´ØŢͧÃèÒ§¡ÒÂÅ´ä¢ÁѹÊèǹà¡Ô¹ ÃѺÃͧ¼ÅÀÒÂã¹30Çѹ´éÇÂÃкº¤×¹à§Ô¹100%(á¾·Âì¼Ùé¤Ô´¤é¹ÍÒËÒÃÊٵùÕé¤×ͤ¹·Õè¤Ô´¤é¹ÍÒËÒÃãËé¹Ñ¡ºÔ¹ÍÇ¡ÒÈͧ¤ì¡ÒùҫèÒ) ʹ㨠¢Í¤Óá¹Ð¹Óà¾ÔèÁàµÔÁä´é·Õè ¤Ø³ÊÔÃÔ 01-8901701¾º¤ÓµÍºÊØ´·éÒ¢ͧ¤Ø³ä´é·Õè¹Õè http://www.smartslender.com/foodforhealth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 9:29:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24]) by hub.freebsd.org (Postfix) with ESMTP id 2FAAA37B404 for ; Mon, 10 Jun 2002 09:29:29 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by spqr.osg.gov.bc.ca (Postfix) with ESMTP id 280E99EE10 for ; Mon, 10 Jun 2002 09:29:25 -0700 (PDT) Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5AGTO0j029379 for ; Mon, 10 Jun 2002 09:29:24 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5AGTOGn003781 for ; Mon, 10 Jun 2002 09:29:24 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200206101629.g5AGTOGn003781@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: freebsd-security@freebsd.org Subject: Linux/Windows Virus Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 10 Jun 2002 09:29:24 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This should probably concern anyone using Linux emulation under FreeBSD. I suspect that it may also attempt to infect FreeBSD binaries, rendering them useless. http://www.symantec.com/avcenter/venc/data/linux.simile.html Be careful what you run. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 10: 8:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24]) by hub.freebsd.org (Postfix) with ESMTP id 99AA637B715 for ; Mon, 10 Jun 2002 10:07:10 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by spqr.osg.gov.bc.ca (Postfix) with ESMTP id A3D8E9EF16; Mon, 10 Jun 2002 10:07:10 -0700 (PDT) Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5AH7A0j037540; Mon, 10 Jun 2002 10:07:10 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5AH79Gn003942; Mon, 10 Jun 2002 10:07:09 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200206101707.g5AH79Gn003942@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: Ian Smith Cc: freebsd-security@freebsd.org Subject: Re: Linux/Windows Virus In-Reply-To: Message from Ian Smith of "Tue, 11 Jun 2002 02:57:19 +1000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 10 Jun 2002 10:07:09 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message , Ian Smith writes: > Hi Cy, > > offlist, as I may be misreading the Symantec advisory drastically .. > > > This should probably concern anyone using Linux emulation under > > FreeBSD. I suspect that it may also attempt to infect FreeBSD > > binaries, rendering them useless. > > > > http://www.symantec.com/avcenter/venc/data/linux.simile.html > > > > Be careful what you run. > > Always :) But are you sure this concerns anyone not running _Windows_ > programs (or these PE programs?) under Linux (emulation or otherwise), > like Wine and such? I suppose I should have stated the obvious. Yes indeed it concerns anyone using Wine. If you don't use Wine or Linux emulation, you're safe. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 10:14:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 1C74337B910 for ; Mon, 10 Jun 2002 10:12:51 -0700 (PDT) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.3/8.12.3) with ESMTP id g5AHCoCV008969; Mon, 10 Jun 2002 10:12:50 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.3/8.12.3/Submit) id g5AHCoEP008968; Mon, 10 Jun 2002 10:12:50 -0700 (PDT) (envelope-from dillon) Date: Mon, 10 Jun 2002 10:12:50 -0700 (PDT) From: Matthew Dillon Message-Id: <200206101712.g5AHCoEP008968@apollo.backplane.com> To: Cy Schubert - CITS Open Systems Group Cc: freebsd-security@FreeBSD.ORG Subject: Re: Linux/Windows Virus References: <200206101629.g5AGTOGn003781@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Pah. It looks pretty stupid to me. I see lots of articles hyping the thing up and prognasticating the first 'multi platform' virus, but not a single solid report of an actual infection and not a single description of the transmission vector other then vague guesses that it might be remote-shell related (aka like an old ssh hole). It is highly unlikely that even an old, vulnerable sshd running on FreeBSD could be infected by this thing. -Matt Matthew Dillon :This should probably concern anyone using Linux emulation under :FreeBSD. I suspect that it may also attempt to infect FreeBSD :binaries, rendering them useless. : :http://www.symantec.com/avcenter/venc/data/linux.simile.html : :Be careful what you run. : : :-- :Cheers, Phone: 250-387-8437 :Cy Schubert Fax: 250-387-5766 :Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca :Open Systems Group, CITS :Ministry of Management Services :Province of BC : FreeBSD UNIX: cy@FreeBSD.org : : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 10:17: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id 0ACA837B973 for ; Mon, 10 Jun 2002 10:16:01 -0700 (PDT) Received: (qmail 26423 invoked by uid 1001); 10 Jun 2002 17:16:00 -0000 Date: Mon, 10 Jun 2002 13:16:00 -0400 From: "Peter C. Lai" To: Cy Schubert - CITS Open Systems Group Cc: Ian Smith , freebsd-security@freebsd.org Subject: Re: Linux/Windows Virus Message-ID: <20020610131600.B26376@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <200206101707.g5AH79Gn003942@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200206101707.g5AH79Gn003942@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Mon, Jun 10, 2002 at 10:07:09AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Will this thing propagate via FreeBSD ELF binaries, or just cause a headache because it mucks up the binary making it unable to run? Symantec lists systems not affected as Unix, of which BSD is a true one. On Mon, Jun 10, 2002 at 10:07:09AM -0700, Cy Schubert - CITS Open Systems Group wrote: > In message >, Ian > Smith writes: > > Hi Cy, > > > > offlist, as I may be misreading the Symantec advisory drastically .. > > > > > This should probably concern anyone using Linux emulation under > > > FreeBSD. I suspect that it may also attempt to infect FreeBSD > > > binaries, rendering them useless. > > > > > > http://www.symantec.com/avcenter/venc/data/linux.simile.html > > > > > > Be careful what you run. > > > > Always :) But are you sure this concerns anyone not running _Windows_ > > programs (or these PE programs?) under Linux (emulation or otherwise), > > like Wine and such? > > I suppose I should have stated the obvious. Yes indeed it concerns > anyone using Wine. If you don't use Wine or Linux emulation, you're > safe. > > > -- > Cheers, Phone: 250-387-8437 > Cy Schubert Fax: 250-387-5766 > Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca > Open Systems Group, CITS > Ministry of Management Services > Province of BC > FreeBSD UNIX: cy@FreeBSD.org > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 10:48:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from hermes.maverik.com (hermes.maverik.com [208.7.164.130]) by hub.freebsd.org (Postfix) with ESMTP id 458FC37B404 for ; Mon, 10 Jun 2002 10:48:52 -0700 (PDT) Received: by hermes.maverik.com (Postfix, from userid 1001) id ED96052916E; Tue, 11 Jun 2002 17:06:22 +0000 (GMT) Received: by hermes.maverik.com (Postfix, from userid 1001) id 7A5D552915F; Tue, 11 Jun 2002 17:00:22 +0000 (GMT) Received: by hermes.maverik.com (Postfix, from userid 1001) id 7711A52916E; Tue, 11 Jun 2002 16:55:41 +0000 (GMT) Received: from ech.maverik.com (ech.maverik.com [10.0.6.58]) by hermes.maverik.com (Postfix) with ESMTP id 8FF6E52915F for ; Tue, 11 Jun 2002 16:38:50 +0000 (GMT) Subject: Re: MPD & MPPE LCP not converging From: Travis Stevenson To: freebsd-security@FreeBSD.ORG In-Reply-To: <4.3.2.7.2.20020609190201.00dd5e00@localhost> References: <200206072312.RAA23495@lariat.org> <20020607161013.A72786@xor.obsecurity.org> <200206072312.RAA23495@lariat.org> <4.3.2.7.2.20020609190201.00dd5e00@localhost> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 10 Jun 2002 10:36:28 -0600 Message-Id: <1023726988.2418.16.camel@ech.maverik.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett, Actually, If you look at the question. It says: > Has anyone had problems with MPD and MPPE (win2K clients - > 128bit SP 2) before? This is definitely a howto question. He is not saying there is a security problem with MPD, Even if was a technical bug it still not a security problem. As I am currently not aware of any exploits or authentication and algorithm problems. If he were to come in saying that he was able to bring up a link without authentication even though he has set it up properly. Then this would fit. This doesn't fit here. -- Travis Stevenson Maverik Country Stores, Inc. Afton, Wyoming On Sun, 2002-06-09 at 19:02, Brett Glass wrote: > At 05:16 PM 6/7/2002, Kris Kennaway wrote: > > >Support questions about security, like the ever-popular > >"How do I use IPFW?" absolutely do not belong here. > > I happen to agree with you. But his wasn't a newbie question. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 10:49: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from hermes.maverik.com (hermes.maverik.com [208.7.164.130]) by hub.freebsd.org (Postfix) with ESMTP id 43BD237B403 for ; Mon, 10 Jun 2002 10:48:52 -0700 (PDT) Received: from ech.maverik.com (ech.maverik.com [10.0.6.58]) by hermes.maverik.com (Postfix) with ESMTP id A4AE052915F for ; Tue, 11 Jun 2002 16:52:35 +0000 (GMT) Subject: Re: MPD & MPPE LCP not converging From: Travis Stevenson To: freebsd-security@FreeBSD.ORG In-Reply-To: <4.3.2.7.2.20020609190201.00dd5e00@localhost> References: <200206072312.RAA23495@lariat.org> <20020607161013.A72786@xor.obsecurity.org> <200206072312.RAA23495@lariat.org> <4.3.2.7.2.20020609190201.00dd5e00@localhost> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 10 Jun 2002 10:50:13 -0600 Message-Id: <1023727813.2418.21.camel@ech.maverik.com> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett, Actually, If you look at the question. It says: > Has anyone had problems with MPD and MPPE (win2K clients - > 128bit SP 2) before? This is definitely a howto question. He is not saying there is a security problem with MPD, Even if was a technical bug it still not a security problem. As I am currently not aware of any exploits or authentication and algorithm problems. If he were to come in saying that he was able to bring up a link without authentication even though he has set it up properly. Then this would fit. This doesn't fit here. -- Travis Stevenson Maverik Country Stores, Inc. Afton, Wyoming On Sun, 2002-06-09 at 19:02, Brett Glass wrote: > At 05:16 PM 6/7/2002, Kris Kennaway wrote: > > >Support questions about security, like the ever-popular > >"How do I use IPFW?" absolutely do not belong here. > > I happen to agree with you. But his wasn't a newbie question. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 11: 6:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E8B9A37B626 for ; Mon, 10 Jun 2002 11:04:19 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g5AI4JS88999 for security@freebsd.org; Mon, 10 Jun 2002 11:04:19 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 10 Jun 2002 11:04:19 -0700 (PDT) Message-Id: <200206101804.g5AI4JS88999@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 11: 7:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24]) by hub.freebsd.org (Postfix) with ESMTP id 3557837B43C for ; Mon, 10 Jun 2002 11:05:29 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by spqr.osg.gov.bc.ca (Postfix) with ESMTP id B06B99F110; Mon, 10 Jun 2002 11:05:28 -0700 (PDT) Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5AI5I0j045032; Mon, 10 Jun 2002 11:05:18 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5AI5HGn004193; Mon, 10 Jun 2002 11:05:17 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200206101805.g5AI5HGn004193@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: Matthew Dillon Cc: Cy Schubert - CITS Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: Linux/Windows Virus In-Reply-To: Message from Matthew Dillon of "Mon, 10 Jun 2002 10:12:50 PDT." <200206101712.g5AHCoEP008968@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 10 Jun 2002 11:05:17 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Let's hope that's the case. I suspect that you could be right that it's unlikely to spread, however I'm taking a wait-and-see attitude, e.g. this is nothing to be alarmed about yet. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org In message <200206101712.g5AHCoEP008968@apollo.backplane.com>, Matthew Dillon w rites: > Pah. It looks pretty stupid to me. I see lots of articles hyping the > thing up and prognasticating the first 'multi platform' virus, but not > a single solid report of an actual infection and not a single > description of the transmission vector other then vague guesses > that it might be remote-shell related (aka like an old ssh hole). > It is highly unlikely that even an old, vulnerable sshd running on > FreeBSD could be infected by this thing. > > -Matt > Matthew Dillon > > > :This should probably concern anyone using Linux emulation under > :FreeBSD. I suspect that it may also attempt to infect FreeBSD > :binaries, rendering them useless. > : > :http://www.symantec.com/avcenter/venc/data/linux.simile.html > : > :Be careful what you run. > : > : > :-- > :Cheers, Phone: 250-387-8437 > :Cy Schubert Fax: 250-387-5766 > :Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca > :Open Systems Group, CITS > :Ministry of Management Services > :Province of BC > : FreeBSD UNIX: cy@FreeBSD.org > : > : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 15:31:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from aklsmtp.advgroup.co.nz (mail.pec.co.nz [203.97.46.17]) by hub.freebsd.org (Postfix) with SMTP id 01D8A37B401 for ; Mon, 10 Jun 2002 15:31:16 -0700 (PDT) Received: FROM aklexch1.akl.advgroup.co.nz BY aklsmtp.advgroup.co.nz ; Tue Jun 11 10:37:32 2002 +1200 Received: from SUPPORT_TEST ([172.25.100.8]) by aklexch1.akl.advgroup.co.nz with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id MJT03BSH; Tue, 11 Jun 2002 10:41:59 +1200 From: "Patrick Brennan" To: freebsd-security@freebsd.org Date: Tue, 11 Jun 2002 10:31:28 +1200 MIME-Version: 1.0 Subject: Re: MPD & MPPE LCP not converging Reply-To: patrickb@advantagegroup.co.nz Message-ID: <3D05D180.9892.9B9FC@localhost> References: <4.3.2.7.2.20020609190201.00dd5e00@localhost> In-reply-to: <1023727813.2418.21.camel@ech.maverik.com> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have now cross posted this question to freebsd-ports. I originally posted the question to security as I have seen similar questions in the freebsd-security archive that have been answered by the maintainer of mpd. I propose that we now end this thread as three people exchanging blows is not productive and only serves to inflame tempers. Kind regards Patrick Brennan On 10 Jun 2002 at 10:50, Travis Stevenson wrote: > Brett, > > Actually, If you look at the question. It says: > > > Has anyone had problems with MPD and MPPE (win2K clients - > > 128bit SP 2) before? > > This is definitely a howto question. > > He is not saying there is a security problem with MPD, > > Even if was a technical bug it still not a security problem. As I am > currently not aware of any exploits or authentication and algorithm > problems. > > If he were to come in saying that he was able to bring up a link without > authentication even though he has set it up properly. Then this would > fit. > > This doesn't fit here. > > -- > Travis Stevenson > Maverik Country Stores, Inc. > Afton, Wyoming > > > > On Sun, 2002-06-09 at 19:02, Brett Glass wrote: > > At 05:16 PM 6/7/2002, Kris Kennaway wrote: > > > > >Support questions about security, like the ever-popular > > >"How do I use IPFW?" absolutely do not belong here. > > > > I happen to agree with you. But his wasn't a newbie question. > > > > --Brett > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 16:11: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from snafu.adept.org (snafu.adept.org [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 4EBC137B40D for ; Mon, 10 Jun 2002 16:10:58 -0700 (PDT) Received: by snafu.adept.org (Postfix, from userid 1000) id 39DDD9EE33; Mon, 10 Jun 2002 16:10:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 325CA9B001 for ; Mon, 10 Jun 2002 16:10:56 -0700 (PDT) Date: Mon, 10 Jun 2002 16:10:56 -0700 (PDT) From: Mike Hoskins To: Subject: firewall 'stateful failover' Message-ID: <20020610155455.Y96521-100000@snafu.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there a way to handle the state table in ipfw/ipf? I could write scripts to do 'failover', but I'm wandering if there's a way to 'share' the state table between active and standby units or to pass the state table from one firewall to another over a crossover. I've briefly searched Google for 'BSD Firewall Failover', but didn't find a whole lot. I'm looking for pointers to existing solutions, as well as generalized ideas (about good ways to do this, if it hasn't been done yet). Of course I ideally want pointers to opensource solutions... If none exist, this could be a fun project. However, I find it hard to believe this wheel hasn't already been carved out of stone. Later, -Mike -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 16:47:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.quantified.com (ns2.quantified.com [63.212.171.3]) by hub.freebsd.org (Postfix) with ESMTP id 5AC2637B410 for ; Mon, 10 Jun 2002 16:47:31 -0700 (PDT) Received: from danzig.sd.quantified.net (web.quantified.com [63.212.171.5]) by mail.quantified.com (8.12.1/8.12.1) with ESMTP id g5ANlJlg051659; Mon, 10 Jun 2002 16:47:19 -0700 (PDT) (envelope-from dsilver@urchin.com) Date: Mon, 10 Jun 2002 16:47:22 -0700 (PDT) From: Doug Silver X-Sender: dsilver@danzig.sd.quantified.net To: Mike Hoskins Cc: security@FreeBSD.ORG Subject: Re: firewall 'stateful failover' In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Filter-Version: 1.7 (mail.quantified.com) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 10 Jun 2002, Mike Hoskins wrote: > > Is there a way to handle the state table in ipfw/ipf? I could write > scripts to do 'failover', but I'm wandering if there's a way to 'share' > the state table between active and standby units or to pass the state > table from one firewall to another over a crossover. > > I've briefly searched Google for 'BSD Firewall Failover', but didn't find > a whole lot. I'm looking for pointers to existing solutions, as well as > generalized ideas (about good ways to do this, if it hasn't been done > yet). Of course I ideally want pointers to opensource solutions... If > none exist, this could be a fun project. However, I find it hard to > believe this wheel hasn't already been carved out of stone. > > Later, > -Mike > > -- > "They that can give up essential liberty to obtain a little temporary > safety deserve neither liberty nor safety." --Benjamin Franklin > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > You might want to check the IP Filter mailing list as I know I've seen this issue come up there. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Doug Silver Network Manager Urchin Software Corp. http://www.urchin.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 10 19: 6:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id 8370A37B40A for ; Mon, 10 Jun 2002 19:06:38 -0700 (PDT) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id MAA17580; Tue, 11 Jun 2002 12:06:34 +1000 (EST) From: Darren Reed Message-Id: <200206110206.MAA17580@caligula.anu.edu.au> Subject: Re: firewall 'stateful failover' To: mike@adept.org (Mike Hoskins) Date: Tue, 11 Jun 2002 12:06:34 +1000 (Australia/ACT) Cc: security@FreeBSD.ORG In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org> from "Mike Hoskins" at Jun 10, 2002 04:10:56 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Mike Hoskins, sie said: > > > Is there a way to handle the state table in ipfw/ipf? I could write > scripts to do 'failover', but I'm wandering if there's a way to 'share' > the state table between active and standby units or to pass the state > table from one firewall to another over a crossover. > > I've briefly searched Google for 'BSD Firewall Failover', but didn't find > a whole lot. I'm looking for pointers to existing solutions, as well as > generalized ideas (about good ways to do this, if it hasn't been done > yet). Of course I ideally want pointers to opensource solutions... If > none exist, this could be a fun project. However, I find it hard to > believe this wheel hasn't already been carved out of stone. You can use ipfs to save & restore state/NAT tables in IPFilter. But that's as far as I've gone. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 8:40:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24]) by hub.freebsd.org (Postfix) with ESMTP id 47F0B37B408 for ; Tue, 11 Jun 2002 08:40:43 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by spqr.osg.gov.bc.ca (Postfix) with ESMTP id BEFE79EF18; Tue, 11 Jun 2002 08:40:42 -0700 (PDT) Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5BFeL5W001066; Tue, 11 Jun 2002 08:40:33 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5BFeBGn080095; Tue, 11 Jun 2002 08:40:19 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200206111540.g5BFeBGn080095@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: peter.lai@uconn.edu Cc: Cy Schubert - CITS Open Systems Group , Ian Smith , freebsd-security@FreeBSD.ORG Subject: Re: Linux/Windows Virus In-Reply-To: Message from "Peter C. Lai" of "Mon, 10 Jun 2002 13:16:00 EDT." <20020610131600.B26376@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 11 Jun 2002 08:40:11 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20020610131600.B26376@cowbert.2y.net>, "Peter C. Lai" writes: > Will this thing propagate via FreeBSD ELF binaries, or just > cause a headache because it mucks up the binary making it unable to run? > Symantec lists systems not affected as Unix, of which BSD is a true one. No propagation. I would think just a headache. I would think that any system that can Linux or Windows binaries would have an exposure. In the risk assessment I sent to my management yesterday, I assessed the overall risk from this virus at negligible. Let's not get concerned about it, just keep your eyes open. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 12:22:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from web10105.mail.yahoo.com (web10105.mail.yahoo.com [216.136.130.55]) by hub.freebsd.org (Postfix) with SMTP id B88FD37B406 for ; Tue, 11 Jun 2002 12:22:30 -0700 (PDT) Message-ID: <20020611192229.67216.qmail@web10105.mail.yahoo.com> Received: from [68.5.49.41] by web10105.mail.yahoo.com via HTTP; Tue, 11 Jun 2002 12:22:29 PDT Date: Tue, 11 Jun 2002 12:22:29 -0700 (PDT) From: twig les Subject: Re: Linux/Windows Virus To: freebsd-security@FreeBSD.ORG In-Reply-To: <200206111540.g5BFeBGn080095@cwsys.cwsent.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a question that (to me) seems interesting.... I enabled Linux emulation to run Netscape and maybe a couple of things in the future. This cross-platform proof-of-concept (which is all this seems to be) may open the door for future work that could nail me. Is this a threat? I'm not crying wolf by any means, but I'm also not a developer; I'm not clueless, but I'm not a pro. So I can't assess this risk the way a pro could. --- Cy Schubert - CITS Open Systems Group wrote: > In message <20020610131600.B26376@cowbert.2y.net>, > "Peter C. Lai" > writes: > > Will this thing propagate via FreeBSD ELF > binaries, or just > > cause a headache because it mucks up the binary > making it unable to run? > > Symantec lists systems not affected as Unix, of > which BSD is a true one. > > No propagation. > > I would think just a headache. > > I would think that any system that can Linux or > Windows binaries would > have an exposure. > > In the risk assessment I sent to my management > yesterday, I assessed > the overall risk from this virus at negligible. > Let's not get > concerned about it, just keep your eyes open. > > > -- > Cheers, Phone: > 250-387-8437 > Cy Schubert Fax: > 250-387-5766 > Team Leader, Sun/Alpha Team Email: > Cy.Schubert@osg.gov.bc.ca > Open Systems Group, CITS > Ministry of Management Services > Province of BC > FreeBSD UNIX: cy@FreeBSD.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only failures don't include failing in their plans ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 13:48:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from scan.ji-net.com (scan.ji-net.com [203.130.156.4]) by hub.freebsd.org (Postfix) with ESMTP id 0B07637B41A for ; Tue, 11 Jun 2002 13:47:24 -0700 (PDT) Received: from net1.ji-net.com ([203.156.15.120]) by scan.ji-net.com (8.11.2/8.11.2) with SMTP id g5BKlJQ25482 for ; Wed, 12 Jun 2002 03:47:19 +0700 Message-Id: <200206112047.g5BKlJQ25482@scan.ji-net.com> Date: Wed, 12 Jun 2002 03:49:24 To: FreeBSD-security@FreeBSD.org From: goodhealthgoodjob@yahoo.com (foodforhealth) Subject: Çѹ¹Õé¤Ø³´ÙáÅÊØ¢ÀÒ¾áÅéÇËÃ×ÍÂѧ X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org á¹Ð¹Óâ»Ãá¡ÃÁ¤Çº¤ØÁ¹éÓ˹ѡ à¾ÔèÁ¹éÓ˹ѡ ÃÑ¡ÉÒÊØ¢ÀÒ¾ ¤Ø³ËÃ×ͤ¹·Õè¤Ø³ÃÑ¡¡ÓÅѧÁͧËÒÇÔ¸Õ´ÙáÅÊØ¢ÀÒ¾·Õèà»ç¹¸ÃÃÁªÒµÔÍÂÙèãªèäËÁ? ËÒ¡¤Ø³àº×èÍ˹èÒ¡Ѻ¤ÇÒÁ¾ÂÒÂÒÁ·ÕèäÁè»ÃÐʺ¤ÇÒÁÊÓàÃ稤ÃÑé§áÅéǤÃÑé§àÅèÒ ã¹¡ÒôÙáÅÊØ¢ÀÒ¾à¾×èÍÃÙ»ÃèÒ§·Õè´Õ àÃÒÁÕâ»Ãá¡ÃÁâÀª¹Ò¡ÒÃà¾×èÍÊØ¢ÀÒ¾ ·ÕèªèǤسä´é ÊÓËÃѺ¼Ùé·ÕèÁջѭËÒ ¹éÓ˹ѡà¡Ô¹ËÃ×ÍÍéǹ, ¼ÍÁà¡Ô¹ä», ÁջѭËÒÊØ¢ÀÒ¾ (¼ÍÁáËé§áç¹éÍÂ, ¾Ø§ËéÍÂÍ×´ÍÒ´, ¢Ò´¤ÇÒÁÁÑè¹ã¨, âäÀѶÒÁËÒ,ãºË¹éÒà»ç¹ÊÔÇ, ¼ÔǾÃóàËÕèÂÇÂè¹, ¤¹àÅ蹡ÕÌÒ, ¤Ø³»éÒÇÑ·ͧ, ¤Ø³¹éÍ§æ ·ÕèÍÂÒ¡ÊÇÂ)à»ç¹¼ÅÔµÀѳ±ì¨Ò¡¸ÃÃÁªÒµÔ 100 % äÁèãªèÂÒ äÁèµéͧʹÍÒËÒà äÁèÁռŢéÒ§à¤Õ§ äÁèµéͧÍÍ¡¡ÓÅѧ¡Ò ¿Ñ§´ÙäÁè¹èÒàª×èÍáµè¡çµéͧàª×èÍà¾ÃÒмèÒ¹ ÍÂ.·Ø¡»ÃÐà·È·Õèà¢éÒ仢ÒÂâ´Â੾ÒлÃÐà·Èä·ÂáÅÐÍàÁÃÔ¡Ò ãËéÊÒÃÍÒËÒäú¶éǹ »ÃѺÊÁ´ØŢͧÃèÒ§¡ÒÂÅ´ä¢ÁѹÊèǹà¡Ô¹ ÃѺÃͧ¼ÅÀÒÂã¹30Çѹ´éÇÂÃкº¤×¹à§Ô¹100%(á¾·Âì¼Ùé¤Ô´¤é¹ÍÒËÒÃÊٵùÕé¤×ͤ¹·Õè¤Ô´¤é¹ÍÒËÒÃãËé¹Ñ¡ºÔ¹ÍÇ¡ÒÈͧ¤ì¡ÒùҫèÒ) ʹ㨠¢Í¤Óá¹Ð¹Óà¾ÔèÁàµÔÁä´é·Õè ¤Ø³ÊÔÃÔ 01-8901701¾º¤ÓµÍºÊØ´·éÒ¢ͧ¤Ø³ä´é·Õè¹Õè http://www.smartslender.com/foodforhealth To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 14:29:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from glassfish.net (box15.communitycolo.net [209.81.4.68]) by hub.freebsd.org (Postfix) with SMTP id 1BCD237B40B for ; Tue, 11 Jun 2002 14:29:49 -0700 (PDT) Received: (qmail 59949 invoked from network); 5 Jun 2002 05:03:38 -0000 Received: from unknown (HELO glassfish.net) (128.200.142.203) by 209.81.4.68 with SMTP; 5 Jun 2002 05:03:38 -0000 Message-ID: <3CFD9B8D.4010000@glassfish.net> Date: Tue, 04 Jun 2002 22:03:09 -0700 From: Michael Tang Helmeste User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Testing firewall rules Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there any way to test firewall rules with example packets before you implement them? Maybe like a mock-ipfw and packet injection tool or something. Some type of network stack emulator that reads IPFW style rules? I have some very large ipfw rulesets and its hard to step thru each rule and check it against a packet, especially for when you want to test all different types of services, in both directions, etc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 14:40:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe62.pav1.hotmail.com [64.4.30.197]) by hub.freebsd.org (Postfix) with ESMTP id 5BE5D37B404 for ; Tue, 11 Jun 2002 14:40:19 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 11 Jun 2002 14:40:19 -0700 X-Originating-IP: [207.112.2.1] From: "jack xiao" To: Subject: ssh questions Date: Tue, 11 Jun 2002 17:36:25 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0111_01C2116E.82A19EE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 11 Jun 2002 21:40:19.0181 (UTC) FILETIME=[94F481D0:01C21190] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0111_01C2116E.82A19EE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I am ruunig ssh under FreeBSD4.5. It works fine, but I am wondering if = anybody has any experience of using ssh without inputing username and = password. It's for a cron job on my box... Thanks. Jack ------=_NextPart_000_0111_01C2116E.82A19EE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi,
 
I am ruunig ssh under FreeBSD4.5. It works fine, but I=20 am wondering if anybody has any experience of using ssh without = inputing=20 username and password. It's for a cron job on my box...
 
Thanks.
 
Jack
------=_NextPart_000_0111_01C2116E.82A19EE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 14:55:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by hub.freebsd.org (Postfix) with ESMTP id 1EAF837B40E for ; Tue, 11 Jun 2002 14:55:23 -0700 (PDT) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by be-well.ilk.org (8.12.3/8.12.3) with ESMTP id g5BLtMDP000217 for ; Tue, 11 Jun 2002 17:55:22 -0400 (EDT) (envelope-from lowell@world.std.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.3/8.12.3/Submit) id g5BLtLRx000214; Tue, 11 Jun 2002 17:55:21 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to lowell@world.std.com using -f To: freebsd-security@freebsd.org Subject: Re: ssh questions References: From: Lowell Gilbert Date: 11 Jun 2002 17:55:21 -0400 In-Reply-To: Message-ID: <44ptyx7a5y.fsf@be-well.ilk.org> Lines: 11 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "jack xiao" writes: > I am ruunig ssh under FreeBSD4.5. It works=A0fine, but I am=A0wondering i= f anybody > has any experience of using ssh without inputing username and password. I= t's > for a cron job on my box... Sure. You use DSA or RSA authentication, and no passphrase.=20=20 See the manual. [You need to be very careful about this kind of configuration, though; if possible, give the ssh identity a userid with no login privileges...] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:13:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from osi-east2.nersc.gov (osi-east2.nersc.gov [128.55.6.20]) by hub.freebsd.org (Postfix) with ESMTP id 26E3137B40A for ; Tue, 11 Jun 2002 16:13:14 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by osi-east2.nersc.gov (8.9.2/8.9.2) with ESMTP id QAA26674 for ; Tue, 11 Jun 2002 16:13:09 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id D651F3B1AC for ; Tue, 11 Jun 2002 16:13:12 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: freebsd-security@FreeBSD.ORG Subject: Re: ssh questions In-Reply-To: Message from Lowell Gilbert of "11 Jun 2002 17:55:21 EDT." <44ptyx7a5y.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_303021056P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Tue, 11 Jun 2002 16:13:12 -0700 From: Eli Dart Message-Id: <20020611231312.D651F3B1AC@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_303021056P Content-Type: text/plain; charset=us-ascii You can also edit the public key so that access granted to the private key is only for running a given command. For example, if you want to check the status of network connections on the remote machine periodically, you can do this: from="ip_address_of_polling_host",command="/usr/bin/netstat -inb",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAA...(rest of key) The output of netstat -inb will show up on stdout on the local machine. --eli In reply to Lowell Gilbert : > "jack xiao" writes: > > > I am ruunig ssh under FreeBSD4.5. It works=A0fine, but I am=A0wondering i= > f anybody > > has any experience of using ssh without inputing username and password. I= > t's > > for a cron job on my box... > > Sure. You use DSA or RSA authentication, and no passphrase.=20=20 > See the manual. > > [You need to be very careful about this kind of configuration, though; > if possible, give the ssh identity a userid with no login privileges...] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --==_Exmh_303021056P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE9BoQILTFEeF+CsrMRAtPWAKCjGNaRrmUdVaHbKgxr/Apt/2XYwQCeLLU6 kttJfe3I3DicXGhnhKa2JWU= =UuYt -----END PGP SIGNATURE----- --==_Exmh_303021056P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:28:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from glassfish.net (box15.communitycolo.net [209.81.4.68]) by hub.freebsd.org (Postfix) with SMTP id 48D5F37B405 for ; Tue, 11 Jun 2002 16:28:38 -0700 (PDT) Received: (qmail 87943 invoked from network); 5 Jun 2002 23:29:07 -0000 Received: from unknown (HELO glassfish.net) (128.200.142.203) by 209.81.4.68 with SMTP; 5 Jun 2002 23:29:07 -0000 Message-ID: <3CFE9EA7.9000809@glassfish.net> Date: Wed, 05 Jun 2002 16:28:39 -0700 From: Michael Tang Helmeste User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Testing firewall rules Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I sent this earlier but it seems to have gotten lost in the mail... Is there any way to test firewall rules with example packets before you implement them? Maybe like a mock-ipfw and packet injection tool or something. Some type of network stack emulator that reads IPFW style rules? I have some very large ipfw rulesets and its hard to step thru each rule and check it against a packet, especially for when you want to test all different types of services, in both directions, etc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:31: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe39.pav1.hotmail.com [64.4.30.96]) by hub.freebsd.org (Postfix) with ESMTP id 4229637B403 for ; Tue, 11 Jun 2002 16:30:57 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 11 Jun 2002 16:30:57 -0700 X-Originating-IP: [207.112.125.8] From: "Jack Xiao" To: , "Lowell Gilbert" , "Mark S." , "Derek Ragona" References: <44ptyx7a5y.fsf@be-well.ilk.org> Subject: Re: ssh questions Date: Tue, 11 Jun 2002 19:30:56 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 11 Jun 2002 23:30:57.0179 (UTC) FILETIME=[09829EB0:01C211A0] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I got ssh work without typing the username and password. But need further step, use sftp without typing username and passowrd. I have thought if ssh works fine, there's no problem with sftp. But I was still asked for the password when using sftp. Any ideas will be appreciated. In addition, is it less secure for the ssh if there is no passphrase? Thanks. Jack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:35:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from spqr.osg.gov.bc.ca (spqr.osg.gov.bc.ca [142.32.102.24]) by hub.freebsd.org (Postfix) with ESMTP id 851D937B41A for ; Tue, 11 Jun 2002 16:35:11 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by spqr.osg.gov.bc.ca (Postfix) with ESMTP id 5B3AB9EF18; Tue, 11 Jun 2002 16:35:11 -0700 (PDT) Received: from cwsys.cwsent.com (cwsys2 [10.1.2.1]) by passer.osg.gov.bc.ca (8.12.4/8.12.3) with ESMTP id g5BNZA5W005174; Tue, 11 Jun 2002 16:35:10 -0700 (PDT) (envelope-from cy@cwsent.com) Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.4/8.12.3) with ESMTP id g5BNZAGn091487; Tue, 11 Jun 2002 16:35:10 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200206112335.g5BNZAGn091487@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-os: FreeBSD X-Sender: cy@cwsent.com To: Michael Tang Helmeste Cc: freebsd-security@FreeBSD.ORG Subject: Re: Testing firewall rules In-Reply-To: Message from Michael Tang Helmeste of "Wed, 05 Jun 2002 16:28:39 PDT." <3CFE9EA7.9000809@glassfish.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 11 Jun 2002 16:35:10 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <3CFE9EA7.9000809@glassfish.net>, Michael Tang Helmeste writes: > I sent this earlier but it seems to have gotten lost in the mail... > > Is there any way to test firewall rules with example packets before you > implement them? Maybe like a mock-ipfw and packet injection tool or > something. Some type of network stack emulator that reads IPFW style > rules? I have some very large ipfw rulesets and its hard to step thru > each rule and check it against a packet, especially for when you want to > test all different types of services, in both directions, etc. The shields up firewall tester at grc.com can do some basic testing for you. If however you want to test some specific aspect of your firewall, nmap is probably the way to go. -- Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:37: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from webcorelabs.com (finishes.webcorelabs.com [209.115.232.154]) by hub.freebsd.org (Postfix) with ESMTP id 18FE037B400 for ; Tue, 11 Jun 2002 16:36:59 -0700 (PDT) Received: from quaker [209.115.232.130] by webcorelabs.com [209.115.232.151] with SMTP (MDaemon.v3.5.3.R) for ; Tue, 11 Jun 2002 17:36:39 -0600 From: chad To: freebsd-security@freebsd.org Date: Tue, 11 Jun 2002 17:36:13 -0600 X-Priority: 3 (Normal) Reply-To: chad@webcorelabs.com Organization: www.webcorelabs.com In-Reply-To: Message-Id: <0807985ZV07LYT53MH87SPLGC7VRDA.3d06896d@quaker> Subject: Re: ssh questions MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Mailer: Opera 6.03 build 1107 X-MDRemoteIP: 209.115.232.130 X-Return-Path: chad@webcorelabs.com X-MDaemon-Deliver-To: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 6/11/2002 5:30:56 PM, "Jack Xiao" wrote: >Hi, > >I got ssh work without typing the username and password. But need further >step, use sftp without typing username and passowrd. I have thought if ssh >works fine, there's no problem with sftp. But I was still asked for the >password when using sftp. Any ideas will be appreciated. > >In addition, is it less secure for the ssh if there is no passphrase? > >Thanks. > >Jack I've used scp in scripts to copy files around. I've also used rsync wrapped in ssh. As far as sftp good luck. /Chad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 16:45:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from spc.com (proxy-mad.comunitel.net [212.145.4.89]) by hub.freebsd.org (Postfix) with SMTP id D12D637B40F; Tue, 11 Jun 2002 16:45:06 -0700 (PDT) Received: from unknown (HELO rly-xl05.dohuya.com) (107.91.107.242) by symail.kustanai.co.kr with QMQP; 12 Jun 0102 02:38:48 +0700 Received: from unknown (HELO asy100.as122.sol-superunderline.com) (48.4.95.1) by q4.quickslow.com with esmtp; Wed, 12 Jun 0102 09:37:08 -1000 Reply-To: Message-ID: <018c58e25d1e$7522a4b0$2ad38ba7@fjfmwh> From: To: Septic@FreeBSD.ORG, Tank@FreeBSD.ORG, Owner@FreeBSD.ORG Subject: Septic Tank? Maintenance Tips 3397cbdK3-252Ooxd0050yrGV9-387Mq-30 Date: Wed, 12 Jun 0102 01:34:21 -0200 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C3_37C44A1A.B4572C37" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00C3_37C44A1A.B4572C37 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 SWYgeW91ciBob21lIGlzIHNlcnZlZCBieSBhIHNlcHRpYyBzeXN0ZW0sIHlv dSBhcmUNCmFibGUgdG8gcmVjZWl2ZSBpbnZhbHVhYmxlIGluZm9ybWF0aW9u IG9uIGhvdyB0bw0KZWxpbWluYXRlIHB1bXAgb3V0cywgaG93IHRvIG1haW50 YWluIHRoZSBzeXN0ZW0NCnByb3Blcmx5IGFuZCBjdXJlIHByb2JsZW1zIHN1 Y2ggYXMgYmFja3Vwcywgd2V0IHNwb3RzLA0Kb2RvciwgZXRjLiAtLSAgRk9S IEZSRUUhDQoNCllvdSBjYW4gZG8gdGhpcyBieSBjaGVja2luZyBvdXQgb3Vy IHNpdGUgYXQ6IA0KDQpodHRwOi8vd3d3LnNwYzg3MDg1LmNvbS8NCg0KSW4g YWRkaXRpb24sIHlvdSB3aWxsIGhhdmUgdGhlIG9wcG9ydHVuaXR5IHRvDQpw YXJ0aWNpcGF0ZSBpbiBhIGZyZWUgdHJpYWwgcHJvZ3JhbSB0byB0ZXN0IHRo ZQ0KZWZmZWN0aXZlbmVzcyBvZiBvdXIgcHJvZHVjdCwgSU4gWU9VUiBPV04g U1lTVEVNLiANCg0KUGxlYXNlIGNoZWNrIHVzIG91dC4NCg0KVGhhbmsgeW91 Lg0KDQpTaW5jZXJlbHksDQoNClNQQw0KDQpQLlMuIFJlbWVtYmVyLCB5b3Ug bXVzdCBjbGljayBvbiB0aGlzIGxpbmsgdG8gcmVjZWl2ZQ0KdGhpcyBoZWxw ZnVsIGluZm9ybWF0aW9uIQ0KDQpodHRwOi8vd3d3LnNwYzg3MDg1LmNvbS8N Cg0KDQoNClRvIGJlIHJlbW92ZWQgZnJvbSBvdXIgZW1haWwgbGlzdCBwbGVh c2UgY2xpY2sgb24gdGhlIGxpbmsgYmVsb3cuDQpodHRwOi8vd3d3LnNwYzg3 MDg1LmNvbS9yZW1vdmUuaHRtbA0KNDk4NXJybVczLTMyOWxMdlYyODQ5c0Fy QTUtOTQ3Q2NlejA4MDJoWFBGNy00NjNuUldMNDM1NURRVkMyLTIwNXBZdFI4 ODA0bDY4 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 17: 4: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from web10107.mail.yahoo.com (web10107.mail.yahoo.com [216.136.130.57]) by hub.freebsd.org (Postfix) with SMTP id 3753C37B40C for ; Tue, 11 Jun 2002 17:03:55 -0700 (PDT) Message-ID: <20020612000355.11939.qmail@web10107.mail.yahoo.com> Received: from [68.5.49.41] by web10107.mail.yahoo.com via HTTP; Tue, 11 Jun 2002 17:03:55 PDT Date: Tue, 11 Jun 2002 17:03:55 -0700 (PDT) From: twig les Subject: Re: ssh questions To: Jack Xiao , freebsd-security@freebsd.org, Lowell Gilbert , "Mark S." , Derek Ragona In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Look into a language called "Expect". And don't be intimidated by the fact that it's a new language to learn. Most likely you can run a script in cron that will basically say: spawn ssh send [ssh command] expect [normal response] send [sftp command] Obviously it's a little more complex than that, but the beauty of Expect is that it's only a *little* more complex than that. It's not the most secure thing to do though. But you can mitigate that risk through permissions and maybe not giving the user a shell (not sure if that breaks sftp...). The book for this is called "Exploring Expect" but you could get away with a quick online tutorial like the one here: http://www.raycosoft.com/rayco/support/expect_tutor.html Hope that helps. Keith --- Jack Xiao wrote: > Hi, > > I got ssh work without typing the username and > password. But need further > step, use sftp without typing username and passowrd. > I have thought if ssh > works fine, there's no problem with sftp. But I was > still asked for the > password when using sftp. Any ideas will be > appreciated. > > In addition, is it less secure for the ssh if there > is no passphrase? > > Thanks. > > Jack > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only failures don't include failing in their plans ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 17:41:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by hub.freebsd.org (Postfix) with ESMTP id 4F1C337B406 for ; Tue, 11 Jun 2002 17:41:12 -0700 (PDT) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by be-well.ilk.org (8.12.3/8.12.3) with ESMTP id g5C0f6DP000765 for ; Tue, 11 Jun 2002 20:41:06 -0400 (EDT) (envelope-from lowell@world.std.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.3/8.12.3/Submit) id g5C0f6bd000762; Tue, 11 Jun 2002 20:41:06 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to lowell@world.std.com using -f To: freebsd-security@freebsd.org Subject: Re: ssh questions References: <44ptyx7a5y.fsf@be-well.ilk.org> From: Lowell Gilbert Date: 11 Jun 2002 20:41:05 -0400 In-Reply-To: Message-ID: <444rg95nxa.fsf@be-well.ilk.org> Lines: 12 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Jack Xiao" writes: > I got ssh work without typing the username and password. But need further > step, use sftp without typing username and passowrd. I have thought if ssh > works fine, there's no problem with sftp. But I was still asked for the > password when using sftp. Any ideas will be appreciated. scp(1). > In addition, is it less secure for the ssh if there is no passphrase? Of course. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 18:29:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id B9C4737B405 for ; Tue, 11 Jun 2002 18:29:05 -0700 (PDT) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id LAA08555; Wed, 12 Jun 2002 11:29:02 +1000 (EST) From: Darren Reed Message-Id: <200206120129.LAA08555@caligula.anu.edu.au> Subject: Re: Testing firewall rules To: elf@glassfish.net (Michael Tang Helmeste) Date: Wed, 12 Jun 2002 11:29:02 +1000 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <3CFE9EA7.9000809@glassfish.net> from "Michael Tang Helmeste" at Jun 05, 2002 04:28:39 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Michael Tang Helmeste, sie said: > > I sent this earlier but it seems to have gotten lost in the mail... > > Is there any way to test firewall rules with example packets before you > implement them? Maybe like a mock-ipfw and packet injection tool or > something. Some type of network stack emulator that reads IPFW style > rules? I have some very large ipfw rulesets and its hard to step thru > each rule and check it against a packet, especially for when you want to > test all different types of services, in both directions, etc. Were you using ipf, you could use ipftest. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 11 21:25:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from broadviewnet.net (unix5.broadviewnet.net [64.115.0.25]) by hub.freebsd.org (Postfix) with SMTP id 8528A37B406 for ; Tue, 11 Jun 2002 21:25:56 -0700 (PDT) Received: (qmail 4843 invoked from network); 12 Jun 2002 04:25:50 -0000 Received: from dsl-sj-66-219-69-66.broadviewnet.net (HELO racerx) (66.219.69.66) by smtp.broadviewnet.net with SMTP; 12 Jun 2002 04:25:50 -0000 From: "John Kirkman" To: Subject: Date: Tue, 11 Jun 2002 21:25:37 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org subscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 0:25:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id 9C5E537B408 for ; Wed, 12 Jun 2002 00:25:20 -0700 (PDT) Received: (qmail 59315 invoked by uid 85); 12 Jun 2002 07:35:42 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 12 Jun 2002 07:35:39 -0000 Received: (qmail 83092 invoked by uid 1000); 12 Jun 2002 07:24:06 -0000 Date: Wed, 12 Jun 2002 10:24:06 +0300 From: Peter Pentchev To: twig les Cc: Jack Xiao , freebsd-security@freebsd.org, Lowell Gilbert , "Mark S." , Derek Ragona Subject: Re: ssh questions Message-ID: <20020612102406.C73294@straylight.oblivion.bg> Mail-Followup-To: twig les , Jack Xiao , freebsd-security@freebsd.org, Lowell Gilbert , "Mark S." , Derek Ragona References: <20020612000355.11939.qmail@web10107.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020612000355.11939.qmail@web10107.mail.yahoo.com>; from twigles@yahoo.com on Tue, Jun 11, 2002 at 05:03:55PM -0700 X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 11, 2002 at 05:03:55PM -0700, twig les wrote: > Keith >=20 >=20 >=20 > --- Jack Xiao wrote: > > Hi, > >=20 > > I got ssh work without typing the username and > > password. But need further > > step, use sftp without typing username and passowrd. > > I have thought if ssh > > works fine, there's no problem with sftp. But I was > > still asked for the > > password when using sftp. Any ideas will be > > appreciated. > >=20 > > In addition, is it less secure for the ssh if there > > is no passphrase? >=20 > Look into a language called "Expect". And don't be > intimidated by the fact that it's a new language to > learn. Most likely you can run a script in cron that > will basically say: >=20 > spawn ssh > send [ssh command] > expect [normal response] > send [sftp command] >=20 > Obviously it's a little more complex than that, but > the beauty of Expect is that it's only a *little* more > complex than that. >=20 > It's not the most secure thing to do though. But you > can mitigate that risk through permissions and maybe > not giving the user a shell (not sure if that breaks > sftp...). >=20 > The book for this is called "Exploring Expect" but you > could get away with a quick online tutorial like the > one here: >=20 > http://www.raycosoft.com/rayco/support/expect_tutor.html >=20 > Hope that helps. BTW, have you actually tried this with SSH and/or sftp? I have no doubt that it will work as far as the sending of commands, but there might be a little problem concerning the authentication itself: SSH is really, really picky about having the password or passphrase read from a terminal, not from just any input stream. Thus, when Expect opens SSH, attaching pipes to its standard input and output, SSH will refuse to read a passphrase from its stdin and try to read it from the controlling terminal instead. Since a cron-run process will have no controlling terminal, SSH will exit with a message along the lines of 'you have no controlling terminal, unable to read passphrase'. Thus, even with Expect, one will need to setup some form of empty-passphrase authentication for unattended SSH/scp/sftp connections. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If you think this sentence is confusing, then change one pig. --zhXaljGHf11kAtnf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9BvcW7Ri2jRYZRVMRAtD9AJ4vB/juN3t1FL8S9wDAfAqCmHZwXgCgpLCE qvl8MwX/7YGzLu2aVywLEfE= =DXkF -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 5: 5:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from insomnia.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 974A337B40B for ; Wed, 12 Jun 2002 05:05:42 -0700 (PDT) Received: (qmail 32382 invoked by uid 1031); 12 Jun 2002 11:55:40 -0000 Date: Wed, 12 Jun 2002 11:55:40 +0000 From: Bruce M Simpson To: Mike Hoskins Cc: security@freebsd.org Subject: Re: firewall 'stateful failover' Message-ID: <20020612115540.A9893@spc.org> References: <20020610155455.Y96521-100000@snafu.adept.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org>; from mike@adept.org on Mon, Jun 10, 2002 at 04:10:56PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike, This was on my list of 'cool things to do'; I'm pretty sure it's on other people's also. Perhaps something like CHATS funding might encourage it to bubble further up the priority queue? ;-) BMS On Mon, Jun 10, 2002 at 04:10:56PM -0700, Mike Hoskins wrote: > > Is there a way to handle the state table in ipfw/ipf? I could write > scripts to do 'failover', but I'm wandering if there's a way to 'share' > the state table between active and standby units or to pass the state > table from one firewall to another over a crossover. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 6: 9:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from slc.edu (weir-01c.slc.edu [207.106.89.46]) by hub.freebsd.org (Postfix) with ESMTP id D36C037B408 for ; Wed, 12 Jun 2002 06:09:43 -0700 (PDT) Received: (from aschneid@localhost) by slc.edu (8.11.6/8.11.6) id g5CEEuJ18954; Wed, 12 Jun 2002 14:14:56 GMT (envelope-from aschneid@mail.slc.edu) Date: Wed, 12 Jun 2002 14:14:56 +0000 From: Anthony Schneider To: Peter Pentchev Cc: twig les , Jack Xiao , freebsd-security@FreeBSD.ORG, Lowell Gilbert , "Mark S." , Derek Ragona Subject: Re: ssh questions Message-ID: <20020612141456.A18932@mail.slc.edu> References: <20020612000355.11939.qmail@web10107.mail.yahoo.com> <20020612102406.C73294@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020612102406.C73294@straylight.oblivion.bg>; from roam@ringlet.net on Wed, Jun 12, 2002 at 10:24:06AM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've never had a problem sending passphrases to ssh via expect, personally. -Anthony. >=20 > BTW, have you actually tried this with SSH and/or sftp? I have no doubt > that it will work as far as the sending of commands, but there might be > a little problem concerning the authentication itself: SSH is really, > really picky about having the password or passphrase read from a > terminal, not from just any input stream. Thus, when Expect opens SSH, > attaching pipes to its standard input and output, SSH will refuse to > read a passphrase from its stdin and try to read it from the controlling > terminal instead. Since a cron-run process will have no controlling > terminal, SSH will exit with a message along the lines of 'you have no > controlling terminal, unable to read passphrase'. >=20 > Thus, even with Expect, one will need to setup some form of > empty-passphrase authentication for unattended SSH/scp/sftp connections. >=20 > G'luck, > Peter >=20 > --=20 > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > If you think this sentence is confusing, then change one pig. --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj0HV18ACgkQ+rDjkNht5F0jwACdGuS0l31ur1NG+mFnky9FG9He OMEAn19XwbwW8mIwLnmNUGxzGpVEQ3VT =KQEt -----END PGP SIGNATURE----- --DocE+STaALJfprDB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 6:25:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from lycos.com (cache5-0.ruh.isu.net.sa [212.138.47.15]) by hub.freebsd.org (Postfix) with SMTP id C44BE37B40D for ; Wed, 12 Jun 2002 06:24:46 -0700 (PDT) Received: from 109.128.155.46 ([109.128.155.46]) by f64.law4.hottestmale.com with asmtp; 12 Jun 2002 05:24:13 -0700 Received: from [126.229.204.135] by mta21.bigpong.com with smtp; 11 Jun 2002 22:15:36 +0300 Received: from unknown (HELO n9.groups.huyahoo.com) (114.186.69.235) by n9.groups.huyahoo.com with local; 12 Jun 2002 01:06:59 -0000 Reply-To: Message-ID: <028d56d04c8b$4225a5c6$6bc48ee3@bsasob> From: To: Consolidate@FreeBSD.ORG Subject: ** You are approved. ** Date: Tue, 11 Jun 2002 16:05:02 +0900 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00A3_55B54C7B.E8562B23" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00A3_55B54C7B.E8562B23 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 PGh0bWw+DQo8Ym9keT4NCjxmb250IGNvbG9yPSJmZmZmZmYiPkhvcGUgPC9m b250Pg0KPHA+WW91ciBob21lIHJlZmluYW5jZSBsb2FuIGlzIGFwcHJvdmVk ITxicj48L3A+PGJyPg0KPHA+VG8gZ2V0IHlvdXIgYXBwcm92ZWQgYW1vdW50 IDxhIGhyZWY9Imh0dHA6Ly82Ni4yMzEuMTMzLjIwMS9hcHByb3ZhbC8iPmdv DQpoZXJlPC9hPi48L3A+DQo8YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+ PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48 YnI+DQo8cD5UbyBiZSBleGNsdWRlZCBmcm9tIGZ1cnRoZXIgbm90aWNlcyA8 Zm9udCBzaXplPSIzIj48YQ0KaHJlZj0ibWFpbHRvOmdhbmRhbGYyQGJ0YW1h aWwubmV0LmNuP3N1YmplY3Q9cGxlYXNlIHVuc3Vic2NyaWJlIj5nbyBoZXJl PC9hPjwvZm9udD48c21hbGw+DQouPC9zbWFsbD48L3A+DQo8Zm9udCBjb2xv cj0iZmZmZmZmIj5Ib3BlIDwvZm9udD4NCjwvYm9keT4NCjxmb250IGNvbG9y PSJmZmZmZmYiPg0KPC9odG1sPg0KMzkyM0ZLZ2o0LTM1M2JOVUY2MjE2b3JS dzMtMjc3cVZjeDUwNDBTaElvNi0xNTJ3R25mOTYwbDUx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 7:33:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-166-7.stny.rr.com [24.169.166.7]) by hub.freebsd.org (Postfix) with ESMTP id A71E937B407 for ; Wed, 12 Jun 2002 07:33:51 -0700 (PDT) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.3/8.12.3) with ESMTP id g5CEXjva036793; Wed, 12 Jun 2002 10:33:45 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.3/8.12.3/Submit) with ESMTP id g5CEXeZi036790; Wed, 12 Jun 2002 10:33:40 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Wed, 12 Jun 2002 10:33:40 -0400 (EDT) From: Matt Piechota To: Anthony Schneider Cc: Peter Pentchev , twig les , Jack Xiao , , Lowell Gilbert , "Mark S." , Derek Ragona Subject: Re: ssh questions In-Reply-To: <20020612141456.A18932@mail.slc.edu> Message-ID: <20020612102816.E36620-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 12 Jun 2002, Anthony Schneider wrote: > I've never had a problem sending passphrases to ssh via expect, personally. This is a rather poorly written expect script that I use to tar up a cvs tree on a computer in a rather restrictive lab. It's biggest problem is the password is in the file, and shows up in the cron mail. It should be a decent start, and I should really get to reading that expect book I have. :) Check this: #!/usr/freeware/bin/expect -f set timeout 120 spawn /usr/local/bin/ssh piechota@fsmvpn2 expect "password" send "xxxx\r" expect "(~)%" send "rm -f bdf.tar\r" expect "(~)%" send "cd /home/cvs\r" expect "(/home/cvs)%" send "tar cvf /home/piechota/bdf.tar bdf\r" expect "(/home/cvs)%" send "exit\r" set timeout 900 spawn /usr/local/bin/scp piechota@fsmvpn2:/home/piechota/bdf.tar fsmcvs.tar expect "password" send "xxxx\r" expect "100%" send "expect done\r" -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 7:48:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.root.nis.za (root.nis.za [196.36.198.81]) by hub.freebsd.org (Postfix) with ESMTP id 5232B37B400 for ; Wed, 12 Jun 2002 07:48:53 -0700 (PDT) Received: from aragon (na.sdn.net.za [66.8.86.210]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail.root.nis.za (Postfix) with SMTP id BD5D124F06 for ; Wed, 12 Jun 2002 16:48:49 +0200 (SAST) Message-ID: <005901c21220$4ccb98e0$01000001@aragon> From: "Aragon Gouveia" To: References: <20020612102816.E36620-100000@cithaeron.argolis.org> Subject: Re: ssh questions Date: Wed, 12 Jun 2002 16:49:03 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > This is a rather poorly written expect script that I use to tar up a cvs > tree on a computer in a rather restrictive lab. I haven't been following this thread, but wouldn't key authentication be easier, securer, more reliable? Regards, Aragon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 7:54:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-166-7.stny.rr.com [24.169.166.7]) by hub.freebsd.org (Postfix) with ESMTP id CA78437B408 for ; Wed, 12 Jun 2002 07:54:28 -0700 (PDT) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.3/8.12.3) with ESMTP id g5CEsSva036849; Wed, 12 Jun 2002 10:54:28 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.3/8.12.3/Submit) with ESMTP id g5CEsR5B036846; Wed, 12 Jun 2002 10:54:27 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Wed, 12 Jun 2002 10:54:27 -0400 (EDT) From: Matt Piechota To: Aragon Gouveia Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh questions In-Reply-To: <005901c21220$4ccb98e0$01000001@aragon> Message-ID: <20020612105149.M36620-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 12 Jun 2002, Aragon Gouveia wrote: > > This is a rather poorly written expect script that I use to tar up a cvs > > tree on a computer in a rather restrictive lab. > > I haven't been following this thread, but wouldn't key authentication be > easier, securer, more reliable? It uses keys, but the keys have a password on them. It really isn't all that good either way: one way I have passwords laying about, the other I have passwordless keys that are nearly as dangerous. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 8:45:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 29E8737B40C for ; Wed, 12 Jun 2002 08:45:05 -0700 (PDT) Received: (qmail 76707 invoked by uid 1000); 12 Jun 2002 15:44:55 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Jun 2002 15:44:55 -0000 Date: Wed, 12 Jun 2002 08:44:54 -0700 (PDT) From: Jason Stone X-X-Sender: To: Matt Piechota Cc: Aragon Gouveia , Subject: Re: ssh questions In-Reply-To: <20020612105149.M36620-100000@cithaeron.argolis.org> Message-ID: <20020612083746.E28555-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > This is a rather poorly written expect script that I use to tar up a cvs > > > tree on a computer in a rather restrictive lab. > > > > I haven't been following this thread, but wouldn't key authentication be > > easier, securer, more reliable? > > It uses keys, but the keys have a password on them. It really isn't all > that good either way: one way I have passwords laying about, the other I > have passwordless keys that are nearly as dangerous. Place restrictions on the keys in the authorized_keys file on the server. For example, you can set it up such that the key can only be used to copy one particular file, and can only be used from one well-known client ip address. This makes unencrypted keys much safer, and is clearly more secure than having the unencrypted and unrestricted password in the clear on the client. And . The openssh-dev list (openssh-unix-dev@mindrot.org) is probablly a better place for this kind of discussion. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9B2x3swXMWWtptckRAou8AKDMpHsLGBjNG3H+MSYVC9fFR97BCgCgiNci gbg3iNiAgUo2jludEY3xIQU= =Eju3 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 10:57:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id D35FA37B406 for ; Wed, 12 Jun 2002 10:57:17 -0700 (PDT) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 12 Jun 2002 18:57:12 +0100 (BST) To: jack xiao Cc: freebsd-security@FreeBSD.ORG Subject: Re: ssh questions Reply-To: freebsd-questions@FreeBSD.ORG X-It's: all good X-Wigglefluff: fuddtastic X-Zippy: HELLO KITTY gang terrorizes town, family STICKERED to death! In-reply-to: Your message of "Tue, 11 Jun 2002 17:36:25 EDT." Date: Wed, 12 Jun 2002 18:57:12 +0100 From: Niall Brady Message-ID: <200206121857.aa87878@salmon.maths.tcd.ie> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 11 Jun 2002 17:36:25 EDT, jack xiao said: > >I am ruunig ssh under FreeBSD4.5. It works fine, but I am wondering if = >anybody has any experience of using ssh without inputing username and = >password. It's for a cron job on my box... http://linuxmafia.com/~rick/linux-info/ssh-publickey-process would probably be the best sort of thing for you. Probably best to keep this on freebsd-questions too ;-) [reply-to set accordingly] -- Niall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 16:29:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from pacbell.net (adsl-63-199-179-203.dsl.snfc21.pacbell.net [63.199.179.203]) by hub.freebsd.org (Postfix) with ESMTP id 4027337B404 for ; Wed, 12 Jun 2002 16:29:11 -0700 (PDT) Received: (from paleph@localhost) by pacbell.net (8.11.0/8.9.3) id g5CN0F501713 for freebsd-security@FreeBSD.ORG; Wed, 12 Jun 2002 16:00:15 -0700 From: paleph@pacbell.net Message-Id: <200206122300.g5CN0F501713@pacbell.net> Subject: trusted bsd sources? To: freebsd-security@FreeBSD.ORG Date: Wed, 12 Jun 2002 16:00:14 -0700 (PDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi. Does anyone know where the trusted bsd sources have gone to? I could not find any on the trustedbsd.org site. I remember that there used be several packages available for acl's, extended attrs, etc. Thanks Paul Fronberg paleph@pacbell.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 12 20:23:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.ggcargousa.com (64.89.84.134.nw.nuvox.net [64.89.84.134]) by hub.freebsd.org (Postfix) with ESMTP id AE17B37B40E; Wed, 12 Jun 2002 20:21:55 -0700 (PDT) Received: from . [216.167.87.117] by mail.ggcargousa.com with ESMTP (SMTPD32-6.05) id AF03E100E2; Wed, 12 Jun 2002 23:18:27 -0400 Message-ID: <00003c9a0742$000026bb$00001ac4@.> To: , , , , , , Cc: , , , , , From: cristobol5@hotmail.com Subject: #1 DIET PILL! LOSE 10-15 LBS PER WEEK+"BONUS" 6983 Date: Wed, 12 Jun 2002 22:19:26 -1700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey there, If you're like me, you've tried EVERYTHING to lose weight.  I know how you feel - the special diets, miracle pills, and fancy exercise equipment never helped me lose a pound either.  It seemed like the harder I tried, the bigger I got, until I heard about a product called Extreme Power Plus. You're probably thinking to yourself, "Oh geez, not another miracle diet pill!"  Like you, I was skeptical at first, but my sister swore it helped her lose 23 pounds in just two weeks, so I told her I'd give it a shot.  I mean, there was nothing to lose except a lot of weight!  Let me tell you, it was the best decision I've ever made. Period.  Six months later, as I'm writing this message to you, I've gone from 355 pounds to 210 pounds, and I haven't changed my exercise routine or diet at all.  Yes, I still eat pizza, and lots of it! I was so happy with the results that I contacted the manufacturer and got permission to resell it - at a BIG discount.  I want to help other people lose weight like I did, because it does so much for your self-esteem, not to mention your health. I give you my personal pledge that Extreme Power Plus absolutely WILL WORK FOR YOU.  If it doesn't, you can return it any time for a full refund. Interested, visit http://2002marketing.com/affiliate3/index.htm    If you are frustrated with trying other products, not having any success, and just not getting the results you were promised, then I recommend the only product that worked for me - EXTREME POWER PLUS. You're probably asking yourself, "Ok, so how does this stuff actually work?" Extreme Power Plus contains Lipotropic fat burners and ephedra which is scientifically proven to increase metabolism and cause rapid weight loss. No "hocus pocus" in these pills - just RESULTS, RESULTS, RESULTS!! Here is the bottom line ... I can help you lose 10-15 pounds per week naturally, without exercising and without having to eat rice cakes all day.  Just try it for one month - there's nothing to lose, and everything to gain.  You will lose weight fast - GUARANTEED.  That is my pledge to you.  To order Extreme Power Plus on our secure server, just click on the link below: http://2002marketing.com/affiliate3/index.htm If you have difficulty accessing the website above, please try our mirror site by clicking on the link below: http://2002marketing.com/affiliate3/index.htm To see what some of our customers have said about this product, visit http://2002marketing.com/affiliate3/index.htm To see a list of ingredients and for more information on test studies and how it will help you lose weight, visit http://2002marketing.com/affiliate3/index.htm ************************************************************* If you do not wish to receive any more emails from me, please send an email to "affiliate2@btamail.net.cn" requesting to be removed. ************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 13 3:32:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from excite.com (server.alkhaleejiah.com [213.132.48.42]) by hub.freebsd.org (Postfix) with SMTP id 00EB237B40F; Thu, 13 Jun 2002 03:31:58 -0700 (PDT) Received: from unknown (174.107.245.28) by smtp-server1.cflrr.com with NNFMP; 13 Jun 0102 23:32:30 -0000 Received: from unknown (6.161.223.115) by a231242.upc-a.zhello.nl with smtp; Thu, 13 Jun 0102 23:29:08 -0800 Received: from unknown (HELO rly-xl05.dohuya.com) (107.53.250.120) by f64.law4.hottestmale.com with NNFMP; 13 Jun 0102 15:25:46 -0300 Received: from [51.102.196.101] by n9.groups.huyahoo.com with esmtp; Thu, 13 Jun 0102 12:22:24 -0200 Reply-To: "Office" Message-ID: <030b50e73e1d$8661d6b7$0cd83ec1@bvjfdh> From: "Office" To: Cc: , Subject: Are you over 35? Try HGH Oral Spray Date: Thu, 13 Jun 0102 10:31:48 -0000 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00E8_11B83D5C.B4023B70" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00E8_11B83D5C.B4023B70 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: base64 RGlkIHlvdSBrbm93IHRoZXJlIGFyZSAgdGhyZWUgSEdIIHByb2R1Y3RzDQoN CjxodG1sPg0KDQo8aGVhZD4NCg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9d2luZG93cy0x MjUyIj4NCg0KPG1ldGEgbmFtZT0iR0VORVJBVE9SIiBjb250ZW50PSJNaWNy b3NvZnQgRnJvbnRQYWdlIDQuMCI+DQoNCjxtZXRhIG5hbWU9IlByb2dJZCIg Y29udGVudD0iRnJvbnRQYWdlLkVkaXRvci5Eb2N1bWVudCI+DQoNCjx0aXRs ZT5UaGVyZSBhcmUgdGhyZWUgZGlmZmVyZW50IHR5cGVzIG9mIEhHSCBwcm9k dWN0czwvdGl0bGU+DQoNCjwvaGVhZD4NCg0KPGJvZHkgYmFja2dyb3VuZD0i Y2xvdWRzLmpwZyI+DQoNCjxwPjxmb250IHNpemU9IjQiPjxmb250IGNvbG9y PSIjODAwMDAwIj48Yj5UaGVyZSBhcmUgdGhyZWUgZGlmZmVyZW50IHR5cGVz IG9mDQoNCkhHSCBwcm9kdWN0cy48L2I+PC9mb250Pjxicj4NCg0KVGhlIGNv bmZ1c2lvbiBpcyB0aGF0IGFsbCB0aHJlZSBhcmU8YnI+DQoNCmFkdmVydGlz ZWQgYXMgaWYgdGhleSB3ZXJlIHRoZSBzYW1lLjwvZm9udD48YnI+DQoNCiZu YnNwOzxicj4NCg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7IDx1PlRoZSB0aHJlZSB0eXBlcyBhcmU6PC91Pjxicj4NCg0K Jm5ic3A7PGJyPg0KDQo8Yj4xKTwvYj4gLS0tIDxmb250IGNvbG9yPSIjMDAw MEZGIj48Yj5Ib21lb3BhdGhpYyBIR0g8L2I+PC9mb250Pjxicj4NCg0KPGI+ Mik8L2I+IC0tLSA8Zm9udCBjb2xvcj0iIzAwMDBGRiI+PGI+UHJlLWN1cnNv ciBIR0g8L2I+PC9mb250Pjxicj4NCg0KPGI+Myk8L2I+IC0tLSA8Zm9udCBj b2xvcj0iIzAwMDBGRiI+PGI+UmVhbCBvciBzeW50aGV0aWMgSEdIPC9iPjwv Zm9udD4NCg0KKGRlbGl2ZXJlZCBieSBpbmplY3Rpb248YnI+DQoNCiZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBvciwgYnkg YW4gb3JhbCBzcHJheSBtZXRob2QpLjxicj4NCg0KJm5ic3A7PGJyPg0KDQpE byB5b3Uga25vdyBkaWZmZXJlbmNlcz88YnI+DQoNCiZuYnNwOzxicj4NCg0K Q2FsbCB1cyBhbmQgd2UnbGwgZXhwbGFpbiB0aGVtIHRvIHlvdS48YnI+DQoN CiZuYnNwOzxicj4NCg0KT3VyIHRvbGwgZnJlZSBudW1iZXIgaXMgPGZvbnQg Y29sb3I9IiMwMDAwODAiPjxiPjEtODg4LTYyMS03MzAwPC9iPjwvZm9udD48 YnI+DQoNCkFuIEhHSCBzdGFmZiBtZW1iZXIgaXMgYXZhaWxhYmxlPGJyPg0K DQo5IHRvIDUgUGFjaWZpYyBUaW1lLjxicj4NCg0KSWYgYWZ0ZXIgaG91cnMs IHBsZWFzZSBsZWF2ZSB5b3UgbmFtZTxicj4NCg0KYW5kIGRheSBhbmQgZXZl bmluZyBwaG9uZSBudW1iZXJzLjxicj4NCg0KV2Ugd2lsbCBjYWxsIHlvdSBi YWNrIGluIGEgbm8gcHJlc3N1cmUsPGJyPg0KDQplZHVjYXRpb25hbCBtYW5u ZXIuPGJyPg0KDQpJZiB5b3UgYXJlIG92ZXJzZWFzIGNhbGwgeW91ciBsb25n IGRpc3RhbmNlPGJyPg0KDQpvcGVyYXRvciBhbmQgYXNrIHRvIGJlIGNvbm5l Y3RlZCB0byBvdXI8YnI+DQoNCnBob25lIG51bWJlci4mbmJzcDsgV2Ugd2ls bCBjYWxsIHlvdSBiYWNrIHNvPGJyPg0KDQp3ZSBjYW4gcGF5IGZvciB0aGUg bG9uZyBkaXN0YW5jZSBjaGFyZ2VzLjxicj4NCg0KJm5ic3A7PGJyPg0KDQo8 Zm9udCBjb2xvcj0iI0ZGMDAwMCI+Rm9yIG1vcmUgaW5mb3JtYXRpb24gb24g SEdIIHJlYWQgb24uLi4uLi4uLi4uLi48L2ZvbnQ+PGJyPg0KDQombmJzcDs8 YnI+DQoNCkhBVkUgWU9VIEhFQVJEIE9GPGJyPg0KDQpIVU1BTiBHUk9XVEgg SE9STU9ORSAoSEdIKT8/Pzxicj4NCg0KJm5ic3A7PGJyPg0KDQombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsgUmVsZWFzZWQgYnkgeW91ciBvd24gcGl0dWl0 YXJ5IGdsYW5kLCBIR0ggc3RhcnRzDQoNCmRlY2xpbmluZzxicj4NCg0KaW4g eW91ciAyMHMsIGV2ZW4gbW9yZSBpbiB5b3VyIDMwcyBhbmQgNDBzLCBldmVu dHVhbGx5IHJlc3VsdGluZzxicj4NCg0KaW4gdGhlIHNocmlua2FnZSBvZiBt YWpvciBvcmdhbnMgLS0gcGx1cywgYWxsPGJyPg0KDQpvdGhlciBzeW1wdG9t cyByZWxhdGVkIHRvIG9sZCBhZ2UuPGJyPg0KDQombmJzcDs8YnI+DQoNCiZu YnNwOzxicj4NCg0KSU4gVEhPVVNBTkRTIE9GIENMSU5JQ0FMIFNUVURJRVMs PGJyPg0KDQpIR0ggSEFTIEJFRU4gU0hPV04gVE8gQUNDT01QTElTSCBUSEUg Rk9MTE9XSU5HOjxicj4NCg0KJm5ic3A7PGJyPg0KDQoqIFJlZHVjZSBCb2R5 IEZhdCBhbmQgQnVpbGQgTGVhbiBNdXNjbGU8YnI+DQoNCiZuYnNwOyZuYnNw OyBXSVRIT1VUIEVYRVJDSVNFITxicj4NCg0KJm5ic3A7PGJyPg0KDQoqIEVu aGFuY2UgU2V4dWFsIFBlcmZvcm1hbmNlPGJyPg0KDQombmJzcDs8YnI+DQoN CiogUmVtb3ZlIFdyaW5rbGVzIGFuZCBDZWxsdWxpdGU8YnI+DQoNCiZuYnNw Ozxicj4NCg0KKiBMb3dlciBCbG9vZCBQcmVzc3VyZSBhbmQgSW1wcm92ZSBD aG9sZXN0ZXJvbCBQcm9maWxlPGJyPg0KDQombmJzcDs8YnI+DQoNCiogSW1w cm92ZSBTbGVlcCwgVmlzaW9uIGFuZCBNZW1vcnk8YnI+DQoNCiZuYnNwOzxi cj4NCg0KKiBSZXN0b3JlIEhhaXIgQ29sb3IgYW5kIEdyb3d0aDxicj4NCg0K Jm5ic3A7PGJyPg0KDQoqIFN0cmVuZ3RoZW4gdGhlIEltbXVuZSBTeXN0ZW08 YnI+DQoNCiZuYnNwOzxicj4NCg0KKiBJbmNyZWFzZSBFbmVyZ3kgYW5kIENh cmRpYWMgT3V0cHV0PGJyPg0KDQombmJzcDs8YnI+DQoNCiogVHVybiBiYWNr IHlvdXIgYm9keSdzIEJpb2xvZ2ljYWwgVGltZSBDbG9jayAxMCAtIDIwIHll YXJzPGJyPg0KDQombmJzcDs8YnI+DQoNCiogTGl2ZSBMb25nZXIgQU5EIFN0 cm9uZ2VyPGJyPg0KDQombmJzcDs8YnI+DQoNCkFsbCBuYXR1cmFsIGFuZCBv cmdhbmljIHBsYW50IGJhc2VkPGJyPg0KDQombmJzcDs8YnI+DQoNCjxmb250 IGNvbG9yPSIjMDAwMEZGIj48Yj5GRUVMIDEwIFlFQVJTIFlPVU5HRVIgV0lU SCBPUkFMIFNQUkFZIEhHSC48YnI+DQoNCkdVQVJBTlRFRUQ8L2I+PC9mb250 Pjxicj4NCg0KJm5ic3A7PGJyPg0KDQombmJzcDsmbmJzcDsmbmJzcDsgV2Ug YXJlIHRoZSBtYW51ZmFjdHVyZXIgYW5kIHdlIHNlbGwgZGlyZWN0bHkgdG8g RG9jdG9ycyw8YnI+DQoNCkNoaXJvcHJhY3RvcnMsIGFuZCBjb25zdW1lcnMg d29ybGQgd2lkZSB0aGUgaGlnaGVzdCBncmFkZTxicj4NCg0KJm5ic3A7SEdI IE9yYWwgU3ByYXkgYXZhaWxhYmxlLiZuYnNwOzxicj4NCg0KJm5ic3A7PGJy Pg0KDQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgV2l0aCBpbnRlcm5ldCBt YXJrZXRpbmcsIHdlIGFyZSBhYmxlIHRvIHNhdmUNCg0KYWR2ZXJ0aXNpbmc8 YnI+DQoNCmNvc3QgYW5kIHBhc3MgdGhvc2Ugc2F2aW5ncyBhbG9uZyB0byB5 b3UuPGJyPg0KDQpCdXQgeW91IG11c3QgYWN0IG5vdy4mbmJzcDs8YnI+DQoN CiZuYnNwOzxicj4NCg0KVG8gcmVjZWl2ZSBtb3JlIGluZm9ybWF0aW9uIGNh bGwmbmJzcDsgdXMgbm93Ljxicj4NCg0KJm5ic3A7PGJyPg0KDQombmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsgVE9MTCBGUkVFIDxiPjxmb250IGNvbG9yPSIjMDAw MDgwIj4xLTg4OC02MjEtNzMwMDwvZm9udD48L2I+PGJyPg0KDQombmJzcDs8 YnI+DQoNCldlIG11c3Qgc3BlYWsgdG8geW91IGluIHBlcnNvbiB0byBxdWFs aWZ5IHlvdXIgdXNhZ2UuPGJyPg0KDQombmJzcDs8YnI+DQoNCiZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyBBbGwgb2YgeW91ciBxdWVzdGlvbnMgd2lsbCBi ZSBhZGRyZXNzZWQgYW5kIGFuc3dlcmVkIGluDQoNCmEgZnJpZW5kbHksPGJy Pg0KDQpubyBwcmVzc3VyZSBtYW5uZXIuJm5ic3A7IE91ciBtYWluIHB1cnBv c2UgaXMgdG8gcHJvdmlkZSB5b3Ugd2l0aDxicj4NCg0KJm5ic3A7aW5mb3Jt YXRpb24gc28geW91IGNhbiBtYWtlIGFuIGVkdWNhdGVkIGRlY2lzaW9uLjxi cj4NCg0KJm5ic3A7PGJyPg0KDQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsg Rm9yIG1vcmUgaW5mb3JtYXRpb24gY2FsbDxicj4NCg0KJm5ic3A7PGJyPg0K DQombmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsm bmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPGI+PGZvbnQgY29sb3I9IiMwMDAw ODAiPjEtODg4LTYyMS03MzAwPC9mb250PjwvYj48YnI+DQoNCiZuYnNwOzxi cj4NCg0KJm5ic3A7SWYgeW91IGFyZSBvbiBsaW5lIHdyaXRlIGRvd24gb3Vy PGJyPg0KDQpwaG9uZSBudW1iZXIgYW5kIGNhbGwgdXMgd2hlbiB5b3UgY2Fu Ljxicj4NCg0KJm5ic3A7PGJyPg0KDQpTb29uLCB5b3UgYW5kIHlvdXIgbG92 ZWQgb25lcyB3aWxsIGJlIHZlcnkgZ2xhZCB5b3UgZGlkLjxicj4NCg0KJm5i c3A7PGJyPg0KDQpSZWFkIHdoYXQgcGVvcGxlIGFyZSBzYXlpbmc6PGJyPg0K DQombmJzcDs8YnI+DQoNCiZxdW90O1RoZSBlZmZlY3RzIG9mIDYgbW9udGhz IG9mIEdIIG9uPGJyPg0KDQpsZWFuIGJvZHkgbWFzcyBhbmQgZmF0IHdlcmUg ZXF1aXZhbGVudDxicj4NCg0KaW4gbWFnbml0dWRlIHRvIHRoZSBjaGFuZ2Vz IGluY3VycmVkPGJyPg0KDQpkdXJpbmcgMTAtMjAgeWVhcnMgb2YgYWdpbmcu JnF1b3Q7PGJyPg0KDQpEci4gRGFuaWVsIFJ1ZG1hbiwgTUQsPGJyPg0KDQpO ZXcgRW5nbGFuZCBKb3VybmFsIG9mIE1lZGljaW5lLjxicj4NCg0KJm5ic3A7 PGJyPg0KDQomcXVvdDtXaXRoaW4gZm91ciBtb250aHMsIG15IGJvZHkgZmF0 IGRlY3JlYXNlZDxicj4NCg0KJm5ic3A7Zm9ybSAzMCUgZG93biB0byAyMSUh IEkgbm90aWNlZCBteSBza2luPGJyPg0KDQombmJzcDtpcyBtb3JlIHN1cHBs ZSBhbmQgbXkgb3ZlcmFsbCBtZW50YWw8YnI+DQoNCiZuYnNwO291dGxvb2sg aW1wcm92ZWQgc2lnbmlmaWNhbnRseS4mcXVvdDs8YnI+DQoNCiZuYnNwO0Qu Vy4sIE5ldyBKZXJzZXk8YnI+DQoNCiZuYnNwOzxicj4NCg0KJnF1b3Q7V2Ug aGF2ZSBiZWVuIG9uIHRoZSBzcHJheSBmb3IganVzdCAzIHdlZWtzPGJyPg0K DQpub3csIGFuZCBiZXNpZGVzIHRoZSB0cmVtZW5kb3VzIGVuZXJneSB3ZTxi cj4NCg0KYm90aCBmZWVsLCBteSBodXNiYW5kcyBhbGxlcmdpZXMgYW5kIHNw ZWxsczxicj4NCg0Kb2YgZGVwcmVzc2lvbiBoYXZlIGxpZnRlZC4gSSBhbSBo ZWFsaW5nPGJyPg0KDQpleHRyZW1lbHkgZmFzdCBhZnRlciBhbiBhY2NpZGVu dCBhbmQgaGF2ZTxicj4NCg0KbG9zdCA3IGxicy4gd2l0aG91dCB0cnlpbmch JnF1b3Q7PGJyPg0KDQpDLkIuLCBGbGFnc3RhZmYuIEFaPGJyPg0KDQombmJz cDs8YnI+DQoNClRoYW5rcyBmb3IgcmVhZGluZyBvdXIgbGV0dGVyLDxicj4N Cg0KVGhlIEhHSCBTdGFmZjxicj4NCg0KVVNBIERpdmlzaW9uPGJyPg0KDQom bmJzcDs8YnI+DQoNClBTOiZuYnNwOyBUaGUgSEdIIFN0YWZmIGd1YXJhbnRl ZXMgdGhlPGJyPg0KDQpoaWdoZXN0IHF1YWxpdHkgYW5kIGxvd2VzdCBwcmlj ZS48YnI+DQoNCiZuYnNwOzxicj4NCg0KJm5ic3A7V2UgbWFudWZhY3R1cmUg YW5kIHNoaXAgZGlyZWN0bHkgdG8geW91ciBkb29yLjxicj4NCg0KJm5ic3A7 PGJyPg0KDQpDYWxsIHVzIG5vdyA8Yj48Zm9udCBjb2xvcj0iIzAwMDA4MCI+ MS04ODgtNjIxLTczMDA8L2ZvbnQ+PC9iPjxicj4NCg0KJm5ic3A7PGJyPg0K DQo9PT09PT09Jm5ic3A7Jm5ic3A7IEVuZCBvZiBtZXNzYWdlID09PT09PT09 Jm5ic3A7PGJyPg0KDQombmJzcDs8YnI+DQoNCiZuYnNwOyZuYnNwOyBUaGUg Zm9sbG93aW5nIHN0YXRlbWVudCBpcyBwcm92aWRlZCB0byBiZTxicj4NCg0K aW4gY29tcGxpYW5jZSB3aXRoIGNvbW1lcmNpYWwgZW1haWwgbGF3cy48YnI+ DQoNCiZuYnNwOzxicj4NCg0KJm5ic3A7Jm5ic3A7IElmIHlvdSBkbyBub3Qg d2lzaCB0byByZWNlaXZlIGZ1cnRoZXI8YnI+DQoNCm1haWxpbmdzLCBwbGVh c2UgY2xpY2sgcmVwbHkgdG86ICB0aGVfaGdoX2NsaW5pY0BidGFtYWlsLm5l dC5jbiAgYW5kIHR5cGUgcmVtb3ZlIGluIHRoZSBzdWJqZWN0IGJveC48YnI+ DQoNClRoZW4gY2xpY2sgc2VuZC48YnI+DQoNCiZuYnNwOzxicj4NCg0KJm5i c3A7Jm5ic3A7IFRoaXMgbWVzc2FnZSBpcyBpbiBmdWxsIGNvbXBsaWFuY2Ug d2l0aDxicj4NCg0KVS5TLiBGZWRlcmFsIHJlcXVpcmVtZW50cyBmb3IgY29t bWVyY2lhbDxicj4NCg0KZW1haWwgdW5kZXIgYmlsbCBTLjE2MTggVGl0bGUg bGxsLCBTZWN0aW9uIDMwMSw8YnI+DQoNClBhcmFncmFwaCAoYSkoMikoQykg cGFzc2VkIGJ5IHRoZSAxMDV0aCBVLlMuPGJyPg0KDQpDb25ncmVzcyBhbmQg aXMgbm90IGNvbnNpZGVyZWQgU1BBTTxicj4NCg0Kc2luY2UgaXQgaW5jbHVk ZXMgYSByZW1vdmUgbWVjaGFuaXNtLio8YnI+DQoNClRoaXMgbWVzc2FnZSBp cyBub3QgaW50ZW5kZWQgZm9yIHJlc2lkZW50cyBpbiB0aGU8YnI+DQoNCnN0 YXRlcyBvZiBDQSwgTkMsIE5WLCBSSSwgVE4sIFZBICZhbXA7IFdBLjxicj4N Cg0KU2NyZWVuaW5nIG9mIGFkZHJlc3NlcyBoYXMgYmVlbiBkb25lIHRvIHRo ZSBiZXN0PGJyPg0KDQpvZiBvdXIgdGVjaG5pY2FsIGFiaWxpdHkuPGJyPg0K DQombmJzcDs8YnI+DQoNCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyBD YWxsIHVzDQoNCm5vdyA8Yj48Zm9udCBjb2xvcj0iIzAwMDA4MCI+MS04ODgt NjIxLTczMDA8L2ZvbnQ+PC9iPiBmb3IgeW91cjxicj4NCg0KJm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7IGZyZWUNCg0KSEdIIGNvbnN1bHRhdGlvbi48 L3A+DQoNCjxwPjxicj4NCg0KVGhhbmsgeW91PC9wPg0KDQo8L2JvZHk+DQoN CjwvaHRtbD4NCg0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0KIA0K IA0KIA0KIA0KIA0KDQotLQ0KDQo4NTQzU3RMYzktMTAyekdKVzY3NzB4T25z NC03MjVGTmJxNDMzOHFHYmswLTYzNmdGa3YzNTI1ZkJpdDEtMDUyZVhsVDYz MjZsQUt1My0zMDRsNzY= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 13 4:19: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (svr-ganmtc-appserv-mgmt.ncf.coxexpress.com [24.136.46.5]) by hub.freebsd.org (Postfix) with ESMTP id B4FC137B415 for ; Thu, 13 Jun 2002 04:18:58 -0700 (PDT) Received: from darkstar.doublethink.cx (cpe-oca-24-136-59-202-cmcpe.ncf.coxexpress.com [24.136.59.202]) by svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (8.11.4/8.11.4) with ESMTP id g5DBEUQ15623; Thu, 13 Jun 2002 07:14:30 -0400 Received: by darkstar.doublethink.cx (Postfix, from userid 1000) id F24DE596; Thu, 13 Jun 2002 07:14:24 -0400 (EDT) Date: Thu, 13 Jun 2002 07:14:24 -0400 From: Chris Faulhaber To: paleph@pacbell.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: trusted bsd sources? Message-ID: <20020613111424.GA90667@darkstar.doublethink.cx> Mail-Followup-To: Chris Faulhaber , paleph@pacbell.net, freebsd-security@FreeBSD.ORG References: <200206122300.g5CN0F501713@pacbell.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline In-Reply-To: <200206122300.g5CN0F501713@pacbell.net> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 12, 2002 at 04:00:14PM -0700, paleph@pacbell.net wrote: > Hi. >=20 > Does anyone know where the trusted bsd sources have gone to? I could not > find any on the trustedbsd.org site. I remember that there used be several > packages available for acl's, extended attrs, etc. >=20 http://www.trustedbsd.org/components.html contains instructions on obtaining current TrustedBSD sources via perforce and information about the various projects. In particular, ACL's and Extended Attrs have been in FreeBSD-CURRENT for quite a while. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAj0IfpAACgkQObaG4P6BelBN/ACcCqo/cWHQWS7R0nWQ4iNsuvM+ eGsAniu7ExSf9mo74aD8ZMPVmb6k0KGC =mFtZ -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 14 3:34:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from nt_server.infosec.ru (es.infosec.ru [194.135.141.101]) by hub.freebsd.org (Postfix) with ESMTP id D4A1937B41A for ; Fri, 14 Jun 2002 03:34:32 -0700 (PDT) Received: from xen.infosec.ru ([200.0.0.51]) by nt_server.infosec.ru with Microsoft SMTPSVC(5.0.2195.4453); Fri, 14 Jun 2002 14:33:56 +0400 Subject: Re: firewall 'stateful failover' From: Andrey Sverdlichenko To: security@freebsd.org In-Reply-To: <20020610155455.Y96521-100000@snafu.adept.org> References: <20020610155455.Y96521-100000@snafu.adept.org> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 Date: 14 Jun 2002 15:38:26 +0500 Message-Id: <1024051106.78535.11.camel@xen.infosec.ru> Mime-Version: 1.0 X-OriginalArrivalTime: 14 Jun 2002 10:33:56.0358 (UTC) FILETIME=[FC932260:01C2138E] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2002-06-11 at 04:10, Mike Hoskins wrote: > Is there a way to handle the state table in ipfw/ipf? I could write > scripts to do 'failover', but I'm wandering if there's a way to 'share' > the state table between active and standby units or to pass the state > table from one firewall to another over a crossover. It's a really hard thing to do. Our product implements failover with ipf, but it's ugly: each 5 seconds user-level program gets state table from kernel and transfers it to failover unit. But: a) some TCP connections transfer more data in this seconds than TCP window, so after switch ipf block new packets as "not fitting in window". I make an ugly patch: first packets after switch to failover unit are "trusted" and new sequence numbers set from them. b) while fetching state table from kernel, it's locked, so no new connections will be added and SYN's will be dropped. It is not important to our customers, but YMMV. Possibly the only way to do good stateful failover is made it in kernel, with instant state changes transfer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 14 3:40:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id C44B837B417 for ; Fri, 14 Jun 2002 03:40:18 -0700 (PDT) Received: (qmail 22540 invoked by uid 1000); 14 Jun 2002 10:40:17 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Jun 2002 10:40:17 -0000 Date: Fri, 14 Jun 2002 12:40:17 +0200 (CEST) From: Attila Nagy To: Andrey Sverdlichenko Cc: security@freebsd.org Subject: Re: firewall 'stateful failover' In-Reply-To: <1024051106.78535.11.camel@xen.infosec.ru> Message-ID: References: <20020610155455.Y96521-100000@snafu.adept.org> <1024051106.78535.11.camel@xen.infosec.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > > Is there a way to handle the state table in ipfw/ipf? I could write > > scripts to do 'failover', but I'm wandering if there's a way to 'share' > > the state table between active and standby units or to pass the state > > table from one firewall to another over a crossover. This is implemented in IPF4 AFAIK. You should try its alpha version... --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 14 4:33:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 7C5B737B408 for ; Fri, 14 Jun 2002 04:33:31 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.36 #1) id 17IpJJ-0009KR-00; Fri, 14 Jun 2002 13:32:09 +0200 From: Sheldon Hearn To: Attila Nagy Cc: Andrey Sverdlichenko , security@freebsd.org Subject: Re: firewall 'stateful failover' In-reply-to: Your message of "Fri, 14 Jun 2002 12:40:17 +0200." Date: Fri, 14 Jun 2002 13:32:09 +0200 Message-ID: <35862.1024054329@axl.seasidesoftware.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 14 Jun 2002 12:40:17 +0200, Attila Nagy wrote: > > > Is there a way to handle the state table in ipfw/ipf? I could write > > > scripts to do 'failover', but I'm wandering if there's a way to 'share' > > > the state table between active and standby units or to pass the state > > > table from one firewall to another over a crossover. > This is implemented in IPF4 AFAIK. > You should try its alpha version... No. Darren said it's something he's considering for v4. At this stage, he's not sure whether it'll be part of the standard distribution, a value-add or included at all. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 14 8:32:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from chicken.orbitel.bg (chicken100.orbitel.bg [195.24.32.21]) by hub.freebsd.org (Postfix) with SMTP id 0B7E437B425 for ; Fri, 14 Jun 2002 08:32:16 -0700 (PDT) Received: (qmail 15667 invoked from network); 14 Jun 2002 15:32:13 -0000 Received: from unknown (HELO procreditbank.com) (212.95.170.207) by chicken.orbitel.bg with SMTP; 14 Jun 2002 15:32:13 -0000 Received: from itaush [172.16.248.203] by Proxy+; Fri, 14 Jun 2002 18:00:39 +0300 for multiple recipients From: "Ivailo Tanusheff" To: "FreeBSD Questions" , "FreeBSD Security" Subject: IPFW + Squid Date: Fri, 14 Jun 2002 18:00:39 +0300 Message-ID: <006601c213b4$3f425cf0$cbf810ac@sof.procreditbank.bg> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Sirs, I have the following configuration: {Internet} <-> {SQUID1 + Net1} <-64K line-> [SQUID2] <-> {Net2} I have the following problem: In Net1 I have an important server to which there are connecting some clients from Net2 trough http and the squid server. These clients have to be able to use most of the 64K line between the two networks. In Net2 there are many clients useing the squid server as a proxy and are making "bad" traffic. My question is - how may I configure ipfw to shape the traffic for the other users. I'd tried some ways of accomplishing that task, but it seems to me, that when using proxy server, the destination IP address is not in the IP header or I'm wrong. Can you help me? Id tried: su-2.05a# ipfw -a show 00500 0 0 pipe 1 ip from any to not out 00600 0 0 pipe 2 ip from any to not in 65535 397320 84804286 allow ip from any to any As you see - there is no hit of going out of the net1. Thank you in advantage, Ivo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 15 8:24:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from arcor.de (ACB1BCC7.ipt.aol.com [172.177.188.199]) by hub.freebsd.org (Postfix) with SMTP id 3A27137B449 for ; Sat, 15 Jun 2002 08:18:52 -0700 (PDT) From: "todschick38259@arcor.de" To: Subject: Entschuldigen Sie bitte die Störung! Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Sat, 15 Jun 2002 17:19:09 +0200 Reply-To: "todschick38259@arcor.de" Content-Transfer-Encoding: 8bit Message-Id: <20020615151852.3A27137B449@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Entschuldigen Sie bitte die Störung! Mir ist etwas zu Ohren gekommen. Eine relativ aussergewöhnliche Gerüchteküche, aus der man mir ein schwerverdauliches Süppchen vorgesetzt hat, ist der Grund meiner Mail. Unappetitlich ist gar kein Ausdruck! Ist es möglich auf funktechnischem Wege(in welchen Frequenzbereichen?) jemanden zu beeinflussen oder zu manipulieren? Oder sogar zu schikanieren und terrorisieren? Unter dem Motto:"Einen am Sender?Nich ganz alleine? Kleine Mannim Ohr?Falsche Wellenlänge?Bohnen in den Ohren? Auf den Zahn gefühlt(Amalgam)?Mal unverbindlich reinhören? Der Pullacher Wanzentanz? Ist das Spinnerei?Das geht doch gar nicht,oder? Und wenn wie sieht das ethisch moralisch aus? Zur technischen Seite der Sache gibt es zwar Berichte und Webseiten: Totalitaer,de - Die Waffe gegen die Kritik http://www.fosar-bludorf.com/Tempelhof/ http://jya.com/haarp.htm http://www.zeitenschrift.at/magazin/zs_24_15/1_mikrowaffen.htm http://www.bse-plus.de/d/doc/lbrief/lbmincontr.htm http://home.nexgo.de/kraven/bigb/big3.html http://w3.nrl.navy.mil/projects/haarp/index.html http://cryptome.org/ http://www.parascope.com/ds/mkultra0.htm http://www.trufax.org/menu/mind.html http://www.trufax.org/menu/elect.html http://mindcontrolforum.com/ http://www.trufax.org/menu/elect.html usw. usw. usw. ,aber,das kann doch nicht sein,das soetwas gemacht wird,oder? Eine Menschenrechtsverletzung sonder gleichen!?! Ist es möglich,durch Präparation,der Ohren und im Zusammenspiel mit eventuell vorhandenem Zahnersatz? Mit relativ einfacher Funktechnik?? In diesem Land?Hier und heute??? Unter welchen Motiven? Wo ist eigentlich die Abteilung 5 des BND und des Verfassungsschutzes? Kann es sein,daß es Leute gibt,die dem BND/Verfassungsschutz,auf funktechnischem Wege permanent einen Situationsbericht abliefern,ohne es selbst zu merken,im Kindesalter machbar gemacht?? Werden durch solche inoffiziellen Mitarbeiter,beim BND und Verfassungsschutz,nach Stasimanier, Informationen von und über,rein theoretisch, jeden Bundesbürger,gesammelt? Gibt es dann noch ein Recht auf Privatsphere? Wer kontrolliert eigentlich den BND,MAD und Verfassungsschutz auf Unterwanderung??? In der Mail geht es mir eigentlich um die Frage,ob es kriminellen Elementen, aus dem Motiv der Bereicherung,oder Gruppierungen aus ideologischen Motiven, möglich ist ,sich Wissen und Technik anzueignen,die zu anderen Zeiten, aus anderen Motiven(Westfernsehen?),entwickelt wurde. Und stellt der technische Wissensstand, der der Allgemeinheit bekannt ist wirklich das Ende der Fahnenstange dar? Ist es denn nicht kriminellen Elementen genauso möglich, ich sage das jetzt mal verharmlost und verniedlichend, einzelne Personen oder Gruppen mit relativ einfachen Mitteln, aus welchen Motiven auch immer, auszuspionieren? Und stellt diese "Ausspioniererei" nicht einen erheblichen Eingriff in die Privatsphäre dar? Ist es möglich einzelne Personen oder Gruppen, eine Akzeptans einer gewissen Öffentlichkeit(suggeriert?), die z.B. mit Hilfe von Internetseiten,wie zum Beispiel dem "Pranger"geschaffen werden könnte, mal vorausgestzt,zu terroriesieren und oder zu schikanieren, und das in aller (suggerierten)Öffentlichkeit?Haben die Leute die da am Pranger, oder auf irgendeiner anderen Seite verunglimpft,oder gar Verleumdet werden, eigentlich eine Chance zur Gegenöffentlichkeit?Ist das nicht Rufmord? Vor einigen Jahren bin ich per Zufall auf die Seite "Der Pranger" gestoßen, damals lief das noch nicht unter dem Deckmantel der Partnervermittlung. Können sich einzelne Personen,oder Interessengemeinschaften, aus reinem Selbstzweck,solcher Seiten bedienen, um unter dem Deckmantel einer fragwürdigen Zivilkourage, durch anzetteln irgendwelcher Hetzkampagnen,eigene, ganz persöhnliche Interessen durchsetzen? Können solche Seiten zur Koordination von kriminellen machenschaften dienen? Die Frage,ist es Möglichkeit oder Unmöglichkeit,technisch und gesellschaftlich, einzelne Personen,oder auch Gruppierungen,aus einer kriminellen/ideologischen Energei heraus,zu manipulieren oder zu beeinflussen,terrorisieren oder zu schickanieren,und zwar gezielt. Zielgruppenmanipulation durch Massenmedien sind alltägliche Manipulation, der mansich,mehr oder weniger,entziehen kann. Wird das Recht auf Privatsphäre,schleichend,tiefenpsychologisch, durch Sendungen,wie,zum Beispiel "Big brother",untergraben? Sollte bei einem der Angemailten ein gewisser Wissensstand zum Thema vorhanden sein, wäre ich über Hinweise zum Thema froh. Auf der Suche nach Antworten auf meine Fragen maile ich verschiedene Adressen aus dem Internet an, und hoffe aufkonstruktive Antworten und Kritiken. Über einen Besuch auf der Seite würde ich mich freuen. Sollten Sie von mir mehrfach angeschrieben worden sein,so bitte ich Sie,mir dies zu entschuldigen, das war nicht beabsichtigt. Der Grund für meine Anonymität ist die Tatsache, daß bei derlei Fragenstellerei, verständlicherweise,schnell der Ruf nach der Psychatrie laut wird. Was auch Methode hat(ist). Sollten Sie die Mail als Belästigung empfinden, möchte ich mich hiermit dafür entschuldigen! Big brother is watching you? Excuse please the disturbance! Me something came to ears. A relatively unusual rumor kitchen, from which one put forward to me a heavydigestible soup, is the reason of my Mail. Unappetizing is no printout! Is it possible on radio Wege(in for which frequency ranges?) to influence or manipulate someone? Terrorize or to even chicane and? Under the Motto:"Einen at the Sender?Nich quite alone? Small Mannim Ohr?Fal Wellenlaenge?Bohnen in the ears? On the tooth clean-hear gefuehlt(Amalgam)?Mal witthout obligation? The Pullacher bug wanzentanz? Isn't the Spinnerei?Das goes nevertheless at all, or? And if as looks ethicalally morally? For the technical page of the thing there is to report and web page: Totalitaer,de - Die Waffe gegen die Kritik http://www.fosar-bludorf.com/Tempelhof/ http://jya.com/haarp.htm http://www.zeitenschrift.at/magazin/zs_24_15/1_mikrowaffen.htm http://www.bse-plus.de/d/doc/lbrief/lbmincontr.htm http://home.nexgo.de/kraven/bigb/big3.html http://w3.nrl.navy.mil/projects/haarp/index.html http://cryptome.org/ http://www.parascope.com/ds/mkultra0.htm http://www.trufax.org/menu/mind.html http://www.trufax.org/menu/elect.html http://mindcontrolforum.com/ http://www.trufax.org/menu/elect.html usw. usw. usw. but, that cannot be nevertheless, which is made soetwas, or? A violation of human rights resemble special!?! Is it possible, by preparation, the ears and in interaction with possibly available artificial dentures? With relatively simple radio engineering?? In this Land?Hier and today??? Under which motives? Where is the department actually 5 of the BND and the protection of the constitution? Can it be that there are people, which deliver the Federal Intelligence Service/protection of the constitution, on radio way permanently a situation report, without noticing it, in the infancy feasiblly made? By such unofficial coworkers, with the BND and protection of the constitution, after Stasimanier, is information collected of and over,purely theoretically, each Federal citizen? Is there then still another right to Privatsphere? Who actually checks the BND, WAD and protection of the constitution for infiltration??? Into the Mail actually concerns it to me the question whether it criminal items, from which motive of enriching, or groupings from ideological motives is possible, to acquire itself knowledge and technique which were developed at other times, from other Motiven(Westfernsehen?).And does the technical knowledge status place, to that the public admits is really the end of the flag bar? Is it not to criminal items just as possible, I legend that now times played down and does nice-end, individual persons or groups with relatively simple means, to spy from whatever motives always? And doesn't this " Ausspioniererei " represent a substantial intervention into the privatsphaere? It is possible individual persons or groups, one acceptance to of a certain Oeffentlichkeit(suggeriert?), e.g. by Internet pages, how for example the " Pranger"geschaffen could become, times vorausgestzt, to terroriesieren and or chicane, and in everything (the people suggerierten)Oeffentlichkeit?Haben there at the Pranger, or on any other page to be reviled, or slandered, actually a chance to the Gegenoeffentlichkeit?Ist that not character assassination? Some years ago I am by coincidence the page " the Pranger " encountered, at that time ran not yet under the cover of the partner switching.Itself can individual persons, or communities of interests, from pure self purpose, such pages to serve, over under the cover of a doubtful Zivilkourage, through plot any rushing campaigns, own, quite persoehnliche interests to intersperse? Can such pages serve for the co-ordination of criminal machinations? The question, is it possibility or impossibility, technically and socially, individual persons, or also groupings of manipulating or of influencing from an criminal/ideological Energei, terrorizes or to schickanieren, directed.Target group manipulation by mass media are everyday manipulation, from which, more or less, can extract itself. Does the right to privatsphaere, creeping, by transmissions become deep psychological, how, for example " Big undermine brother"? If the Angemailten should be available a certain knowledge status to the topic with one, I would be glad over notes to the topic On the search for responses to my questions maile I different addresses from the Internet on, and hope up-constructional responses and criticisms.Over an attendance on the page wuerde I are pleased.If you should have been written down by me several times, then please I you to excuse me this that was not intended. The reason for my anonymity is the fact that with such Fragenstellerei, understandably, fast after the call the Psychatrie loud becomes. Which also method hat(ist). If you should feel the Mail as annoyance, I would like to apologize hereby for it! Big is watching you? Veuillez excuser le dérangement! Moi quelque chose concernant des oreilles est venu. Une cuisine de bruit relativement inhabituelle, dont on m'a placé un Sueppchen schwerverdauliches devant, est la raison de mes Mail.Aucune expression n'est peu appétissante! Il est possible sur un Wege(in funktechnischem pour quelles réponses fréquentielles?) quelqu'un influencer ou manipuler? Ou même schikanieren et terroriser? Sous le Motto:"Einen au Sender?Nich tout à fait seulement? Petits Mannim Ohr?Falsche Wellenlaenge?Bohnen dans les oreilles? Sur la dent gefuehlt(Amalgam)?Mal non contraignant reinhoeren? Le Pullacher Wanzentanz? Le Spinnerei?Das n'est-il quand même pas du tout va, ou? Et si comme cela paraît éthiquement moralement? Au côté technique de la chose, il y a certes des rapports et des Webseiten: Totalitaer,de - Die Waffe gegen die Kritik http://www.fosar-bludorf.com/Tempelhof/ http://jya.com/haarp.htm http://www.zeitenschrift.at/magazin/zs_24_15/1_mikrowaffen.htm http://www.bse-plus.de/d/doc/lbrief/lbmincontr.htm http://home.nexgo.de/kraven/bigb/big3.html http://w3.nrl.navy.mil/projects/haarp/index.html http://cryptome.org/ http://www.parascope.com/ds/mkultra0.htm http://www.trufax.org/menu/mind.html http://www.trufax.org/menu/elect.html http://mindcontrolforum.com/ http://www.trufax.org/menu/elect.html usw. usw. usw. toutefois qui ne peut quand même pas être qui on fait soetwas, ou? Une violation des droits de l'homme séparer ressembler!?! Il est possible, par la préparation, des oreilles et dans l'effet avec la prothèse dentaire éventuellement existante? Avec la technique de radio relativement simple?? Dans ce Land?Hier et aujourd'hui Sous quels motifs? Où le département est-il en réalité 5 du BND et de la protection d'constitution? peut il être qu'il y a les personnes qui livrent en permanence le BND/Verfassungsschutz, de manière funktechnischem un rapport de situation, sans le remarquer le -même , dans l'enfance rendu possible?? Par de tels collaborateurs officieux, avec le BND et la protection d'constitution, après manière, des informations sont-elles rassemblées et plus de, purement théoriquement, chaque citoyen allemand? Il y a alors encore un droit à des Privatsphere? Qui contrôle en réalité le BND, mad et protection d'constitution sur une infiltration??? Il s'agit en réalité dans le Mail me la question de savoir si lui éléments criminels, dont le motif de l'enrichissement, ou de groupements des motifs idéologiques, possible de s'acquérir le savoir et la technique qui à d'autres temps, est autre MotivenEt place-t-il le savoir technique dont le public vraiment la fin la barre de drapeau a connaissance ? Il n'est pas donc exactement la même chose possible pour des éléments criminels, moi cela maintenant fois verharmlost et minimisant une légende, personnes ou groupes particuliers avec des moyens relativement simples, de quels motifs aussi toujours, auszuspionieren?(Westfernsehen?), a été développé. Et ce "Ausspioniererei" ne représente-t-il pas une intervention considérable dans la vie privée? Il est possible personnes ou groupes particuliers, pour certain Oeffentlichkeit(suggeriert?), celui p. ex. à l'aide des côtés Internet, comme par exemple "le Pranger"geschaffen pourrait, fois vorausgestzt schikanieren terroriesieren et ou , et qui toute (suggerierten)Oeffentlichkeit?Haben les personnes ceux là, ou d'un autre côté verunglimpft, ou on ne pas calomnie, en réalité une chance au Gegenoeffentlichkeit?Ist qui meurtre d'appel? Il y a quelques années, je ne suis pas encore par hasard sur le côté "celui" poussé, fonctionnais alors cela sous la couche de pont de l'entremise partenaire. Des personnes particulières, ou des communautés d'intérêts le peuventelles, d'un autobut pur, de tels côtés servent, sous la couche de pont d'un Zivilkourage douteux, tracent plus de des campagnes de précipitation, propres intérêts tout à fait persoehnliche entremêlent? De tels côtés peuvent-ils servir à la coordination des manoeuvres criminelles? Question, est lui possibilité ou impossibilité de manipuler ou d'influencer techniquement et socialement, particulière personnes, ou aussi groupements, criminelle/ponctuel idéologique Energei dehors, , terroriser ou schickanieren, et ce.Une manipulation de groupe cible par des masse-médias être la manipulation quotidienne qui peut extraire mansich, plus ou moins. Le droit à la vie privée est-il miné, ramment, tiefenpsychologisch, par des envois, comme, par exemple "des Big brother"? Avec un les Angemailten si un certain savoir devait exister sur le thème, je serais heureux sur des indications sur le thème.Sur la recherche des réponses à mes questions je différentes adresses maile d'Internet dessus, et espère réponses et critiques aufkonstruktive. Sur une visite du côté http://hometown.aol.de/reinerhohn38259/homepage/index.html> je me réjouirais. Si vous deviez avoir été écrit à différentes reprises par moi, je vous demande de m'excuser cela qui n'était pas envisagé. La raison de mon anonymat est le fait qu'avec telle des Fragenstellerei, l'appel devient ce qui est bien compréhensible, rapidement bruyant après le Psychatrie. Ce que la méthode a également (ist). Si vous deviez ressentir les Mail comme un ennui, je voudrais m'excuser par ceci pour cela! Big brother is watching you? Könnte mir jemand bei der korrekten Überstzung helfen? Could someone help me with the correct translation? Quelqu'un pourrait-il m'aider lors du Ueberstzung correct? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 15 8:55:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f17.pav2.hotmail.com [64.4.37.17]) by hub.freebsd.org (Postfix) with ESMTP id E065B37B42C for ; Sat, 15 Jun 2002 08:55:14 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 15 Jun 2002 08:55:14 -0700 Received: from 217.7.138.114 by pv2fd.pav2.hotmail.msn.com with HTTP; Sat, 15 Jun 2002 15:55:14 GMT X-Originating-IP: [217.7.138.114] From: "How Can ThisBe" To: freebsd-security@FreeBSD.ORG Subject: Something that may help Brett Glass Date: Sat, 15 Jun 2002 15:55:14 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 15 Jun 2002 15:55:14.0833 (UTC) FILETIME=[09DAB810:01C21485] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I do not want to start any Brett Glass rants, just want to let people know about a script I found. It basically runs throught the steps need to get a FreeBSD box updated. I ran the script on my 4.6 box without a problem. It looks like the kind of thing that would help people new to FreeBSD get the latest security patches without a problem. For more experienced people its a nice simple alternative. There is more info on the site: http://lvl.sourceforge.net/autoupdate.php And a direct download link: http://lvl.sourceforge.net/dl/scripts/autoupdate.tar.gz Thats all Non (yes, this is from a hotmail account, so what?) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 15 11:57: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by hub.freebsd.org (Postfix) with ESMTP id 9BAA737B40F for ; Sat, 15 Jun 2002 11:56:22 -0700 (PDT) Received: from FreeBSD.org (12-234-90-219.client.attbi.com [12.234.90.219]) by mail-relay1.yahoo.com (Postfix) with ESMTP id 6BDB08B5BF; Sat, 15 Jun 2002 11:56:22 -0700 (PDT) Message-ID: <3D0B8DD6.C9F60267@FreeBSD.org> Date: Sat, 15 Jun 2002 11:56:22 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.5-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: How Can ThisBe Cc: freebsd-security@FreeBSD.ORG Subject: Re: Something that may help Brett Glass References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This topic is not appropriate to freebsd-security either. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message