From owner-freebsd-isp Sun Apr 1 0: 2:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 19AEC37B718 for ; Sun, 1 Apr 2001 00:02:55 -0800 (PST) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) id f3182qo56020 for freebsd-isp@FreeBSD.ORG.AVP; Sun, 1 Apr 2001 10:02:52 +0200 (CEST) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) with UUCP id f3182ps56014 for freebsd-isp@FreeBSD.ORG; Sun, 1 Apr 2001 10:02:51 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.3/8.11.0) with ESMTP id f3182gv02159 for ; Sun, 1 Apr 2001 10:02:44 +0200 (CEST) (envelope-from leifn@neland.dk) Date: Sun, 1 Apr 2001 10:02:42 +0200 (CEST) From: Leif Neland Cc: Subject: RE: webmail interface package In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 31 Mar 2001, Marius Kirschner wrote: > Just curious, are there any problems running qpopper and imap on the same > server? Is anybody doing it? > I do. Sd long as the same user is not trying to access the mail via pop3 and imap at the same time, I see no reason to worry. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 11:46:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 1E78237B71B for ; Sun, 1 Apr 2001 11:46:56 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 14jmoo-0000Kw-00; Sun, 1 Apr 2001 11:43:18 -0700 Date: Sun, 1 Apr 2001 11:43:18 -0700 (PDT) From: Tom Samplonius To: Leif Neland Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Mirrorred webservers: Updating, logging. In-Reply-To: <01d501c0ba1f$23cc06a0$6405a8c0@neland.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 31 Mar 2001, Leif Neland wrote: > That still leaves that NFS-server as the single point of failure. So > that is no option. Not necessarily. People commonly use NetApp filers in this case. And clustering is a standard NetApp feature. Without clustering, NetApp claims 99.9% availability. With clustering, 99.99%. NetApp has a lot of integrity and availability checks. It is the only system I've seen that that does RAID scrubbing. > I discovered some smart guy had set our secondary nameserver to have > its files nfs-mounted from the primary. So much for redundancy... > > Leif Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 14:49:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from devils.maquina.com (devils.maquina.com [62.229.71.43]) by hub.freebsd.org (Postfix) with ESMTP id F291E37B718 for ; Sun, 1 Apr 2001 14:49:54 -0700 (PDT) (envelope-from gabriel@devils.maquina.com) Received: (from gabriel@localhost) by devils.maquina.com (8.9.3/8.9.3) id WAA64601 for freebsd-isp@freebsd.org; Sun, 1 Apr 2001 22:49:53 +0100 (WEST) (envelope-from gabriel) Date: Sun, 1 Apr 2001 22:49:53 +0100 From: Jose Gabriel J Marcelino To: freebsd-isp@freebsd.org Subject: Sync highspeed cards Message-ID: <20010401224953.B64430@devils.maquina.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD 5.0-CURRENT Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm looking into good boards for a FreeBSD-based router, with at least 4 (can be 2 cards if needed) x.21 and/or v.35 interfaces with 4Mbit/s each. This is will used for multi-homed routers (with simple firewalling functionality) I was testing a system with ET Inc ET/PCISYNC, with good results (apart from the unmaintanable binary drivers), but reading Dennis's last insults^Wmessages on the -hackers mailing list have somewhat put me looking for other alternatives. Cyclades Router-killer (up to only two ports however) is a bit short in function, Sangoma with it's WANPIPE and S-series seems a bit better, but I can't find much technical info on their site. I believe there must be others, I'd like to know other people's opinions on them. Thanks Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 16: 7:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 2B8B437B71A for ; Sun, 1 Apr 2001 16:07:24 -0700 (PDT) (envelope-from jflowers@ezo.net) Received: from savvydia4bwrv3 (c3-1a119.neo.rr.com [24.93.230.119]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id TAA21563; Sun, 1 Apr 2001 19:10:28 -0400 (EDT) Message-ID: <004601c0baff$b4d15b60$22b197ce@savvydia4bwrv3> From: "Jim Flowers" To: "Jose Gabriel J Marcelino" , References: <20010401224953.B64430@devils.maquina.com> Subject: Re: Sync highspeed cards Date: Sun, 1 Apr 2001 19:01:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Download the code and take a look at it. There is some info there. Beyond that they are good to work with and support their own freebsd driver which worked well the last time I used it (six months ago). Have not done multiples in one box or used the multiple ports on one card but the half dozen or so we have installed (both with and without CSU/DSU) have worked for several years now without problems. ----- Original Message ----- From: "Jose Gabriel J Marcelino" To: Sent: Sunday, April 01, 2001 5:49 PM Subject: Sync highspeed cards > Hi, > > I'm looking into good boards for a FreeBSD-based router, with at least 4 (can be 2 cards if needed) x.21 and/or v.35 interfaces with 4Mbit/s each. This is will used for multi-homed routers (with simple firewalling functionality) > > I was testing a system with ET Inc ET/PCISYNC, with good results (apart from the unmaintanable binary drivers), but reading Dennis's last insults^Wmessages on the -hackers mailing list have somewhat put me looking for other alternatives. > > Cyclades Router-killer (up to only two ports however) is a bit short in function, Sangoma with it's WANPIPE and S-series seems a bit better, but I can't find much technical info on their site. > > I believe there must be others, I'd like to know other people's opinions on them. > > Thanks > > Gabriel > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 19:17:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gtw.net (mail.gtw.net [208.33.253.12]) by hub.freebsd.org (Postfix) with SMTP id DD11537B71C for ; Sun, 1 Apr 2001 19:17:42 -0700 (PDT) (envelope-from john@day-light.com) Received: (qmail 3872 invoked from network); 2 Apr 2001 02:17:38 -0000 Received: from 62.pm3.gtw.net (HELO w1) (63.161.82.62) by mail.gtw.net with SMTP; 2 Apr 2001 02:17:38 -0000 Reply-To: From: "John Brooks" To: Subject: djbdns or tinydns Date: Sun, 1 Apr 2001 21:13:44 -0500 Message-ID: <000201c0bb1a$8eacb180$0b00a8c0@dle> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <5.0.0.25.0.20010228000158.0436aeb0@mail.Go2France.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone had favorable experience with tinydns in place of bind? Would anyone recommend using it on a colo server authoritative for less than 100 domains? I'm interested in opinions with *short* reasons - before I seriously consider it. ;-) -- John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 19:28:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aurora.galaxia.com (cx670996-b.ports1.ri.home.com [24.10.96.254]) by hub.freebsd.org (Postfix) with ESMTP id 4BAF337B718 for ; Sun, 1 Apr 2001 19:28:47 -0700 (PDT) (envelope-from dave@galaxia.com) Received: (from root@localhost) by aurora.galaxia.com (8.11.1/8.11.1) id f322Sk067973 for freebsd-isp@freebsd.org; Sun, 1 Apr 2001 22:28:46 -0400 (EDT) (envelope-from dave@galaxia.com) Received: from localhost (dave@localhost) by aurora.galaxia.com (8.11.1/8.11.1av) with ESMTP id f322SiF67966 for ; Sun, 1 Apr 2001 22:28:44 -0400 (EDT) (envelope-from dave@galaxia.com) X-Authentication-Warning: aurora.galaxia.com: dave owned process doing -bs Date: Sun, 1 Apr 2001 22:28:43 -0400 (EDT) From: "David H. Brierley" To: Subject: Verizon vs Qwest vs Choice One In-Reply-To: <00ef01c0b9fb$11a01e90$04e48486@marble> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We are currently considered moving our T1 and a pair of PRI's to a new location. The choices we have for providers are Verizon, Qwest, and ChoiceOne. Verizon is by far the most expensive and I'm not convinced it is worth the money. I have dealt with Choice One in the past and while their customer service was not the greatest in the world, we only had one occasion where we needed to use it. I have never had any dealings with Qwest before but the salesperson is very aggressive. Would anyone be willing to share their experiences with any of these three choices, good bad or indifferent? Thanks in advance. -- David H. Brierley dave@galaxia.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Apr 1 20: 4:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id 1F77F37B719 for ; Sun, 1 Apr 2001 20:04:38 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 26822 invoked by uid 1001); 2 Apr 2001 03:04:32 -0000 Date: Sun, 1 Apr 2001 20:04:32 -0700 From: Sean Chittenden To: John Brooks Cc: freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns Message-ID: <20010401200432.A26747@rand.tgd.net> References: <5.0.0.25.0.20010228000158.0436aeb0@mail.Go2France.com> <000201c0bb1a$8eacb180$0b00a8c0@dle> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: <000201c0bb1a$8eacb180$0b00a8c0@dle>; from "john@day-light.com" on Sun, Apr 01, 2001 at = 09:13:44PM X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I've had extremely favorable experiences with djbdns. 5,000 domains at one installation and it just ticks along, secure, small, fast, and no headaches. Two quick comments: 1) You will need _at least_ one more IP address (recursive dns server and authoritative dns server are different daemons: good thing). 2) If your clients are dhcp'd, then I'd change their DNS server address to the new recursive dns server (dnscache). 3) The data files are extremely easy to view, scan, and update via hand and from scripts/databases. 4) Move slow, a big screw up in DNS can keep you down for a while if lame large ISPs cache your data for excessively long periods of time (AOL, MSN, UU.net, and Mindspring have some dns servers that hold onto data for longer than a week ::grrrr::). I've done this plenty of times at various installations, so if you've got Q's, please feel free to ask: I endorse djbdns 98%. The remaining 2% goes to the logging philosophy: log everything, filter later. It's nice, but under extremely high load and redirecting the log to /dev/null, the tinydns is still formatting the log output. Not a biggie though. -sc On Sun, Apr 01, 2001 at 09:13:44PM -0500, John Brooks wrote: > Delivered-To: sean-freebsd-isp@chittenden.org > Delivered-To: freebsd-isp@freebsd.org > Reply-To: > From: "John Brooks" > To: > Subject: djbdns or tinydns > Date: Sun, 1 Apr 2001 21:13:44 -0500 > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 > In-Reply-To: <5.0.0.25.0.20010228000158.0436aeb0@mail.Go2France.com> > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 > Importance: Normal > X-Loop: FreeBSD.org > Precedence: bulk >=20 > Has anyone had favorable experience with tinydns in place of bind? Would > anyone recommend using it on a colo server authoritative for less than 100 > domains? I'm interested in opinions with *short* reasons - before I > seriously consider it. ;-) >=20 > -- > John >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --=20 Sean Chittenden --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjrH7EAACgkQn09c7x7d+q1n8ACggrWB29YUud7NhZKzez0irKNB dOQAoJiQeutqlmstGwln3DmMu9VZZ7cy =23sU -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 1:20: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bigglesworth.mail.be.easynet.net (bigglesworth.mail.be.easynet.net [212.100.160.67]) by hub.freebsd.org (Postfix) with ESMTP id 6146D37B71A for ; Mon, 2 Apr 2001 01:19:58 -0700 (PDT) (envelope-from wim@livens.net) Received: from 213-193-182-52.adsl.easynet.be ([213.193.182.52] helo=livens.net) by bigglesworth.mail.be.easynet.net with esmtp (Exim 3.16 #1) id 14jzZ6-0005xB-00; Mon, 02 Apr 2001 10:19:56 +0200 Received: (from wim@localhost) by livens.net (8.9.3/8.9.3) id KAA12546; Mon, 2 Apr 2001 10:19:54 +0200 (CEST) (envelope-from wim) Date: Mon, 2 Apr 2001 10:19:54 +0200 From: Wim Livens To: paul@colba.net Cc: freebsd-isp@freebsd.org Subject: Re: Multiport serial board Message-ID: <20010402101953.A12466@krijt.livens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi folks, I'm planning to build a server/router console server. > And looking for a good multiport serial board, 8 ports or more. > Which one is a good one with FreeBSD drivers. http://www.cyclades.com/products/svrbas/yseries.htm regards, Wim Livens. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 4:35: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 9E3C037B718 for ; Mon, 2 Apr 2001 04:35:04 -0700 (PDT) (envelope-from haribeau@gmx.de) Received: (qmail 9274 invoked by uid 0); 2 Apr 2001 11:35:03 -0000 Received: from pd9022ba2.dip.t-dialin.net (HELO l5zy6) (217.2.43.162) by mail.gmx.net (mp015-rz3) with SMTP; 2 Apr 2001 11:35:03 -0000 Message-ID: <000901c0bb68$f1357820$fe78a8c0@espe.de> From: "Clemens Hermann" To: Subject: server-vendor in Germany Date: Mon, 2 Apr 2001 13:34:52 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, as I found no german server-vendor listed on the according page on FreeBSD.org I hope to receive some recommendations here. Where in Germany can I get good FreeBSD-Servers as 19'' ISP Boxes for a fair price? I am looking for a mid-range Server for ~ DM 15.000. thanks for any hint /ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 10:39:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [64.0.106.45]) by hub.freebsd.org (Postfix) with ESMTP id 0559737B71F for ; Mon, 2 Apr 2001 10:39:21 -0700 (PDT) (envelope-from scanner@jurai.net) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id NAA10438; Mon, 2 Apr 2001 13:39:03 -0400 (EDT) Date: Mon, 2 Apr 2001 13:39:03 -0400 (EDT) From: To: John Brooks Cc: freebsd-isp@FreeBSD.ORG Subject: Re: djbdns or tinydns In-Reply-To: <000201c0bb1a$8eacb180$0b00a8c0@dle> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If I were you I would stick to BIND 9 or the latest 8.x. Otherwise try to look into MaraDNS. Search www.freshmeat.net for the link. It appears to be fast, stable, and handle things well. Oh yeah and unlike djbdns its not an unreadable mess, and the license isnt as bad. ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tomorrow?" BSD: "Are you guys coming or what?" ============================================================================= irc.openprojects.net #FreeBSD -Join the revolution! ICQ: 20016186 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 12:34:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id EE62337B71F for ; Mon, 2 Apr 2001 12:34:33 -0700 (PDT) (envelope-from haribeau@gmx.de) Received: (qmail 26725 invoked by uid 0); 2 Apr 2001 19:34:30 -0000 Received: from pd9025293.dip.t-dialin.net (HELO l5zy6) (217.2.82.147) by mail.gmx.net (mp017-rz3) with SMTP; 2 Apr 2001 19:34:30 -0000 Message-ID: <009601c0bbab$f0e0f410$fe78a8c0@espe.de> From: "Clemens Hermann" To: "Sean Chittenden" , "John Brooks" Cc: References: <5.0.0.25.0.20010228000158.0436aeb0@mail.Go2France.com> <000201c0bb1a$8eacb180$0b00a8c0@dle> <20010401200432.A26747@rand.tgd.net> Subject: Re: djbdns or tinydns Date: Mon, 2 Apr 2001 21:34:30 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Sean and John, > I've had extremely favorable experiences with djbdns. same with me. - Simple setup - clean structure - rock-solid - ressource-friendly > 1) You will need _at least_ one more IP address (recursive dns server > and authoritative dns server are different daemons: good thing). but you can use (e.g.) the loopback device for the recursive resolver. This way you have a reliable (!) resolver for your server which will improve security a lot in many cases. Furthermore you are not misused as publicly available resolver in case you only want to provide authorative dns for your domains. > 3) The data files are extremely easy to view, scan, and update via > hand and from scripts/databases. ACK furthermore djbdns can perfectly coexist with bind (use bind as secondary or be socondary for a bind server) I have used Bind for a while. After I switched to djbdns I begun to understand DNS ;-) bye /ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 12:38:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bluebox.lan (p3EE388A5.dip.t-dialin.net [62.227.136.165]) by hub.freebsd.org (Postfix) with ESMTP id 2109A37B71C for ; Mon, 2 Apr 2001 12:38:49 -0700 (PDT) (envelope-from panic@subphase.de) Received: from subphase.de (stormy.lan [192.168.0.2]) by bluebox.lan (Postfix) with ESMTP id 6BF9B2D95; Mon, 2 Apr 2001 21:36:13 +0200 (CEST) Message-ID: <3AC8D53D.6D997D77@subphase.de> Date: Mon, 02 Apr 2001 21:38:37 +0200 From: Steven Enderle X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: de, en MIME-Version: 1.0 To: Clemens Hermann Cc: freebsd-isp@freebsd.org Subject: Re: server-vendor in Germany References: <000901c0bb68$f1357820$fe78a8c0@espe.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org www.pyramid.de has nice boxes... Clemens Hermann wrote: > Hi, > > as I found no german server-vendor listed on the according page on > FreeBSD.org I hope to receive some recommendations here. > Where in Germany can I get good FreeBSD-Servers as 19'' ISP Boxes for a fair > price? > I am looking for a mid-range Server for ~ DM 15.000. > > thanks for any hint > > /ch > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 13:45:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from zen.estpak.ee (zen.estpak.ee [194.126.101.100]) by hub.freebsd.org (Postfix) with ESMTP id 30BA537B727 for ; Mon, 2 Apr 2001 13:45:27 -0700 (PDT) (envelope-from rix@estpak.ee) Received: from estpak.ee (kewl.estpak.ee [194.126.115.38]) by zen.estpak.ee (8.9.3/ZEN) with ESMTP id XAA20659 for ; Mon, 2 Apr 2001 23:46:36 +0300 (EET DST) Message-ID: <3AC91CC9.772CAA55@estpak.ee> Date: Mon, 02 Apr 2001 22:43:53 -0200 From: rivo nurges X-Mailer: Mozilla 4.7 [en] (X11; I; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org scanner@jurai.net wrote: > > If I were you I would stick to BIND 9 or the latest 8.x. Otherwise try to > look into MaraDNS. Search www.freshmeat.net for the link. It appears to be at the moment it doesn't support zone transfers & cacheing name server > fast, stable, and handle things well. Oh yeah and unlike djbdns its not an > unreadable mess, and the license isnt as bad. i dont think so, like qmail(first setup is hard but when you intall it 3rd time, it's very quick&easy to setup) i like djbdns and way how i can organize zone transfers(i use scp) -- rix http://www.ripe.net/cgi-bin/whois?rix@estpak.ee To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 13:52:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id EFAD737B718 for ; Mon, 2 Apr 2001 13:52:44 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 52767 invoked by uid 1001); 2 Apr 2001 20:52:41 -0000 Date: Mon, 2 Apr 2001 13:52:41 -0700 From: Sean Chittenden To: scanner@jurai.net Cc: John Brooks , freebsd-isp@FreeBSD.ORG Subject: Re: djbdns or tinydns Message-ID: <20010402135240.D52470@rand.tgd.net> References: <000201c0bb1a$8eacb180$0b00a8c0@dle> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cHMo6Wbp1wrKhbfi" Content-Disposition: inline In-Reply-To: ; from "scanner@jurai.net" on Mon, Apr 02, 2001 at = 01:39:03PM X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --cHMo6Wbp1wrKhbfi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Few small points: 1) Bind 8 is substantially faster than bind 9, is speed a consideration in your deployment? If so, avoid bind 9 (though I'd expect the ISC folks to address this eventually). 2) I have never used MaraDNS, but according to the site it's still under heavy development and is missing many features (AXFR & tcp dns) 3) Of all of the code I've read/seen/patched/tweaked, I personally put djb's stuff pretty far up there because it is easy to read, etc. The flip side of it being, I haven't had to do much to djb's stuff because it hasn't given me _any_ problems, so this shouldn't be an issue for 99.99% of people. DJB's also has a great track record for code stability, security, and performance. 4) As for the djbdns license, he doesn't really have one: http://cr.yp.to/softwarelaw.html -sc On Mon, Apr 02, 2001 at 01:39:03PM -0400, scanner@jurai.net wrote: > Delivered-To: sean-freebsd-isp@chittenden.org > Delivered-To: freebsd-isp@freebsd.org > Date: Mon, 2 Apr 2001 13:39:03 -0400 (EDT) > From: > To: John Brooks > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: djbdns or tinydns > In-Reply-To: <000201c0bb1a$8eacb180$0b00a8c0@dle> > X-Loop: FreeBSD.org > Precedence: bulk >=20 >=20 > If I were you I would stick to BIND 9 or the latest 8.x. Otherwise try to > look into MaraDNS. Search www.freshmeat.net for the link. It appears to be > fast, stable, and handle things well. Oh yeah and unlike djbdns its not an > unreadable mess, and the license isnt as bad. >=20 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek= =20 > Work: scanner@jurai.net | Open Systems Inc., Wellington, Kan= sas > Home: scanner@deceptively.shady.org | http://open-systems.net > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > WINDOWS: "Where do you want to go today?" > LINUX: "Where do you want to go tomorrow?" > BSD: "Are you guys coming or what?" > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > irc.openprojects.net #FreeBSD -Join the revolution! > ICQ: 20016186 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --=20 Sean Chittenden --cHMo6Wbp1wrKhbfi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjrI5pgACgkQn09c7x7d+q0zEACeO46U9zxcHMDk4B+2VQH2s5u5 q7YAn0G9sBz7qMXAFkBalk4avQ2KPO3a =E6z6 -----END PGP SIGNATURE----- --cHMo6Wbp1wrKhbfi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 20:47:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id C3CB237B724 for ; Mon, 2 Apr 2001 20:47:15 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 14kHjN-0002Tj-00; Mon, 2 Apr 2001 20:43:45 -0700 Date: Mon, 2 Apr 2001 20:43:21 -0700 (PDT) From: Tom Samplonius To: Clemens Hermann Cc: Sean Chittenden , John Brooks , freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns In-Reply-To: <009601c0bbab$f0e0f410$fe78a8c0@espe.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Apr 2001, Clemens Hermann wrote: > Hi Sean and John, > > > I've had extremely favorable experiences with djbdns. > > same with me. > > - Simple setup > - clean structure > - rock-solid > - ressource-friendly I'm not completely happy with dnscache. Apparently, dnscache has a hard-coded 200 request limit. I'm hitting that limit now, and it is not clear on how to remove this limit. This is only something that you are likely to see on large external caches. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 21:12:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id 9675037B728 for ; Mon, 2 Apr 2001 21:12:49 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 60688 invoked by uid 1001); 3 Apr 2001 04:12:43 -0000 Date: Mon, 2 Apr 2001 21:12:43 -0700 From: Sean Chittenden To: Tom Samplonius Cc: freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns Message-ID: <20010402211243.E53081@rand.tgd.net> References: <009601c0bbab$f0e0f410$fe78a8c0@espe.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="10jrOL3x2xqLmOsH" Content-Disposition: inline In-Reply-To: ; from "tom@sdf.com" on Mon, Apr 02, 2001 at = 08:43:21PM X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --10jrOL3x2xqLmOsH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This sounds like a kernel limit and not a dnscache limit as I've run sites that were doing more than 200 requests per second and never saw any problems.... have you tweaked your kernel at all? -sc > On Mon, 2 Apr 2001, Clemens Hermann wrote: >=20 > > Hi Sean and John, > >=20 > > > I've had extremely favorable experiences with djbdns. > >=20 > > same with me. > >=20 > > - Simple setup > > - clean structure > > - rock-solid > > - ressource-friendly >=20 > I'm not completely happy with dnscache. Apparently, dnscache has a > hard-coded 200 request limit. I'm hitting that limit now, and it is not > clear on how to remove this limit. This is only something that you are > likely to see on large external caches. >=20 >=20 > Tom --=20 Sean Chittenden --10jrOL3x2xqLmOsH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjrJTbsACgkQn09c7x7d+q3YpACeP/xnrwTw81gTLBgizX3oDVbC G/kAmwb0RTKdk1hJ9FG3CD0Q2fvIn7IX =x0v+ -----END PGP SIGNATURE----- --10jrOL3x2xqLmOsH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 21:22: 2 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 38FAA37B722 for ; Mon, 2 Apr 2001 21:21:59 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 14kIGP-0002W9-00; Mon, 2 Apr 2001 21:17:53 -0700 Date: Mon, 2 Apr 2001 21:17:53 -0700 (PDT) From: Tom Samplonius To: Sean Chittenden Cc: freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns In-Reply-To: <20010402211243.E53081@rand.tgd.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Apr 2001, Sean Chittenden wrote: > This sounds like a kernel limit and not a dnscache limit as > I've run sites that were doing more than 200 requests per second and > never saw any problems.... have you tweaked your kernel at all? -sc No, 200 simultaneous UDP requests. It is a hardcoded limit in dnscache. Active UDP requests is the second to last number of the stats line in the main log. It can not exceed 200. I'm hopeful that code can be patched to bring it up to at least 250. There are no kernel limits that would affect requests per second. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Apr 2 21:28:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.tgd.net (rand.tgd.net [64.81.67.117]) by hub.freebsd.org (Postfix) with SMTP id 7810437B722 for ; Mon, 2 Apr 2001 21:28:49 -0700 (PDT) (envelope-from sean@mailhost.tgd.net) Received: (qmail 60782 invoked by uid 1001); 3 Apr 2001 04:28:44 -0000 Date: Mon, 2 Apr 2001 21:28:43 -0700 From: Sean Chittenden To: Tom Samplonius Cc: freebsd-isp@freebsd.org Subject: Re: djbdns or tinydns Message-ID: <20010402212843.F53081@rand.tgd.net> References: <20010402211243.E53081@rand.tgd.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Zs/RYxT/hKAHzkfQ" Content-Disposition: inline In-Reply-To: ; from "tom@sdf.com" on Mon, Apr 02, 2001 at = 09:17:53PM X-PGP-Key: 0x1EDDFAAD X-PGP-Fingerprint: C665 A17F 9A56 286C 5CFB 1DEA 9F4F 5CEF 1EDD FAAD X-Web-Homepage: http://sean.chittenden.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Zs/RYxT/hKAHzkfQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This should apply cleanly to djbdns 1.05. -sc --- dnscache.c Mon Apr 2 21:27:24 2001 +++ orig_dnscache.c Mon Apr 2 21:27:14 2001 @@ -54,7 +54,7 @@ static int udp53; -#define MAXUDP 400 +#define MAXUDP 200 static struct udpclient { struct query q; struct taia start; On Mon, Apr 02, 2001 at 09:17:53PM -0700, Tom Samplonius wrote: > Delivered-To: sean-freebsd-isp@chittenden.org > Delivered-To: freebsd-isp@freebsd.org > Date: Mon, 2 Apr 2001 21:17:53 -0700 (PDT) > From: Tom Samplonius > To: Sean Chittenden > Cc: freebsd-isp@freebsd.org > Subject: Re: djbdns or tinydns > In-Reply-To: <20010402211243.E53081@rand.tgd.net> > X-Loop: FreeBSD.org > Precedence: bulk >=20 >=20 > On Mon, 2 Apr 2001, Sean Chittenden wrote: >=20 > > This sounds like a kernel limit and not a dnscache limit as > > I've run sites that were doing more than 200 requests per second and > > never saw any problems.... have you tweaked your kernel at all? -sc >=20 > No, 200 simultaneous UDP requests. It is a hardcoded limit in > dnscache. Active UDP requests is the second to last number of the stats > line in the main log. It can not exceed 200. I'm hopeful that code can > be patched to bring it up to at least 250. =20 >=20 > There are no kernel limits that would affect requests per second. >=20 > Tom >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message --=20 Sean Chittenden --Zs/RYxT/hKAHzkfQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Comment: Sean Chittenden iEYEARECAAYFAjrJUXsACgkQn09c7x7d+q2viACeJwEdJf+PtC8U6Xyuif3a0BjT EaMAoMUmVZrB0dCZSFZxRjPODKrskZc4 =oxe3 -----END PGP SIGNATURE----- --Zs/RYxT/hKAHzkfQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 2:13:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail-internal.nextra.de (mail.nextra.de [212.169.184.81]) by hub.freebsd.org (Postfix) with ESMTP id A6EB337B71B for ; Tue, 3 Apr 2001 02:13:31 -0700 (PDT) (envelope-from Oliver.Blasnik@nextra.de) Received: from f-ex-01.intern.nextra.de (f-euro.fw.nextra.de [212.169.184.9]) by mail-internal.nextra.de (8.9.3/8.9.3) with ESMTP id LAA64170; Tue, 3 Apr 2001 11:13:25 +0200 (CEST) Received: from omnilinkw63 ([10.49.96.101]) by f-ex-01.intern.nextra.de with Microsoft SMTPSVC(5.0.2195.1600); Tue, 3 Apr 2001 11:09:19 +0100 Message-ID: <002301c0bc1e$a4f786e0$6560310a@intern.nextra.de> From: "Oliver Blasnik" To: "Steven Enderle" , "Clemens Hermann" Cc: References: <000901c0bb68$f1357820$fe78a8c0@espe.de> <3AC8D53D.6D997D77@subphase.de> Subject: Re: server-vendor in Germany Date: Tue, 3 Apr 2001 11:15:36 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 X-OriginalArrivalTime: 03 Apr 2001 10:09:19.0496 (UTC) FILETIME=[25C72080:01C0BC26] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there, Steven Enderle wrote: > www.pyramid.de has nice boxes... We used that boxes (4U) a time ago, but changed due to bad quality. At the Moment we're using the ISP2150 (2U)-Boxed, which are OEM'd by Lynx ( www.kle.net ), and they are solid & "cheap". http://www.intel.com/network/products/isp2150.htm > Clemens Hermann wrote: > > I am looking for a mid-range Server for ~ DM 15.000. For that you're going to get a fullfeatured ISP2150 (4 Hotswap- SCSI-Drives, RAID-Controller, Dual P3 and 'bout 2G of RAM) *g* > > thanks for any hint HTH, Oliver, waiting for the Gigabyte 1U *g* -- -- http://www.nextra.de - INTERNET@WORK ----- oliver.blasnik@nextra.de -- Nextra Deutschland | Oliver Blasnik Senior System Administrator GmbH & Co KG | Lyoner Strasse 26 D-60528 Frankfurt Engineering TA&S | tel +49-69-66441-0 fax +49-69-66441-199 ------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 3:41: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 98F1037B724 for ; Tue, 3 Apr 2001 03:41:06 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 93584 invoked by uid 1001); 3 Apr 2001 10:41:04 +0000 (GMT) To: sean-freebsd-isp@chittenden.org Cc: scanner@jurai.net, john@day-light.com, freebsd-isp@FreeBSD.ORG Subject: Re: djbdns or tinydns From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 2 Apr 2001 13:52:41 -0700" References: <20010402135240.D52470@rand.tgd.net> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Tue, 03 Apr 2001 12:41:03 +0200 Message-ID: <93582.986294463@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 3) Of all of the code I've read/seen/patched/tweaked, I personally put > djb's stuff pretty far up there because it is easy to read, etc. I think it's safe to say that the "easy to read" claim is not universally shared... Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 3:56:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from wildcatblue.com (flanders.wildcatblue.com [206.157.147.206]) by hub.freebsd.org (Postfix) with ESMTP id 5412C37B724 for ; Tue, 3 Apr 2001 03:56:27 -0700 (PDT) (envelope-from sdrhodus@wildcatblue.com) Received: from vghk (p1mp.vghk.e-xtreme.org [206.157.147.77]) by wildcatblue.com (Postfix) with SMTP id 95FF185B18 for ; Tue, 3 Apr 2001 05:57:01 +0000 (GMT) Message-ID: <001201c0bc2c$4ebb8930$a85bfea9@vghk> From: "David Rhodus" To: Subject: Named Keep crashing. Date: Tue, 3 Apr 2001 06:53:24 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000F_01C0BC0A.C721F480" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000F_01C0BC0A.C721F480 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable It seems as if about every moring I wake up named is not running. It has = crashed during the day also, but now it seems every morning. Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on = signal 11 ( core dumped) Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 = pps Do I need to install a new version on bind ? David Rhodus 859-626-1161 859-527-9688 Pager sdrhodus@wildcatblue.com ------=_NextPart_000_000F_01C0BC0A.C721F480 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
It seems as if about every moring I = wake up named=20 is not running. It has crashed during the day also, but now it seems = every=20 morning.
Apr  2 18:11:22 crombie /kernel: = pid 27614=20 (named), uid 0: exited on signal 11 (
core dumped)
Apr  2 = 23:04:15=20 crombie /kernel: icmp-response bandwidth limit 201/200 pps
Do I need to install a new version on = bind=20 ?
 
 

David = Rhodus
859-626-1161
859-527-9688=20 Pager
sdrhodus@wildcatblue.com
------=_NextPart_000_000F_01C0BC0A.C721F480-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 4: 5:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unit11.support.nl (unit11.support.nl [195.114.229.252]) by hub.freebsd.org (Postfix) with ESMTP id 01B1737B718 for ; Tue, 3 Apr 2001 04:05:27 -0700 (PDT) (envelope-from marcel@support.nl) Received: from localhost (marcel@localhost) by unit11.support.nl (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id NAA26383; Tue, 3 Apr 2001 13:09:16 +0200 Date: Tue, 3 Apr 2001 13:09:16 +0200 (CEST) From: Marcel Lemmen To: David Rhodus Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. In-Reply-To: <001201c0bc2c$4ebb8930$a85bfea9@vghk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It seems this is a heavily-used machine, since the icmp-responce bandwidth limit is exceeded. Try to increase this limit: sysctl -w net.inet.icmp.icmplim=500 This should prevent named to crash. PS, are you using Bind8 or 9? Bind9 crashed often on my server, downgrading to Bind8 solved it. Kind regards, Marcel Lemmen Support Net -------------------------------------------------------------- | Marcel Lemmen | Support Net BV | | | System Engineer | beheer@support.nl | \|/ | | | | ___.oO___|_ | | Jobs@SupportNet | http://jobs.supportnet.nl | | -------------------------------------------------------------- (It's a snowman in the desert next to a saguaro) On Tue, 3 Apr 2001, David Rhodus wrote: > Date: Tue, 3 Apr 2001 06:53:24 -0400 > From: David Rhodus > To: freebsd-isp@FreeBSD.ORG > Subject: Named Keep crashing. > > It seems as if about every moring I wake up named is not running. It has crashed during the day also, but now it seems every morning. > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on signal 11 ( > core dumped) > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > Do I need to install a new version on bind ? > > > > David Rhodus > 859-626-1161 > 859-527-9688 Pager > sdrhodus@wildcatblue.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 4: 7:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id ABA9B37B71C for ; Tue, 3 Apr 2001 04:07:49 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id EAA03273; Tue, 3 Apr 2001 04:53:12 -0600 (MDT) Date: Tue, 3 Apr 2001 04:53:12 -0600 (MDT) From: "Forrest W. Christian" To: David Rhodus Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. In-Reply-To: <001201c0bc2c$4ebb8930$a85bfea9@vghk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes, and do it now. You are being attcked. If you were running linux you'd already have been rooted. What is happening is someone is trying to use a linux-specific attack for bind and bind is exiting with an error because the linux binary that the attacker is (successfully) trying to get you to run isn't exactly compatible with freebsd. On Tue, 3 Apr 2001, David Rhodus wrote: > Date: Tue, 3 Apr 2001 06:53:24 -0400 > From: David Rhodus > To: freebsd-isp@FreeBSD.ORG > Subject: Named Keep crashing. > > It seems as if about every moring I wake up named is not running. It has crashed during the day also, but now it seems every morning. > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on signal 11 ( > core dumped) > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > Do I need to install a new version on bind ? > > > > David Rhodus > 859-626-1161 > 859-527-9688 Pager > sdrhodus@wildcatblue.com > - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 4:11:37 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id ECA4137B71D for ; Tue, 3 Apr 2001 04:11:34 -0700 (PDT) (envelope-from cdf.lists@fxp.org) Received: by peitho.fxp.org (Postfix, from userid 1501) id 56D7613614; Tue, 3 Apr 2001 07:11:34 -0400 (EDT) Date: Tue, 3 Apr 2001 07:11:34 -0400 From: Chris Faulhaber To: David Rhodus Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. Message-ID: <20010403071134.A24350@peitho.fxp.org> References: <001201c0bc2c$4ebb8930$a85bfea9@vghk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001201c0bc2c$4ebb8930$a85bfea9@vghk>; from sdrhodus@wildcatblue.com on Tue, Apr 03, 2001 at 06:53:24AM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 03, 2001 at 06:53:24AM -0400, David Rhodus wrote: > It seems as if about every moring I wake up named is not running. It has = crashed during the day also, but now it seems every morning. > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on sign= al 11 ( > core dumped) > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > Do I need to install a new version on bind ? >=20 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:18.bind.asc --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjrJr+YACgkQObaG4P6BelBGOwCcCDaYdjTrowSYJyE+B3SOsvUa kY4AnR/KpWBEEVJfmFyLcnYRlgWYCCMZ =VlN1 -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 4:13:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 5A3FA37B71A for ; Tue, 3 Apr 2001 04:13:40 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from sv.Go2France.com (ls1.meiway.com [212.73.210.33]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id F1FC116B16 for ; Tue, 3 Apr 2001 13:27:08 +0200 (CEST) Message-Id: <5.0.0.25.0.20010403130638.03f74eb0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 03 Apr 2001 13:11:32 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Named Keep crashing. In-Reply-To: <001201c0bc2c$4ebb8930$a85bfea9@vghk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >It seems as if about every moring I wake up named is not running. Things so bump in the night. > It has crashed during the day also, but now it seems every morning. >Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on >signal 11 ( >core dumped) >Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps >Do I need to install a new version on bind ? For the BIND4 and 8 vulnerability of late Jan, you have classic symptoms brought on by what appears to be scripts scanning for world for DNS services to take down. Upgrade to 8.2.3 Release. I did it here on 3 FreebSD servers, compiling from the ISC source. Fixed my similar symptoms pb's immediately and since. Len http://MenAndMice.com/DNS-training : In Austin, TX; SFO, CA; Paris, FR http://BIND8NT.MEIway.com : ISC BIND 8.2.3 "NT3" for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 6:36:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.palnet.com (mail.palnet.com [217.66.226.37]) by hub.freebsd.org (Postfix) with ESMTP id 8B76637B718 for ; Tue, 3 Apr 2001 06:36:21 -0700 (PDT) (envelope-from mustafa@palnet.com) Received: from mustafa (dogbert.palnet.com [192.116.17.51]) by mail.palnet.com (8.11.0/8.9.3) with SMTP id f33EW6I07502; Tue, 3 Apr 2001 16:32:06 +0200 (EET) From: "Mustafa N. Deeb" To: "Marcel Lemmen" , "David Rhodus" Cc: Subject: RE: Named Keep crashing. Date: Tue, 3 Apr 2001 15:10:55 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org same thing here bind9 died.. downgraded to 8.2.3 -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Marcel Lemmen Sent: Tuesday, April 03, 2001 1:09 PM To: David Rhodus Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. It seems this is a heavily-used machine, since the icmp-responce bandwidth limit is exceeded. Try to increase this limit: sysctl -w net.inet.icmp.icmplim=500 This should prevent named to crash. PS, are you using Bind8 or 9? Bind9 crashed often on my server, downgrading to Bind8 solved it. Kind regards, Marcel Lemmen Support Net -------------------------------------------------------------- | Marcel Lemmen | Support Net BV | | | System Engineer | beheer@support.nl | \|/ | | | | ___.oO___|_ | | Jobs@SupportNet | http://jobs.supportnet.nl | | -------------------------------------------------------------- (It's a snowman in the desert next to a saguaro) On Tue, 3 Apr 2001, David Rhodus wrote: > Date: Tue, 3 Apr 2001 06:53:24 -0400 > From: David Rhodus > To: freebsd-isp@FreeBSD.ORG > Subject: Named Keep crashing. > > It seems as if about every moring I wake up named is not running. It has crashed during the day also, but now it seems every morning. > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on signal 11 ( > core dumped) > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > Do I need to install a new version on bind ? > > > > David Rhodus > 859-626-1161 > 859-527-9688 Pager > sdrhodus@wildcatblue.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 9:56:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 6C02737B71D for ; Tue, 3 Apr 2001 09:56:46 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 14kU3K-0003Zq-00; Tue, 3 Apr 2001 09:53:10 -0700 Date: Tue, 3 Apr 2001 09:53:07 -0700 (PDT) From: Tom Samplonius To: Marcel Lemmen Cc: David Rhodus , freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Apr 2001, Marcel Lemmen wrote: > It seems this is a heavily-used machine, since the icmp-responce bandwidth > limit is exceeded. Try to increase this limit: > sysctl -w net.inet.icmp.icmplim=500 > > This should prevent named to crash. No. ICMP port unreachable messages are being sent out because named is dead, but clients keep sending requests. Unless you want your machine to be used as part of a DDoS, you should keep the ICMP limiting in place. Named is crashing because there are several versions with a known remote crash bug, and versions with a remote exploit. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Apr 3 21:45:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 84CA237B71C for ; Tue, 3 Apr 2001 21:45:32 -0700 (PDT) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) id f344jVV53660 for freebsd-isp@FreeBSD.ORG.AVP; Wed, 4 Apr 2001 06:45:31 +0200 (CEST) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.11.2/8.11.2) with UUCP id f344jVB53654 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 06:45:31 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from gina ([192.168.5.100]) by arnold.neland.dk (8.11.3/8.11.0) with SMTP id f344j5u06556 for ; Wed, 4 Apr 2001 06:45:05 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <016601c0bcc2$1768df00$6405a8c0@neland.dk> Reply-To: "Leif Neland" From: "Leif Neland" To: References: Subject: Re: Named Keep crashing. Date: Wed, 4 Apr 2001 06:45:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by ns.internet.dk id f344jVB53654 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there any way to trace who is doing it? Running tcpdump with certain filter settings to avoid logging everything and filling the disk? Leif ----- Original Message ----- From: "Forrest W. Christian" To: "David Rhodus" Cc: Sent: Tuesday, April 03, 2001 12:53 PM Subject: Re: Named Keep crashing. > Yes, and do it now. > > You are being attcked. If you were running linux you'd already have been > rooted. > > What is happening is someone is trying to use a linux-specific attack for > bind and bind is exiting with an error because the linux binary that the > attacker is (successfully) trying to get you to run isn't exactly > compatible with freebsd. > > On Tue, 3 Apr 2001, David Rhodus wrote: > > > Date: Tue, 3 Apr 2001 06:53:24 -0400 > > From: David Rhodus > > To: freebsd-isp@FreeBSD.ORG > > Subject: Named Keep crashing. > > > > It seems as if about every moring I wake up named is not running. It has crashed during the day also, but now it seems every morning. > > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on signal 11 ( > > core dumped) > > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 pps > > Do I need to install a new version on bind ? > > > > > > > > David Rhodus > > 859-626-1161 > > 859-527-9688 Pager > > sdrhodus@wildcatblue.com > > > > - Forrest W. Christian (forrestc@imach.com) AC7DE > ---------------------------------------------------------------------- > iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com > Solutions for your high-tech problems. (406)-442-6648 > ---------------------------------------------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 0:19:45 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id DBC1337B71A for ; Wed, 4 Apr 2001 00:19:41 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id cxtaaaaa for ; Wed, 4 Apr 2001 17:19:47 +1000 Message-ID: <3ACACBDF.90ECBA1F@quake.com.au> Date: Wed, 04 Apr 2001 17:23:11 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Leif Neland Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. References: <016601c0bcc2$1768df00$6405a8c0@neland.dk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Leif Neland wrote: > > Is there any way to trace who is doing it? > Running tcpdump with certain filter settings to avoid logging everything and filling the disk? > Dont bother... Just install the fixed version of bind... Every kid with a script and an internet connection is probably doing this to you!!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 0:31:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from moat.teksupport.net.au (moat.teksupport.net.au [203.17.1.98]) by hub.freebsd.org (Postfix) with ESMTP id 11D9D37B722 for ; Wed, 4 Apr 2001 00:31:22 -0700 (PDT) (envelope-from robseco@teksupport.net.au) Received: from magician.teksupport.net.au (robseco.secombe [192.168.1.2]) by moat.teksupport.net.au (8.11.0/8.11.0) with SMTP id f347d1E08206 for ; Wed, 4 Apr 2001 17:39:02 +1000 (EST) (envelope-from robseco@teksupport.net.au) Message-Id: <3.0.5.32.20010404173112.03d72a60@secombe> X-Sender: robseco@secombe X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 04 Apr 2001 17:31:12 +1000 To: freebsd-isp@FreeBSD.ORG From: Rob Secombe Subject: Re: Named Keep crashing. In-Reply-To: <3ACACBDF.90ECBA1F@quake.com.au> References: <016601c0bcc2$1768df00$6405a8c0@neland.dk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Which IS the 'fixed' version of bind? I am in the process of building/converting to a bind9 server on FreeBSD 4.2 but with the /dev/random problem and other bad press, maybe I'm wasting my time. I am not fussed if the dns-sec stuff doesn't work in the short term. Anyone got bind9 running reliably, exposed and under load? Rob. At 17:23 04/04/01 +1000, Kal Torak wrote: >Leif Neland wrote: >> >> Is there any way to trace who is doing it? >> Running tcpdump with certain filter settings to avoid logging everything and filling the disk? >> > > >Dont bother... Just install the fixed version of bind... >Every kid with a script and an internet connection is probably >doing this to you!!! > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 0:46:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id E6FA637B726 for ; Wed, 4 Apr 2001 00:46:05 -0700 (PDT) (envelope-from enno.davids@metva.com.au) Received: (from enno@localhost) by metva.com.au id RAA08839 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 17:45:48 +1000 (EST) From: Enno Davids Message-Id: <200104040745.RAA08839@metva.com.au> Subject: Chasing the kiddies (was: Named Keep crashing) To: freebsd-isp@FreeBSD.ORG Date: Wed, 4 Apr 2001 17:45:48 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org | > | > Is there any way to trace who is doing it? | > Running tcpdump with certain filter settings to avoid logging everything and filling the disk? | > | | Dont bother... Just install the fixed version of bind... | Every kid with a script and an internet connection is probably | doing this to you!!! | This response kind of bothers me. There was a time when everytime I could sanely trace spammers I emailed abuse@wherever.was.relevant to advise them. Similarly, when people probed Apache I'd send off adivsory emails. But only last weekend as I watched yet another clown with a cable modem perform the 1/2 hourly scan of my network for open RPC ports I wondered why I (and I presume others) were no longer doing this. Clearly the sheer volume of morons is one reason. Is anyone still doing this and getting satisfaction? There was a time when if you probed the Apache on my machine it winnuke'd you back. Moral issues aside, there _was_ a great deal of satisfaction there... Needless to say, there's little mileage in this now (damned M$ service packs!). :) Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 0:55:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 9772D37B71C for ; Wed, 4 Apr 2001 00:55:31 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from sv.Go2France.com (ls1.meiway.com [212.73.210.33]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 64C8F16B1F for ; Wed, 4 Apr 2001 10:09:02 +0200 (CEST) Message-Id: <5.0.0.25.0.20010404094950.04d8ebc0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 04 Apr 2001 09:53:04 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <200104040745.RAA08839@metva.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Clearly the sheer volume of morons is one reason. Play "pick-a-fable" : King Canute commanding the tides to stop or Don Quixote tilting at windmills :))) Len http://MenAndMice.com/DNS-training : In Austin, TX; SFO, CA; Paris, FR http://BIND8NT.MEIway.com : ISC BIND 8.2.3 "NT3" for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1: 9:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peppermint.national.com.au (peppermint.national.com.au [203.57.240.100]) by hub.freebsd.org (Postfix) with ESMTP id 39CE937B725 for ; Wed, 4 Apr 2001 01:09:34 -0700 (PDT) (envelope-from nconedd@websupp.nabaus.com.au) Received: (from uucp@localhost) by peppermint.national.com.au (8.9.3+Sun/8.8.8) id SAA06586; Wed, 4 Apr 2001 18:09:31 +1000 (EST) Received: from websupp.national.com.au(164.53.27.37), claiming to be "websupp.nabaus.com.au" via SMTP by peppermint, id smtpdAAArtaO0m; Wed Apr 4 18:09:25 2001 Received: (from nconedd@localhost) by websupp.nabaus.com.au (8.8.8+Sun/8.8.8) id SAA02167; Wed, 4 Apr 2001 18:08:56 +1000 (EST) From: Enno Davids Message-Id: <200104040808.SAA02167@websupp.nabaus.com.au> Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <5.0.0.25.0.20010404094950.04d8ebc0@mail.Go2France.com> from Len Conrad at "Apr 4, 1 09:53:04 am" To: LConrad@Go2France.com (Len Conrad) Date: Wed, 4 Apr 2001 18:08:56 +1000 (EST) Cc: freebsd-isp@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org | >Clearly the sheer volume of morons is one reason. | | Play "pick-a-fable" : | | King Canute commanding the tides to stop | | or | | Don Quixote tilting at windmills | | :))) Granted, but let me offer.... To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? (with my thanks to http://tech-two.mit.edu/Shakespeare/hamlet/full.html) Cheers, Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1: 9:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from unit11.support.nl (unit11.support.nl [195.114.229.252]) by hub.freebsd.org (Postfix) with ESMTP id A253D37B725 for ; Wed, 4 Apr 2001 01:09:48 -0700 (PDT) (envelope-from marcel@support.nl) Received: from localhost (marcel@localhost) by unit11.support.nl (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id KAA16048; Wed, 4 Apr 2001 10:13:40 +0200 Date: Wed, 4 Apr 2001 10:13:40 +0200 (CEST) From: Marcel Lemmen To: Rob Secombe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. In-Reply-To: <3.0.5.32.20010404173112.03d72a60@secombe> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've tried the latest release Bind9 version on a Diablo news-feeder. Diablo is using a nameserver a lot, that's why I installed Bind locally. This machine has a load between 15-30, and the current datatransfer is 80Mbit/s outbound and 30Mbit/s inbound. After 2 days bind crashed, why is still unclear to me. After this incident I downgraded to the latest Bind8 release which is running about 3 weeks now without any problems. So far no Bind9 for me! Kind regards, Marcel Lemmen Support Net -------------------------------------------------------------- | Marcel Lemmen | Support Net BV | | | System Engineer | beheer@support.nl | \|/ | | | | ___.oO___|_ | | Jobs@SupportNet | http://jobs.supportnet.nl | | -------------------------------------------------------------- (It's a snowman in the desert next to a saguaro) On Wed, 4 Apr 2001, Rob Secombe wrote: > Date: Wed, 04 Apr 2001 17:31:12 +1000 > From: Rob Secombe > To: freebsd-isp@FreeBSD.ORG > Subject: Re: Named Keep crashing. > > Which IS the 'fixed' version of bind? > > I am in the process of building/converting to a bind9 server on FreeBSD 4.2 > but with the /dev/random problem and other bad press, maybe I'm wasting my > time. I am not fussed if the dns-sec stuff doesn't work in the short term. > > Anyone got bind9 running reliably, exposed and under load? > > Rob. > > > > At 17:23 04/04/01 +1000, Kal Torak wrote: > >Leif Neland wrote: > >> > >> Is there any way to trace who is doing it? > >> Running tcpdump with certain filter settings to avoid logging everything > and filling the disk? > >> > > > > > >Dont bother... Just install the fixed version of bind... > >Every kid with a script and an internet connection is probably > >doing this to you!!! > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1:10: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 987CF37B71F for ; Wed, 4 Apr 2001 01:09:59 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id nxtaaaaa for ; Wed, 4 Apr 2001 18:10:07 +1000 Message-ID: <3ACAD7AA.9537D1CB@quake.com.au> Date: Wed, 04 Apr 2001 18:13:30 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Rob Secombe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. References: <016601c0bcc2$1768df00$6405a8c0@neland.dk> <3.0.5.32.20010404173112.03d72a60@secombe> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rob Secombe wrote: > > Which IS the 'fixed' version of bind? > > I am in the process of building/converting to a bind9 server on FreeBSD 4.2 > but with the /dev/random problem and other bad press, maybe I'm wasting my > time. I am not fussed if the dns-sec stuff doesn't work in the short term. bind 8.2.3-REL is the latest and greatest of the bind 8.x tree... You can install this from the ports /usr/ports/net/bind8 and to get it to install over the old version instead of as a local package you need to pass a few things to make... This was on the freebsd diary a little while ago: # cd /usr/ports/net/bind8 # make PREFIX=/usr PIDDIR=/var/run DESTETC=/etc/namedb DESTEXEC=/usr/libexec DESTRUN=/var/run DESTSBIN=/usr/sbin DESTHELP=/usr/share/misc # killall named # make PREFIX=/usr PIDDIR=/var/run DESTETC=/etc/namedb DESTEXEC=/usr/libexec DESTRUN=/var/run DESTSBIN=/usr/sbin DESTHELP=/usr/share/misc install then test it: # /usr/sbin/named -v named 8.2.3-REL blah blah blah... Ok its sweet, so start it: first check your settings-> # grep named /etc/defaults/rc.conf # grep named /etc/rc.conf If its default you will probably just need to start it: # /usr/sbin/named add any flags on the end... and you should be all sweet against the worm/crash bugs... But check your logs to make sure the right version is running :) If you installed a bind from the ports before you should remove it before installing the new one... Eg. # pkg_info | grep bind then # pkg_delete bind-8.x.x If you are in production I wouldnt wast time with bind9 right now... Just get the fixed bind8 :) Good luck! Kal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1:18:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 7E7DC37B719 for ; Wed, 4 Apr 2001 01:18:36 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id qxtaaaaa for ; Wed, 4 Apr 2001 18:18:39 +1000 Message-ID: <3ACAD9AB.77D6C02@quake.com.au> Date: Wed, 04 Apr 2001 18:22:03 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Enno Davids Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <200104040745.RAA08839@metva.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Enno Davids wrote: > > | > > | > Is there any way to trace who is doing it? > | > Running tcpdump with certain filter settings to avoid logging everything and > filling the disk? > | > > | > | Dont bother... Just install the fixed version of bind... > | Every kid with a script and an internet connection is probably > | doing this to you!!! > | > > This response kind of bothers me. There was a time when everytime I could > sanely trace spammers I emailed abuse@wherever.was.relevant to advise them. > Similarly, when people probed Apache I'd send off adivsory emails. > > But only last weekend as I watched yet another clown with a cable modem > perform the 1/2 hourly scan of my network for open RPC ports I wondered why > I (and I presume others) were no longer doing this. Clearly the sheer volume > of morons is one reason. Is anyone still doing this and getting satisfaction? Well, there is that.. and the fact that they really dont do any harm most of the time... I am of the opinion that people can scan and probe all they like, it should be the admins that cant secure there systems that get advisory emails! There are plenty of people still sending mail off to abuse@blah, most of which use automated systems, and the people @blah get annoyed or dont care... By sending polite personalised mail to abuse I have got plenty of nice helpfull responses.. But again if some kid can DoS your server, it you that should be getting the slap on the wrist! > There was a time when if you probed the Apache on my machine it winnuke'd > you back. Moral issues aside, there _was_ a great deal of satisfaction > there... Needless to say, there's little mileage in this now (damned M$ > service packs!). :) There are still plenty of bugs in IE that will crash those systems, and worse, Mwahaha :P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1:21: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 668B037B71F for ; Wed, 4 Apr 2001 01:21:04 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from sv.Go2France.com (ls1.meiway.com [212.73.210.33]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 4940216B1C for ; Wed, 4 Apr 2001 10:34:38 +0200 (CEST) Message-Id: <5.0.0.25.0.20010404101720.04db22a0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 04 Apr 2001 10:18:47 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Named Keep crashing. In-Reply-To: References: <3.0.5.32.20010404173112.03d72a60@secombe> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org yep, this is the kind of stuff I see reported in the ISC BIND lists. 9 not quite there, yet. Len ============ >I've tried the latest release Bind9 version on a Diablo news-feeder. >Diablo is using a nameserver a lot, that's why I installed Bind locally. >This machine has a load between 15-30, and the current datatransfer is >80Mbit/s outbound and 30Mbit/s inbound. > >After 2 days bind crashed, why is still unclear to me. After this incident >I downgraded to the latest Bind8 release which is running about 3 weeks >now without any problems. > >So far no Bind9 for me! http://MenAndMice.com/DNS-training : In Austin, TX; SFO, CA; Paris, FR http://BIND8NT.MEIway.com : ISC BIND 8.2.3 "NT3" for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1:29:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id B315D37B720 for ; Wed, 4 Apr 2001 01:29:44 -0700 (PDT) (envelope-from LConrad@Go2France.com) Received: from sv.Go2France.com (ls1.meiway.com [212.73.210.33]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 8743116B1F for ; Wed, 4 Apr 2001 10:43:19 +0200 (CEST) Message-Id: <5.0.0.25.0.20010404102315.034594f0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 04 Apr 2001 10:27:29 +0200 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <200104040808.SAA02167@websupp.nabaus.com.au> References: <5.0.0.25.0.20010404094950.04d8ebc0@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Or to take arms against a sea of troubles, > And by opposing end them? "end them" ? Fumez-vous la moquette? :))) Len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 1:49:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp.umr.edu (mrelay.cc.umr.edu [131.151.1.89]) by hub.freebsd.org (Postfix) with ESMTP id E913237B718; Wed, 4 Apr 2001 01:49:33 -0700 (PDT) (envelope-from mrezny@umr.edu) Received: from Beast (Aven18570L@d-131-151-189-36.dynamic.umr.edu [131.151.189.36]) via SMTP by mrelay.cc.umr.edu (8.9.3/R.4.20) id DAA21587; Wed, 4 Apr 2001 03:49:32 -0500 Message-Id: <200104040849.DAA21587@mrelay.cc.umr.edu> From: "Matthew Rezny" To: "net@freebsd.org" , "stable@freebsd.org" , "isp@freebsd.org" Date: Wed, 04 Apr 2001 02:49:22 -0500 Reply-To: "Matthew Rezny" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195;1) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Intel Gigabit NIC problem Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm posting this to a few lists that I hope I might get some info from. I have been using the fxp driver for quite a while with good results, so when it came time to get some gigabit stuff I looked and saw the wx driver. I decided it would be convenient to stick with Intel for several reasons. So now I have a handful of Compaq NC3131 boards with NC6132 modules. The NC3131 is a 64bit PCI card with a DEC 21154 (later revs have a chip stamped Intel but its id is the same as the DEC) PCI bridge and a couple Intel 82558 chips. It also has an expansion connector. The NC6132 module plugs onto this card to add a gigabit fiber port. The docs say its an Intel 82542 chip, though the actual chip on the boards are stamped LSI. I put them in a few machines here. A couple are x86 boxes with Windows 2000 and/or Linux, for which the Intel drivers work and they interconnect fine. The other is an Alpha running FreeBSD 4.2. The fxp and wx drivers load fine, but I have problems when I connect the gigabit port to another one of the machines. The FreeBSD machine repeated prints "wx0: receive sequence error" while the other machine is overwhelmed with 100% kernel/system CPU usage such that its barely responsive. Does anyone have any idea what's going on, if there's any hope of fixing this, and what the solution would be? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 2: 1:41 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 97AA137B71D for ; Wed, 4 Apr 2001 02:01:38 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id CAA07982; Wed, 4 Apr 2001 02:45:31 -0600 (MDT) Date: Wed, 4 Apr 2001 02:45:31 -0600 (MDT) From: "Forrest W. Christian" To: Enno Davids Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <200104040745.RAA08839@metva.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Apr 2001, Enno Davids wrote: > This response kind of bothers me. There was a time when everytime I could > sanely trace spammers I emailed abuse@wherever.was.relevant to advise them. > Similarly, when people probed Apache I'd send off adivsory emails. As with me. However, I think there are two interrelated problems: 1) Everyone and their dog running firewall software which interprets every stray packet as an intrusion attempt. I probably get 10 reports of intrusions from my network (64 class C's) every week, and I'm getting really irritated with people who can't figure out that most of the positives are side effects of perfectly valid internet-type traffic. 2) The fact that due to #1, when there is a real intrusion, most people assume that it isn't really a positive. I still take all of the queries seriously, but frankly, it's getting irritating. There is the other issue that the sheer quantity of people with the ability to do port scans and perform intrusions is increasing exponentially. I really hate to say this, but we need some well-written laws to deal with this crap, so we can go after these people. Perhaps not with a criminal penalty but a civil one instead.... - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 3: 0:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 13EF537B729 for ; Wed, 4 Apr 2001 03:00:24 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id qytaaaaa for ; Wed, 4 Apr 2001 20:00:31 +1000 Message-ID: <3ACAF18A.8E9716C@quake.com.au> Date: Wed, 04 Apr 2001 20:03:54 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Forrest W. Christian" Cc: Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I really hate to say this, but we need some well-written laws to deal with > this crap, so we can go after these people. Perhaps not with a criminal > penalty but a civil one instead.... Why should network scanning be a crime at all? If anything should be a crime its sloppy admins that let there networks get comprimised... Network scanning is no big deal.. people should just live with it! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 5: 6:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.bfm.org (mail.bfm.org [216.127.218.26]) by hub.freebsd.org (Postfix) with ESMTP id 4254937B71E for ; Wed, 4 Apr 2001 05:06:33 -0700 (PDT) (envelope-from Ryugen@palaver.org) Received: from primo.bfm.org ([216.127.218.20]) by mail.bfm.org (Post.Office MTA v3.5.3 release 223 ID# 0-52399U2500L250S0V35) with SMTP id org for ; Wed, 4 Apr 2001 07:10:18 -0500 Received: from office.palaver.org (unverified [216.176.8.9]) by primo.bfm.org (EMWAC SMTPRS 0.83) with SMTP id ; Wed, 04 Apr 2001 06:06:21 -0500 Message-Id: <5.0.2.1.2.20010404065839.00aa63a0@mail.palaver.org> X-Sender: ryugen@mail.palaver.org X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Wed, 04 Apr 2001 07:06:15 -0500 To: "Forrest W. Christian" From: Ryugen@palaver.org (Ryugen C. Fisher) Subject: System S-L-O-W_down Cc: Enno Davids , freebsd-isp@FreeBSD.ORG In-Reply-To: References: <200104040745.RAA08839@metva.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Could this be related? I have a reasonably new install of FreeBSD 4.2, Apache, MySQL, PHP4, on a ADSL line with fixed IP. Mail is being handled by another system, The sole purpose of this box is 2nd DNS and Web engine for about 6 virtual domains. ... box and response was crisp until about 24 hours ago... at that time a std ftp login that took 5 sec now takes 65 sec.. after the login, system performance seems only a little slower that usual... telnet and http response changed in the same fashion by the same amount.... it is like the authentication routines suddenly got OVERLOADED... security logs show nothing unusual and system load likewise... I am baffled.... not the smartest UN*X guy in the world, but baffled to the point of not even knowing where to begin looking... TIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 5:15:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.chartermi.net (060upc075.chartermi.net [24.213.60.75]) by hub.freebsd.org (Postfix) with ESMTP id B28A937B71B for ; Wed, 4 Apr 2001 05:15:48 -0700 (PDT) (envelope-from wrath@shianet.org) Received: from danrc ([24.213.24.167]) by mail.chartermi.net (Post.Office MTA v3.5.3 release 223 ID# 0-71004U47242L33562S0V35) with SMTP id net for ; Wed, 4 Apr 2001 08:15:36 -0400 Message-ID: <004301c0bd00$f51d9460$0201a8c0@fear.wrath.net> From: "Brian" To: References: <3ACAF18A.8E9716C@quake.com.au> Subject: Re: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 08:15:37 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eh. Network port scanning is no big deal, it's like checking a doorknob but never going in. Only if you go in should you be prosecuted. And port scanning is prosecuteable and there is a law for it. It's amazing how much trouble you can get in for doing a broadcast scan on port 80 looking for webservers. And my scan consisted of nothing more than a handshake, it didn't probe to see what services were installed. This action got me a year and a half of academic probation (I do something wrong again I get kicked out without a hearing), banned from their residential network for the entirety of my stay here, and use of computational facilities for the sole purpose of academics. I'm not allowed to use the internet except in my home department. I quickly got off campus after not having internet access for three months, buying myself a house and getting internet access from a more reliable source. Now I no longer do _anything_ from my machine, that's what shellers are for. In the meantime, the school never understood the simple fact that if I were looking to do damage, I wouldn't do it from my machine. Before, they had serious problems with their routers keeling over. They haven't had their "notwork" stay up for more than a day yet. Not to mention their implementation of managed switches to try to keep packetsniffing to a bare minimum is still not working in its entirety after seven months. They still have this problem, but now they've got DNS servers taking a dump frequently (antiquated version of bind getting hammered). They've got a two year old certificate for ssh on one of their premier machines. I suppose that's what happens when you get old farts working for a school, they're only there for their paycheck. Now they sit around and use their uber-expensive software and hardware to see what the kids are splattering across 'their' network. And due to this, they have kids now using VPNs to play games and such. Most of all the ftps and webservers are scftp and https now just to keep the school from seeing. Everyone uses PGP and passwords. The more knowledgeable people use their own smtp servers just so the school can't have the chance to look at their outgoing mail. This is a prime example of what happens when people overpolice. Thanks for your time -Brian ----- Original Message ----- From: "Kal Torak" To: "Forrest W. Christian" Cc: "Enno Davids" ; Sent: Wednesday, April 04, 2001 6:03 AM Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > I really hate to say this, but we need some well-written laws to deal with > > this crap, so we can go after these people. Perhaps not with a criminal > > penalty but a civil one instead.... > > Why should network scanning be a crime at all? If anything should be a crime > its sloppy admins that let there networks get comprimised... > > Network scanning is no big deal.. people should just live with it! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 5:33:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from digitaldaemon.com (digitaldaemon.com [63.105.9.34]) by hub.freebsd.org (Postfix) with SMTP id 105C337B71D for ; Wed, 4 Apr 2001 05:33:56 -0700 (PDT) (envelope-from jan@digitaldaemon.com) Received: (qmail 99137 invoked from network); 4 Apr 2001 12:32:21 -0000 Received: from unknown (HELO digitaldaemon.com) (192.168.0.73) by digitaldaemon.com with SMTP; 4 Apr 2001 12:32:21 -0000 Message-ID: <3ACB1411.9020805@digitaldaemon.com> Date: Wed, 04 Apr 2001 08:31:13 -0400 From: Jan Knepper User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; m18) Gecko/20010131 Netscape6/6.01 X-Accept-Language: en MIME-Version: 1.0 To: Enno Davids Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <200104040745.RAA08839@metva.com.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Enno Davids wrote: > But only last weekend as I watched yet another clown with a cable modem > perform the 1/2 hourly scan of my network for open RPC ports I wondered why > I (and I presume others) were no longer doing this. Clearly the sheer volume > of morons is one reason. Is anyone still doing this and getting satisfaction? Well, I am and yes, I do get positive encouragement for doing it. Don't worry, be Kneppie! Jan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 5:44:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pitr.tuxinternet.com (pitr.tuxinternet.com [208.32.175.113]) by hub.freebsd.org (Postfix) with ESMTP id 5514A37B724 for ; Wed, 4 Apr 2001 05:44:46 -0700 (PDT) (envelope-from hugme@pitr.tuxinternet.com) Received: (from hugme@localhost) by pitr.tuxinternet.com (8.11.0/8.11.0) id f347pvL70962 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 07:51:57 GMT (envelope-from hugme) Date: Wed, 4 Apr 2001 07:51:57 +0000 From: Hug Me To: freebsd-isp@FreeBSD.ORG Subject: Re: System S-L-O-W_down Message-ID: <20010404075157.C70914@pitr.tuxinternet.com> References: <200104040745.RAA08839@metva.com.au> <5.0.2.1.2.20010404065839.00aa63a0@mail.palaver.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.2.1.2.20010404065839.00aa63a0@mail.palaver.org>; from Ryugen@palaver.org on Wed, Apr 04, 2001 at 07:06:15AM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Check your reverse dns that has been the number one problem for my systems doing that in the past. if it's a name server make sure that it's own naming is set up correcctly... hugme On Wed, Apr 04, 2001 at 07:06:15AM -0500, Ryugen C. Fisher wrote: > Could this be related? > > I have a reasonably new install of FreeBSD 4.2, Apache, MySQL, PHP4, on a > ADSL line with fixed IP. Mail is being handled by another system, The > sole purpose of this box is 2nd DNS and Web engine for about 6 virtual > domains. ... box and response was crisp until about 24 hours ago... at > that time a std ftp login that took 5 sec now takes 65 sec.. after the > login, system performance seems only a little slower that usual... telnet > and http response changed in the same fashion by the same amount.... it > is like the authentication routines suddenly got OVERLOADED... security > logs show nothing unusual and system load likewise... > > I am baffled.... not the smartest UN*X guy in the world, but baffled to > the point of not even knowing where to begin looking... > > > TIA > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 6:39:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from batch3.csd.uwm.edu (batch3.csd.uwm.edu [129.89.7.226]) by hub.freebsd.org (Postfix) with ESMTP id 602F137B72D for ; Wed, 4 Apr 2001 06:39:38 -0700 (PDT) (envelope-from cdc2@csd.uwm.edu) Received: from alpha1.csd.uwm.edu (cdc2@alpha1.csd.uwm.edu [129.89.7.201]) by batch3.csd.uwm.edu (8.8.4/8.6.8) with ESMTP id IAA05474; Wed, 4 Apr 2001 08:39:32 -0500 (CDT) Received: from localhost (cdc2@localhost) by alpha1.csd.uwm.edu (8.8.4/8.6.8) with SMTP id IAA27931; Wed, 4 Apr 2001 08:39:30 -0500 (CDT) Date: Wed, 4 Apr 2001 08:39:30 -0500 (CDT) From: Chuck To: Kal Torak Cc: "Forrest W. Christian" , Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <3ACAF18A.8E9716C@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How can you tell the difference between a sloppy admin and one who has only been working the field for a few years and hasnt learned all the stuff that you have in all your years in it.. Why should we have to spend all our time keeping up with things like patches, upgrades, new hardware, virus while trying to keep our customer base happy providing 99.99% uptime and trying to fend out everyone person (its not just kids) with a computer who want to see how much trouble they can cause and either not get caught or get caught so they can put it on a job resume that they know how to mess up peoples machines. I run a MS shop and with all that I have to do its impossible to keep up, the only thing saving my butt is that MS has only limited release of source code so that everyone who knows C cant just browse though and find the holes, but even still I dont know when I can go thought a week without having problems from somewhere. Im my experence its impossible to keep your network from getting comprised, and when I aggree that sloppy administartion should be a crime, I dont think we should have to spend every waking hour to make sure we patch up every hole (an impossiblity if you have even ONE authorized user). Charles Carerros LAN Administrator Center for International Education University Wisconsin-Milwaukee cdc2@uwm.edu On Wed, 4 Apr 2001, Kal Torak wrote: > Date: Wed, 04 Apr 2001 20:03:54 +1000 > From: Kal Torak > To: "Forrest W. Christian" > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > I really hate to say this, but we need some well-written laws to deal with > > this crap, so we can go after these people. Perhaps not with a criminal > > penalty but a civil one instead.... > > Why should network scanning be a crime at all? If anything should be a crime > its sloppy admins that let there networks get comprimised... > > Network scanning is no big deal.. people should just live with it! > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > Charles Carerros cdc2@uwm.edu When a nation re-awakens, its finest sons are prepared to give their lives for its liberation. When Empires are threatened with collapse, they are prepared to sacrifice their non-commissioned officers. --Menachem Begin Leader of the Irgun, The Revolt (1951) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 6:49:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from matrix.buckhorn.net (buckhorn.net [63.151.3.210]) by hub.freebsd.org (Postfix) with ESMTP id 2628237B71A for ; Wed, 4 Apr 2001 06:49:51 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: from [63.151.3.239] (HELO buckhorn.net) by matrix.buckhorn.net (CommuniGate Pro SMTP 3.3.2) with ESMTP id 180849 for freebsd-isp@FreeBSD.ORG; Wed, 04 Apr 2001 08:48:07 -0500 Message-ID: <3ACB2671.73D1F0AD@buckhorn.net> Date: Wed, 04 Apr 2001 08:49:37 -0500 From: Bob Martin X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Named Keep crashing. References: <001201c0bc2c$4ebb8930$a85bfea9@vghk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org *This message was transferred with a trial version of CommuniGate(tm) Pro* > David Rhodus wrote: > > It seems as if about every moring I wake up named is not running. It > has crashed during the day also, but now it seems every morning. > Apr 2 18:11:22 crombie /kernel: pid 27614 (named), uid 0: exited on > signal 11 ( > core dumped) > Apr 2 23:04:15 crombie /kernel: icmp-response bandwidth limit 201/200 > pps > Do I need to install a new version on bind ? > > > > David Rhodus > 859-626-1161 > 859-527-9688 Pager > sdrhodus@wildcatblue.com Bind 9 falls down and hurts itself under a full load. Haven't tried the new release yet. The rc's took a lot of things as fatal exceptions when they where just errors. Use 8.2.3-REL. -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:11:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from matrix.buckhorn.net (buckhorn.net [63.151.3.210]) by hub.freebsd.org (Postfix) with ESMTP id 8E2A737B728 for ; Wed, 4 Apr 2001 08:11:35 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: from [63.151.3.239] (HELO buckhorn.net) by matrix.buckhorn.net (CommuniGate Pro SMTP 3.3.2) with ESMTP id 180856 for freebsd-isp@FreeBSD.ORG; Wed, 04 Apr 2001 10:09:54 -0500 Message-ID: <3ACB399B.979EA246@buckhorn.net> Date: Wed, 04 Apr 2001 10:11:23 -0500 From: Bob Martin X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <200104040745.RAA08839@metva.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org *This message was transferred with a trial version of CommuniGate(tm) Pro* > Clearly the sheer volume of morons is one reason. I've been giving a lot of thought to this whole thread. I keep asking myself why we never had this problem in the days of DARPA, or more correctly, why it keeps getting worse. It took me a while, but I think I understand. It's not the number of "morons" on the outside that's hurting us. It's the one's on the inside. What does it say about the state of our affairs when a teenager from Canada can hijack 100's of computers and use them collectively against a single target? It really boils down to the organizations that try and build a 10 dollar network on a 2 dollar budget. There are too many underskilled, understaffed and underbudgeted admins. They "allow" the holes that the script kiddies exploit, and all of the rest of us suffer. It will do us little good to try and stop the morons on the outside until the morons on the inside stop giving them the tools to work with. Until that happens, our only hope is to help each other, and keep each other informed. I really think history will find that collective information sharing, like this list, will have as much impact on the Internet as Dr. Linklider's RFC's. -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:22:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kira.epconline.net (kira2.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id 5471A37B71F for ; Wed, 4 Apr 2001 08:22:26 -0700 (PDT) (envelope-from carock@epconline.net) Received: from therock (betterguard.epconline.net [207.206.185.193]) by kira.epconline.net (8.11.2/8.11.2) with SMTP id f34FMLP45259; Wed, 4 Apr 2001 10:22:21 -0500 (CDT) From: "Chuck Rock" To: "Bob Martin" Cc: Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 10:22:21 -0500 Message-ID: <001b01c0bd1b$0b242a20$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <3ACB399B.979EA246@buckhorn.net> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How about getting a license to put a machine on the public network so you have to abide by "rules" for security, and if you are shown to screw up, and not maintain your security, your license is revoked, and your pulic IP's are then taken out of routes so they can't be accessed until you prove your worthiness again, or someone fixes it. How many people are allowed to connect any computer they want to the public network, and cause harm to some or all the other users on that network. Kinda like driving a car, only the consequences aren't necesarily deadly. If you misconfigure BGP, you can effective screw up a large part of the Internet, this kind of power should not be given lightly. My 2 cents, Chuck Rock EPC > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Bob Martin > Sent: Wednesday, April 04, 2001 10:11 AM > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Clearly the sheer volume of morons is one reason. > > I've been giving a lot of thought to this whole thread. I keep asking > myself why we never had this problem in the days of DARPA, or more > correctly, why it keeps getting worse. It took me a while, but I think I > understand. It's not the number of "morons" on the outside that's > hurting us. It's the one's on the inside. > > What does it say about the state of our affairs when a teenager from > Canada can hijack 100's of computers and use them collectively against a > single target? > > It really boils down to the organizations that try and build a 10 dollar > network on a 2 dollar budget. There are too many underskilled, > understaffed and underbudgeted admins. They "allow" the holes that the > script kiddies exploit, and all of the rest of us suffer. > > It will do us little good to try and stop the morons on the outside > until the morons on the inside stop giving them the tools to work with. > > Until that happens, our only hope is to help each other, and keep each > other informed. I really think history will find that collective > information sharing, like this list, will have as much impact on the > Internet as Dr. Linklider's RFC's. > -- > Bob Martin, CTO > InterNet Unlimited > http://www.inu.net > mailto:bob@inu.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:42: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-100.n01.orldfl01.us.ra.verio.net [157.238.210.100]) by hub.freebsd.org (Postfix) with ESMTP id A758637B75A for ; Wed, 4 Apr 2001 08:41:56 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f34Fetl24271; Wed, 4 Apr 2001 11:40:56 -0400 (EDT) (envelope-from bill) Date: Wed, 4 Apr 2001 11:40:53 -0400 From: Bill Vermillion To: Enno Davids Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404114052.D23799@wjv.com> Reply-To: bv@wjv.com References: <200104040745.RAA08839@metva.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200104040745.RAA08839@metva.com.au>; from enno.davids@metva.com.au on Wed, Apr 04, 2001 at 05:45:48PM +1000 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > | > Is there any way to trace who is doing it? | > Running tcpdump > with certain filter settings to avoid logging everything and > filling the disk? > | Dont bother... Just install the fixed version of bind... > | Every kid with a script and an internet connection is probably > | doing this to you!!! > This response kind of bothers me. There was a time > when everytime I could sanely trace spammers I emailed > abuse@wherever.was.relevant to advise them. Similarly, when people > probed Apache I'd send off adivsory emails. If you find a way this works let me know. I've given up doing this because except for the most well known, I've received rejects from all mail addresses at the offending provider, root,abuse, postmaster, webmaster, etc. So I just gave up and put the in the REJECT list. Those days responsible people, and not quick buck artists, we're keeping the 'net running. > There was a time when if you probed the Apache on my machine it > winnuke'd you back. Moral issues aside, there _was_ a great deal > of satisfaction there... Needless to say, there's little mileage > in this now (damned M$ service packs!). :) I never was into 'revenge' or 'tit-for-tat'. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:46:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id AF56F37B718 for ; Wed, 4 Apr 2001 08:46:38 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id cauaaaaa for ; Thu, 5 Apr 2001 01:46:45 +1000 Message-ID: <3ACB42B0.2BF6D1D9@quake.com.au> Date: Thu, 05 Apr 2001 01:50:08 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Chuck Rock Cc: Bob Martin , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <001b01c0bd1b$0b242a20$1805010a@epconline.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chuck Rock wrote: > > How about getting a license to put a machine on the public network so you > have to abide by "rules" for security, and if you are shown to screw up, and > not maintain your security, your license is revoked, and your pulic IP's are > then taken out of routes so they can't be accessed until you prove your > worthiness again, or someone fixes it. > > How many people are allowed to connect any computer they want to the public > network, and cause harm to some or all the other users on that network. > Kinda like driving a car, only the consequences aren't necesarily deadly. > > If you misconfigure BGP, you can effective screw up a large part of the > Internet, this kind of power should not be given lightly. The funny thing is, even BIG players like Bell and AT&T screw up there BGP routes now and then! But you cant broadcast BGP routes without going through a lot of red tape and you really need to have a /16 before anyone would even think about giving you one of those BGP number thingys :) Insecurity is part of the Internet... Procecuting people for network scanning dose NOT help security! It just helps ruin some poor kids life... It provides about as much security as putting up a web page saying "PLEASE DONT HACK ANY OF MY SYSTEMS, my password is 123456"... I dont know about a license to get a public IP, but going after kids is not the answer... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:51:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gtw.net (mail.gtw.net [208.33.253.12]) by hub.freebsd.org (Postfix) with SMTP id B0F9637B71A for ; Wed, 4 Apr 2001 08:51:31 -0700 (PDT) (envelope-from john@day-light.com) Received: (qmail 23187 invoked from network); 4 Apr 2001 15:51:46 -0000 Received: from 37.pm3.gtw.net (HELO w1) (63.161.82.37) by mail.gtw.net with SMTP; 4 Apr 2001 15:51:46 -0000 Reply-To: From: "John Brooks" To: Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 10:49:34 -0500 Message-ID: <000601c0bd1e$dc28bde0$0b00a8c0@dle> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal In-Reply-To: <001b01c0bd1b$0b242a20$1805010a@epconline.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Imagine the government beauracracy necessary to administer something like this. Consider the consequences, who gives the licenses, who establishes the criteria, who enforces, who makes the decisions, etc. Who will then protect you from retaliation if you published something this beauracracy didn't like. Sometimes it's good to think these things through. We'd have to call this BIGGER Brother ;-) -- John -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Chuck Rock Sent: Wednesday, April 04, 2001 10:22 AM To: Bob Martin Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) How about getting a license to put a machine on the public network so you have to abide by "rules" for security, and if you are shown to screw up, and not maintain your security, your license is revoked, and your pulic IP's are then taken out of routes so they can't be accessed until you prove your worthiness again, or someone fixes it. How many people are allowed to connect any computer they want to the public network, and cause harm to some or all the other users on that network. Kinda like driving a car, only the consequences aren't necesarily deadly. If you misconfigure BGP, you can effective screw up a large part of the Internet, this kind of power should not be given lightly. My 2 cents, Chuck Rock EPC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:52:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-118.n01.orldfl01.us.ra.verio.net [157.238.210.118]) by hub.freebsd.org (Postfix) with ESMTP id BD83637B726 for ; Wed, 4 Apr 2001 08:52:11 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f34Fq2Q24326; Wed, 4 Apr 2001 11:52:02 -0400 (EDT) (envelope-from bill) Date: Wed, 4 Apr 2001 11:52:00 -0400 From: Bill Vermillion To: Brian Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404115200.F23799@wjv.com> Reply-To: bv@wjv.com References: <3ACAF18A.8E9716C@quake.com.au> <004301c0bd00$f51d9460$0201a8c0@fear.wrath.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <004301c0bd00$f51d9460$0201a8c0@fear.wrath.net>; from wrath@shianet.org on Wed, Apr 04, 2001 at 08:15:37AM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 08:15:37AM -0400, Brian thus spoke: > It's amazing how much trouble you can get in for doing a broadcast > scan on port 80 looking for webservers. And my scan consisted > of nothing more than a handshake, it didn't probe to see what > services were installed. > This action got me a year and a half of academic probation (I > do something wrong again I get kicked out without a hearing), > banned from their residential network for the entirety of my stay > here, and use of computational facilities for the sole purpose > of academics. I'm not allowed to use the internet except in > my home department. I quickly got off campus after not having > internet access for three months, buying myself a house and > getting internet access from a more reliable source. Now I no > longer do _anything_ from my machine, that's what shellers are > for. In the meantime, the school never understood the simple fact > that if I were looking to do damage, I wouldn't do it from my > machine. Having done some work as an outside database develper for an educational institution I know how badly they can mis-understand things. > I suppose that's what happens when you get old farts working for a > school, they're only there for their paycheck. Now they sit around > and use their uber-expensive software and hardware to see what the > kids are splattering across 'their' network. Well I definately fit the 'old fart' age bracket - but I surely don't have their attitudes. If I did I wouldn't be doing what I'm doing now - including a couple of hours on the phone last week trying to pin-point a problem with a regional support person on an ATM problem - which in the end turned out to be a Cisco IOS/ATM sw problem. Many people at this age think that ATM has only to do with machines that dispense money. But then I've met some with 'old fart attitudes' and they are still in their 20's. > This is a prime example of what happens when people overpolice. I'd agree with that. Over-regulation has always made people find way around it. That's how wars have started since the dawn of creation. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:52:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id E73A537B722 for ; Wed, 4 Apr 2001 08:52:33 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id fauaaaaa for ; Thu, 5 Apr 2001 01:52:42 +1000 Message-ID: <3ACB4416.61A31902@quake.com.au> Date: Thu, 05 Apr 2001 01:56:06 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Chuck Cc: "Forrest W. Christian" , Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chuck wrote: > > How can you tell the difference between a sloppy admin and one who has > only been working the field for a few years and hasnt learned all the > stuff that you have in all your years in it.. Why should we have to spend > all our time keeping up with things like patches, upgrades, new hardware, > virus while trying to keep our customer base happy providing 99.99% uptime > and trying to fend out everyone person (its not just kids) with a computer > who want to see how much trouble they can cause and either not get caught > or get caught so they can put it on a job resume that they know how to > mess up peoples machines. > > I run a MS shop and with all that I have to do its impossible to keep up, > the only thing saving my butt is that MS has only limited release of > source code so that everyone who knows C cant just browse though and find > the holes, but even still I dont know when I can go thought a week without > having problems from somewhere. Yes, its your job! You have no right to complain to some kids isp that they cracked your systems if you didnt even bother securing them! Companys that have personal data, should be fined if there security is breached through poor administration... You can make as many laws as you like against sniffing etc, but it wont slove anything! Infact I dont even see how anyone could call network scanning a crime... Its just like knocking on someones door to see if they are home, are we going to make that a crime as well? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 8:59:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id AD0C837B724 for ; Wed, 4 Apr 2001 08:59:23 -0700 (PDT) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f34Fw3634295; Wed, 4 Apr 2001 11:58:03 -0400 (EDT) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Wed, 4 Apr 2001 11:58:03 -0400 (EDT) From: Chet Hosey To: Cc: Enno Davids , Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <20010404114052.D23799@wjv.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It seems that anymore, common network tools are seen as malware. Life would be much simpler in a world where you could use finger, VRFY worked, nmap could be legitimately used to determine what a host supported, and sheep had nothing to worry about. It's not idiots, or security holes, or solar radiation that plagues the 'Net. There is simply a lack of courtesy towards others. How many kiddies have ever seriously administered a machine? Everybody should start with a *nix running on a publicly accessable box. (Note: Linux doesn't count here, except possibly really old versions of Slackware. Damned RH makes things too easy. No X either - CLI, people!) ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Bill Vermillion wrote: > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > with certain filter settings to avoid logging everything and > > filling the disk? > > > > | Dont bother... Just install the fixed version of bind... > > | Every kid with a script and an internet connection is probably > > | doing this to you!!! > > > This response kind of bothers me. There was a time > > when everytime I could sanely trace spammers I emailed > > abuse@wherever.was.relevant to advise them. Similarly, when people > > probed Apache I'd send off adivsory emails. > > If you find a way this works let me know. I've given up doing this > because except for the most well known, I've received rejects from > all mail addresses at the offending provider, root,abuse, > postmaster, webmaster, etc. So I just gave up and put the in > the REJECT list. > > Those days responsible people, and not quick buck artists, we're > keeping the 'net running. > > > There was a time when if you probed the Apache on my machine it > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > of satisfaction there... Needless to say, there's little mileage > > in this now (damned M$ service packs!). :) > > I never was into 'revenge' or 'tit-for-tat'. > > Bill > -- > Bill Vermillion - bv @ wjv . com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9: 0:23 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.evertek.net (evertek.net [167.142.171.47]) by hub.freebsd.org (Postfix) with ESMTP id AE43137B720 for ; Wed, 4 Apr 2001 09:00:16 -0700 (PDT) (envelope-from jbumsted@evertek.net) Received: from i7500 ([167.142.171.33]) by mail.evertek.net (8.9.3/8.8.7) with SMTP id LAA26456; Wed, 4 Apr 2001 11:03:57 -0500 From: "Jamie Bumsted" To: "Kal Torak" Cc: Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 10:48:41 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: <3ACB4416.61A31902@quake.com.au> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Yes, its your job! >You have no right to complain to some kids isp that they cracked your systems >if you didnt even bother securing them! So if my dead bolt lock on my door isn't strong enough to keep the burglars out it must be my fault my house got robbed? just my 2 cents Jamie Bumsted -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Kal Torak Sent: Wednesday, April 04, 2001 10:56 AM To: Chuck Cc: Forrest W. Christian; Enno Davids; freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Chuck wrote: > > How can you tell the difference between a sloppy admin and one who has > only been working the field for a few years and hasnt learned all the > stuff that you have in all your years in it.. Why should we have to spend > all our time keeping up with things like patches, upgrades, new hardware, > virus while trying to keep our customer base happy providing 99.99% uptime > and trying to fend out everyone person (its not just kids) with a computer > who want to see how much trouble they can cause and either not get caught > or get caught so they can put it on a job resume that they know how to > mess up peoples machines. > > I run a MS shop and with all that I have to do its impossible to keep up, > the only thing saving my butt is that MS has only limited release of > source code so that everyone who knows C cant just browse though and find > the holes, but even still I dont know when I can go thought a week without > having problems from somewhere. Yes, its your job! You have no right to complain to some kids isp that they cracked your systems if you didnt even bother securing them! Companys that have personal data, should be fined if there security is breached through poor administration... You can make as many laws as you like against sniffing etc, but it wont slove anything! Infact I dont even see how anyone could call network scanning a crime... Its just like knocking on someones door to see if they are home, are we going to make that a crime as well? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9: 5:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 035C737B71D for ; Wed, 4 Apr 2001 09:05:16 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 12:19:03 -0400 Message-ID: From: "Drew J. Weaver" To: "'freebsd-isp@freebsd.org'" Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 12:19:02 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD22.F63C5C24" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD22.F63C5C24 Content-Type: text/plain; charset="iso-8859-1" Just an off topic note here, FreeBSD, BSDi/OS and RedHat are all of equal "difficulty" to administer, I run all 3 and none of them make me shiver in my boots. Not sure what point you're attempting to make here? --- quoth the raven, --- Everybody should start with a *nix running on a publicly accessable box. (Note: Linux doesn't count here, except possibly really old versions of Slackware. Damned RH makes things too easy. No X either - CLI, people!) ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Bill Vermillion wrote: > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > with certain filter settings to avoid logging everything and > > filling the disk? > > > > | Dont bother... Just install the fixed version of bind... > > | Every kid with a script and an internet connection is probably > > | doing this to you!!! > > > This response kind of bothers me. There was a time > > when everytime I could sanely trace spammers I emailed > > abuse@wherever.was.relevant to advise them. Similarly, when people > > probed Apache I'd send off adivsory emails. > > If you find a way this works let me know. I've given up doing this > because except for the most well known, I've received rejects from > all mail addresses at the offending provider, root,abuse, > postmaster, webmaster, etc. So I just gave up and put the in > the REJECT list. > > Those days responsible people, and not quick buck artists, we're > keeping the 'net running. > > > There was a time when if you probed the Apache on my machine it > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > of satisfaction there... Needless to say, there's little mileage > > in this now (damned M$ service packs!). :) > > I never was into 'revenge' or 'tit-for-tat'. > > Bill > -- > Bill Vermillion - bv @ wjv . com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD22.F63C5C24 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

        Just an = off topic note here, FreeBSD, BSDi/OS and RedHat are all of equal = "difficulty" to administer, I run all 3 and none of them make = me shiver in my boots. Not sure what point you're attempting to make = here?

--- quoth the raven, ---

Everybody should start with a *nix running on a = publicly accessable box.
(Note: Linux doesn't count here, except possibly = really old versions of
Slackware. Damned RH makes things too easy. No X = either - CLI, people!)

_______________________________________________________________= _________

Chet Hosey
<chosey@nidhog.com>
_______________________________________________________________= _________

On Wed, 4 Apr 2001, Bill Vermillion wrote:

> On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno = Davids thus spoke:
>
> > | > Is there any way to trace who is = doing it? | > Running tcpdump
> > with certain filter settings to avoid = logging everything and
> > filling the disk?
>
>
> > | Dont bother... Just install the fixed = version of bind...
> > | Every kid with a script and an internet = connection is probably
> > | doing this to you!!!
>
> > This response kind of bothers me. There = was a time
> > when everytime I could sanely trace = spammers I emailed
> > abuse@wherever.was.relevant to advise = them. Similarly, when people
> > probed Apache I'd send off adivsory = emails.
>
> If you find a way this works let me know.  = I've given up doing this
> because except for the most well known, I've = received rejects from
> all mail addresses at the offending provider, = root,abuse,
> postmaster, webmaster, etc.  So I just = gave up and put the in
> the REJECT list.
>
> Those days responsible people, and not quick = buck artists, we're
> keeping the 'net running.
>
> > There was a time when if you probed the = Apache on my machine it
> > winnuke'd you back. Moral issues aside, = there _was_ a great deal
> > of satisfaction there... Needless to say, = there's little mileage
> > in this now (damned M$ service packs!). = :)
>
> I never was into 'revenge' or = 'tit-for-tat'.
>
> Bill
> --
> Bill Vermillion -   bv @ wjv . = com
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD22.F63C5C24-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:15:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from matrix.buckhorn.net (buckhorn.net [63.151.3.210]) by hub.freebsd.org (Postfix) with ESMTP id C429D37B719 for ; Wed, 4 Apr 2001 09:15:54 -0700 (PDT) (envelope-from bob@buckhorn.net) Received: from [63.151.3.239] (HELO buckhorn.net) by matrix.buckhorn.net (CommuniGate Pro SMTP 3.3.2) with ESMTP id 180875; Wed, 04 Apr 2001 11:14:16 -0500 Message-ID: <3ACB48B1.2BE269CF@buckhorn.net> Date: Wed, 04 Apr 2001 11:15:45 -0500 From: Bob Martin X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Chuck Rock Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <001b01c0bd1b$0b242a20$1805010a@epconline.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org *This message was transferred with a trial version of CommuniGate(tm) Pro* Chuck Rock wrote: > > How about getting a license to put a machine on the public network so you > have to abide by "rules" for security, and if you are shown to screw up, and > not maintain your security, your license is revoked, and your pulic IP's are > then taken out of routes so they can't be accessed until you prove your > worthiness again, or someone fixes it. Well, we sorta have that now. Everyone has an AUP. The problem begins when admins are too overwhelmed to enforce them, or in the case of a few tier 1 and tier 2 providers I won't name, the bean counters have determined that there is more money in allowing "a few bad apples" than there is in enforcing the rules. > How many people are allowed to connect any computer they want to the public > network, and cause harm to some or all the other users on that network. > Kinda like driving a car, only the consequences aren't necesarily deadly. It amazes me that people will spend serious money for a computer, but won't go the extra short step of learning about what it is, and what it can do. It would really be of great if every computer shipped with a "Using this computer for dummies" The real problem here is that the people causing the problem would pass their "driving" test with flying colors... And would most likely find a way to "drive" without a license anyway. > If you misconfigure BGP, you can effective screw up a large part of the > Internet, this kind of power should not be given lightly. Interesting point. If it was as hard to get an internet connection as it is to get an ASN, maybe things would be a little better. It's the "simple" screw ups that bother me most. Like allowing ip directed broadcasts. There are still entire class B networks that can be used for Papa Smurf attacks. And the only purpose it serves is to help the sysadmin figure out which IP's they are using. > My 2 cents, > Chuck Rock > EPC > -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:16:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id 46F1537B718 for ; Wed, 4 Apr 2001 09:16:30 -0700 (PDT) (envelope-from enno.davids@metva.com.au) Received: (from enno@localhost) by metva.com.au id CAA11493 for freebsd-isp@FreeBSD.ORG; Thu, 5 Apr 2001 02:16:21 +1000 (EST) From: Enno Davids Message-Id: <200104041616.CAA11493@metva.com.au> Subject: Re: Chasing the kiddies (was: Named Keep crashing) To: freebsd-isp@FreeBSD.ORG Date: Thu, 5 Apr 2001 02:16:21 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Kal Torak (amongst others) replied ----- | Chuck Rock wrote: | > | > How about getting a license to put a machine on the public network so you | > have to abide by "rules" for security, and if you are shown to screw up, and .... | > If you misconfigure BGP, you can effective screw up a large part of the | > Internet, this kind of power should not be given lightly. | | Insecurity is part of the Internet... Procecuting people for network scanning | dose NOT help security! It just helps ruin some poor kids life... It provides | about as much security as putting up a web page saying "PLEASE DONT HACK ANY | OF MY SYSTEMS, my password is 123456"... I dont know about a license to get a | public IP, but going after kids is not the answer... | The rest of society tends to reserve licensing for those realms where you can cause injury or death. So driving, firearms, explosives and the like. I think the metaphor that was raised earlier about people trying doors is closer. But the author claimed because trying the door was non-invasive (as opposed to actually entering through one you find is open) it should be OK. I have to differ. If I were to wake up at 3am and find some guy checking my doors and windows I would have him arrested. The only person who should be allowed to rattle my windows is me or someone I invite. The key point here though is _we're all brought up to understand that_. Our parents teach us early that skulking round the shrubbery when we haven't sought permission is likely to end badly. While some law to allow the system owners some redress would be nice, I think the basic task of socializing people about how to live is also missing. Hence the likely correct statement about ruining some poor kids life. The odds are the 'poor kid' was aware that this is a proscribed activity, at some level. But there needs to be education at some point in a our computer upbringing to reinforce that its wrong. Once we've been socialized we understand that burglary and fraud aren't the way build a worthwhile society. (Well most of us do. The rest are out trying to "make money fast" I guess.) Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:16:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id 9D55E37B71E for ; Wed, 4 Apr 2001 09:16:53 -0700 (PDT) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f34GGhC35199; Wed, 4 Apr 2001 12:16:49 -0400 (EDT) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Wed, 4 Apr 2001 12:16:43 -0400 (EDT) From: Chet Hosey To: "Drew J. Weaver" Cc: "'freebsd-isp@freebsd.org'" Subject: OT: RE: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From what I've seen, RH has GUI tools for a lot of things (Linuxconf, I think?). RH seems much simpler to run (as an end user) than FreeBSD. You can download RPMs for everything, including the kernel. I know RedHat users who've never touched gcc. Even using ports requires slightly more knowledge than "Using Netscape, download coolproggie.rpm, open an xterm, and run rpm -i coolproggie.rpm". Under Debian, upgrading Bind for the security fix is a matter of "apt-get update; apt-get install bind". Hell, upgrading *everything*, system libs, init, X, name-your-vi-clone, emacs, bind, lynx, etc., is just "apt-get update; apt-get dist-upgrade". The RedHat way of doing things allows one to avoid understanding. It seems that FreeBSD allows less ignorance. ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Drew J. Weaver wrote: > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are all of > equal "difficulty" to administer, I run all 3 and none of them make me > shiver in my boots. Not sure what point you're attempting to make here? > > --- quoth the raven, --- > > Everybody should start with a *nix running on a publicly accessable box. > (Note: Linux doesn't count here, except possibly really old versions of > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > with certain filter settings to avoid logging everything and > > > filling the disk? > > > > > > > | Dont bother... Just install the fixed version of bind... > > > | Every kid with a script and an internet connection is probably > > > | doing this to you!!! > > > > > This response kind of bothers me. There was a time > > > when everytime I could sanely trace spammers I emailed > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > probed Apache I'd send off adivsory emails. > > > > If you find a way this works let me know. I've given up doing this > > because except for the most well known, I've received rejects from > > all mail addresses at the offending provider, root,abuse, > > postmaster, webmaster, etc. So I just gave up and put the in > > the REJECT list. > > > > Those days responsible people, and not quick buck artists, we're > > keeping the 'net running. > > > > > There was a time when if you probed the Apache on my machine it > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > of satisfaction there... Needless to say, there's little mileage > > > in this now (damned M$ service packs!). :) > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > Bill > > -- > > Bill Vermillion - bv @ wjv . com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:17:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 2CCBF37B720 for ; Wed, 4 Apr 2001 09:17:44 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id sauaaaaa for ; Thu, 5 Apr 2001 02:17:46 +1000 Message-ID: <3ACB49F5.9DF7B489@quake.com.au> Date: Thu, 05 Apr 2001 02:21:09 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jamie Bumsted Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jamie Bumsted wrote: > > >Yes, its your job! > >You have no right to complain to some kids isp that they cracked your > systems > >if you didnt even bother securing them! > So if my dead bolt lock on my door isn't strong enough to keep the burglars > out it must be my fault my house got robbed? If you leave your front door open, then yes it is... Your insurace company would certainly see it that way... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:22:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from kira.epconline.net (kira2.epconline.net [209.83.132.2]) by hub.freebsd.org (Postfix) with ESMTP id EAEBF37B730 for ; Wed, 4 Apr 2001 09:22:25 -0700 (PDT) (envelope-from carock@epconline.net) Received: from therock (betterguard.epconline.net [207.206.185.193]) by kira.epconline.net (8.11.2/8.11.2) with SMTP id f34GMPP52146 for ; Wed, 4 Apr 2001 11:22:25 -0500 (CDT) From: "Chuck Rock" To: Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 11:22:25 -0500 Message-ID: <002a01c0bd23$6f2f4dd0$1805010a@epconline.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <000601c0bd1e$dc28bde0$0b00a8c0@dle> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You can't get public IP's without a fight, why should the people that actually get them let people use them without a fight as well? If an ISP were fined or IP's were dropped from routes, and they were responsible for it, I think they would be a lot more carefull of who's doing what on their network. The ISP is the gateway to the Internet. They are "usually" responsible admins. They DO have total control over ALL of the traffic that their customers use. Chuck Rock > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of John Brooks > Sent: Wednesday, April 04, 2001 10:50 AM > To: freebsd-isp@FreeBSD.ORG > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > > Imagine the government beauracracy necessary to administer something like > this. Consider the consequences, who gives the licenses, who > establishes the > criteria, who enforces, who makes the decisions, etc. Who will > then protect > you from retaliation if you published something this beauracracy didn't > like. Sometimes it's good to think these things through. We'd have to call > this BIGGER Brother ;-) > > -- > John > > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Chuck Rock > Sent: Wednesday, April 04, 2001 10:22 AM > To: Bob Martin > Cc: freebsd-isp@FreeBSD.ORG > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > > How about getting a license to put a machine on the public network so you > have to abide by "rules" for security, and if you are shown to > screw up, and > not maintain your security, your license is revoked, and your > pulic IP's are > then taken out of routes so they can't be accessed until you prove your > worthiness again, or someone fixes it. > > How many people are allowed to connect any computer they want to > the public > network, and cause harm to some or all the other users on that network. > Kinda like driving a car, only the consequences aren't necesarily deadly. > > If you misconfigure BGP, you can effective screw up a large part of the > Internet, this kind of power should not be given lightly. > > My 2 cents, > Chuck Rock > EPC > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:27:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id D51D237B72B for ; Wed, 4 Apr 2001 09:27:05 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 12:40:53 -0400 Message-ID: From: "Drew J. Weaver" To: "'heckfordj@psi-domain.co.uk'" Cc: "'freebsd-isp@freebsd.org'" Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 12:40:49 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD26.031A6AE6" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD26.031A6AE6 Content-Type: text/plain; charset="iso-8859-1" Enh, Redhat only starts everything if it is configured to start everything, and has utilities (and manual ways) of telling it not to start everything -----Original Message----- From: Jamie Heckford [mailto:heckfordj@psi-domain.co.uk] Sent: Wednesday, April 04, 2001 1:16 PM To: Drew J. Weaver Cc: freebsd-isp@freebsd.org Subject: RE: Chasing the kiddies (was: Named Keep crashing) IMHO, redhat is a hell of a lot harder, due to the fact it launches every damn service you can think off, most of which are outdated and full of security holes, and when you try to update them linuxconf throws a fit becuase you didnt do it through a GUI. FreeBSD is a hell of a lot easier to set up as a server you can trust, without chewing your fingers off. Jamie On 2001.04.04 17:19 Drew J. Weaver wrote: > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are all > of > equal "difficulty" to administer, I run all 3 and none of them make me > shiver in my boots. Not sure what point you're attempting to make here? > > --- quoth the raven, --- > > Everybody should start with a *nix running on a publicly accessable box. > (Note: Linux doesn't count here, except possibly really old versions of > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > with certain filter settings to avoid logging everything and > > > filling the disk? > > > > > > > | Dont bother... Just install the fixed version of bind... > > > | Every kid with a script and an internet connection is probably > > > | doing this to you!!! > > > > > This response kind of bothers me. There was a time > > > when everytime I could sanely trace spammers I emailed > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > probed Apache I'd send off adivsory emails. > > > > If you find a way this works let me know. I've given up doing this > > because except for the most well known, I've received rejects from > > all mail addresses at the offending provider, root,abuse, > > postmaster, webmaster, etc. So I just gave up and put the in > > the REJECT list. > > > > Those days responsible people, and not quick buck artists, we're > > keeping the 'net running. > > > > > There was a time when if you probed the Apache on my machine it > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > of satisfaction there... Needless to say, there's little mileage > > > in this now (damned M$ service packs!). :) > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > Bill > > -- > > Bill Vermillion - bv @ wjv . com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > >

        Just an off > topic note here, FreeBSD, BSDi/OS and RedHat are all of equal > "difficulty" to administer, I run all 3 and none of them make > me shiver in my boots. Not sure what point you're attempting to make > here?

> >

--- quoth the raven, --- >

> >

Everybody should start with a *nix running on a publicly > accessable box. >
(Note: Linux doesn't count here, except possibly really > old versions of >
Slackware. Damned RH makes things too easy. No X either > - CLI, people!) >

> >

_____________________________________________________________________ ___ >

> >

Chet Hosey >
<chosey@nidhog.com> >
_____________________________________________________________________ ___ >

> >

On Wed, 4 Apr 2001, Bill Vermillion wrote: >

> >

> On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > Davids thus spoke: >
> >
> > | > Is there any way to trace who is doing > it? | > Running tcpdump >
> > with certain filter settings to avoid logging > everything and >
> > filling the disk? >
> >
> >
> > | Dont bother... Just install the fixed > version of bind... >
> > | Every kid with a script and an internet > connection is probably >
> > | doing this to you!!! >
> >
> > This response kind of bothers me. There was a > time >
> > when everytime I could sanely trace spammers I > emailed >
> > abuse@wherever.was.relevant to advise them. > Similarly, when people >
> > probed Apache I'd send off adivsory > emails. >
> >
> If you find a way this works let me know.  > I've given up doing this >
> because except for the most well known, I've > received rejects from >
> all mail addresses at the offending provider, > root,abuse, >
> postmaster, webmaster, etc.  So I just gave up > and put the in >
> the REJECT list. >
> >
> Those days responsible people, and not quick buck > artists, we're >
> keeping the 'net running. >
> >
> > There was a time when if you probed the Apache > on my machine it >
> > winnuke'd you back. Moral issues aside, there > _was_ a great deal >
> > of satisfaction there... Needless to say, > there's little mileage >
> > in this now (damned M$ service packs!). > :) >
> >
> I never was into 'revenge' or 'tit-for-tat'. >
> >
> Bill >
> -- >
> Bill Vermillion -   bv @ wjv . com >
> >
> To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> with "unsubscribe freebsd-isp" in the > body of the message >
> >

>
> >

To Unsubscribe: send mail to majordomo@FreeBSD.org >
with "unsubscribe freebsd-isp" in the body of > the message >

> > > -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== ------_=_NextPart_001_01C0BD26.031A6AE6 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

Enh, Redhat only starts everything if it is = configured to start everything, and has utilities (and manual ways) of = telling it not to start everything

-----Original Message-----
From: Jamie Heckford [mailto:heckfordj@psi-domain.c= o.uk]
Sent: Wednesday, April 04, 2001 1:16 PM
To: Drew J. Weaver
Cc: freebsd-isp@freebsd.org
Subject: RE: Chasing the kiddies (was: Named Keep = crashing)


IMHO, redhat is a hell of a lot harder, due
to the fact it launches every damn service = you
can think off, most of which are outdated and full = of security
holes, and when you try to update them linuxconf = throws a
fit becuase you didnt do it through a GUI.

FreeBSD is a hell of a lot easier to set up as a = server
you can trust, without chewing your fingers = off.

Jamie

On 2001.04.04 17:19 Drew J. Weaver wrote:
>       Just an off = topic note here, FreeBSD, BSDi/OS and RedHat are all
> of
> equal "difficulty" to administer, I = run all 3 and none of them make me
> shiver in my boots. Not sure what point you're = attempting to make here?
>
> --- quoth the raven, ---
>
> Everybody should start with a *nix running on a = publicly accessable box.
> (Note: Linux doesn't count here, except = possibly really old versions of
> Slackware. Damned RH makes things too easy. No = X either - CLI, people!)
>
> = ________________________________________________________________________=
>
> Chet Hosey
> <chosey@nidhog.com>
> = ________________________________________________________________________=
>
> On Wed, 4 Apr 2001, Bill Vermillion = wrote:
>
> > On Wed, Apr 04, 2001 at 05:45:48PM +1000, = Enno Davids thus spoke:
> >
> > > | > Is there any way to trace who = is doing it? | > Running tcpdump
> > > with certain filter settings to avoid = logging everything and
> > > filling the disk?
> >
> >
> > > | Dont bother... Just install the = fixed version of bind...
> > > | Every kid with a script and an = internet connection is probably
> > > | doing this to you!!!
> >
> > > This response kind of bothers me. = There was a time
> > > when everytime I could sanely trace = spammers I emailed
> > > abuse@wherever.was.relevant to advise = them. Similarly, when people
> > > probed Apache I'd send off adivsory = emails.
> >
> > If you find a way this works let me = know.  I've given up doing this
> > because except for the most well known, = I've received rejects from
> > all mail addresses at the offending = provider, root,abuse,
> > postmaster, webmaster, etc.  So I = just gave up and put the in
> > the REJECT list.
> >
> > Those days responsible people, and not = quick buck artists, we're
> > keeping the 'net running.
> >
> > > There was a time when if you probed = the Apache on my machine it
> > > winnuke'd you back. Moral issues = aside, there _was_ a great deal
> > > of satisfaction there... Needless to = say, there's little mileage
> > > in this now (damned M$ service = packs!). :)
> >
> > I never was into 'revenge' or = 'tit-for-tat'.
> >
> > Bill
> > --
> > Bill Vermillion -   bv @ wjv . = com
> >
> > To Unsubscribe: send mail to = majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" = in the body of the message
> >
>
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML = 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" = CONTENT=3D"text/html; charset=3Diso-8859-1">
> <META NAME=3D"Generator" = CONTENT=3D"MS Exchange Server version 5.5.2650.12">
> <TITLE>RE: Chasing the kiddies (was: = Named Keep crashing)</TITLE>
> </HEAD>
> <BODY>
>
> = <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&am= p;nbsp; <FONT SIZE=3D2>Just an off
> topic note here, FreeBSD, BSDi/OS and RedHat = are all of equal
> &quot;difficulty&quot; to administer, I = run all 3 and none of them make
> me shiver in my boots. Not sure what point = you're attempting to make
> here?</FONT></P>
>
> <P><FONT SIZE=3D2>--- quoth the = raven, --- </FONT>
> </P>
>
> <P><FONT SIZE=3D2>Everybody should = start with a *nix running on a publicly
> accessable box.</FONT>
> <BR><FONT SIZE=3D2>(Note: Linux = doesn't count here, except possibly really
> old versions of</FONT>
> <BR><FONT SIZE=3D2>Slackware. = Damned RH makes things too easy. No X either
> - CLI, people!)</FONT>
> </P>
>
> <P><FONT = SIZE=3D2>____________________________________________________________= ____________</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Chet = Hosey</FONT>
> <BR><FONT = SIZE=3D2>&lt;chosey@nidhog.com&gt;</FONT>
> <BR><FONT = SIZE=3D2>____________________________________________________________= ____________</FONT>
> </P>
>
> <P><FONT SIZE=3D2>On Wed, 4 Apr = 2001, Bill Vermillion wrote:</FONT>
> </P>
>
> <P><FONT SIZE=3D2>&gt; On Wed, = Apr 04, 2001 at 05:45:48PM +1000, Enno
> Davids thus spoke:</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; | &gt; Is there any way to trace who is doing
> it? | &gt; Running = tcpdump</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; with certain filter settings to avoid logging
> everything and</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; filling the disk?</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; | Dont bother... Just install the fixed
> version of bind...</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; | Every kid with a script and an internet
> connection is probably</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; | doing this to you!!!</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; This response kind of bothers me. There was a
> time</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; when everytime I could sanely trace spammers I
> emailed</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; abuse@wherever.was.relevant to advise them.
> Similarly, when people</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; probed Apache I'd send off adivsory
> emails.</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; If you = find a way this works let me know.&nbsp;
> I've given up doing this</FONT>
> <BR><FONT SIZE=3D2>&gt; because = except for the most well known, I've
> received rejects from</FONT>
> <BR><FONT SIZE=3D2>&gt; all = mail addresses at the offending provider,
> root,abuse,</FONT>
> <BR><FONT SIZE=3D2>&gt; = postmaster, webmaster, etc.&nbsp; So I just gave up
> and put the in</FONT>
> <BR><FONT SIZE=3D2>&gt; the = REJECT list.</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; Those = days responsible people, and not quick buck
> artists, we're</FONT>
> <BR><FONT SIZE=3D2>&gt; keeping = the 'net running.</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; There was a time when if you probed the Apache
> on my machine it</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; winnuke'd you back. Moral issues aside, there
> _was_ a great deal</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; of satisfaction there... Needless to say,
> there's little mileage</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; in this now (damned M$ service packs!).
> :)</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; I never = was into 'revenge' or 'tit-for-tat'.</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = Bill</FONT>
> <BR><FONT SIZE=3D2>&gt; = --</FONT>
> <BR><FONT SIZE=3D2>&gt; Bill = Vermillion -&nbsp;&nbsp; bv @ wjv . com</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; To = Unsubscribe: send mail to
> majordomo@FreeBSD.org</FONT>
> <BR><FONT SIZE=3D2>&gt; with = &quot;unsubscribe freebsd-isp&quot; in the
> body of the message</FONT>
> <BR><FONT = SIZE=3D2>&gt;</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>To Unsubscribe: = send mail to majordomo@FreeBSD.org</FONT>
> <BR><FONT SIZE=3D2>with = &quot;unsubscribe freebsd-isp&quot; in the body of
> the message</FONT>
> </P>
>
> </BODY>
> </HTML>
--
Jamie Heckford
Chief Network Engineer
Psi-Domain - Innovative Linux Solutions. Ask Us = How.

FreeBSD - The power to serve

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
email:  heckfordj@psi-domain.co.uk
web:    http://www.psi-domain.co.uk/

tel:    +44 (0)1737 789 246
fax:    +44 (0)1737 789 245
mobile: +44 (0)7866 724 224

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

------_=_NextPart_001_01C0BD26.031A6AE6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:29:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id C972B37B724 for ; Wed, 4 Apr 2001 09:29:15 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 12:43:03 -0400 Message-ID: From: "Drew J. Weaver" To: 'Chet Hosey' Cc: "'freebsd-isp@freebsd.org'" Subject: RE: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 12:43:02 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD26.50A2C3A8" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD26.50A2C3A8 Content-Type: text/plain; charset="iso-8859-1" Actually its easier to keep updated software on your machine if you're using FreeBSD, through ports, all you do is cvsup your ports collection and go into the directory of the program you want to install and type make install and it downloads and installs it, doesnt really get much easier than that, but really, what is wrong with something being easy, and understandable, I find it somewhat refreshing that not everything is as complicated as sendmail =) -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 12:17 PM To: Drew J. Weaver Cc: 'freebsd-isp@freebsd.org' Subject: OT: RE: Chasing the kiddies (was: Named Keep crashing) From what I've seen, RH has GUI tools for a lot of things (Linuxconf, I think?). RH seems much simpler to run (as an end user) than FreeBSD. You can download RPMs for everything, including the kernel. I know RedHat users who've never touched gcc. Even using ports requires slightly more knowledge than "Using Netscape, download coolproggie.rpm, open an xterm, and run rpm -i coolproggie.rpm". Under Debian, upgrading Bind for the security fix is a matter of "apt-get update; apt-get install bind". Hell, upgrading *everything*, system libs, init, X, name-your-vi-clone, emacs, bind, lynx, etc., is just "apt-get update; apt-get dist-upgrade". The RedHat way of doing things allows one to avoid understanding. It seems that FreeBSD allows less ignorance. ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Drew J. Weaver wrote: > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are all of > equal "difficulty" to administer, I run all 3 and none of them make me > shiver in my boots. Not sure what point you're attempting to make here? > > --- quoth the raven, --- > > Everybody should start with a *nix running on a publicly accessable box. > (Note: Linux doesn't count here, except possibly really old versions of > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > with certain filter settings to avoid logging everything and > > > filling the disk? > > > > > > > | Dont bother... Just install the fixed version of bind... > > > | Every kid with a script and an internet connection is probably > > > | doing this to you!!! > > > > > This response kind of bothers me. There was a time > > > when everytime I could sanely trace spammers I emailed > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > probed Apache I'd send off adivsory emails. > > > > If you find a way this works let me know. I've given up doing this > > because except for the most well known, I've received rejects from > > all mail addresses at the offending provider, root,abuse, > > postmaster, webmaster, etc. So I just gave up and put the in > > the REJECT list. > > > > Those days responsible people, and not quick buck artists, we're > > keeping the 'net running. > > > > > There was a time when if you probed the Apache on my machine it > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > of satisfaction there... Needless to say, there's little mileage > > > in this now (damned M$ service packs!). :) > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > Bill > > -- > > Bill Vermillion - bv @ wjv . com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD26.50A2C3A8 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: RE: Chasing the kiddies (was: Named Keep crashing)

        Actually = its easier to keep updated software on your machine if you're using = FreeBSD, through ports, all you do is cvsup your ports collection and = go into the directory of the program you want to install and type make = install and it downloads and installs it, doesnt really get much easier = than that, but really, what is wrong with something being easy, and = understandable, I find it somewhat refreshing that not everything is as = complicated as sendmail =3D)

-----Original Message-----
From: Chet Hosey [mailto:chosey@nidhog.com]
Sent: Wednesday, April 04, 2001 12:17 PM
To: Drew J. Weaver
Cc: 'freebsd-isp@freebsd.org'
Subject: OT: RE: Chasing the kiddies (was: Named = Keep crashing)


From what I've seen, RH has GUI tools for a lot of = things (Linuxconf, I
think?). RH seems much simpler to run (as an end = user) than FreeBSD. You
can download RPMs for everything, including the = kernel. I know RedHat
users who've never touched gcc.

Even using ports requires slightly more knowledge = than "Using Netscape,
download coolproggie.rpm, open an xterm, and run rpm = -i coolproggie.rpm".

Under Debian, upgrading Bind for the security fix is = a matter of "apt-get
update; apt-get install bind". Hell, upgrading = *everything*, system libs,
init, X, name-your-vi-clone, emacs, bind, lynx, = etc., is just "apt-get
update; apt-get dist-upgrade".

The RedHat way of doing things allows one to avoid = understanding. It seems
that FreeBSD allows less ignorance.

_______________________________________________________________= _________

Chet Hosey
<chosey@nidhog.com>
_______________________________________________________________= _________

On Wed, 4 Apr 2001, Drew J. Weaver wrote:

>       Just an off topic = note here, FreeBSD, BSDi/OS and RedHat are all of
> equal "difficulty" to administer, I = run all 3 and none of them make me
> shiver in my boots. Not sure what point you're = attempting to make here?
>
> --- quoth the raven, ---
>
> Everybody should start with a *nix running on a = publicly accessable box.
> (Note: Linux doesn't count here, except = possibly really old versions of
> Slackware. Damned RH makes things too easy. No = X either - CLI, people!)
>
> = ________________________________________________________________________=
>
> Chet Hosey
> <chosey@nidhog.com>
> = ________________________________________________________________________=
>
> On Wed, 4 Apr 2001, Bill Vermillion = wrote:
>
> > On Wed, Apr 04, 2001 at 05:45:48PM +1000, = Enno Davids thus spoke:
> >
> > > | > Is there any way to trace who = is doing it? | > Running tcpdump
> > > with certain filter settings to avoid = logging everything and
> > > filling the disk?
> >
> >
> > > | Dont bother... Just install the = fixed version of bind...
> > > | Every kid with a script and an = internet connection is probably
> > > | doing this to you!!!
> >
> > > This response kind of bothers me. = There was a time
> > > when everytime I could sanely trace = spammers I emailed
> > > abuse@wherever.was.relevant to advise = them. Similarly, when people
> > > probed Apache I'd send off adivsory = emails.
> >
> > If you find a way this works let me = know.  I've given up doing this
> > because except for the most well known, = I've received rejects from
> > all mail addresses at the offending = provider, root,abuse,
> > postmaster, webmaster, etc.  So I = just gave up and put the in
> > the REJECT list.
> >
> > Those days responsible people, and not = quick buck artists, we're
> > keeping the 'net running.
> >
> > > There was a time when if you probed = the Apache on my machine it
> > > winnuke'd you back. Moral issues = aside, there _was_ a great deal
> > > of satisfaction there... Needless to = say, there's little mileage
> > > in this now (damned M$ service = packs!). :)
> >
> > I never was into 'revenge' or = 'tit-for-tat'.
> >
> > Bill
> > --
> > Bill Vermillion -   bv @ wjv . = com
> >
> > To Unsubscribe: send mail to = majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" = in the body of the message
> >
>
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD26.50A2C3A8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:32:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from metva.com.au (metva.com.au [202.0.82.1]) by hub.freebsd.org (Postfix) with ESMTP id 6167237B71C for ; Wed, 4 Apr 2001 09:32:52 -0700 (PDT) (envelope-from enno.davids@metva.com.au) Received: (from enno@localhost) by metva.com.au id CAA11996 for freebsd-isp@FreeBSD.ORG; Thu, 5 Apr 2001 02:32:44 +1000 (EST) From: Enno Davids Message-Id: <200104041632.CAA11996@metva.com.au> Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <3ACB4416.61A31902@quake.com.au> from Kal Torak at "Apr 5, 1 01:56:06 am" To: freebsd-isp@FreeBSD.ORG Date: Thu, 5 Apr 2001 02:32:44 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kal Torak wrote: | | Companys that have personal data, should be fined if there security is breached | through poor administration... You can make as many laws as you like against | sniffing etc, but it wont slove anything! In fact, if you don't have them now, you likely soon will have privacy laws. If only so you can continue to do business in Europe. Your users/clients likely expect you to keep their data private anyway and may seek redress from you if you fail to. And a special one, (my 'day job' is as a web systems admin at a large Australian banking group) if you're in some industires there are real live laws with teeth that require you to make strenuous effort to safeguard peoples data. 'Fiduciary responsibilities' for banks. And how much would you trust a bank that got hacked? Now argue by extension how much trust you should extend to other sorts of business that are compromised. Its clearly in their own interest to secure themselves and make a best effort to stay secure. (How long were hackers wandering around inside a large s/w developer in Redmond? How many credit card numbers have been stolen from a large nameless online bookseller?) | Infact I dont even see how anyone could call network scanning a crime... | Its just like knocking on someones door to see if they are home, are we | going to make that a crime as well? Once again, in banking, if you come knockng on my door, the Australian Federal Police will take an interest in you. Something to do with making sure you don't screw up the entire economy. Its no more OK to do it to anyone else, just that governments have less self-interest in protecting the rest of the community. Enno. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 9:33:49 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id BD61A37B718 for ; Wed, 4 Apr 2001 09:32:45 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 12:46:33 -0400 Message-ID: From: "Drew J. Weaver" To: "'heckfordj@psi-domain.co.uk'" Cc: freebsd-isp@freebsd.org Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 12:46:27 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD26.CDD2FD5C" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD26.CDD2FD5C Content-Type: text/plain; charset="iso-8859-1" I suppose you are correct but that isn't to say that Redhat forces you to keep everything running, they have a nifty little util called ntsysv that lets you basically visually see everything its starting and tell it wether or not to do it, or you can always do it the old fashioned way via xinetd/inetd or through /etc/sysconfig/init.d. It doesnt really hurt to have all of those things starting by default at installation time, because if the user doesnt know enough to shutdown services that arent meant to be running than he will probably end up being hacked anyway through other mistakes of his/her own. -----Original Message----- From: Jamie Heckford [mailto:heckfordj@psi-domain.co.uk] Sent: Wednesday, April 04, 2001 1:27 PM To: Drew J. Weaver Cc: freebsd-isp@freebsd.org Subject: RE: Chasing the kiddies (was: Named Keep crashing) Compare a default redhat install to a default FreeBSD install, from a newbies perspective. Which one is more secure? FreeBSD. J On 2001.04.04 17:40 Drew J. Weaver wrote: > Enh, Redhat only starts everything if it is configured to start > everything, > and has utilities (and manual ways) of telling it not to start everything > > -----Original Message----- > From: Jamie Heckford [mailto:heckfordj@psi-domain.co.uk] > Sent: Wednesday, April 04, 2001 1:16 PM > To: Drew J. Weaver > Cc: freebsd-isp@freebsd.org > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > > IMHO, redhat is a hell of a lot harder, due > to the fact it launches every damn service you > can think off, most of which are outdated and full of security > holes, and when you try to update them linuxconf throws a > fit becuase you didnt do it through a GUI. > > FreeBSD is a hell of a lot easier to set up as a server > you can trust, without chewing your fingers off. > > Jamie > > On 2001.04.04 17:19 Drew J. Weaver wrote: > > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are > all > > of > > equal "difficulty" to administer, I run all 3 and none of them make me > > shiver in my boots. Not sure what point you're attempting to make here? > > > > --- quoth the raven, --- > > > > Everybody should start with a *nix running on a publicly accessable > box. > > (Note: Linux doesn't count here, except possibly really old versions of > > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > > > ________________________________________________________________________ > > > > Chet Hosey > > > > ________________________________________________________________________ > > > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > > with certain filter settings to avoid logging everything and > > > > filling the disk? > > > > > > > > > > | Dont bother... Just install the fixed version of bind... > > > > | Every kid with a script and an internet connection is probably > > > > | doing this to you!!! > > > > > > > This response kind of bothers me. There was a time > > > > when everytime I could sanely trace spammers I emailed > > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > > probed Apache I'd send off adivsory emails. > > > > > > If you find a way this works let me know. I've given up doing this > > > because except for the most well known, I've received rejects from > > > all mail addresses at the offending provider, root,abuse, > > > postmaster, webmaster, etc. So I just gave up and put the in > > > the REJECT list. > > > > > > Those days responsible people, and not quick buck artists, we're > > > keeping the 'net running. > > > > > > > There was a time when if you probed the Apache on my machine it > > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > > of satisfaction there... Needless to say, there's little mileage > > > > in this now (damned M$ service packs!). :) > > > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > > > Bill > > > -- > > > Bill Vermillion - bv @ wjv . com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > > > > > >

        Just an off > > topic note here, FreeBSD, BSDi/OS and RedHat are all of equal > > "difficulty" to administer, I run all 3 and none of them make > > me shiver in my boots. Not sure what point you're attempting to make > > here?

> > > >

--- quoth the raven, --- > >

> > > >

Everybody should start with a *nix running on a > publicly > > accessable box. > >
(Note: Linux doesn't count here, except possibly > really > > old versions of > >
Slackware. Damned RH makes things too easy. No X > either > > - CLI, people!) > >

> > > >

SIZE=2>_____________________________________________________________________ > ___ > >

> > > >

Chet Hosey > >
<chosey@nidhog.com> > >
SIZE=2>_____________________________________________________________________ > ___ > >

> > > >

On Wed, 4 Apr 2001, Bill Vermillion wrote: > >

> > > >

> On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > > Davids thus spoke: > >
> > >
> > | > Is there any way to trace who is > doing > > it? | > Running tcpdump > >
> > with certain filter settings to avoid > logging > > everything and > >
> > filling the disk? > >
> > >
> > >
> > | Dont bother... Just install the fixed > > version of bind... > >
> > | Every kid with a script and an internet > > connection is probably > >
> > | doing this to you!!! > >
> > >
> > This response kind of bothers me. There was > a > > time > >
> > when everytime I could sanely trace spammers > I > > emailed > >
> > abuse@wherever.was.relevant to advise them. > > Similarly, when people > >
> > probed Apache I'd send off adivsory > > emails. > >
> > >
> If you find a way this works let me know.  > > I've given up doing this > >
> because except for the most well known, I've > > received rejects from > >
> all mail addresses at the offending provider, > > root,abuse, > >
> postmaster, webmaster, etc.  So I just gave > up > > and put the in > >
> the REJECT list. > >
> > >
> Those days responsible people, and not quick buck > > artists, we're > >
> keeping the 'net running. > >
> > >
> > There was a time when if you probed the > Apache > > on my machine it > >
> > winnuke'd you back. Moral issues aside, > there > > _was_ a great deal > >
> > of satisfaction there... Needless to say, > > there's little mileage > >
> > in this now (damned M$ service packs!). > > :) > >
> > >
> I never was into 'revenge' or > 'tit-for-tat'. > >
> > >
> Bill > >
> -- > >
> Bill Vermillion -   bv @ wjv . > com > >
> > >
> To Unsubscribe: send mail to > > majordomo@FreeBSD.org > >
> with "unsubscribe freebsd-isp" in the > > body of the message > >
> > >

> >
> > > >

To Unsubscribe: send mail to > majordomo@FreeBSD.org > >
with "unsubscribe freebsd-isp" in the body > of > > the message > >

> > > > > > > -- > Jamie Heckford > Chief Network Engineer > Psi-Domain - Innovative Linux Solutions. Ask Us How. > > FreeBSD - The power to serve > > ===================================== > email: heckfordj@psi-domain.co.uk > web: http://www.psi-domain.co.uk/ > > tel: +44 (0)1737 789 246 > fax: +44 (0)1737 789 245 > mobile: +44 (0)7866 724 224 > > ===================================== > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > >

Enh, Redhat only starts everything if it is configured to > start everything, and has utilities (and manual ways) of telling it not > to start everything

> >

-----Original Message----- >
From: Jamie Heckford [ HREF="mailto:heckfordj@psi-domain.co.uk">mailto:heckfordj@psi-domain.co.uk] >
Sent: Wednesday, April 04, 2001 1:16 PM >
To: Drew J. Weaver >
Cc: freebsd-isp@freebsd.org >
Subject: RE: Chasing the kiddies (was: Named Keep > crashing) >

>
> >

IMHO, redhat is a hell of a lot harder, due >
to the fact it launches every damn service you >
can think off, most of which are outdated and full of > security >
holes, and when you try to update them linuxconf throws > a >
fit becuase you didnt do it through a GUI. >

> >

FreeBSD is a hell of a lot easier to set up as a > server >
you can trust, without chewing your fingers off. >

> >

Jamie >

> >

On 2001.04.04 17:19 Drew J. Weaver wrote: >
>       Just an off topic > note here, FreeBSD, BSDi/OS and RedHat are all >
> of >
> equal "difficulty" to administer, I run > all 3 and none of them make me >
> shiver in my boots. Not sure what point you're > attempting to make here? >
> >
> --- quoth the raven, --- >
> >
> Everybody should start with a *nix running on a > publicly accessable box. >
> (Note: Linux doesn't count here, except possibly > really old versions of >
> Slackware. Damned RH makes things too easy. No X > either - CLI, people!) >
> >
> ________________________________________________________________________ >
> >
> Chet Hosey >
> <chosey@nidhog.com> >
> ________________________________________________________________________ >
> >
> On Wed, 4 Apr 2001, Bill Vermillion wrote: >
> >
> > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > Davids thus spoke: >
> > >
> > > | > Is there any way to trace who is > doing it? | > Running tcpdump >
> > > with certain filter settings to avoid > logging everything and >
> > > filling the disk? >
> > >
> > >
> > > | Dont bother... Just install the fixed > version of bind... >
> > > | Every kid with a script and an internet > connection is probably >
> > > | doing this to you!!! >
> > >
> > > This response kind of bothers me. There > was a time >
> > > when everytime I could sanely trace > spammers I emailed >
> > > abuse@wherever.was.relevant to advise > them. Similarly, when people >
> > > probed Apache I'd send off adivsory > emails. >
> > >
> > If you find a way this works let me > know.  I've given up doing this >
> > because except for the most well known, I've > received rejects from >
> > all mail addresses at the offending provider, > root,abuse, >
> > postmaster, webmaster, etc.  So I just > gave up and put the in >
> > the REJECT list. >
> > >
> > Those days responsible people, and not quick > buck artists, we're >
> > keeping the 'net running. >
> > >
> > > There was a time when if you probed the > Apache on my machine it >
> > > winnuke'd you back. Moral issues aside, > there _was_ a great deal >
> > > of satisfaction there... Needless to say, > there's little mileage >
> > > in this now (damned M$ service packs!). > :) >
> > >
> > I never was into 'revenge' or > 'tit-for-tat'. >
> > >
> > Bill >
> > -- >
> > Bill Vermillion -   bv @ wjv . > com >
> > >
> > To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> > with "unsubscribe freebsd-isp" in > the body of the message >
> > >
> >
> >
> To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> with "unsubscribe freebsd-isp" in the > body of the message >
> >
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML > 3.2//EN"> >
> <HTML> >
> <HEAD> >
> <META HTTP-EQUIV="Content-Type" > CONTENT="text/html; charset=iso-8859-1"> >
> <META NAME="Generator" > CONTENT="MS Exchange Server version 5.5.2650.12"> >
> <TITLE>RE: Chasing the kiddies (was: Named > Keep crashing)</TITLE> >
> </HEAD> >
> <BODY> >
> >
> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb sp; > <FONT SIZE=2>Just an off >
> topic note here, FreeBSD, BSDi/OS and RedHat are > all of equal >
> &quot;difficulty&quot; to administer, I run > all 3 and none of them make >
> me shiver in my boots. Not sure what point you're > attempting to make >
> here?</FONT></P> >
> >
> <P><FONT SIZE=2>--- quoth the raven, > --- </FONT> >
> </P> >
> >
> <P><FONT SIZE=2>Everybody should start > with a *nix running on a publicly >
> accessable box.</FONT> >
> <BR><FONT SIZE=2>(Note: Linux doesn't > count here, except possibly really >
> old versions of</FONT> >
> <BR><FONT SIZE=2>Slackware. Damned RH > makes things too easy. No X either >
> - CLI, people!)</FONT> >
> </P> >
> >
> <P><FONT > SIZE=2>__________________________________________________________________ ______</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>Chet > Hosey</FONT> >
> <BR><FONT > SIZE=2>&lt;chosey@nidhog.com&gt;</FONT> >
> <BR><FONT > SIZE=2>__________________________________________________________________ ______</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>On Wed, 4 Apr 2001, > Bill Vermillion wrote:</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>&gt; On Wed, Apr > 04, 2001 at 05:45:48PM +1000, Enno >
> Davids thus spoke:</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > &gt; Is there any way to trace who is doing >
> it? | &gt; Running tcpdump</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; with > certain filter settings to avoid logging >
> everything and</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > filling the disk?</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > Dont bother... Just install the fixed >
> version of bind...</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > Every kid with a script and an internet >
> connection is probably</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > doing this to you!!!</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; This > response kind of bothers me. There was a >
> time</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; when > everytime I could sanely trace spammers I >
> emailed</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > abuse@wherever.was.relevant to advise them. >
> Similarly, when people</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > probed Apache I'd send off adivsory >
> emails.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; If you find a > way this works let me know.&nbsp; >
> I've given up doing this</FONT> >
> <BR><FONT SIZE=2>&gt; because > except for the most well known, I've >
> received rejects from</FONT> >
> <BR><FONT SIZE=2>&gt; all mail > addresses at the offending provider, >
> root,abuse,</FONT> >
> <BR><FONT SIZE=2>&gt; postmaster, > webmaster, etc.&nbsp; So I just gave up >
> and put the in</FONT> >
> <BR><FONT SIZE=2>&gt; the REJECT > list.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; Those days > responsible people, and not quick buck >
> artists, we're</FONT> >
> <BR><FONT SIZE=2>&gt; keeping the > 'net running.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > There was a time when if you probed the Apache >
> on my machine it</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > winnuke'd you back. Moral issues aside, there >
> _was_ a great deal</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; of > satisfaction there... Needless to say, >
> there's little mileage</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; in > this now (damned M$ service packs!). >
> :)</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; I never was > into 'revenge' or 'tit-for-tat'.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; > Bill</FONT> >
> <BR><FONT SIZE=2>&gt; > --</FONT> >
> <BR><FONT SIZE=2>&gt; Bill > Vermillion -&nbsp;&nbsp; bv @ wjv . com</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; To > Unsubscribe: send mail to >
> majordomo@FreeBSD.org</FONT> >
> <BR><FONT SIZE=2>&gt; with > &quot;unsubscribe freebsd-isp&quot; in the >
> body of the message</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> </P> >
> <BR> >
> >
> <P><FONT SIZE=2>To Unsubscribe: send > mail to majordomo@FreeBSD.org</FONT> >
> <BR><FONT SIZE=2>with > &quot;unsubscribe freebsd-isp&quot; in the body of >
> the message</FONT> >
> </P> >
> >
> </BODY> >
> </HTML> >
-- >
Jamie Heckford >
Chief Network Engineer >
Psi-Domain - Innovative Linux Solutions. Ask Us > How. >

> >

FreeBSD - The power to serve >

> >

===================================== >
email:  heckfordj@psi-domain.co.uk >
web:    HREF="http://www.psi-domain.co.uk/" TARGET="_blank">http://www.psi-domain.co.uk/ >

> >

tel:    +44 (0)1737 789 246 >
fax:    +44 (0)1737 789 245 >
mobile: +44 (0)7866 724 224 >

> >

===================================== >

> > > -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== ------_=_NextPart_001_01C0BD26.CDD2FD5C Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

        I suppose = you are correct but that isn't to say that Redhat forces you to keep = everything running, they have a nifty little util called ntsysv that = lets you basically visually see everything its starting and tell it = wether or not to do it, or you can always do it the old fashioned way = via xinetd/inetd or through /etc/sysconfig/init.d.

        It doesnt = really hurt to have all of those things starting by default at = installation time, because if the user doesnt know enough to shutdown = services that arent meant to be running than he will probably end up = being hacked anyway through other mistakes of his/her own.

-----Original Message-----
From: Jamie Heckford [mailto:heckfordj@psi-domain.c= o.uk]
Sent: Wednesday, April 04, 2001 1:27 PM
To: Drew J. Weaver
Cc: freebsd-isp@freebsd.org
Subject: RE: Chasing the kiddies (was: Named Keep = crashing)


Compare a default redhat install to a default FreeBSD = install,
from a newbies perspective.

Which one is more secure? FreeBSD.

J

On 2001.04.04 17:40 Drew J. Weaver wrote:
> Enh, Redhat only starts everything if it is = configured to start
> everything,
> and has utilities (and manual ways) of telling = it not to start everything
>
> -----Original Message-----
> From: Jamie Heckford [mailto:heckfordj@psi-domain.c= o.uk]
> Sent: Wednesday, April 04, 2001 1:16 PM
> To: Drew J. Weaver
> Cc: freebsd-isp@freebsd.org
> Subject: RE: Chasing the kiddies (was: Named = Keep crashing)
>
>
> IMHO, redhat is a hell of a lot harder, = due
> to the fact it launches every damn service = you
> can think off, most of which are outdated and = full of security
> holes, and when you try to update them = linuxconf throws a
> fit becuase you didnt do it through a = GUI.
>
> FreeBSD is a hell of a lot easier to set up as = a server
> you can trust, without chewing your fingers = off.
>
> Jamie
>
> On 2001.04.04 17:19 Drew J. Weaver = wrote:
> >     Just an off topic note = here, FreeBSD, BSDi/OS and RedHat are
> all
> > of
> > equal "difficulty" to = administer, I run all 3 and none of them make me
> > shiver in my boots. Not sure what point = you're attempting to make here?
> >
> > --- quoth the raven, ---
> >
> > Everybody should start with a *nix running = on a publicly accessable
> box.
> > (Note: Linux doesn't count here, except = possibly really old versions of
> > Slackware. Damned RH makes things too = easy. No X either - CLI, people!)
> >
> > = ________________________________________________________________________=
> >
> > Chet Hosey
> > <chosey@nidhog.com>
> > = ________________________________________________________________________=
> >
> > On Wed, 4 Apr 2001, Bill Vermillion = wrote:
> >
> > > On Wed, Apr 04, 2001 at 05:45:48PM = +1000, Enno Davids thus spoke:
> > >
> > > > | > Is there any way to trace = who is doing it? | > Running tcpdump
> > > > with certain filter settings to = avoid logging everything and
> > > > filling the disk?
> > >
> > >
> > > > | Dont bother... Just install = the fixed version of bind...
> > > > | Every kid with a script and an = internet connection is probably
> > > > | doing this to you!!!
> > >
> > > > This response kind of bothers = me. There was a time
> > > > when everytime I could sanely = trace spammers I emailed
> > > > abuse@wherever.was.relevant to = advise them. Similarly, when people
> > > > probed Apache I'd send off = adivsory emails.
> > >
> > > If you find a way this works let me = know.  I've given up doing this
> > > because except for the most well = known, I've received rejects from
> > > all mail addresses at the offending = provider, root,abuse,
> > > postmaster, webmaster, etc.  So = I just gave up and put the in
> > > the REJECT list.
> > >
> > > Those days responsible people, and = not quick buck artists, we're
> > > keeping the 'net running.
> > >
> > > > There was a time when if you = probed the Apache on my machine it
> > > > winnuke'd you back. Moral issues = aside, there _was_ a great deal
> > > > of satisfaction there... = Needless to say, there's little mileage
> > > > in this now (damned M$ service = packs!). :)
> > >
> > > I never was into 'revenge' or = 'tit-for-tat'.
> > >
> > > Bill
> > > --
> > > Bill Vermillion -   bv @ = wjv . com
> > >
> > > To Unsubscribe: send mail to = majordomo@FreeBSD.org
> > > with "unsubscribe = freebsd-isp" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to = majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" = in the body of the message
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD = HTML 3.2//EN">
> > <HTML>
> > <HEAD>
> > <META = HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
> charset=3Diso-8859-1">
> > <META NAME=3D"Generator" = CONTENT=3D"MS Exchange Server version
> 5.5.2650.12">
> > <TITLE>RE: Chasing the kiddies (was: = Named Keep crashing)</TITLE>
> > </HEAD>
> > <BODY>
> >
> > = <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&am= p;nbsp; <FONT SIZE=3D2>Just an off
> > topic note here, FreeBSD, BSDi/OS and = RedHat are all of equal
> > &quot;difficulty&quot; to = administer, I run all 3 and none of them make
> > me shiver in my boots. Not sure what point = you're attempting to make
> > here?</FONT></P>
> >
> > <P><FONT SIZE=3D2>--- quoth = the raven, --- </FONT>
> > </P>
> >
> > <P><FONT SIZE=3D2>Everybody = should start with a *nix running on a
> publicly
> > accessable box.</FONT>
> > <BR><FONT SIZE=3D2>(Note: = Linux doesn't count here, except possibly
> really
> > old versions of</FONT>
> > <BR><FONT SIZE=3D2>Slackware. = Damned RH makes things too easy. No X
> either
> > - CLI, people!)</FONT>
> > </P>
> >
> > <P><FONT
> = SIZE=3D2>____________________________________________________________= _________
> ___</FONT>
> > </P>
> >
> > <P><FONT SIZE=3D2>Chet = Hosey</FONT>
> > <BR><FONT = SIZE=3D2>&lt;chosey@nidhog.com&gt;</FONT>
> > <BR><FONT
> = SIZE=3D2>____________________________________________________________= _________
> ___</FONT>
> > </P>
> >
> > <P><FONT SIZE=3D2>On Wed, 4 = Apr 2001, Bill Vermillion wrote:</FONT>
> > </P>
> >
> > <P><FONT SIZE=3D2>&gt; On = Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno
> > Davids thus spoke:</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; | &gt; Is there any way to trace who is
> doing
> > it? | &gt; Running = tcpdump</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; with certain filter settings to avoid
> logging
> > everything and</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; filling the disk?</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; | Dont bother... Just install the fixed
> > version of bind...</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; | Every kid with a script and an internet
> > connection is probably</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; | doing this to you!!!</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; This response kind of bothers me. There was
> a
> > time</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; when everytime I could sanely trace spammers
> I
> > emailed</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; abuse@wherever.was.relevant to advise them.
> > Similarly, when people</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; probed Apache I'd send off adivsory
> > emails.</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; If = you find a way this works let me know.&nbsp;
> > I've given up doing = this</FONT>
> > <BR><FONT SIZE=3D2>&gt; = because except for the most well known, I've
> > received rejects from</FONT>
> > <BR><FONT SIZE=3D2>&gt; = all mail addresses at the offending provider,
> > root,abuse,</FONT>
> > <BR><FONT SIZE=3D2>&gt; = postmaster, webmaster, etc.&nbsp; So I just gave
> up
> > and put the in</FONT>
> > <BR><FONT SIZE=3D2>&gt; = the REJECT list.</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = Those days responsible people, and not quick buck
> > artists, we're</FONT>
> > <BR><FONT SIZE=3D2>&gt; = keeping the 'net running.</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; There was a time when if you probed the
> Apache
> > on my machine it</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; winnuke'd you back. Moral issues aside,
> there
> > _was_ a great deal</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; of satisfaction there... Needless to say,
> > there's little mileage</FONT>
> > <BR><FONT SIZE=3D2>&gt; = &gt; in this now (damned M$ service packs!).
> > :)</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; I = never was into 'revenge' or
> 'tit-for-tat'.</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; = Bill</FONT>
> > <BR><FONT SIZE=3D2>&gt; = --</FONT>
> > <BR><FONT SIZE=3D2>&gt; = Bill Vermillion -&nbsp;&nbsp; bv @ wjv .
> com</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > <BR><FONT SIZE=3D2>&gt; To = Unsubscribe: send mail to
> > majordomo@FreeBSD.org</FONT>
> > <BR><FONT SIZE=3D2>&gt; = with &quot;unsubscribe freebsd-isp&quot; in the
> > body of the message</FONT>
> > <BR><FONT = SIZE=3D2>&gt;</FONT>
> > </P>
> > <BR>
> >
> > <P><FONT SIZE=3D2>To = Unsubscribe: send mail to
> majordomo@FreeBSD.org</FONT>
> > <BR><FONT SIZE=3D2>with = &quot;unsubscribe freebsd-isp&quot; in the body
> of
> > the message</FONT>
> > </P>
> >
> > </BODY>
> > </HTML>
> --
> Jamie Heckford
> Chief Network Engineer
> Psi-Domain - Innovative Linux Solutions. Ask Us = How.
>
> FreeBSD - The power to serve
>
> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> email:  heckfordj@psi-domain.co.uk
> web:    http://www.psi-domain.co.uk/
>
> tel:    +44 (0)1737 789 = 246
> fax:    +44 (0)1737 789 = 245
> mobile: +44 (0)7866 724 224
>
> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML = 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" = CONTENT=3D"text/html; charset=3Diso-8859-1">
> <META NAME=3D"Generator" = CONTENT=3D"MS Exchange Server version 5.5.2650.12">
> <TITLE>RE: Chasing the kiddies (was: = Named Keep crashing)</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2>Enh, Redhat only = starts everything if it is configured to
> start everything, and has utilities (and manual = ways) of telling it not
> to start = everything</FONT></P>
>
> <P><FONT SIZE=3D2>-----Original = Message-----</FONT>
> <BR><FONT SIZE=3D2>From: Jamie = Heckford [<A
> HREF=3D"mailto:heckfordj@psi-domain.c= o.uk">mailto:heckfordj@psi-domain.c= o.uk</A>]</FONT>
> <BR><FONT SIZE=3D2>Sent: Wednesday, = April 04, 2001 1:16 PM</FONT>
> <BR><FONT SIZE=3D2>To: Drew J. = Weaver</FONT>
> <BR><FONT SIZE=3D2>Cc: = freebsd-isp@freebsd.org</FONT>
> <BR><FONT SIZE=3D2>Subject: RE: = Chasing the kiddies (was: Named Keep
> crashing)</FONT>
> </P>
> <BR>
>
> <P><FONT SIZE=3D2>IMHO, redhat is a = hell of a lot harder, due</FONT>
> <BR><FONT SIZE=3D2>to the fact it = launches every damn service you</FONT>
> <BR><FONT SIZE=3D2>can think off, = most of which are outdated and full of
> security </FONT>
> <BR><FONT SIZE=3D2>holes, and when = you try to update them linuxconf throws
> a </FONT>
> <BR><FONT SIZE=3D2>fit becuase you = didnt do it through a GUI.</FONT>
> </P>
>
> <P><FONT SIZE=3D2>FreeBSD is a hell = of a lot easier to set up as a
> server</FONT>
> <BR><FONT SIZE=3D2>you can trust, = without chewing your fingers off.</FONT>
> </P>
>
> <P><FONT = SIZE=3D2>Jamie</FONT>
> </P>
>
> <P><FONT SIZE=3D2>On 2001.04.04 = 17:19 Drew J. Weaver wrote:</FONT>
> <BR><FONT SIZE=3D2>&gt; = &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Just an off = topic
> note here, FreeBSD, BSDi/OS and RedHat are = all</FONT>
> <BR><FONT SIZE=3D2>&gt; = of</FONT>
> <BR><FONT SIZE=3D2>&gt; equal = &quot;difficulty&quot; to administer, I run
> all 3 and none of them make = me</FONT>
> <BR><FONT SIZE=3D2>&gt; shiver = in my boots. Not sure what point you're
> attempting to make here?</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; --- = quoth the raven, --- </FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = Everybody should start with a *nix running on a
> publicly accessable box.</FONT>
> <BR><FONT SIZE=3D2>&gt; (Note: = Linux doesn't count here, except possibly
> really old versions of</FONT>
> <BR><FONT SIZE=3D2>&gt; = Slackware. Damned RH makes things too easy. No X
> either - CLI, people!)</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = ________________________________________________________________________= </FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; Chet = Hosey</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;chosey@nidhog.com&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = ________________________________________________________________________= </FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; On Wed, = 4 Apr 2001, Bill Vermillion wrote:</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno
> Davids thus spoke:</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; | &gt; Is there any way to trace who is
> doing it? | &gt; Running = tcpdump</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; with certain filter settings to avoid
> logging everything and</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; filling the disk?</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; | Dont bother... Just install the fixed
> version of bind...</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; | Every kid with a script and an internet
> connection is probably</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; | doing this to you!!!</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; This response kind of bothers me. There
> was a time</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; when everytime I could sanely trace
> spammers I emailed</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; abuse@wherever.was.relevant to advise
> them. Similarly, when = people</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; probed Apache I'd send off adivsory
> emails.</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; If you find a way this works let me
> know.&nbsp; I've given up doing = this</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; because except for the most well known, I've
> received rejects from</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; all mail addresses at the offending provider,
> root,abuse,</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; postmaster, webmaster, etc.&nbsp; So I just
> gave up and put the in</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; the REJECT list.</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; Those days responsible people, and not quick
> buck artists, we're</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; keeping the 'net running.</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; There was a time when if you probed the
> Apache on my machine it</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; winnuke'd you back. Moral issues aside,
> there _was_ a great deal</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; of satisfaction there... Needless to say,
> there's little mileage</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; &gt; in this now (damned M$ service packs!).
> :)</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; I never was into 'revenge' or
> 'tit-for-tat'.</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; Bill</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; --</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; Bill Vermillion -&nbsp;&nbsp; bv @ wjv .
> com</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; To Unsubscribe: send mail to
> majordomo@FreeBSD.org</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt; with &quot;unsubscribe freebsd-isp&quot; in
> the body of the message</FONT>
> <BR><FONT SIZE=3D2>&gt; = &gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; To = Unsubscribe: send mail to
> majordomo@FreeBSD.org</FONT>
> <BR><FONT SIZE=3D2>&gt; with = &quot;unsubscribe freebsd-isp&quot; in the
> body of the message</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML
> 3.2//EN&quot;&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;HTML&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;HEAD&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;META HTTP-EQUIV=3D&quot;Content-Type&quot;
> CONTENT=3D&quot;text/html; = charset=3Diso-8859-1&quot;&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;META NAME=3D&quot;Generator&quot;
> CONTENT=3D&quot;MS Exchange Server version = 5.5.2650.12&quot;&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;TITLE&gt;RE: Chasing the kiddies (was: Named
> Keep = crashing)&lt;/TITLE&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/HEAD&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BODY&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp= ;&amp;nbsp;&amp;nbsp;&amp;nbsp;
> &lt;FONT SIZE=3D2&gt;Just an = off</FONT>
> <BR><FONT SIZE=3D2>&gt; topic = note here, FreeBSD, BSDi/OS and RedHat are
> all of equal</FONT>
> <BR><FONT SIZE=3D2>&gt; = &amp;quot;difficulty&amp;quot; to administer, I run
> all 3 and none of them make</FONT>
> <BR><FONT SIZE=3D2>&gt; me = shiver in my boots. Not sure what point you're
> attempting to make</FONT>
> <BR><FONT SIZE=3D2>&gt; = here?&lt;/FONT&gt;&lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;--- quoth the = raven,
> --- &lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;Everybody should = start
> with a *nix running on a = publicly</FONT>
> <BR><FONT SIZE=3D2>&gt; = accessable box.&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;(Note: Linux = doesn't
> count here, except possibly = really</FONT>
> <BR><FONT SIZE=3D2>&gt; old = versions of&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;Slackware. Damned = RH
> makes things too easy. No X = either</FONT>
> <BR><FONT SIZE=3D2>&gt; - CLI, = people!)&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT
> = SIZE=3D2&gt;________________________________________________________= ________________&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;Chet
> Hosey&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;lt;chosey@nidhog.com&amp;gt;&lt;/FONT&a= mp;gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;________________________________________________________= ________________&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;On Wed, 4 Apr = 2001,
> Bill Vermillion = wrote:&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; On Wed, = Apr
> 04, 2001 at 05:45:48PM +1000, = Enno</FONT>
> <BR><FONT SIZE=3D2>&gt; Davids = thus spoke:&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; |
> &amp;gt; Is there any way to trace who is = doing</FONT>
> <BR><FONT SIZE=3D2>&gt; it? | = &amp;gt; Running tcpdump&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; with
> certain filter settings to avoid = logging</FONT>
> <BR><FONT SIZE=3D2>&gt; = everything and&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt;
> filling the = disk?&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; |
> Dont bother... Just install the = fixed</FONT>
> <BR><FONT SIZE=3D2>&gt; version = of bind...&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; |
> Every kid with a script and an = internet</FONT>
> <BR><FONT SIZE=3D2>&gt; = connection is probably&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; |
> doing this to = you!!!&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; This
> response kind of bothers me. There was = a</FONT>
> <BR><FONT SIZE=3D2>&gt; = time&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; when
> everytime I could sanely trace spammers = I</FONT>
> <BR><FONT SIZE=3D2>&gt; = emailed&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt;
> abuse@wherever.was.relevant to advise = them.</FONT>
> <BR><FONT SIZE=3D2>&gt; = Similarly, when people&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt;
> probed Apache I'd send off = adivsory</FONT>
> <BR><FONT SIZE=3D2>&gt; = emails.&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; If you find = a
> way this works let me = know.&amp;nbsp;</FONT>
> <BR><FONT SIZE=3D2>&gt; I've = given up doing this&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = because
> except for the most well known, = I've</FONT>
> <BR><FONT SIZE=3D2>&gt; = received rejects from&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; all = mail
> addresses at the offending = provider,</FONT>
> <BR><FONT SIZE=3D2>&gt; = root,abuse,&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = postmaster,
> webmaster, etc.&amp;nbsp; So I just gave = up</FONT>
> <BR><FONT SIZE=3D2>&gt; and put = the in&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; the = REJECT
> list.&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; Those = days
> responsible people, and not quick = buck</FONT>
> <BR><FONT SIZE=3D2>&gt; = artists, we're&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; keeping = the
> 'net = running.&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt;
> There was a time when if you probed the = Apache</FONT>
> <BR><FONT SIZE=3D2>&gt; on my = machine it&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt;
> winnuke'd you back. Moral issues aside, = there</FONT>
> <BR><FONT SIZE=3D2>&gt; _was_ a = great deal&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; of
> satisfaction there... Needless to = say,</FONT>
> <BR><FONT SIZE=3D2>&gt; there's = little mileage&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; = &amp;gt; in
> this now (damned M$ service = packs!).</FONT>
> <BR><FONT SIZE=3D2>&gt; = :)&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; I never = was
> into 'revenge' or = 'tit-for-tat'.&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt;
> Bill&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt;
> --&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; Bill
> Vermillion -&amp;nbsp;&amp;nbsp; bv @ = wjv . com&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; To
> Unsubscribe: send mail to</FONT>
> <BR><FONT SIZE=3D2>&gt; = majordomo@FreeBSD.org&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;&amp;gt; with
> &amp;quot;unsubscribe = freebsd-isp&amp;quot; in the</FONT>
> <BR><FONT SIZE=3D2>&gt; body of = the message&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT
> = SIZE=3D2&gt;&amp;gt;&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;P&gt;&lt;FONT SIZE=3D2&gt;To Unsubscribe: = send
> mail to = majordomo@FreeBSD.org&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;BR&gt;&lt;FONT SIZE=3D2&gt;with
> &amp;quot;unsubscribe = freebsd-isp&amp;quot; in the body of</FONT>
> <BR><FONT SIZE=3D2>&gt; the = message&lt;/FONT&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/P&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = </FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/BODY&gt;</FONT>
> <BR><FONT SIZE=3D2>&gt; = &lt;/HTML&gt;</FONT>
> <BR><FONT SIZE=3D2>-- = </FONT>
> <BR><FONT SIZE=3D2>Jamie = Heckford</FONT>
> <BR><FONT SIZE=3D2>Chief Network = Engineer</FONT>
> <BR><FONT SIZE=3D2>Psi-Domain - = Innovative Linux Solutions. Ask Us
> How.</FONT>
> </P>
>
> <P><FONT SIZE=3D2>FreeBSD - The = power to serve</FONT>
> </P>
>
> <P><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
> <BR><FONT SIZE=3D2>email:&nbsp; = heckfordj@psi-domain.co.uk</FONT>
> <BR><FONT = SIZE=3D2>web:&nbsp;&nbsp;&nbsp; <A
> HREF=3D"http://www.psi-domain.co.uk/"
TARGET=3D"_blank">http://www.psi-domain.co.uk/</A></FONT>= ;
> </P>
>
> <P><FONT = SIZE=3D2>tel:&nbsp;&nbsp;&nbsp; +44 (0)1737 789 = 246</FONT>
> <BR><FONT = SIZE=3D2>fax:&nbsp;&nbsp;&nbsp; +44 (0)1737 789 = 245</FONT>
> <BR><FONT SIZE=3D2>mobile: +44 = (0)7866 724 224 </FONT>
> </P>
>
> <P><FONT = SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
> </P>
>
> </BODY>
> </HTML>
--
Jamie Heckford
Chief Network Engineer
Psi-Domain - Innovative Linux Solutions. Ask Us = How.

FreeBSD - The power to serve

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
email:  heckfordj@psi-domain.co.uk
web:    http://www.psi-domain.co.uk/

tel:    +44 (0)1737 789 246
fax:    +44 (0)1737 789 245
mobile: +44 (0)7866 724 224

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

------_=_NextPart_001_01C0BD26.CDD2FD5C-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 10:38:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from bilver.wjv.com (dhcp-1-48.n01.orldfl01.us.ra.verio.net [157.238.210.48]) by hub.freebsd.org (Postfix) with ESMTP id 2A67637B71F for ; Wed, 4 Apr 2001 10:38:39 -0700 (PDT) (envelope-from bill@bilver.wjv.com) Received: (from bill@localhost) by bilver.wjv.com (8.11.1/8.11.1) id f34Hc4525131; Wed, 4 Apr 2001 13:38:04 -0400 (EDT) (envelope-from bill) Date: Wed, 4 Apr 2001 13:38:00 -0400 From: Bill Vermillion To: Chet Hosey Cc: bv@wjv.com, Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404133800.I23799@wjv.com> Reply-To: bv@wjv.com References: <20010404114052.D23799@wjv.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from chosey@nidhog.com on Wed, Apr 04, 2001 at 11:58:03AM -0400 Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 11:58:03AM -0400, Chet Hosey thus spoke: > It's not idiots, or security holes, or solar radiation that > plagues the 'Net. There is simply a lack of courtesy towards > others. How many kiddies have ever seriously administered a > machine? I'd say this is more like the 'me first' attitudes so prevalent. > Everybody should start with a *nix running on a publicly > accessable box. (Note: Linux doesn't count here, except possibly > really old versions of Slackware. Damned RH makes things too easy. > No X either - CLI, people!) Does it count if I moved my BBS to a Unix dial in system in 1985 or so. Then I became a leaf then a node. Ran the classic BNews - and it only took 4 hours to compile. Machine was so slow and low on memory that if a site accidentally shipped me a 16 bit compressed news hunk - the machine would take hours constantly swapping - just to handle that. A great many of the machines then used 13-bit compression for news, as it save a lot of space/time, but was swift to compress and uncompress. Motorola 68000s at 4MHz were not fast - but the local Unix systems surely beat the local BBSes in speed. We all had Telebit Trailblazer that would really move data at 18,000bits/second - before the V.32 9600 BPS units became workable and affordable. The first 9600BPS unit I saw was a BT at $5000. We got the TB's at 1/2 price - only $800 each - IF we were in the UUCP maps. Those were fun days - and everyone helped each other - and malicious users were few and far between. The BBS program had a feature put in by the guy who wrote it - in BASIC for Unix mind you - that if the user wandered into the system and saw the 'format' command, and tired to run it, it came up with the typical warning message, and are you sure. When the person type Y - it kicked them out and edited the password file so they could not login in again. I'd guess you call that a 'good trojan'. Really fun then. -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 11:38:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sixpence.mtcibs.com (sixpence.solveinteractive.com [204.62.227.50]) by hub.freebsd.org (Postfix) with ESMTP id B154C37B720 for ; Wed, 4 Apr 2001 11:38:42 -0700 (PDT) (envelope-from rch@solveinteractive.com) Received: from gold.mtcibs.com (gold [204.62.225.30]) by sixpence.mtcibs.com (8.9.3/8.9.3) with ESMTP id OAA19678 for ; Wed, 4 Apr 2001 14:38:36 -0400 (EDT) Received: from trinity.solveinteractive.com (trinity.solveinteractive.com [204.62.225.170]) by gold.mtcibs.com (8.8.7/8.7.3) with ESMTP id OAA07654 for ; Wed, 4 Apr 2001 14:38:34 -0400 (EDT) Received: (from rch@localhost) by trinity.solveinteractive.com (8.11.1/8.11.1) id f34IcgP56935 for freebsd-isp@FreeBSD.ORG; Wed, 4 Apr 2001 14:38:42 -0400 (EDT) (envelope-from rch@solveinteractive.com) Date: Wed, 4 Apr 2001 14:38:42 -0400 From: Robert Hough To: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404143842.C48784@solveinteractive.com> Mail-Followup-To: freebsd-isp@FreeBSD.ORG References: <3ACAF18A.8E9716C@quake.com.au> <004301c0bd00$f51d9460$0201a8c0@fear.wrath.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <004301c0bd00$f51d9460$0201a8c0@fear.wrath.net>; from wrath@shianet.org on Wed, Apr 04, 2001 at 08:15:37 -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001, Brian wrote: > And port scanning is prosecuteable and there is a law for it. I'm probably wrong here, but I could have sworn I read that a judge recently ruled that port scanning was not harmful to networks, and therefore not illegal. If you expose your ass in public, you should expect one or more of the following. Someone will touch it, slap it, pinch it, or worse... Penetrate it. So knowing this, we shouldn't expose our asses in public... -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 11:47:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from batch3.csd.uwm.edu (batch3.csd.uwm.edu [129.89.7.226]) by hub.freebsd.org (Postfix) with ESMTP id 6ECAF37B728 for ; Wed, 4 Apr 2001 11:47:29 -0700 (PDT) (envelope-from cdc2@csd.uwm.edu) Received: from alpha1.csd.uwm.edu (cdc2@alpha1.csd.uwm.edu [129.89.7.201]) by batch3.csd.uwm.edu (8.8.4/8.6.8) with ESMTP id NAA11006; Wed, 4 Apr 2001 13:47:28 -0500 (CDT) Received: from localhost (cdc2@localhost) by alpha1.csd.uwm.edu (8.8.4/8.6.8) with SMTP id NAA26322; Wed, 4 Apr 2001 13:47:27 -0500 (CDT) Date: Wed, 4 Apr 2001 13:47:27 -0500 (CDT) From: Chuck To: Kal Torak Cc: "Forrest W. Christian" , Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <3ACB4416.61A31902@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Okay, let me refraze. I work for a University I am the sole computer guy for a network containing 50 work stations and four servers to include exchange and all that fun stuff that goes with it....Give me the correct resources and I will give the security that goes with it...but with what I have thats impossible. After all they dont pay me the 90,000 that it takes. To get to my point, not all IT departments are large enough to cover every single security breach in an OS, esspecialy when that OS is open source and any good coder who knows how to read can find a million holes it. Im not saying that the Admins should be stupid, just that there is only so much one person can do. On Thu, 5 Apr 2001, Kal Torak wrote: > Date: Thu, 05 Apr 2001 01:56:06 +1000 > From: Kal Torak > To: Chuck > Cc: "Forrest W. Christian" , > Enno Davids , freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > Chuck wrote: > > > > How can you tell the difference between a sloppy admin and one who has > > only been working the field for a few years and hasnt learned all the > > stuff that you have in all your years in it.. Why should we have to spend > > all our time keeping up with things like patches, upgrades, new hardware, > > virus while trying to keep our customer base happy providing 99.99% uptime > > and trying to fend out everyone person (its not just kids) with a computer > > who want to see how much trouble they can cause and either not get caught > > or get caught so they can put it on a job resume that they know how to > > mess up peoples machines. > > > > I run a MS shop and with all that I have to do its impossible to keep up, > > the only thing saving my butt is that MS has only limited release of > > source code so that everyone who knows C cant just browse though and find > > the holes, but even still I dont know when I can go thought a week without > > having problems from somewhere. > > Yes, its your job! > You have no right to complain to some kids isp that they cracked your systems > if you didnt even bother securing them! > > Companys that have personal data, should be fined if there security is breached > through poor administration... You can make as many laws as you like against > sniffing etc, but it wont slove anything! > > Infact I dont even see how anyone could call network scanning a crime... > Its just like knocking on someones door to see if they are home, are we > going to make that a crime as well? > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 11:54:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from anaconda.acceleratedweb.net (anaconda.acceleratedweb.net [209.51.164.130]) by hub.freebsd.org (Postfix) with SMTP id 7CFC337B724 for ; Wed, 4 Apr 2001 11:54:44 -0700 (PDT) (envelope-from simon@optinet.com) Received: (qmail 92903 invoked by uid 106); 4 Apr 2001 18:54:55 -0000 Received: from unknown (HELO sharky) (66.65.36.21) by anaconda.acceleratedweb.net with SMTP; 4 Apr 2001 18:54:55 -0000 From: "Simon" To: "Chuck" , "Kal Torak" Cc: "Enno Davids" , "Forrest W. Christian" , "freebsd-isp@FreeBSD.ORG" Date: Wed, 04 Apr 2001 13:58:59 -0500 Reply-To: "Simon" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 2000 (5.0.2195) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-Id: <20010404185444.7CFC337B724@hub.freebsd.org> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's true, however, a lot if not most companies don't take security seriously until it bites them in the ass. An organization must care before an admin would. -Simon On Wed, 4 Apr 2001 13:47:27 -0500 (CDT), Chuck wrote: > >Okay, let me refraze. > >I work for a University I am the sole computer guy for a network >containing 50 work stations and four servers to include exchange and all >that fun stuff that goes with it....Give me the correct resources and I >will give the security that goes with it...but with what I have thats >impossible. After all they dont pay me the 90,000 that it takes. > >To get to my point, not all IT departments are large enough to cover every >single security breach in an OS, esspecialy when that OS is open source >and any good coder who knows how to read can find a million holes it. > > >Im not saying that the Admins should be stupid, just that there is only so >much one person can do. > > > >On Thu, 5 Apr 2001, Kal Torak wrote: > >> Date: Thu, 05 Apr 2001 01:56:06 +1000 >> From: Kal Torak >> To: Chuck >> Cc: "Forrest W. Christian" , >> Enno Davids , freebsd- isp@FreeBSD.ORG >> Subject: Re: Chasing the kiddies (was: Named Keep crashing) >> >> Chuck wrote: >> > >> > How can you tell the difference between a sloppy admin and one who has >> > only been working the field for a few years and hasnt learned all the >> > stuff that you have in all your years in it.. Why should we have to spend >> > all our time keeping up with things like patches, upgrades, new hardware, >> > virus while trying to keep our customer base happy providing 99.99% uptime >> > and trying to fend out everyone person (its not just kids) with a computer >> > who want to see how much trouble they can cause and either not get caught >> > or get caught so they can put it on a job resume that they know how to >> > mess up peoples machines. >> > >> > I run a MS shop and with all that I have to do its impossible to keep up, >> > the only thing saving my butt is that MS has only limited release of >> > source code so that everyone who knows C cant just browse though and find >> > the holes, but even still I dont know when I can go thought a week without >> > having problems from somewhere. >> >> Yes, its your job! >> You have no right to complain to some kids isp that they cracked your systems >> if you didnt even bother securing them! >> >> Companys that have personal data, should be fined if there security is breached >> through poor administration... You can make as many laws as you like against >> sniffing etc, but it wont slove anything! >> >> Infact I dont even see how anyone could call network scanning a crime... >> Its just like knocking on someones door to see if they are home, are we >> going to make that a crime as well? >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 12:10:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from laptop.os2warp.org (laptopatwork.os2warp.org [209.136.201.27]) by hub.freebsd.org (Postfix) with ESMTP id 89EDB37B728 for ; Wed, 4 Apr 2001 12:10:18 -0700 (PDT) (envelope-from lambert@os2warp.org) Received: by laptop.os2warp.org (Postfix, from userid 1000) id 1E6D99B0A; Wed, 4 Apr 2001 14:10:45 -0500 (CDT) Date: Wed, 4 Apr 2001 14:10:45 -0500 From: Scott Lambert To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404141044.A879@laptop.os2warp.org> Reply-To: Scott Lambert References: <3ACB4416.61A31902@quake.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from cdc2@csd.uwm.edu on Wed, Apr 04, 2001 at 01:47:27PM -0500 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 01:47:27PM -0500, Chuck wrote: > Date: Wed, 4 Apr 2001 13:47:27 -0500 (CDT) > From: Chuck > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > Okay, let me refraze. > > I work for a University I am the sole computer guy for a network > containing 50 work stations and four servers to include exchange and all > that fun stuff that goes with it....Give me the correct resources and I > will give the security that goes with it...but with what I have thats > impossible. After all they dont pay me the 90,000 that it takes. > To get to my point, not all IT departments are large enough to cover every > single security breach in an OS, esspecialy when that OS is open source > and any good coder who knows how to read can find a million holes it. I don't get paid anything close to $90,000. I have managed 12 FreeBSD servers, 5 FreeBSD workstations (at work, more at home), we have 15,000 dial-up users, and everyone runs to me when their Windows box has "issues". I haven't had a security breach since I killed off the old boxes left by a previous admin. This is my first *nix job. I have had to learn FreeBSD, and security, and each server software package at the same time. I've been doing this for two years. I worked an average of 65 hours per week for the first year. Then I learned how to NFS mount my /usr/src and /usr/obj trees. Now I spend most most of my time looking at ways to improve the quality of the services we provide to the customers. When a security problem is announced I have all of my machines upgraded that evening if it isn't too serious and within an hour if it is serious. One of my (l)users managed to infect themselves with a virus. It took me three days to get it cleaned off her system without a network connection and without losing her data files. That has been my biggest issue, and the Windows boxes are not in my job description. If they were, we wouldn't have any. We'd have FreeBSD X-stations. So don't give us this nonsense about the open-source OSs being so difficult to stay on top of. > Im not saying that the Admins should be stupid, just that there is only so > much one person can do. Maybe you have chosen the wrong career field. I think a real SysAdmin can administrate his/her systems and is willing to learn what they need to know to do so. I'm too lazy to run Windows stuff. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 12:31:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 2840F37B71C for ; Wed, 4 Apr 2001 12:31:15 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id NAA10271; Wed, 4 Apr 2001 13:16:19 -0600 (MDT) Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) From: "Forrest W. Christian" To: Kal Torak Cc: Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <3ACAF18A.8E9716C@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Apr 2001, Kal Torak wrote: > Why should network scanning be a crime at all? If anything should be a crime > its sloppy admins that let there networks get comprimised... But when after you scan, you break in and destroy data, THAT should be the crime I'm talking about. What you don't realize is that a lot of these attacks are now automated rootkits which basically scan for the hole and if they find it, ROOT YOUR MACHINE. This is wrong. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 12:55:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from laptop.os2warp.org (laptopatwork.os2warp.org [209.136.201.27]) by hub.freebsd.org (Postfix) with ESMTP id A1A3A37B71C for ; Wed, 4 Apr 2001 12:55:52 -0700 (PDT) (envelope-from lambert@os2warp.org) Received: by laptop.os2warp.org (Postfix, from userid 1000) id 9FF0F9B0A; Wed, 4 Apr 2001 14:56:17 -0500 (CDT) Date: Wed, 4 Apr 2001 14:56:17 -0500 From: Scott Lambert To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404145617.B879@laptop.os2warp.org> Reply-To: FreeBSD-ISP@FreeBSD.org References: <3ACAF18A.8E9716C@quake.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from forrestc@imach.com on Wed, Apr 04, 2001 at 01:16:19PM -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > From: "Forrest W. Christian" > To: Kal Torak > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > Why should network scanning be a crime at all? If anything should be a crime > > its sloppy admins that let there networks get comprimised... > > But when after you scan, you break in and destroy data, THAT should be the > crime I'm talking about. > > What you don't realize is that a lot of these attacks are now automated > rootkits which basically scan for the hole and if they find it, ROOT YOUR > MACHINE. > > This is wrong. These people who don't think scanning is a problem bother me. I don't have time to hunt down all the scanning kiddies, but I don't like them. I do hunt down the ones I get complaints on. Scanning a network is just like "casing" a neighborhood in my book. The police will stop you and check your background and want to know if you have any business in the area if someone reports you to them. The police call it suspicious behaviour which gives them probable cause to stop the bad guy. They get what information they can from him and if he is not (yet) wanted they let him go. But they watch him. They remember he was in the area and if any complaints do come in they go grab him first. I do the same thing with my scanning kiddies. My kiddies who go scanning my network or other people's networks get a phone call. I talk to their parents and tell them their kids are on the wrong road and could wind up in jail if they ever open one of those doors. Hopefully the parents can straighten the kids out. I hope the kids tell the other kids that they got busted. It lets them know they can get in trouble for it and will hopefully discourage them. I just wish I could go visit them physically so I could make certain they were scared before I let them go. Entering a computer system is breaking and entering. Send them to jail. It doesn't matter if they immediately left without doing anything. If anyone enters my home through a window I have left open for ventilation at night, they could very possibly be shot or bludgeoned about the head and shoulders by a baseball bat or whatever other blunt or sharp object I find first. They will most likely end up in jail. It makes no difference that the window was open. You just don't cross those lines. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:15: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id ADB1A37B72B for ; Wed, 4 Apr 2001 13:14:58 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:28:46 -0400 Message-ID: From: "Drew J. Weaver" To: "'FreeBSD-ISP@FreeBSD.org'" Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:28:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD45.D8D3E0B2" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD45.D8D3E0B2 Content-Type: text/plain; charset="iso-8859-1" And people that say that port scanning is harmless, port scanning is just a precursor to being 'rooted' its not going to be the last thing you hear from a script kiddie, its not like someone port scans your box[if insecure] and then just leaves, (i guess then it would be harmless) then they try to hack into it (naturally). -Drew -----Original Message----- From: Scott Lambert [mailto:lambert@cswnet.com] Sent: Wednesday, April 04, 2001 3:56 PM To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > From: "Forrest W. Christian" > To: Kal Torak > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > Why should network scanning be a crime at all? If anything should be a crime > > its sloppy admins that let there networks get comprimised... > > But when after you scan, you break in and destroy data, THAT should be the > crime I'm talking about. > > What you don't realize is that a lot of these attacks are now automated > rootkits which basically scan for the hole and if they find it, ROOT YOUR > MACHINE. > > This is wrong. These people who don't think scanning is a problem bother me. I don't have time to hunt down all the scanning kiddies, but I don't like them. I do hunt down the ones I get complaints on. Scanning a network is just like "casing" a neighborhood in my book. The police will stop you and check your background and want to know if you have any business in the area if someone reports you to them. The police call it suspicious behaviour which gives them probable cause to stop the bad guy. They get what information they can from him and if he is not (yet) wanted they let him go. But they watch him. They remember he was in the area and if any complaints do come in they go grab him first. I do the same thing with my scanning kiddies. My kiddies who go scanning my network or other people's networks get a phone call. I talk to their parents and tell them their kids are on the wrong road and could wind up in jail if they ever open one of those doors. Hopefully the parents can straighten the kids out. I hope the kids tell the other kids that they got busted. It lets them know they can get in trouble for it and will hopefully discourage them. I just wish I could go visit them physically so I could make certain they were scared before I let them go. Entering a computer system is breaking and entering. Send them to jail. It doesn't matter if they immediately left without doing anything. If anyone enters my home through a window I have left open for ventilation at night, they could very possibly be shot or bludgeoned about the head and shoulders by a baseball bat or whatever other blunt or sharp object I find first. They will most likely end up in jail. It makes no difference that the window was open. You just don't cross those lines. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD45.D8D3E0B2 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

And people that say that port scanning is harmless, = port scanning is just a precursor to being 'rooted' its not going to be = the last thing you hear from a script kiddie, its not like someone port = scans your box[if insecure] and then just leaves, (i guess then it = would be harmless) then they try to hack into it (naturally). =

-Drew


-----Original Message-----
From: Scott Lambert [mailto:lambert@cswnet.com]=
Sent: Wednesday, April 04, 2001 3:56 PM
To: FreeBSD-ISP@FreeBSD.org
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)


On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. = Christian wrote:
> Date: Wed, 4 Apr 2001 13:16:19 -0600 = (MDT)
> From: "Forrest W. Christian" = <forrestc@imach.com>
> To: Kal Torak = <kaltorak@quake.com.au>
> Cc: Enno Davids = <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG
> Subject: Re: Chasing the kiddies (was: Named = Keep crashing)
>
> On Wed, 4 Apr 2001, Kal Torak wrote:
>
> > Why should network scanning be a crime at = all? If anything should be a crime
> > its sloppy admins that let there networks = get comprimised...
>
> But when after you scan, you break in and = destroy data, THAT should be the
> crime I'm talking about.
>
> What you don't realize is that a lot of these = attacks are now automated
> rootkits which basically scan for the hole and = if they find it, ROOT YOUR
> MACHINE.
>
> This is wrong.

These people who don't think scanning is a problem = bother me.  I don't have
time to hunt down all the scanning kiddies, but I = don't like them.  I do
hunt down the ones I get complaints on.  =

Scanning a network is just like "casing" a = neighborhood in my book.  The
police will stop you and check your background and = want to know if you
have any business in the area if someone reports you = to them.  The police
call it suspicious behaviour which gives them = probable cause to stop the
bad guy.  They get what information they can = from him and if he is not
(yet) wanted they let him go.  But they watch = him.  They remember he was
in the area and if any complaints do come in they go = grab him first.

I do the same thing with my scanning kiddies.  = My kiddies who go scanning
my network or other people's networks get a phone = call.  I talk to their
parents and tell them their kids are on the wrong = road and could wind up
in jail if they ever open one of those doors.  = Hopefully the parents can
straighten the kids out.  I hope the kids tell = the other kids that they
got busted.  It lets them know they can get in = trouble for it and will
hopefully discourage them.

I just wish I could go visit them physically so I = could make certain they
were scared before I let them go.

Entering a computer system is breaking and = entering.  Send them to jail. 
It doesn't matter if they immediately left without = doing anything.  If anyone
enters my home through a window I have left open for = ventilation at night,
they could very possibly be shot or bludgeoned about = the head and shoulders
by a baseball bat or whatever other blunt or sharp = object I find first. 
They will most likely end up in jail.  It makes = no difference that the
window was open.  You just don't cross those = lines.

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD45.D8D3E0B2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:15:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id 4E4FF37B71F for ; Wed, 4 Apr 2001 13:15:28 -0700 (PDT) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f34KFUc46055 for ; Wed, 4 Apr 2001 16:15:30 -0400 (EDT) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Wed, 4 Apr 2001 16:15:30 -0400 (EDT) From: Chet Hosey To: Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: <20010404145617.B879@laptop.os2warp.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" > > To: Kal Torak > > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:19:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 6A85337B718 for ; Wed, 4 Apr 2001 13:19:08 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:32:56 -0400 Message-ID: From: "Drew J. Weaver" To: 'Chet Hosey' , FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:32:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD46.6CD55BBA" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/plain; charset="iso-8859-1" I couldn't imagine any circumstance under which anyone else on the internet needs to know which services are running on a server that I control. So yes, I suppose they are all malicious. -Drew -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 4:16 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" > > To: Kal Torak > > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

I couldn't imagine any circumstance under which = anyone else on the internet needs to know which services are running on = a server that I control. So yes, I suppose they are all = malicious.

-Drew


-----Original Message-----
From: Chet Hosey [mailto:chosey@nidhog.com]
Sent: Wednesday, April 04, 2001 4:16 PM
To: FreeBSD-ISP@FreeBSD.ORG
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)


Do you assume that all port scans are malicious? Is = there a situation in
which a scan would not cause you make such a = call?

_______________________________________________________________= _________

Chet Hosey
<chosey@nidhog.com>
_______________________________________________________________= _________

On Wed, 4 Apr 2001, Scott Lambert wrote:

> On Wed, Apr 04, 2001 at 01:16:19PM -0600, = Forrest W. Christian wrote:
> > Date: Wed, 4 Apr 2001 13:16:19 -0600 = (MDT)
> > From: "Forrest W. Christian" = <forrestc@imach.com>
> > To: Kal Torak = <kaltorak@quake.com.au>
> > Cc: Enno Davids = <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG
> > Subject: Re: Chasing the kiddies (was: = Named Keep crashing)
> >
> > On Wed, 4 Apr 2001, Kal Torak = wrote:
> >
> > > Why should network scanning be a = crime at all? If anything should be a crime
> > > its sloppy admins that let there = networks get comprimised...
> >
> > But when after you scan, you break in and = destroy data, THAT should be the
> > crime I'm talking about.
> >
> > What you don't realize is that a lot of = these attacks are now automated
> > rootkits which basically scan for the hole = and if they find it, ROOT YOUR
> > MACHINE.
> >
> > This is wrong.
>
> These people who don't think scanning is a = problem bother me.  I don't have
> time to hunt down all the scanning kiddies, but = I don't like them.  I do
> hunt down the ones I get complaints on.
>
> Scanning a network is just like = "casing" a neighborhood in my book.  The
> police will stop you and check your background = and want to know if you
> have any business in the area if someone = reports you to them.  The police
> call it suspicious behaviour which gives them = probable cause to stop the
> bad guy.  They get what information they = can from him and if he is not
> (yet) wanted they let him go.  But they = watch him.  They remember he was
> in the area and if any complaints do come in = they go grab him first.
>
> I do the same thing with my scanning = kiddies.  My kiddies who go scanning
> my network or other people's networks get a = phone call.  I talk to their
> parents and tell them their kids are on the = wrong road and could wind up
> in jail if they ever open one of those = doors.  Hopefully the parents can
> straighten the kids out.  I hope the kids = tell the other kids that they
> got busted.  It lets them know they can = get in trouble for it and will
> hopefully discourage them.
>
> I just wish I could go visit them physically so = I could make certain they
> were scared before I let them go.
>
> Entering a computer system is breaking and = entering.  Send them to jail.
> It doesn't matter if they immediately left = without doing anything.  If anyone
> enters my home through a window I have left = open for ventilation at night,
> they could very possibly be shot or bludgeoned = about the head and shoulders
> by a baseball bat or whatever other blunt or = sharp object I find first.
> They will most likely end up in jail.  It = makes no difference that the
> window was open.  You just don't cross = those lines.
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD46.6CD55BBA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:24: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from tele-post-20.mail.demon.net (tele-post-20.mail.demon.net [194.217.242.20]) by hub.freebsd.org (Postfix) with ESMTP id 644AF37B720 for ; Wed, 4 Apr 2001 13:23:58 -0700 (PDT) (envelope-from si@chemicalterrorism.com) Received: from freebsd.demon.co.uk ([194.222.171.207] helo=chemicalterrorism.com) by tele-post-20.mail.demon.net with esmtp (Exim 2.12 #2) id 14ktop-000Pu6-0K; Wed, 4 Apr 2001 20:23:57 +0000 Received: from sycho (sycho.chemicalterrorism.com [192.168.0.2]) by chemicalterrorism.com (Postfix) with SMTP id 5D637F443; Wed, 4 Apr 2001 21:23:20 +0100 (BST) From: "Si" To: "Chuck" Cc: Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 21:23:33 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 In-Reply-To: Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Apr 2001 13:47:27 -0500 (CDT) Chuck Wrote: > Im not saying that the Admins should be stupid, just that there is only so > much one person can do. I agree with you there, I work for a small company that does specialist services and to be honest there's really me and err me. This means that anything even remotely connected to computing (Basically anything with a chip) is my responsibility. I don't feel its the SA that's at fault allot of the time, its the company and how they decide to prioritise jobs for the staff. Ohh yea, guess what, I'm currently seeking employment elsewhere, small companies can suck so badly. Si. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:26:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by hub.freebsd.org (Postfix) with ESMTP id BF0B937B724 for ; Wed, 4 Apr 2001 13:26:43 -0700 (PDT) (envelope-from shovey@buffnet.net) Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55]) by buffnet4.buffnet.net (8.9.3/8.8.7) with ESMTP id QAA66109; Wed, 4 Apr 2001 16:26:17 -0400 (EDT) (envelope-from shovey@buffnet.net) Date: Wed, 4 Apr 2001 16:26:05 -0400 (EDT) From: Stephen Hovey To: Si Cc: Chuck , freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I hear that! My last job - they asked me to be in charge of the damn FAX! That one finally broke it! > > I agree with you there, I work for a small company that does specialist > services and to be honest there's really me and err me. This means that > anything even remotely connected to computing (Basically anything with a > chip) is my responsibility. I don't feel its the SA that's at fault allot > of the time, its the company and how they decide to prioritise jobs for the > staff. > > Ohh yea, guess what, I'm currently seeking employment elsewhere, small > companies can suck so badly. > > Si. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:28: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 867AE37B729 for ; Wed, 4 Apr 2001 13:27:56 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:41:44 -0400 Message-ID: From: "Drew J. Weaver" To: 'Si' , Chuck Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:41:36 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD47.A8C1B56E" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD47.A8C1B56E Content-Type: text/plain; charset="iso-8859-1" Yes, small companies can suck, but most of the time you are granted certain leiniences(is that even a word?) or you are expected less of in terms of, dress code, showing up at work on time, not having barbecues in the middle of the work day, stuff like that. Really depends on what you're looking for i suppose. -Drew -----Original Message----- From: Si [mailto:si@chemicalterrorism.com] Sent: Wednesday, April 04, 2001 4:24 PM To: Chuck Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) On Wed, 4 Apr 2001 13:47:27 -0500 (CDT) Chuck Wrote: > Im not saying that the Admins should be stupid, just that there is only so > much one person can do. I agree with you there, I work for a small company that does specialist services and to be honest there's really me and err me. This means that anything even remotely connected to computing (Basically anything with a chip) is my responsibility. I don't feel its the SA that's at fault allot of the time, its the company and how they decide to prioritise jobs for the staff. Ohh yea, guess what, I'm currently seeking employment elsewhere, small companies can suck so badly. Si. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD47.A8C1B56E Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

Yes, small companies can suck, but most of the time = you are granted certain leiniences(is that even a word?) or you are = expected less of in terms of, dress code, showing up at work on time, = not having barbecues in the middle of the work day, stuff like that. = Really depends on what you're looking for i suppose.

-Drew


-----Original Message-----
From: Si [mailto:si@chemicalterrorism.com= ]
Sent: Wednesday, April 04, 2001 4:24 PM
To: Chuck
Cc: freebsd-isp@FreeBSD.ORG
Subject: RE: Chasing the kiddies (was: Named Keep = crashing)


On Wed, 4 Apr 2001 13:47:27 -0500 (CDT) Chuck = Wrote:

> Im not saying that the Admins should be stupid, = just that there is only so
> much one person can do.

I agree with you there, I work for a small company = that does specialist
services and to be honest there's really me and err = me.  This means that
anything even remotely connected to computing = (Basically anything with a
chip) is my responsibility.  I don't feel its = the SA that's at fault allot
of the time, its the company and how they decide to = prioritise jobs for the
staff.

Ohh yea, guess what, I'm currently seeking employment = elsewhere, small
companies can suck so badly.

Si.


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD47.A8C1B56E-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:29: 3 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 6C5ED37B728 for ; Wed, 4 Apr 2001 13:28:56 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:42:44 -0400 Message-ID: From: "Drew J. Weaver" To: 'Stephen Hovey' , Si Cc: Chuck , freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:42:40 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD47.CC89C022" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD47.CC89C022 Content-Type: text/plain; charset="iso-8859-1" Thats when you tell them you want to telecommute and/or you want a 5k/yr raise =) -Drew -----Original Message----- From: Stephen Hovey [mailto:shovey@buffnet.net] Sent: Wednesday, April 04, 2001 4:26 PM To: Si Cc: Chuck; freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) I hear that! My last job - they asked me to be in charge of the damn FAX! That one finally broke it! > > I agree with you there, I work for a small company that does specialist > services and to be honest there's really me and err me. This means that > anything even remotely connected to computing (Basically anything with a > chip) is my responsibility. I don't feel its the SA that's at fault allot > of the time, its the company and how they decide to prioritise jobs for the > staff. > > Ohh yea, guess what, I'm currently seeking employment elsewhere, small > companies can suck so badly. > > Si. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD47.CC89C022 Content-Type: text/html; charset="iso-8859-1" RE: Chasing the kiddies (was: Named Keep crashing)

Thats when you tell them you want to telecommute and/or you want a 5k/yr raise =)

-Drew


-----Original Message-----
From: Stephen Hovey [mailto:shovey@buffnet.net]
Sent: Wednesday, April 04, 2001 4:26 PM
To: Si
Cc: Chuck; freebsd-isp@FreeBSD.ORG
Subject: RE: Chasing the kiddies (was: Named Keep crashing)



I hear that!  My last job - they asked me to be in charge of the damn FAX!
That one finally broke it!


>
> I agree with you there, I work for a small company that does specialist
> services and to be honest there's really me and err me.  This means that
> anything even remotely connected to computing (Basically anything with a
> chip) is my responsibility.  I don't feel its the SA that's at fault allot
> of the time, its the company and how they decide to prioritise jobs for the
> staff.
>
> Ohh yea, guess what, I'm currently seeking employment elsewhere, small
> companies can suck so badly.
>
> Si.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C0BD47.CC89C022-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:55:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sixpence.mtcibs.com (sixpence.solveinteractive.com [204.62.227.50]) by hub.freebsd.org (Postfix) with ESMTP id BB78137B72C for ; Wed, 4 Apr 2001 13:55:16 -0700 (PDT) (envelope-from rch@solveinteractive.com) Received: from gold.mtcibs.com (gold [204.62.225.30]) by sixpence.mtcibs.com (8.9.3/8.9.3) with ESMTP id QAA20679 for ; Wed, 4 Apr 2001 16:55:15 -0400 (EDT) Received: from trinity.solveinteractive.com (trinity.solveinteractive.com [204.62.225.170]) by gold.mtcibs.com (8.8.7/8.7.3) with ESMTP id QAA09698 for ; Wed, 4 Apr 2001 16:55:14 -0400 (EDT) Received: (from rch@localhost) by trinity.solveinteractive.com (8.11.1/8.11.1) id f34KtNF57424 for FreeBSD-ISP@FreeBSD.ORG; Wed, 4 Apr 2001 16:55:23 -0400 (EDT) (envelope-from rch@solveinteractive.com) Date: Wed, 4 Apr 2001 16:55:23 -0400 From: Robert Hough To: "'FreeBSD-ISP@FreeBSD.org'" Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404165523.G48784@solveinteractive.com> Mail-Followup-To: "'FreeBSD-ISP@FreeBSD.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 16:28:44 -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001, Drew J. Weaver wrote: > And people that say that port scanning is harmless, port scanning is just a > precursor to being 'rooted' I own a butcher knife that is quite good at slicing meat. When I pull it out, does that mean I'm going to cut your arm off? -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 13:57:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sixpence.mtcibs.com (sixpence.solveinteractive.com [204.62.227.50]) by hub.freebsd.org (Postfix) with ESMTP id 31E0137B71C for ; Wed, 4 Apr 2001 13:57:37 -0700 (PDT) (envelope-from rch@solveinteractive.com) Received: from gold.mtcibs.com (gold [204.62.225.30]) by sixpence.mtcibs.com (8.9.3/8.9.3) with ESMTP id QAA20707 for ; Wed, 4 Apr 2001 16:57:36 -0400 (EDT) Received: from trinity.solveinteractive.com (trinity.solveinteractive.com [204.62.225.170]) by gold.mtcibs.com (8.8.7/8.7.3) with ESMTP id QAA09758 for ; Wed, 4 Apr 2001 16:57:33 -0400 (EDT) Received: (from rch@localhost) by trinity.solveinteractive.com (8.11.1/8.11.1) id f34KvhU57437 for FreeBSD-ISP@FreeBSD.ORG; Wed, 4 Apr 2001 16:57:43 -0400 (EDT) (envelope-from rch@solveinteractive.com) Date: Wed, 4 Apr 2001 16:57:43 -0400 From: Robert Hough To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404165742.H48784@solveinteractive.com> Mail-Followup-To: FreeBSD-ISP@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 16:32:47 -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001, Drew J. Weaver wrote: > I couldn't imagine any circumstance under which anyone else on the internet > needs to know which services are running on a server that I control. So yes, > I suppose they are all malicious. You are running a server on a public network. Therefore, I might decide to see what services are available for me to use. How is this wrong? If you don't want me using a service, then lock it. -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14: 3:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 0DA7E37B72C for ; Wed, 4 Apr 2001 14:03:48 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:17:35 -0400 Message-ID: From: "Drew J. Weaver" To: 'Robert Hough' , FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 17:17:32 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD4C.AA76202A" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD4C.AA76202A Content-Type: text/plain; charset="iso-8859-1" Because if I wanted you using a service on one of my boxes you'd know about it already, and wouldn't need to port scan my servers. -Drew -----Original Message----- From: Robert Hough [mailto:rch@solveinteractive.com] Sent: Wednesday, April 04, 2001 4:58 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) On Wed, Apr 04, 2001, Drew J. Weaver wrote: > I couldn't imagine any circumstance under which anyone else on the internet > needs to know which services are running on a server that I control. So yes, > I suppose they are all malicious. You are running a server on a public network. Therefore, I might decide to see what services are available for me to use. How is this wrong? If you don't want me using a service, then lock it. -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD4C.AA76202A Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

Because if I wanted you using a service on one of my = boxes you'd know about it already, and wouldn't need to port scan my = servers.

-Drew


-----Original Message-----
From: Robert Hough [mailto:rch@solveinteractive.com= ]
Sent: Wednesday, April 04, 2001 4:58 PM
To: FreeBSD-ISP@FreeBSD.ORG
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)


On Wed, Apr 04, 2001, Drew J. Weaver wrote:

> I couldn't imagine any circumstance under which = anyone else on the internet
> needs to know which services are running on a = server that I control. So yes,
> I suppose they are all malicious.

You are running a server on a public network. = Therefore, I might decide to
see what services are available for me to use. How = is this wrong? If you
don't want me using a service, then lock it.

--
Robert Hough (rch@solveinteractive.com)

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD4C.AA76202A-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:16:39 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.knight-trosoft.com (mail.knight-trosoft.com [209.180.70.2]) by hub.freebsd.org (Postfix) with ESMTP id E4B3037B72B for ; Wed, 4 Apr 2001 14:16:32 -0700 (PDT) (envelope-from johnp@mail.knight-trosoft.com) Received: (from johnp@localhost) by mail.knight-trosoft.com (8.11.0/8.11.0) id f34LErY82975; Wed, 4 Apr 2001 16:14:53 -0500 (CDT) Date: Wed, 4 Apr 2001 16:14:53 -0500 (CDT) From: John Prince Message-Id: <200104042114.f34LErY82975@mail.knight-trosoft.com> To: drew.weaver@thenap.com, FreeBSD-ISP@FreeBSD.ORG, rch@solveinteractive.com Subject: RE: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can we end this thread, or at lease move it to chat?? I think its a bit off topic.. --john > From owner-freebsd-isp@FreeBSD.ORG Wed Apr 4 16:02:34 2001 > From: "Drew J. Weaver" > To: "'Robert Hough'" , FreeBSD-ISP@FreeBSD.ORG > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > Date: Wed, 4 Apr 2001 17:17:32 -0400 > > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > ------_=_NextPart_001_01C0BD4C.AA76202A > Content-Type: text/plain; > charset="iso-8859-1" > > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. > > -Drew > > > -----Original Message----- > From: Robert Hough [mailto:rch@solveinteractive.com] > Sent: Wednesday, April 04, 2001 4:58 PM > To: FreeBSD-ISP@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > On Wed, Apr 04, 2001, Drew J. Weaver wrote: > > > I couldn't imagine any circumstance under which anyone else on the > internet > > needs to know which services are running on a server that I control. So > yes, > > I suppose they are all malicious. > > You are running a server on a public network. Therefore, I might decide to > see what services are available for me to use. How is this wrong? If you > don't want me using a service, then lock it. > > -- > Robert Hough (rch@solveinteractive.com) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > ------_=_NextPart_001_01C0BD4C.AA76202A > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > > charset=3Diso-8859-1"> > 5.5.2650.12"> > RE: Chasing the kiddies (was: Named Keep crashing) > > > >

Because if I wanted you using a service on one of my = > boxes you'd know about it already, and wouldn't need to port scan my = > servers.

> >

-Drew >

>
> >

-----Original Message----- >
From: Robert Hough [ HREF=3D"mailto:rch@solveinteractive.com">mailto:rch@solveinteractive.com= > ] >
Sent: Wednesday, April 04, 2001 4:58 PM >
To: FreeBSD-ISP@FreeBSD.ORG >
Subject: Re: Chasing the kiddies (was: Named Keep = > crashing) >

>
> >

On Wed, Apr 04, 2001, Drew J. Weaver wrote: >

> >

> I couldn't imagine any circumstance under which = > anyone else on the internet >
> needs to know which services are running on a = > server that I control. So yes, >
> I suppose they are all malicious. >

> >

You are running a server on a public network. = > Therefore, I might decide to >
see what services are available for me to use. How = > is this wrong? If you >
don't want me using a service, then lock it. >

> >

-- >
Robert Hough (rch@solveinteractive.com) >

> >

To Unsubscribe: send mail to = > majordomo@FreeBSD.org >
with "unsubscribe freebsd-isp" in the body = > of the message >

> > > > ------_=_NextPart_001_01C0BD4C.AA76202A-- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:21:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from sixpence.mtcibs.com (sixpence.solveinteractive.com [204.62.227.50]) by hub.freebsd.org (Postfix) with ESMTP id 903FD37B72E for ; Wed, 4 Apr 2001 14:21:10 -0700 (PDT) (envelope-from rch@solveinteractive.com) Received: from gold.mtcibs.com (gold [204.62.225.30]) by sixpence.mtcibs.com (8.9.3/8.9.3) with ESMTP id RAA20823 for ; Wed, 4 Apr 2001 17:21:09 -0400 (EDT) Received: from trinity.solveinteractive.com (trinity.solveinteractive.com [204.62.225.170]) by gold.mtcibs.com (8.8.7/8.7.3) with ESMTP id RAA10052 for ; Wed, 4 Apr 2001 17:21:07 -0400 (EDT) Received: (from rch@localhost) by trinity.solveinteractive.com (8.11.1/8.11.1) id f34LLHB57551 for FreeBSD-ISP@FreeBSD.ORG; Wed, 4 Apr 2001 17:21:17 -0400 (EDT) (envelope-from rch@solveinteractive.com) Date: Wed, 4 Apr 2001 17:21:17 -0400 From: Robert Hough To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404172117.I48784@solveinteractive.com> Mail-Followup-To: FreeBSD-ISP@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 17:17:32 -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001, Drew J. Weaver wrote: > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. Security through Obscurity eh? Sounds like a dangerous practice to me, but whatever works for you I suppose... -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:24:43 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id A8DB537B71E for ; Wed, 4 Apr 2001 14:24:37 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:38:25 -0400 Message-ID: From: "Drew J. Weaver" To: 'Robert Hough' , FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 17:38:18 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD4F.9389C1DE" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD4F.9389C1DE Content-Type: text/plain; charset="iso-8859-1" This will be my last reply in this thread, and I just wanted to say. I was speaking theoretically, are multi-port scanable at this time and are very secure. Have a groovy day. -----Original Message----- From: Robert Hough [mailto:rch@solveinteractive.com] Sent: Wednesday, April 04, 2001 5:21 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) On Wed, Apr 04, 2001, Drew J. Weaver wrote: > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. Security through Obscurity eh? Sounds like a dangerous practice to me, but whatever works for you I suppose... -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD4F.9389C1DE Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

This will be my last reply in this thread, and I just = wanted to say. I was speaking theoretically, are multi-port scanable at = this time and are very secure.

Have a groovy day.

-----Original Message-----
From: Robert Hough [mailto:rch@solveinteractive.com= ]
Sent: Wednesday, April 04, 2001 5:21 PM
To: FreeBSD-ISP@FreeBSD.ORG
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)


On Wed, Apr 04, 2001, Drew J. Weaver wrote:

> Because if I wanted you using a service on one = of my boxes you'd know about
> it already, and wouldn't need to port scan my = servers.

Security through Obscurity eh? Sounds like a = dangerous practice to me, but
whatever works for you I suppose...

--
Robert Hough (rch@solveinteractive.com)

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD4F.9389C1DE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:28:13 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 6943237B724 for ; Wed, 4 Apr 2001 14:28:08 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:41:56 -0400 Message-ID: From: "Drew J. Weaver" To: "Drew J. Weaver" , 'Robert Hough' , FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 17:41:54 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD50.11908F36" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD50.11908F36 Content-Type: text/plain; charset="iso-8859-1" Typo Btw that was supposed to say "none of my servers are multi-port scanable as they only run services on port 80" and all other ports are hardware and software firewalled. and are very secured =) -Drew -----Original Message----- From: Drew J. Weaver Sent: Wednesday, April 04, 2001 5:38 PM To: 'Robert Hough'; FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) This will be my last reply in this thread, and I just wanted to say. I was speaking theoretically, are multi-port scanable at this time and are very secure. Have a groovy day. -----Original Message----- From: Robert Hough [ mailto:rch@solveinteractive.com ] Sent: Wednesday, April 04, 2001 5:21 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) On Wed, Apr 04, 2001, Drew J. Weaver wrote: > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. Security through Obscurity eh? Sounds like a dangerous practice to me, but whatever works for you I suppose... -- Robert Hough (rch@solveinteractive.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD50.11908F36 Content-Type: text/html; charset="iso-8859-1" RE: Chasing the kiddies (was: Named Keep crashing)
Typo Btw that was supposed to say "none of my servers are multi-port scanable as they only run services on port 80" and all other ports are hardware and software firewalled. and are very secured =)
 
-Drew
 
-----Original Message-----
From: Drew J. Weaver
Sent: Wednesday, April 04, 2001 5:38 PM
To: 'Robert Hough'; FreeBSD-ISP@FreeBSD.ORG
Subject: RE: Chasing the kiddies (was: Named Keep crashing)

This will be my last reply in this thread, and I just wanted to say. I was speaking theoretically, are multi-port scanable at this time and are very secure.

Have a groovy day.

-----Original Message-----
From: Robert Hough [mailto:rch@solveinteractive.com]
Sent: Wednesday, April 04, 2001 5:21 PM
To: FreeBSD-ISP@FreeBSD.ORG
Subject: Re: Chasing the kiddies (was: Named Keep crashing)


On Wed, Apr 04, 2001, Drew J. Weaver wrote:

> Because if I wanted you using a service on one of my boxes you'd know about
> it already, and wouldn't need to port scan my servers.

Security through Obscurity eh? Sounds like a dangerous practice to me, but
whatever works for you I suppose...

--
Robert Hough (rch@solveinteractive.com)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

------_=_NextPart_001_01C0BD50.11908F36-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:31:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.chartermi.net (060upc075.chartermi.net [24.213.60.75]) by hub.freebsd.org (Postfix) with ESMTP id 02A7E37B718 for ; Wed, 4 Apr 2001 14:31:21 -0700 (PDT) (envelope-from wrath@shianet.org) Received: from danrc ([24.213.24.167]) by mail.chartermi.net (Post.Office MTA v3.5.3 release 223 ID# 0-71004U47242L33562S0V35) with SMTP id net for ; Wed, 4 Apr 2001 17:31:06 -0400 Message-ID: <005001c0bd4e$8ee7f980$0201a8c0@fear.wrath.net> From: "Brian" To: References: Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) Date: Wed, 4 Apr 2001 17:30:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org RE: Chasing the kiddies (was: Named Keep crashing) HTML sucks Hey, that's a great idea. But how are you going to tell them about that service? Security via obscurity? Yeah, that's like leaving your family photo album open on your desk and expecting no one to look at them because you didn't tell the people that the pictures were on your desk. As far as I'm concerned, a machine on the _internet_ is fair game. By being fair, I ask that someone can look. They can look, but by no means can they try to breach security. Otherwise, why the hell are you on the internet? I have a funny feeling you use Windows, and as a 32bit Windows advocate I'm beginning to wonder. I have another feeling that I now know why Windows gets a bad rap. If you do use Windows, I suggest you go hunting through Microsoft's pages and ntsecurity.net. One of my friends once said that you should be sanctioned bandwidth by the amount of intelligence you have. In other words, stupid people sit on 56k modems. I take it one step further, people who can't secure their machines shouldn't be given static IP addresses. In other words, if you've got an NT4 machine and still sit on Service Pack 3, you should be banned to DHCP with no lease for the rest of your life. -Brian ----- Original Message ----- From: Drew J. Weaver To: 'Robert Hough' ; FreeBSD-ISP@FreeBSD.ORG Sent: Wednesday, April 04, 2001 5:17 PM Subject: RE: Chasing the kiddies (was: Named Keep crashing) Because if I wanted you using a service on one of my boxes you'd know about it already, and wouldn't need to port scan my servers. -Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:32:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.iMach.com (workhorse.iMach.com [206.127.77.89]) by hub.freebsd.org (Postfix) with ESMTP id 438F437B72E for ; Wed, 4 Apr 2001 14:32:43 -0700 (PDT) (envelope-from forrestc@imach.com) Received: from localhost (forrestc@localhost) by workhorse.iMach.com (8.9.3/8.9.3) with ESMTP id PAA11016; Wed, 4 Apr 2001 15:17:56 -0600 (MDT) Date: Wed, 4 Apr 2001 15:17:55 -0600 (MDT) From: "Forrest W. Christian" To: Chet Hosey Cc: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been thinking about the house analogy a bit and I'd like to see if we can use it a little better. Back in the olden days, we all had glass windows and modest locks on our doors. While you made an attempt to keep people out, as a general rule, people didn't go around opening windows and/or doors and if they did they (which was quite uncommon) they generally just looked around a bit and left. After a while, quite a few people started rattling the locks and checking and seeing if the windows were open. While most people still wouldn't go in, or if they did they wouldn't do any harm, there were a few that decided it would be really cool if they found a door or window open that they would toss a molotov coctail inside and burn the house down. At this point, most people decided that it was time to start agressively locking their doors and windows. Those that didn't usually hadn't heard about the risks associated with not doing so, or really didn't care if someone broke in and burnt their house down. Now, the house burners had discovered that house burning gave them a thrill. And the teenagers from the land of AOL and other similar lands had heard about this, but were unable to do so for lack of skill. So the original house burners started producing automated tools to test for open windows and doors, and the teenagers started using them to test a LOT of houses. There were also automated tools for setting houses on fire which the teenagers also used. Eventually, most everyone figured that they should lock their doors and widnows. However, the house burners were addicted to burning houses, and as such they were determined to figure out how to enter a house to burn it down even if the doors and windows were locked. First they discovered that glass breaks, so they could just through their burning objects through the windows. To this, the homeowners responded with bulletproof glass. Then the house burners learned how to pick a certain type of lock, to which the homeowners responded by changing their locks to a upgraded style. As the homeowners found each new way to protect themselves from house burning, the house burners would come up with a new way to burn houses. At each step, the house burners were busy distributing house burning tools to the teenagers. Some of these tools actually entered the house and burnt it down in one step. Eventually, the homeowners were spending more time keeping up with the house burners than actually doing anything else. Each homeowners secret fear was that they would have either missed fixing a potential method of house burning, or had not had a chance to fix the method before a teenager came along which knew more about intrusion methods than the homeowner did, and since the teenagers usually knew about the intrusion method long before it became general knowlege, it was quite often that people had their houses burnt before a fix was available. Now there were a few very big houses which seemed to be inpenetrable even though they let people walk through their houses each day. They just controlled what the teenagers could do while in their house. The teenagers didn't like this much so they quickly learned that they could break into houses near the big house (and since due to the unique geography of this land all houses were near each other, it wansn't hard to find some which hadn't been secured) and lob a lot of flaming objects at the house to surround it. Although the house didn't burn down, it was impossible for the visitors to get into it, and as such it hurt the people who ran the big houses. At this point in the story, it was normal for the typical house to have several teenagers try to break into it a day. Most of these failed, as they were still just checking for glass windows or open doors. Many homeowners ran automated systems which detected intrusion attempts but they could be easily set off without it actually being an intrusion attempt - such as if the mailman knocked on your door to deliver a package. In addition, the poor homeowners couldn't afford to keep up with the upgrades necessary, so they just hoped that the right teenager didn't come along and burn their house down. I think if you relate this to the port scanning/intrusion discussion, you will find that most of us are somewhere between the following two extremes: 1) That gently tapping on someones window to try to determine if it is glass so you can warn the homeowner should be outlawed. 2) That breaking into a house and burning it down should be outlawed. Of course, there are a few that feel that if the homeowner didn't keep up with the latest intrusion fixes that it is their fault. There are of course extremes to this: meaning that there is a broad difference between not even trying to keep up, and keeping up, but still not being 100% fixed. There are also people who blame the housebuilders for not building the house out of nuclear bombproof materials to start with. Add to the above that today, the law states that basically tapping on a window (no matter how hard) might get you a slap on the wrist but probably nothing will jappen. And there is maybe a 1 in a 1000 or so chance that you will get caught for burning down a house. Think about this. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:33:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id 97DB637B722 for ; Wed, 4 Apr 2001 14:33:48 -0700 (PDT) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f34LXlF49426; Wed, 4 Apr 2001 17:33:47 -0400 (EDT) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Wed, 4 Apr 2001 17:33:47 -0400 (EDT) From: Chet Hosey To: Brian Cc: Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) In-Reply-To: <005001c0bd4e$8ee7f980$0201a8c0@fear.wrath.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:17:35 -0400 Message-ID: From: "Drew J. Weaver" I _thought_ something was amiss . . . anyone know of any UNIX-based MTAs which call themselves "Internet Mail Service (5.5.2650.21)"? How about Windows-based ones? :) ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Brian wrote: > RE: Chasing the kiddies (was: Named Keep crashing) > HTML sucks > > > Hey, that's a great idea. But how are you going to tell them about that > service? Security via obscurity? Yeah, that's like leaving your family > photo album open on your desk and expecting no one to look at them because > you didn't tell the people that the pictures were on your desk. > > As far as I'm concerned, a machine on the _internet_ is fair game. By being > fair, I ask that someone can look. They can look, but by no means can they > try to breach security. Otherwise, why the hell are you on the internet? > > I have a funny feeling you use Windows, and as a 32bit Windows advocate I'm > beginning to wonder. I have another feeling that I now know why Windows > gets a bad rap. If you do use Windows, I suggest you go hunting through > Microsoft's pages and ntsecurity.net. > > > One of my friends once said that you should be sanctioned bandwidth by the > amount of intelligence you have. In other words, stupid people sit on 56k > modems. I take it one step further, people who can't secure their machines > shouldn't be given static IP addresses. In other words, if you've got an > NT4 machine and still sit on Service Pack 3, you should be banned to DHCP > with no lease for the rest of your life. > > -Brian > > > ----- Original Message ----- > From: Drew J. Weaver > To: 'Robert Hough' ; FreeBSD-ISP@FreeBSD.ORG > Sent: Wednesday, April 04, 2001 5:17 PM > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. > -Drew > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:37:46 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 73EB337B72D for ; Wed, 4 Apr 2001 14:37:37 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:51:25 -0400 Message-ID: From: "Drew J. Weaver" To: 'Chet Hosey' , Brian Cc: freebsd-isp@FreeBSD.ORG Subject: RE: Chasing the kiddies (still) (was: Named Keep crashing) Date: Wed, 4 Apr 2001 17:51:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD51.64803BA0" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD51.64803BA0 Content-Type: text/plain; charset="iso-8859-1" Still don't catch the meaning? You're saying that somehow i'm inept to system security because my workstation is running on Windows? for no other reason than I have to use exchange to communicate with the rest of my workplace as a policy? I guess you certainly proved your point. I should shutup because obviously (since I use a windows machine for my workstation) I cannot possible have any idea what I talking about. I sure am glad you're around to put me in my place there big fella. Thanks again! -Drew -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 5:34 PM To: Brian Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 17:17:35 -0400 Message-ID: From: "Drew J. Weaver" I _thought_ something was amiss . . . anyone know of any UNIX-based MTAs which call themselves "Internet Mail Service (5.5.2650.21)"? How about Windows-based ones? :) ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Brian wrote: > RE: Chasing the kiddies (was: Named Keep crashing) > HTML sucks > > > Hey, that's a great idea. But how are you going to tell them about that > service? Security via obscurity? Yeah, that's like leaving your family > photo album open on your desk and expecting no one to look at them because > you didn't tell the people that the pictures were on your desk. > > As far as I'm concerned, a machine on the _internet_ is fair game. By being > fair, I ask that someone can look. They can look, but by no means can they > try to breach security. Otherwise, why the hell are you on the internet? > > I have a funny feeling you use Windows, and as a 32bit Windows advocate I'm > beginning to wonder. I have another feeling that I now know why Windows > gets a bad rap. If you do use Windows, I suggest you go hunting through > Microsoft's pages and ntsecurity.net. > > > One of my friends once said that you should be sanctioned bandwidth by the > amount of intelligence you have. In other words, stupid people sit on 56k > modems. I take it one step further, people who can't secure their machines > shouldn't be given static IP addresses. In other words, if you've got an > NT4 machine and still sit on Service Pack 3, you should be banned to DHCP > with no lease for the rest of your life. > > -Brian > > > ----- Original Message ----- > From: Drew J. Weaver > To: 'Robert Hough' ; FreeBSD-ISP@FreeBSD.ORG > Sent: Wednesday, April 04, 2001 5:17 PM > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > Because if I wanted you using a service on one of my boxes you'd know about > it already, and wouldn't need to port scan my servers. > -Drew > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD51.64803BA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (still) (was: Named Keep = crashing)

        Still = don't catch the meaning? You're saying that somehow i'm inept to system = security because my workstation is running on Windows? for no other = reason than I have to use exchange to communicate with the rest of my = workplace as a policy? I guess you certainly proved your point. I = should shutup because obviously (since I use a windows machine for my = workstation) I cannot possible have any idea what I talking about. I = sure am glad you're around to put me in my place there big = fella.

Thanks again!

-Drew

-----Original Message-----
From: Chet Hosey [mailto:chosey@nidhog.com]
Sent: Wednesday, April 04, 2001 5:34 PM
To: Brian
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Chasing the kiddies (still) (was: Named = Keep crashing)


Received: by mailman.thenap.com with Internet Mail = Service (5.5.2650.21)
        id = <GNVW0Y8C>; Wed, 4 Apr 2001 17:17:35 -0400
Message-ID: = <B1A7D9973EBED3119ADD009027DC8649180F8E@mailman.thenap.com>=
From: "Drew J. Weaver" = <drew.weaver@thenap.com>

I _thought_ something was amiss . . . anyone know of = any UNIX-based MTAs
which call themselves "Internet Mail Service = (5.5.2650.21)"?

How about Windows-based ones? :)

_______________________________________________________________= _________

Chet Hosey
<chosey@nidhog.com>
_______________________________________________________________= _________

On Wed, 4 Apr 2001, Brian wrote:

> RE: Chasing the kiddies (was: Named Keep = crashing)<flame>
> HTML sucks
> </endflame>
>
> Hey, that's a great idea.  But how are you = going to tell them about that
> service?  Security via obscurity?  = Yeah, that's like leaving your family
> photo album open on your desk and expecting no = one to look at them because
> you didn't tell the people that the pictures = were on your desk.
>
> As far as I'm concerned, a machine on the = _internet_ is fair game.  By being
> fair, I ask that someone can look.  They = can look, but by no means can they
> try to breach security.  Otherwise, why = the hell are you on the internet?
>
> I have a funny feeling you use Windows, and as = a 32bit Windows advocate I'm
> beginning to wonder.  I have another = feeling that I now know why Windows
> gets a bad rap.  If you do use Windows, I = suggest you go hunting through
> Microsoft's pages and ntsecurity.net.
>
>
> One of my friends once said that you should be = sanctioned bandwidth by the
> amount of intelligence you have.  In other = words, stupid people sit on 56k
> modems.  I take it one step further, = people who can't secure their machines
> shouldn't be given static IP addresses.  = In other words, if you've got an
> NT4 machine and still sit on Service Pack 3, = you should be banned to DHCP
> with no lease for the rest of your life.
>
> -Brian
>
>
> ----- Original Message -----
> From: Drew J. Weaver
> To: 'Robert Hough' ; = FreeBSD-ISP@FreeBSD.ORG
> Sent: Wednesday, April 04, 2001 5:17 PM
> Subject: RE: Chasing the kiddies (was: Named = Keep crashing)
>
> Because if I wanted you using a service on one = of my boxes you'd know about
> it already, and wouldn't need to port scan my = servers.
> -Drew
>
> <snip>
>
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>


To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD51.64803BA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:50:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rafiu.psi-domain.co.uk (rafiu.psi-domain.co.uk [212.87.84.199]) by hub.freebsd.org (Postfix) with ESMTP id 45F8037B718 for ; Wed, 4 Apr 2001 14:50:05 -0700 (PDT) (envelope-from heckfordj@psi-domain.co.uk) Received: from smtp.psi-domain.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by rafiu.psi-domain.co.uk (8.11.3/8.11.3) with SMTP id f34GW9c00843; Wed, 4 Apr 2001 17:32:09 +0100 (BST) Date: Wed, 4 Apr 2001 18:32:22 +0100 From: Jamie Heckford To: chosey@nidhog.com Cc: freebsd-isp@freebsd.org Subject: RE: RE: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404183222.Y2879@storm.psi-domain.co.uk> Reply-To: heckfordj@psi-domain.co.uk References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 17:43:02 +0100 X-Mailer: Balsa 1.1.1 Lines: 300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think allowing less understanding is *not* the best stance to take on running a public server. RPM is easier, but less flexible (IMHO). I must admit though, apt-get is quite impressive when it comes to upgrading. J On 2001.04.04 17:43 Drew J. Weaver wrote: > -----Original Message----- > From: Chet Hosey [mailto:chosey@nidhog.com] > Sent: Wednesday, April 04, 2001 12:17 PM > To: Drew J. Weaver > Cc: 'freebsd-isp@freebsd.org' > Subject: OT: RE: Chasing the kiddies (was: Named Keep crashing) > > > >From what I've seen, RH has GUI tools for a lot of things (Linuxconf, I > think?). RH seems much simpler to run (as an end user) than FreeBSD. You > can download RPMs for everything, including the kernel. I know RedHat > users who've never touched gcc. > > Even using ports requires slightly more knowledge than "Using Netscape, > download coolproggie.rpm, open an xterm, and run rpm -i coolproggie.rpm". > > Under Debian, upgrading Bind for the security fix is a matter of "apt-get > update; apt-get install bind". Hell, upgrading *everything*, system libs, > init, X, name-your-vi-clone, emacs, bind, lynx, etc., is just "apt-get > update; apt-get dist-upgrade". > > The RedHat way of doing things allows one to avoid understanding. It > seems > that FreeBSD allows less ignorance. > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Drew J. Weaver wrote: > > > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are > all of > > equal "difficulty" to administer, I run all 3 and none of them make me > > shiver in my boots. Not sure what point you're attempting to make here? > > > > --- quoth the raven, --- > > > > Everybody should start with a *nix running on a publicly accessable > box. > > (Note: Linux doesn't count here, except possibly really old versions of > > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > > > ________________________________________________________________________ > > > > Chet Hosey > > > > ________________________________________________________________________ > > > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > > with certain filter settings to avoid logging everything and > > > > filling the disk? > > > > > > > > > > | Dont bother... Just install the fixed version of bind... > > > > | Every kid with a script and an internet connection is probably > > > > | doing this to you!!! > > > > > > > This response kind of bothers me. There was a time > > > > when everytime I could sanely trace spammers I emailed > > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > > probed Apache I'd send off adivsory emails. > > > > > > If you find a way this works let me know. I've given up doing this > > > because except for the most well known, I've received rejects from > > > all mail addresses at the offending provider, root,abuse, > > > postmaster, webmaster, etc. So I just gave up and put the in > > > the REJECT list. > > > > > > Those days responsible people, and not quick buck artists, we're > > > keeping the 'net running. > > > > > > > There was a time when if you probed the Apache on my machine it > > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > > of satisfaction there... Needless to say, there's little mileage > > > > in this now (damned M$ service packs!). :) > > > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > > > Bill > > > -- > > > Bill Vermillion - bv @ wjv . com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > RE: RE: Chasing the kiddies (was: Named Keep crashing) > > > >

        Actually its > easier to keep updated software on your machine if you're using FreeBSD, > through ports, all you do is cvsup your ports collection and go into the > directory of the program you want to install and type make install and it > downloads and installs it, doesnt really get much easier than that, but > really, what is wrong with something being easy, and understandable, I > find it somewhat refreshing that not everything is as complicated as > sendmail =)

> >

-----Original Message----- >
From: Chet Hosey [ HREF="mailto:chosey@nidhog.com">mailto:chosey@nidhog.com] >
Sent: Wednesday, April 04, 2001 12:17 PM >
To: Drew J. Weaver >
Cc: 'freebsd-isp@freebsd.org' >
Subject: OT: RE: Chasing the kiddies (was: Named Keep > crashing) >

>
> >

From what I've seen, RH has GUI tools for a lot of things > (Linuxconf, I >
think?). RH seems much simpler to run (as an end user) > than FreeBSD. You >
can download RPMs for everything, including the kernel. > I know RedHat >
users who've never touched gcc. >

> >

Even using ports requires slightly more knowledge than > "Using Netscape, >
download coolproggie.rpm, open an xterm, and run rpm -i > coolproggie.rpm". >

> >

Under Debian, upgrading Bind for the security fix is a > matter of "apt-get >
update; apt-get install bind". Hell, upgrading > *everything*, system libs, >
init, X, name-your-vi-clone, emacs, bind, lynx, etc., is > just "apt-get >
update; apt-get dist-upgrade". >

> >

The RedHat way of doing things allows one to avoid > understanding. It seems >
that FreeBSD allows less ignorance. >

> >

________________________________________________________________________ >

> >

Chet Hosey >
<chosey@nidhog.com> >
________________________________________________________________________ >

> >

On Wed, 4 Apr 2001, Drew J. Weaver wrote: >

> >

>       Just an off topic > note here, FreeBSD, BSDi/OS and RedHat are all of >
> equal "difficulty" to administer, I run > all 3 and none of them make me >
> shiver in my boots. Not sure what point you're > attempting to make here? >
> >
> --- quoth the raven, --- >
> >
> Everybody should start with a *nix running on a > publicly accessable box. >
> (Note: Linux doesn't count here, except possibly > really old versions of >
> Slackware. Damned RH makes things too easy. No X > either - CLI, people!) >
> >
> ________________________________________________________________________ >
> >
> Chet Hosey >
> <chosey@nidhog.com> >
> ________________________________________________________________________ >
> >
> On Wed, 4 Apr 2001, Bill Vermillion wrote: >
> >
> > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > Davids thus spoke: >
> > >
> > > | > Is there any way to trace who is > doing it? | > Running tcpdump >
> > > with certain filter settings to avoid > logging everything and >
> > > filling the disk? >
> > >
> > >
> > > | Dont bother... Just install the fixed > version of bind... >
> > > | Every kid with a script and an internet > connection is probably >
> > > | doing this to you!!! >
> > >
> > > This response kind of bothers me. There > was a time >
> > > when everytime I could sanely trace > spammers I emailed >
> > > abuse@wherever.was.relevant to advise > them. Similarly, when people >
> > > probed Apache I'd send off adivsory > emails. >
> > >
> > If you find a way this works let me > know.  I've given up doing this >
> > because except for the most well known, I've > received rejects from >
> > all mail addresses at the offending provider, > root,abuse, >
> > postmaster, webmaster, etc.  So I just > gave up and put the in >
> > the REJECT list. >
> > >
> > Those days responsible people, and not quick > buck artists, we're >
> > keeping the 'net running. >
> > >
> > > There was a time when if you probed the > Apache on my machine it >
> > > winnuke'd you back. Moral issues aside, > there _was_ a great deal >
> > > of satisfaction there... Needless to say, > there's little mileage >
> > > in this now (damned M$ service packs!). > :) >
> > >
> > I never was into 'revenge' or > 'tit-for-tat'. >
> > >
> > Bill >
> > -- >
> > Bill Vermillion -   bv @ wjv . > com >
> > >
> > To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> > with "unsubscribe freebsd-isp" in > the body of the message >
> > >
> >
> >
> To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> with "unsubscribe freebsd-isp" in the > body of the message >
> >

>
> >

To Unsubscribe: send mail to majordomo@FreeBSD.org >
with "unsubscribe freebsd-isp" in the body of > the message >

> > > -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:50:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rafiu.psi-domain.co.uk (rafiu.psi-domain.co.uk [212.87.84.199]) by hub.freebsd.org (Postfix) with ESMTP id 7C0DC37B71E for ; Wed, 4 Apr 2001 14:50:08 -0700 (PDT) (envelope-from heckfordj@psi-domain.co.uk) Received: from smtp.psi-domain.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by rafiu.psi-domain.co.uk (8.11.3/8.11.3) with SMTP id f34GG3c00779; Wed, 4 Apr 2001 17:16:03 +0100 (BST) Date: Wed, 4 Apr 2001 18:16:16 +0100 From: Jamie Heckford To: "Drew J . Weaver" Cc: freebsd-isp@freebsd.org Subject: RE: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404181616.S2879@storm.psi-domain.co.uk> Reply-To: heckfordj@psi-domain.co.uk References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 17:19:02 +0100 X-Mailer: Balsa 1.1.1 Lines: 197 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org IMHO, redhat is a hell of a lot harder, due to the fact it launches every damn service you can think off, most of which are outdated and full of security holes, and when you try to update them linuxconf throws a fit becuase you didnt do it through a GUI. FreeBSD is a hell of a lot easier to set up as a server you can trust, without chewing your fingers off. Jamie On 2001.04.04 17:19 Drew J. Weaver wrote: > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are all > of > equal "difficulty" to administer, I run all 3 and none of them make me > shiver in my boots. Not sure what point you're attempting to make here? > > --- quoth the raven, --- > > Everybody should start with a *nix running on a publicly accessable box. > (Note: Linux doesn't count here, except possibly really old versions of > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > with certain filter settings to avoid logging everything and > > > filling the disk? > > > > > > > | Dont bother... Just install the fixed version of bind... > > > | Every kid with a script and an internet connection is probably > > > | doing this to you!!! > > > > > This response kind of bothers me. There was a time > > > when everytime I could sanely trace spammers I emailed > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > probed Apache I'd send off adivsory emails. > > > > If you find a way this works let me know. I've given up doing this > > because except for the most well known, I've received rejects from > > all mail addresses at the offending provider, root,abuse, > > postmaster, webmaster, etc. So I just gave up and put the in > > the REJECT list. > > > > Those days responsible people, and not quick buck artists, we're > > keeping the 'net running. > > > > > There was a time when if you probed the Apache on my machine it > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > of satisfaction there... Needless to say, there's little mileage > > > in this now (damned M$ service packs!). :) > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > Bill > > -- > > Bill Vermillion - bv @ wjv . com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > >

        Just an off > topic note here, FreeBSD, BSDi/OS and RedHat are all of equal > "difficulty" to administer, I run all 3 and none of them make > me shiver in my boots. Not sure what point you're attempting to make > here?

> >

--- quoth the raven, --- >

> >

Everybody should start with a *nix running on a publicly > accessable box. >
(Note: Linux doesn't count here, except possibly really > old versions of >
Slackware. Damned RH makes things too easy. No X either > - CLI, people!) >

> >

________________________________________________________________________ >

> >

Chet Hosey >
<chosey@nidhog.com> >
________________________________________________________________________ >

> >

On Wed, 4 Apr 2001, Bill Vermillion wrote: >

> >

> On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > Davids thus spoke: >
> >
> > | > Is there any way to trace who is doing > it? | > Running tcpdump >
> > with certain filter settings to avoid logging > everything and >
> > filling the disk? >
> >
> >
> > | Dont bother... Just install the fixed > version of bind... >
> > | Every kid with a script and an internet > connection is probably >
> > | doing this to you!!! >
> >
> > This response kind of bothers me. There was a > time >
> > when everytime I could sanely trace spammers I > emailed >
> > abuse@wherever.was.relevant to advise them. > Similarly, when people >
> > probed Apache I'd send off adivsory > emails. >
> >
> If you find a way this works let me know.  > I've given up doing this >
> because except for the most well known, I've > received rejects from >
> all mail addresses at the offending provider, > root,abuse, >
> postmaster, webmaster, etc.  So I just gave up > and put the in >
> the REJECT list. >
> >
> Those days responsible people, and not quick buck > artists, we're >
> keeping the 'net running. >
> >
> > There was a time when if you probed the Apache > on my machine it >
> > winnuke'd you back. Moral issues aside, there > _was_ a great deal >
> > of satisfaction there... Needless to say, > there's little mileage >
> > in this now (damned M$ service packs!). > :) >
> >
> I never was into 'revenge' or 'tit-for-tat'. >
> >
> Bill >
> -- >
> Bill Vermillion -   bv @ wjv . com >
> >
> To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> with "unsubscribe freebsd-isp" in the > body of the message >
> >

>
> >

To Unsubscribe: send mail to majordomo@FreeBSD.org >
with "unsubscribe freebsd-isp" in the body of > the message >

> > > -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:50:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rafiu.psi-domain.co.uk (rafiu.psi-domain.co.uk [212.87.84.199]) by hub.freebsd.org (Postfix) with ESMTP id A280E37B71F for ; Wed, 4 Apr 2001 14:50:09 -0700 (PDT) (envelope-from heckfordj@psi-domain.co.uk) Received: from smtp.psi-domain.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by rafiu.psi-domain.co.uk (8.11.3/8.11.3) with SMTP id f32DvrK50709 for ; Mon, 2 Apr 2001 14:57:54 +0100 (BST) Date: Mon, 2 Apr 2001 14:58:30 +0100 From: Jamie Heckford To: freebsd-isp@freebsd.org Subject: test Message-ID: <20010402145830.A6389@storm.psi-domain.co.uk> Reply-To: heckfordj@psi-domain.co.uk Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Balsa 1.1.1 Lines: 18 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org test! -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 14:50:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from rafiu.psi-domain.co.uk (rafiu.psi-domain.co.uk [212.87.84.199]) by hub.freebsd.org (Postfix) with ESMTP id 090EE37B71B for ; Wed, 4 Apr 2001 14:50:07 -0700 (PDT) (envelope-from heckfordj@psi-domain.co.uk) Received: from smtp.psi-domain.co.uk (mail.trident-uk.co.uk [195.166.16.10]) by rafiu.psi-domain.co.uk (8.11.3/8.11.3) with SMTP id f34GR1c00820; Wed, 4 Apr 2001 17:27:02 +0100 (BST) Date: Wed, 4 Apr 2001 18:27:14 +0100 From: Jamie Heckford To: "Drew J . Weaver" Cc: freebsd-isp@freebsd.org Subject: RE: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404182714.W2879@storm.psi-domain.co.uk> Reply-To: heckfordj@psi-domain.co.uk References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit In-Reply-To: ; from drew.weaver@thenap.com on Wed, Apr 04, 2001 at 17:40:49 +0100 X-Mailer: Balsa 1.1.1 Lines: 582 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Compare a default redhat install to a default FreeBSD install, from a newbies perspective. Which one is more secure? FreeBSD. J On 2001.04.04 17:40 Drew J. Weaver wrote: > Enh, Redhat only starts everything if it is configured to start > everything, > and has utilities (and manual ways) of telling it not to start everything > > -----Original Message----- > From: Jamie Heckford [mailto:heckfordj@psi-domain.co.uk] > Sent: Wednesday, April 04, 2001 1:16 PM > To: Drew J. Weaver > Cc: freebsd-isp@freebsd.org > Subject: RE: Chasing the kiddies (was: Named Keep crashing) > > > IMHO, redhat is a hell of a lot harder, due > to the fact it launches every damn service you > can think off, most of which are outdated and full of security > holes, and when you try to update them linuxconf throws a > fit becuase you didnt do it through a GUI. > > FreeBSD is a hell of a lot easier to set up as a server > you can trust, without chewing your fingers off. > > Jamie > > On 2001.04.04 17:19 Drew J. Weaver wrote: > > Just an off topic note here, FreeBSD, BSDi/OS and RedHat are > all > > of > > equal "difficulty" to administer, I run all 3 and none of them make me > > shiver in my boots. Not sure what point you're attempting to make here? > > > > --- quoth the raven, --- > > > > Everybody should start with a *nix running on a publicly accessable > box. > > (Note: Linux doesn't count here, except possibly really old versions of > > Slackware. Damned RH makes things too easy. No X either - CLI, people!) > > > > ________________________________________________________________________ > > > > Chet Hosey > > > > ________________________________________________________________________ > > > > On Wed, 4 Apr 2001, Bill Vermillion wrote: > > > > > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno Davids thus spoke: > > > > > > > | > Is there any way to trace who is doing it? | > Running tcpdump > > > > with certain filter settings to avoid logging everything and > > > > filling the disk? > > > > > > > > > > | Dont bother... Just install the fixed version of bind... > > > > | Every kid with a script and an internet connection is probably > > > > | doing this to you!!! > > > > > > > This response kind of bothers me. There was a time > > > > when everytime I could sanely trace spammers I emailed > > > > abuse@wherever.was.relevant to advise them. Similarly, when people > > > > probed Apache I'd send off adivsory emails. > > > > > > If you find a way this works let me know. I've given up doing this > > > because except for the most well known, I've received rejects from > > > all mail addresses at the offending provider, root,abuse, > > > postmaster, webmaster, etc. So I just gave up and put the in > > > the REJECT list. > > > > > > Those days responsible people, and not quick buck artists, we're > > > keeping the 'net running. > > > > > > > There was a time when if you probed the Apache on my machine it > > > > winnuke'd you back. Moral issues aside, there _was_ a great deal > > > > of satisfaction there... Needless to say, there's little mileage > > > > in this now (damned M$ service packs!). :) > > > > > > I never was into 'revenge' or 'tit-for-tat'. > > > > > > Bill > > > -- > > > Bill Vermillion - bv @ wjv . com > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > > > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > > > > > >

        Just an off > > topic note here, FreeBSD, BSDi/OS and RedHat are all of equal > > "difficulty" to administer, I run all 3 and none of them make > > me shiver in my boots. Not sure what point you're attempting to make > > here?

> > > >

--- quoth the raven, --- > >

> > > >

Everybody should start with a *nix running on a > publicly > > accessable box. > >
(Note: Linux doesn't count here, except possibly > really > > old versions of > >
Slackware. Damned RH makes things too easy. No X > either > > - CLI, people!) > >

> > > >

SIZE=2>_____________________________________________________________________ > ___ > >

> > > >

Chet Hosey > >
<chosey@nidhog.com> > >
SIZE=2>_____________________________________________________________________ > ___ > >

> > > >

On Wed, 4 Apr 2001, Bill Vermillion wrote: > >

> > > >

> On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > > Davids thus spoke: > >
> > >
> > | > Is there any way to trace who is > doing > > it? | > Running tcpdump > >
> > with certain filter settings to avoid > logging > > everything and > >
> > filling the disk? > >
> > >
> > >
> > | Dont bother... Just install the fixed > > version of bind... > >
> > | Every kid with a script and an internet > > connection is probably > >
> > | doing this to you!!! > >
> > >
> > This response kind of bothers me. There was > a > > time > >
> > when everytime I could sanely trace spammers > I > > emailed > >
> > abuse@wherever.was.relevant to advise them. > > Similarly, when people > >
> > probed Apache I'd send off adivsory > > emails. > >
> > >
> If you find a way this works let me know.  > > I've given up doing this > >
> because except for the most well known, I've > > received rejects from > >
> all mail addresses at the offending provider, > > root,abuse, > >
> postmaster, webmaster, etc.  So I just gave > up > > and put the in > >
> the REJECT list. > >
> > >
> Those days responsible people, and not quick buck > > artists, we're > >
> keeping the 'net running. > >
> > >
> > There was a time when if you probed the > Apache > > on my machine it > >
> > winnuke'd you back. Moral issues aside, > there > > _was_ a great deal > >
> > of satisfaction there... Needless to say, > > there's little mileage > >
> > in this now (damned M$ service packs!). > > :) > >
> > >
> I never was into 'revenge' or > 'tit-for-tat'. > >
> > >
> Bill > >
> -- > >
> Bill Vermillion -   bv @ wjv . > com > >
> > >
> To Unsubscribe: send mail to > > majordomo@FreeBSD.org > >
> with "unsubscribe freebsd-isp" in the > > body of the message > >
> > >

> >
> > > >

To Unsubscribe: send mail to > majordomo@FreeBSD.org > >
with "unsubscribe freebsd-isp" in the body > of > > the message > >

> > > > > > > -- > Jamie Heckford > Chief Network Engineer > Psi-Domain - Innovative Linux Solutions. Ask Us How. > > FreeBSD - The power to serve > > ===================================== > email: heckfordj@psi-domain.co.uk > web: http://www.psi-domain.co.uk/ > > tel: +44 (0)1737 789 246 > fax: +44 (0)1737 789 245 > mobile: +44 (0)7866 724 224 > > ===================================== > > > > > > > RE: Chasing the kiddies (was: Named Keep crashing) > > > >

Enh, Redhat only starts everything if it is configured to > start everything, and has utilities (and manual ways) of telling it not > to start everything

> >

-----Original Message----- >
From: Jamie Heckford [ HREF="mailto:heckfordj@psi-domain.co.uk">mailto:heckfordj@psi-domain.co.uk] >
Sent: Wednesday, April 04, 2001 1:16 PM >
To: Drew J. Weaver >
Cc: freebsd-isp@freebsd.org >
Subject: RE: Chasing the kiddies (was: Named Keep > crashing) >

>
> >

IMHO, redhat is a hell of a lot harder, due >
to the fact it launches every damn service you >
can think off, most of which are outdated and full of > security >
holes, and when you try to update them linuxconf throws > a >
fit becuase you didnt do it through a GUI. >

> >

FreeBSD is a hell of a lot easier to set up as a > server >
you can trust, without chewing your fingers off. >

> >

Jamie >

> >

On 2001.04.04 17:19 Drew J. Weaver wrote: >
>       Just an off topic > note here, FreeBSD, BSDi/OS and RedHat are all >
> of >
> equal "difficulty" to administer, I run > all 3 and none of them make me >
> shiver in my boots. Not sure what point you're > attempting to make here? >
> >
> --- quoth the raven, --- >
> >
> Everybody should start with a *nix running on a > publicly accessable box. >
> (Note: Linux doesn't count here, except possibly > really old versions of >
> Slackware. Damned RH makes things too easy. No X > either - CLI, people!) >
> >
> ________________________________________________________________________ >
> >
> Chet Hosey >
> <chosey@nidhog.com> >
> ________________________________________________________________________ >
> >
> On Wed, 4 Apr 2001, Bill Vermillion wrote: >
> >
> > On Wed, Apr 04, 2001 at 05:45:48PM +1000, Enno > Davids thus spoke: >
> > >
> > > | > Is there any way to trace who is > doing it? | > Running tcpdump >
> > > with certain filter settings to avoid > logging everything and >
> > > filling the disk? >
> > >
> > >
> > > | Dont bother... Just install the fixed > version of bind... >
> > > | Every kid with a script and an internet > connection is probably >
> > > | doing this to you!!! >
> > >
> > > This response kind of bothers me. There > was a time >
> > > when everytime I could sanely trace > spammers I emailed >
> > > abuse@wherever.was.relevant to advise > them. Similarly, when people >
> > > probed Apache I'd send off adivsory > emails. >
> > >
> > If you find a way this works let me > know.  I've given up doing this >
> > because except for the most well known, I've > received rejects from >
> > all mail addresses at the offending provider, > root,abuse, >
> > postmaster, webmaster, etc.  So I just > gave up and put the in >
> > the REJECT list. >
> > >
> > Those days responsible people, and not quick > buck artists, we're >
> > keeping the 'net running. >
> > >
> > > There was a time when if you probed the > Apache on my machine it >
> > > winnuke'd you back. Moral issues aside, > there _was_ a great deal >
> > > of satisfaction there... Needless to say, > there's little mileage >
> > > in this now (damned M$ service packs!). > :) >
> > >
> > I never was into 'revenge' or > 'tit-for-tat'. >
> > >
> > Bill >
> > -- >
> > Bill Vermillion -   bv @ wjv . > com >
> > >
> > To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> > with "unsubscribe freebsd-isp" in > the body of the message >
> > >
> >
> >
> To Unsubscribe: send mail to > majordomo@FreeBSD.org >
> with "unsubscribe freebsd-isp" in the > body of the message >
> >
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML > 3.2//EN"> >
> <HTML> >
> <HEAD> >
> <META HTTP-EQUIV="Content-Type" > CONTENT="text/html; charset=iso-8859-1"> >
> <META NAME="Generator" > CONTENT="MS Exchange Server version 5.5.2650.12"> >
> <TITLE>RE: Chasing the kiddies (was: Named > Keep crashing)</TITLE> >
> </HEAD> >
> <BODY> >
> >
> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; > <FONT SIZE=2>Just an off >
> topic note here, FreeBSD, BSDi/OS and RedHat are > all of equal >
> &quot;difficulty&quot; to administer, I run > all 3 and none of them make >
> me shiver in my boots. Not sure what point you're > attempting to make >
> here?</FONT></P> >
> >
> <P><FONT SIZE=2>--- quoth the raven, > --- </FONT> >
> </P> >
> >
> <P><FONT SIZE=2>Everybody should start > with a *nix running on a publicly >
> accessable box.</FONT> >
> <BR><FONT SIZE=2>(Note: Linux doesn't > count here, except possibly really >
> old versions of</FONT> >
> <BR><FONT SIZE=2>Slackware. Damned RH > makes things too easy. No X either >
> - CLI, people!)</FONT> >
> </P> >
> >
> <P><FONT > SIZE=2>________________________________________________________________________</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>Chet > Hosey</FONT> >
> <BR><FONT > SIZE=2>&lt;chosey@nidhog.com&gt;</FONT> >
> <BR><FONT > SIZE=2>________________________________________________________________________</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>On Wed, 4 Apr 2001, > Bill Vermillion wrote:</FONT> >
> </P> >
> >
> <P><FONT SIZE=2>&gt; On Wed, Apr > 04, 2001 at 05:45:48PM +1000, Enno >
> Davids thus spoke:</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > &gt; Is there any way to trace who is doing >
> it? | &gt; Running tcpdump</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; with > certain filter settings to avoid logging >
> everything and</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > filling the disk?</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > Dont bother... Just install the fixed >
> version of bind...</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > Every kid with a script and an internet >
> connection is probably</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; | > doing this to you!!!</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; This > response kind of bothers me. There was a >
> time</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; when > everytime I could sanely trace spammers I >
> emailed</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > abuse@wherever.was.relevant to advise them. >
> Similarly, when people</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > probed Apache I'd send off adivsory >
> emails.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; If you find a > way this works let me know.&nbsp; >
> I've given up doing this</FONT> >
> <BR><FONT SIZE=2>&gt; because > except for the most well known, I've >
> received rejects from</FONT> >
> <BR><FONT SIZE=2>&gt; all mail > addresses at the offending provider, >
> root,abuse,</FONT> >
> <BR><FONT SIZE=2>&gt; postmaster, > webmaster, etc.&nbsp; So I just gave up >
> and put the in</FONT> >
> <BR><FONT SIZE=2>&gt; the REJECT > list.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; Those days > responsible people, and not quick buck >
> artists, we're</FONT> >
> <BR><FONT SIZE=2>&gt; keeping the > 'net running.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > There was a time when if you probed the Apache >
> on my machine it</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; > winnuke'd you back. Moral issues aside, there >
> _was_ a great deal</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; of > satisfaction there... Needless to say, >
> there's little mileage</FONT> >
> <BR><FONT SIZE=2>&gt; &gt; in > this now (damned M$ service packs!). >
> :)</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; I never was > into 'revenge' or 'tit-for-tat'.</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; > Bill</FONT> >
> <BR><FONT SIZE=2>&gt; > --</FONT> >
> <BR><FONT SIZE=2>&gt; Bill > Vermillion -&nbsp;&nbsp; bv @ wjv . com</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> <BR><FONT SIZE=2>&gt; To > Unsubscribe: send mail to >
> majordomo@FreeBSD.org</FONT> >
> <BR><FONT SIZE=2>&gt; with > &quot;unsubscribe freebsd-isp&quot; in the >
> body of the message</FONT> >
> <BR><FONT > SIZE=2>&gt;</FONT> >
> </P> >
> <BR> >
> >
> <P><FONT SIZE=2>To Unsubscribe: send > mail to majordomo@FreeBSD.org</FONT> >
> <BR><FONT SIZE=2>with > &quot;unsubscribe freebsd-isp&quot; in the body of >
> the message</FONT> >
> </P> >
> >
> </BODY> >
> </HTML> >
-- >
Jamie Heckford >
Chief Network Engineer >
Psi-Domain - Innovative Linux Solutions. Ask Us > How. >

> >

FreeBSD - The power to serve >

> >

===================================== >
email:  heckfordj@psi-domain.co.uk >
web:    HREF="http://www.psi-domain.co.uk/" TARGET="_blank">http://www.psi-domain.co.uk/ >

> >

tel:    +44 (0)1737 789 246 >
fax:    +44 (0)1737 789 245 >
mobile: +44 (0)7866 724 224 >

> >

===================================== >

> > > -- Jamie Heckford Chief Network Engineer Psi-Domain - Innovative Linux Solutions. Ask Us How. FreeBSD - The power to serve ===================================== email: heckfordj@psi-domain.co.uk web: http://www.psi-domain.co.uk/ tel: +44 (0)1737 789 246 fax: +44 (0)1737 789 245 mobile: +44 (0)7866 724 224 ===================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 15:51:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from laptop.os2warp.org (laptopatwork.os2warp.org [209.136.201.27]) by hub.freebsd.org (Postfix) with ESMTP id 9843D37B731 for ; Wed, 4 Apr 2001 15:50:56 -0700 (PDT) (envelope-from lambert@os2warp.org) Received: by laptop.os2warp.org (Postfix, from userid 1000) id 1F10D9B0A; Wed, 4 Apr 2001 17:51:26 -0500 (CDT) Date: Wed, 4 Apr 2001 17:51:26 -0500 From: Scott Lambert To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404175125.C879@laptop.os2warp.org> References: <20010404145617.B879@laptop.os2warp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from chosey@nidhog.com on Wed, Apr 04, 2001 at 04:15:30PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I assume *most* port scans are prep work for B&E. If a scan is coming from a box labled as . I probably will ignore it, at least once I make sure all of my machines are not vulnerable. What other legitimate reasons are there for portscanning being done by someone who is not responsible for that IP space? If the scan comes from one of my admin boxes, it is ok. If some joker is testing out the latest tool so he can go use it at work, I tell him not to do it again. Play in your own backyard. I don't get too exited about the fact that they are scanning. But I do want to make an impression on the kids that this is not acceptable behavior before they advance to B&E. I have on occasion scanned my customers. I was checking for BO servers. We got a lot of compromised windows boxes fixed that way. The cops also go around looking for broken windows and other telltales when they are aware of a problem in the area. They have woken me up with the search lites. I suppose my upstream provider would be permitted to check for whatever problem servers they want to warn me about, but I would prefer they just bring the problem to my attention so I can find and fix them myself. And if they are scanning me it better be from a box with a name that suggests it would be used for such purposes. Otherwise I'll be calling them to tell them that they may have a compromised box on their network. My users, in general, are not sophisticated enough to be aware of and testing for security problems. On Wed, Apr 04, 2001 at 04:15:30PM -0400, Chet Hosey wrote: > Date: Wed, 4 Apr 2001 16:15:30 -0400 (EDT) > From: Chet Hosey > To: > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > Do you assume that all port scans are malicious? Is there a situation in > which a scan would not cause you make such a call? > > ________________________________________________________________________ > > Chet Hosey > > ________________________________________________________________________ > > On Wed, 4 Apr 2001, Scott Lambert wrote: > > > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > > From: "Forrest W. Christian" > > > To: Kal Torak > > > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > > its sloppy admins that let there networks get comprimised... > > > > > > But when after you scan, you break in and destroy data, THAT should be the > > > crime I'm talking about. > > > > > > What you don't realize is that a lot of these attacks are now automated > > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > > MACHINE. > > > > > > This is wrong. > > > > These people who don't think scanning is a problem bother me. I don't have > > time to hunt down all the scanning kiddies, but I don't like them. I do > > hunt down the ones I get complaints on. > > > > Scanning a network is just like "casing" a neighborhood in my book. The > > police will stop you and check your background and want to know if you > > have any business in the area if someone reports you to them. The police > > call it suspicious behaviour which gives them probable cause to stop the > > bad guy. They get what information they can from him and if he is not > > (yet) wanted they let him go. But they watch him. They remember he was > > in the area and if any complaints do come in they go grab him first. > > > > I do the same thing with my scanning kiddies. My kiddies who go scanning > > my network or other people's networks get a phone call. I talk to their > > parents and tell them their kids are on the wrong road and could wind up > > in jail if they ever open one of those doors. Hopefully the parents can > > straighten the kids out. I hope the kids tell the other kids that they > > got busted. It lets them know they can get in trouble for it and will > > hopefully discourage them. > > > > I just wish I could go visit them physically so I could make certain they > > were scared before I let them go. > > > > Entering a computer system is breaking and entering. Send them to jail. > > It doesn't matter if they immediately left without doing anything. If anyone > > enters my home through a window I have left open for ventilation at night, > > they could very possibly be shot or bludgeoned about the head and shoulders > > by a baseball bat or whatever other blunt or sharp object I find first. > > They will most likely end up in jail. It makes no difference that the > > window was open. You just don't cross those lines. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 15:57:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from laptop.os2warp.org (laptopatwork.os2warp.org [209.136.201.27]) by hub.freebsd.org (Postfix) with ESMTP id BC4F037B718 for ; Wed, 4 Apr 2001 15:57:09 -0700 (PDT) (envelope-from lambert@os2warp.org) Received: by laptop.os2warp.org (Postfix, from userid 1000) id 58C3E9B0A; Wed, 4 Apr 2001 17:57:39 -0500 (CDT) Date: Wed, 4 Apr 2001 17:57:39 -0500 From: Scott Lambert To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404175739.D879@laptop.os2warp.org> Reply-To: FreeBSD-ISP@FreeBSD.org References: <20010404165523.G48784@solveinteractive.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010404165523.G48784@solveinteractive.com>; from rch@solveinteractive.com on Wed, Apr 04, 2001 at 04:55:23PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 04:55:23PM -0400, Robert Hough wrote: > Date: Wed, 4 Apr 2001 16:55:23 -0400 > From: Robert Hough > To: "'FreeBSD-ISP@FreeBSD.org'" > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > On Wed, Apr 04, 2001, Drew J. Weaver wrote: > > > And people that say that port scanning is harmless, port scanning is just a > > precursor to being 'rooted' > > I own a butcher knife that is quite good at slicing meat. When I pull it > out, does that mean I'm going to cut your arm off? If you swing it at me, that is going to be my interpretation. As long as you are swinging it at something you own it's not a problem. Swing it in the direction of me or people in whom I am interested, you go to jail. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 15:57:32 2001 Delivered-To: freebsd-isp@freebsd.org Received: from invicta.net (invictanet.claranet.co.uk [213.253.17.74]) by hub.freebsd.org (Postfix) with ESMTP id 75BD337B722 for ; Wed, 4 Apr 2001 15:57:27 -0700 (PDT) (envelope-from support@invicta.net) Received: from harryhome [192.168.0.3] by invicta.net [192.168.0.1] with SMTP (MDaemon.v3.5.2.R) for ; Wed, 04 Apr 2001 23:57:02 +0100 Reply-To: From: "InvictaNet Support" To: "Freebsd-ISP" Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 23:57:03 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <20010404175125.C879@laptop.os2warp.org> X-MDRemoteIP: 192.168.0.3 X-Return-Path: support@invicta.net X-MDaemon-Deliver-To: freebsd-isp@FreeBSD.ORG Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please, please, please Stop this thread, it is turning into a major spam epidemic. If you must all continue, please create a "Chasing the kiddies (was: Named Keep crashing)" mailing list. Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk info@invictanet.co.uk phone: 08707 440180 fax: 08707 440181 ------------------------------------------------------ -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Scott Lambert Sent: Wednesday, April 04, 2001 11:51 PM To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 15:59:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from laptop.os2warp.org (laptopatwork.os2warp.org [209.136.201.27]) by hub.freebsd.org (Postfix) with ESMTP id 35CA237B726 for ; Wed, 4 Apr 2001 15:59:11 -0700 (PDT) (envelope-from lambert@os2warp.org) Received: by laptop.os2warp.org (Postfix, from userid 1000) id 0DFFF9B0A; Wed, 4 Apr 2001 17:59:40 -0500 (CDT) Date: Wed, 4 Apr 2001 17:59:40 -0500 From: Scott Lambert To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) Message-ID: <20010404175940.E879@laptop.os2warp.org> Reply-To: FreeBSD-ISP@FreeBSD.org References: <20010404165742.H48784@solveinteractive.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010404165742.H48784@solveinteractive.com>; from rch@solveinteractive.com on Wed, Apr 04, 2001 at 04:57:43PM -0400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 04:57:43PM -0400, Robert Hough wrote: > Date: Wed, 4 Apr 2001 16:57:43 -0400 > From: Robert Hough > To: FreeBSD-ISP@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > On Wed, Apr 04, 2001, Drew J. Weaver wrote: > > > I couldn't imagine any circumstance under which anyone else on the internet > > needs to know which services are running on a server that I control. So yes, > > I suppose they are all malicious. > > You are running a server on a public network. Therefore, I might decide to > see what services are available for me to use. How is this wrong? If you > don't want me using a service, then lock it. Does your lawn have an unscalable fence around it? If not, is it ok if I come over and camp out? The bonfire probably won't get out of control but you never know. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 20:57: 8 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 8603B37B43F for ; Wed, 4 Apr 2001 20:57:04 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id ahuaaaaa for ; Thu, 5 Apr 2001 13:57:06 +1000 Message-ID: <3ACBEDDD.C8E3549B@quake.com.au> Date: Thu, 05 Apr 2001 14:00:29 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Forrest W. Christian" Cc: Enno Davids , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Forrest W. Christian" wrote: > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > Why should network scanning be a crime at all? If anything should be a crime > > its sloppy admins that let there networks get comprimised... > > But when after you scan, you break in and destroy data, THAT should be the > crime I'm talking about. > > What you don't realize is that a lot of these attacks are now automated > rootkits which basically scan for the hole and if they find it, ROOT YOUR > MACHINE. > > This is wrong. Yeah sure its wrong to break in, but its not wrong to scan... Its a fine line these days, but a line all the same... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21: 1:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id E375C37B43E for ; Wed, 4 Apr 2001 21:01:15 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id hhuaaaaa for ; Thu, 5 Apr 2001 14:01:21 +1000 Message-ID: <3ACBEEDB.5E4DD541@quake.com.au> Date: Thu, 05 Apr 2001 14:04:43 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <3ACAF18A.8E9716C@quake.com.au> <20010404145617.B879@laptop.os2warp.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. Comparing a computer system to a house works to a degree, but lets face it, breaking into a public system dose not compare at all to breaking into someones private house... If they cause no damage, I dont belive they should be punished, infact they are helping you by showing security holes you can fix.. There by protecting your self against people in the future that might cause massive amounts of damage! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21: 3: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id A070C37B42C for ; Wed, 4 Apr 2001 21:03:02 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id lhuaaaaa for ; Thu, 5 Apr 2001 14:03:11 +1000 Message-ID: <3ACBEF49.BEF14649@quake.com.au> Date: Thu, 05 Apr 2001 14:06:33 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Drew J. Weaver" Cc: "'FreeBSD-ISP@FreeBSD.org'" Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > "Drew J. Weaver" wrote: > > And people that say that port scanning is harmless, port scanning is just a precursor to being 'rooted' its not going to be the last thing you hear from a script kiddie, its not like someone port scans your box[if insecure] and then just leaves, (i guess then it would be harmless) then they try to hack into it (naturally). Not really, people can want to know about a certain network, see what the company dose etc, they dont have to want to gain access... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21:11:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 7BBED37B424 for ; Wed, 4 Apr 2001 21:11:29 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id ohuaaaaa for ; Thu, 5 Apr 2001 14:11:38 +1000 Message-ID: <3ACBF145.9969B888@quake.com.au> Date: Thu, 05 Apr 2001 14:15:01 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Brian Cc: freebsd-isp@freebsd.org Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) References: <005001c0bd4e$8ee7f980$0201a8c0@fear.wrath.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > One of my friends once said that you should be sanctioned bandwidth by the > amount of intelligence you have. In other words, stupid people sit on 56k > modems. I take it one step further, people who can't secure their machines > shouldn't be given static IP addresses. In other words, if you've got an > NT4 machine and still sit on Service Pack 3, you should be banned to DHCP > with no lease for the rest of your life. I think people that use NT4 at all should be banned from the net for life :P Hmmm, but that would mean my ISP would be banned and I wouldnt have a connection.. Oh well :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21:12:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 2FF0137B449 for ; Wed, 4 Apr 2001 21:12:46 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id shuaaaaa for ; Thu, 5 Apr 2001 14:12:51 +1000 Message-ID: <3ACBF18E.B962CED6@quake.com.au> Date: Thu, 05 Apr 2001 14:16:14 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Drew J. Weaver" Cc: 'Chet Hosey' , Brian , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > "Drew J. Weaver" wrote: > > Still don't catch the meaning? You're saying that somehow i'm inept to system security because my workstation is running on Windows? for no other reason than I have to use exchange to communicate with the rest of my workplace as a policy? I guess you certainly proved your point. I should shutup because obviously (since I use a windows machine for my workstation) I cannot possible have any idea what I talking about. I sure am glad you're around to put me in my place there big fella. I dont care what you use... But can you please drop the html mail? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21:16: 4 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 0B17637B423 for ; Wed, 4 Apr 2001 21:16:03 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id vhuaaaaa for ; Thu, 5 Apr 2001 14:16:09 +1000 Message-ID: <3ACBF254.A376CCE0@quake.com.au> Date: Thu, 05 Apr 2001 14:19:32 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) References: <20010404165742.H48784@solveinteractive.com> <20010404175940.E879@laptop.os2warp.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Scott Lambert wrote: > > On Wed, Apr 04, 2001 at 04:57:43PM -0400, Robert Hough wrote: > > Date: Wed, 4 Apr 2001 16:57:43 -0400 > > From: Robert Hough > > To: FreeBSD-ISP@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, Apr 04, 2001, Drew J. Weaver wrote: > > > > > I couldn't imagine any circumstance under which anyone else on the internet > > > needs to know which services are running on a server that I control. So yes, > > > I suppose they are all malicious. > > > > You are running a server on a public network. Therefore, I might decide to > > see what services are available for me to use. How is this wrong? If you > > don't want me using a service, then lock it. > > Does your lawn have an unscalable fence around it? If not, is it ok if I > come over and camp out? The bonfire probably won't get out of control but > you never know. Enough with the houses... A public system on a public network is NOT like a house!!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 21:18:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id B0E4937B43C for ; Wed, 4 Apr 2001 21:18:49 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id zhuaaaaa for ; Thu, 5 Apr 2001 14:18:57 +1000 Message-ID: <3ACBF2FC.6D9AC4B3@quake.com.au> Date: Thu, 05 Apr 2001 14:22:20 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) References: <3ACBF18E.B962CED6@quake.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hmmm we better end this topic soon.. Its got rather long, and I can see we are all going to agree that we disagree with each other :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 23: 7: 1 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id 2290E37B50C for ; Wed, 4 Apr 2001 23:06:57 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from 98 (cx175057-b.ocnsd1.sdca.home.com [24.13.23.147]) by cx175057-a.ocnsd1.sdca.home.com (8.11.1/8.11.1) with SMTP id f3566SF25424; Wed, 4 Apr 2001 23:06:28 -0700 (PDT) (envelope-from bri@sonicboom.org) Message-ID: <00e501c0bd96$4ea8c000$3324200a@home.sonicboom.org> From: "Brian" To: "Kal Torak" , "Brian" Cc: References: <005001c0bd4e$8ee7f980$0201a8c0@fear.wrath.net> <3ACBF145.9969B888@quake.com.au> Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) Date: Wed, 4 Apr 2001 23:04:37 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You have an isp hat uses nt to provide services, and you haven't run away?? Brian ----- Original Message ----- From: "Kal Torak" To: "Brian" Cc: Sent: Wednesday, April 04, 2001 9:15 PM Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) > > One of my friends once said that you should be sanctioned bandwidth by the > > amount of intelligence you have. In other words, stupid people sit on 56k > > modems. I take it one step further, people who can't secure their machines > > shouldn't be given static IP addresses. In other words, if you've got an > > NT4 machine and still sit on Service Pack 3, you should be banned to DHCP > > with no lease for the rest of your life. > > I think people that use NT4 at all should be banned from the net for life :P > > Hmmm, but that would mean my ISP would be banned and I wouldnt have a connection.. > Oh well :) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 23: 7: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from cx175057-a.ocnsd1.sdca.home.com (cx175057-a.ocnsd1.sdca.home.com [24.13.23.40]) by hub.freebsd.org (Postfix) with ESMTP id E061E37B443 for ; Wed, 4 Apr 2001 23:07:01 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from 98 (cx175057-b.ocnsd1.sdca.home.com [24.13.23.147]) by cx175057-a.ocnsd1.sdca.home.com (8.11.1/8.11.1) with SMTP id f3565PF25419; Wed, 4 Apr 2001 23:05:26 -0700 (PDT) (envelope-from bri@sonicboom.org) Message-ID: <00dd01c0bd96$2eddb640$3324200a@home.sonicboom.org> From: "Brian" To: "Kal Torak" , "Forrest W. Christian" Cc: "Enno Davids" , References: <3ACBEDDD.C8E3549B@quake.com.au> Subject: Re: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 23:03:34 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I disagree, scanning is often a prelude to malicious activity. Brian ----- Original Message ----- From: "Kal Torak" To: "Forrest W. Christian" Cc: "Enno Davids" ; Sent: Wednesday, April 04, 2001 9:00 PM Subject: Re: Chasing the kiddies (was: Named Keep crashing) > "Forrest W. Christian" wrote: > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > > Yeah sure its wrong to break in, but its not wrong to scan... Its a fine line > these days, but a line all the same... > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 23:13:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id D36CC37B42C for ; Wed, 4 Apr 2001 23:13:41 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id fkuaaaaa for ; Thu, 5 Apr 2001 16:13:49 +1000 Message-ID: <3ACC0DE9.1F471379@quake.com.au> Date: Thu, 05 Apr 2001 16:17:13 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Brian Cc: Brian , freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) References: <005001c0bd4e$8ee7f980$0201a8c0@fear.wrath.net> <3ACBF145.9969B888@quake.com.au> <00e501c0bd96$4ea8c000$3324200a@home.sonicboom.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian wrote: > > You have an isp hat uses nt to provide services, and you haven't run away?? I wouldnt even consider using NT for a nano second to provide ANY services! NT can only provide diservices Im afraid... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Apr 4 23:22:34 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nomad.eng.cstone.net (nomad.eng.cstone.net [209.145.66.28]) by hub.freebsd.org (Postfix) with ESMTP id D713C37B507 for ; Wed, 4 Apr 2001 23:22:29 -0700 (PDT) (envelope-from wer@nomad.eng.cstone.net) Received: from localhost (wer@localhost) by nomad.eng.cstone.net (8.11.1/8.11.1) with ESMTP id f356MJY49898; Thu, 5 Apr 2001 02:22:19 -0400 (EDT) Date: Thu, 5 Apr 2001 02:22:19 -0400 (EDT) From: William E Reid To: Kal Torak Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) In-Reply-To: <3ACBF2FC.6D9AC4B3@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well, I would like to say a few things. I am not a security expert. I have opinions about how things should be. We have updated bind on all our servers. That is what this whole discussion was about. I do think that one person can only do soo much. If you walk in to administer a network you never know what you are going to get. It took us a year to clean ours out. There are many things that can make things complicated even for a guru genius. I do agree ( with Scott? ) that maintaining a couple dozen machines is not hard. I am new to all this as well but love it and enjoy the problems and open discussions. I know everyone knows these things but since we are all talking about it. Don't run services that are not needed on a given box. Don't give your users shell accounts. If you hear of a complaint of some kid from your network causing trouble.... call their parents ya-da ya-da... Run tripwire and bask in FreeBSD administration ease and verbosity. I feel responsible whenever a user of mine has been caught being bad. Educate people. Educate kids and kiddies and spread the ethics. There are four machines that I have ever port scanned. All were under my control... Lastly don't join too many lists because occasionally a thread will come along that just takes up a lot of time. (But I enjoyed hearing everyone thinking out about this one). That's it. Nothing mind breaking.... all you guys were just tripping me out. -=Bill "Other Lame Thoughts follow" On Thu, 5 Apr 2001, Kal Torak wrote: > Hmmm we better end this topic soon.. Its got rather long, and I can see > we are all going to agree that we disagree with each other :) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 5 0:35:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 35A1D37B449 for ; Thu, 5 Apr 2001 00:35:15 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id eluaaaaa for ; Thu, 5 Apr 2001 17:35:24 +1000 Message-ID: <3ACC2109.1B1B8E46@quake.com.au> Date: Thu, 05 Apr 2001 17:38:49 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: William E Reid Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Chasing the kiddies (still) (was: Named Keep crashing) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org William E Reid wrote: > > Well, > > I would like to say a few things. > > I am not a security expert. I have opinions about how things > should be. We have updated bind on all our servers. That is what this > whole discussion was about. Was being the key word... we have since moved onto the broader topic of security on the net :) > I do think that one person can only do soo much. If you walk in > to administer a network you never know what you are going to get. It took > us a year to clean ours out. There are many things that can make things > complicated even for a guru genius. > > I do agree ( with Scott? ) that maintaining a couple dozen > machines is not hard. I am new to all this as well but love it and enjoy > the problems and open discussions. Its always good to get a chalange now and then! But if you only have a small network and you are pro-active on security you really shouldnt have any problems! There are a lot of bad admins out there, they whine about people cracking there servers, and while damaging someone elses systems is criminal and needs action to be taken, the admin also needs to realise its atleast 50% there fault! > I know everyone knows these things but since we are all talking > about it. Don't run services that are not needed on a given box. Don't > give your users shell accounts. If you hear of a complaint of some kid > from your network causing trouble.... call their parents ya-da ya-da... I prefer to deal with would be crackers personaly, there is no need to have police involved unless they really caused a lot of damage (eg. cost you in real terms, not made up figures). I have never had anyone gain root on any of my systems (I had nightmares about it tho :P) but if they did, and did not proceed to trash the system I would be quite happy not to get any authoritys envolved so long as they were willing to help me patch the hole they found... Most of the time when hackers become crackers, its out of curiosity and trying to explore and figure out how things work, I dont see any harm in this, and dont really consider it a crime... I becomes a crime when they are doing these things for financial gain or to cause financial loss / ruin... There are plenty of real criminals out there, there is no need to pick on curious little hackers just having a look around, figuring things out... Sure there are the lame little kids with the latest script looking to try it on something, and they are wrong to try and cuase damage, but they dont really know what there doing, why should they be punished like a real criminal? > I feel responsible whenever a user of mine has been caught being > bad. Educate people. Educate kids and kiddies and spread the > ethics. There are four machines that I have ever port scanned. All were > under my control... Educate people, and help them educate them selfs! There is no need to fire off mail to abuse@whereever because you see someone was running a port scan! Unless its comming from there system, in which case the ethical thing to do is warn them that there security may have been breached... > Lastly don't join too many lists because occasionally a thread > will come along that just takes up a lot of time. (But I enjoyed hearing > everyone thinking out about this one). Thats good advice :P > That's it. Nothing mind breaking.... all you guys were just tripping me > out. A lot of people dont see things this way, and we can twist words and compare computer systems to other things to try and make our points, but think about it... Are the punishments really fitting the crime? Is there really a need to react to half of these things? Laws wont solve security problems, they will how ever ruin poor kids lives that were just exploring and trying to learn... Be pro-active with security and give the kids a break eh? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 5 12:52:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97]) by hub.freebsd.org (Postfix) with ESMTP id 71FE937B440; Thu, 5 Apr 2001 12:52:12 -0700 (PDT) (envelope-from jesper@skriver.dk) Received: by freesbee.wheel.dk (Postfix, from userid 1001) id 346A15D5E; Thu, 5 Apr 2001 21:52:11 +0200 (CEST) Date: Thu, 5 Apr 2001 21:52:11 +0200 From: Jesper Skriver To: Matthew Rezny Cc: "net@freebsd.org" , "stable@freebsd.org" , "isp@freebsd.org" Subject: Re: Intel Gigabit NIC problem Message-ID: <20010405215211.B80900@skriver.dk> References: <200104040849.DAA21587@mrelay.cc.umr.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200104040849.DAA21587@mrelay.cc.umr.edu>; from mrezny@umr.edu on Wed, Apr 04, 2001 at 02:49:22AM -0500 X-PGP-Fingerprint: 6B88 9CE8 66E9 E631 C9C5 5EB4 22AB F0EC F956 1C31 X-PGP-Public-Key: http://freesbee.wheel.dk/~jesper/gpgkey.pub Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Apr 04, 2001 at 02:49:22AM -0500, Matthew Rezny wrote: > Does anyone have any idea what's going on, if there's any hope of fixing this, and what the solution would be? Thanks. Try http://www.flugsvamp.com/~jlemon/fbsd/drivers/Intel_Gigabit/ /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 5 16:57: 6 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lcmail2.lc.ca.gov (lcmail2.lc.ca.gov [165.107.12.11]) by hub.freebsd.org (Postfix) with ESMTP id 0B29B37B440 for ; Thu, 5 Apr 2001 16:57:02 -0700 (PDT) (envelope-from drewt@writeme.com) Received: from CONVERSION-DAEMON by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) id <0GBC00O01FTSG7@lcmail2.lc.ca.gov> for freebsd-isp@freebsd.org; Thu, 5 Apr 2001 16:56:22 -0700 (PDT) Received: from tagalong ([165.107.42.167]) by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) with SMTP id <0GBC00PBNFRW3U@lcmail2.lc.ca.gov> for freebsd-isp@freebsd.org; Thu, 05 Apr 2001 16:55:09 -0700 (PDT) Date: Thu, 05 Apr 2001 16:54:58 -0700 From: Drew Tomlinson Subject: Configuring FP Extensions w/Apache To: freebsd-isp@freebsd.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have successfully added the FrontPage extensions to my Apache 1.3.17 server. I can connect and publish via my FrontPage client from a PC on my internal network. However, I can not connect from and external source via the Internet. I get a an error that tells me to look in a file called wecerr.txt for details. This file says "You are not authorized to perform the current operation." I suspect that the problem either has something to do with NAT (running on my 3Com 812 router) or some security setting relating to the client PC being on a different subnet than the Apache server. Does anyone have any ideas? Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Apr 5 22: 5:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 428B637B43E for ; Thu, 5 Apr 2001 22:05:22 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id xtuaaaaa for ; Fri, 6 Apr 2001 15:05:29 +1000 Message-ID: <3ACD4F62.BE2B8A96@quake.com.au> Date: Fri, 06 Apr 2001 15:08:50 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Brett Curtis Cc: FreeBSD-isp Subject: Re: Fw: Virus with no cure.- PLEASE READ References: <000d01c0be55$80a70160$378b19cb@demo> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is ofcause a bs message... There have been many of these going around... treat it like any spam and delete it! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 6 5:52:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from lcmail2.lc.ca.gov (lcmail2.lc.ca.gov [165.107.12.11]) by hub.freebsd.org (Postfix) with ESMTP id D632B37B422 for ; Fri, 6 Apr 2001 05:52:56 -0700 (PDT) (envelope-from drewt@writeme.com) Received: from CONVERSION-DAEMON by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) id <0GBD00F01FSH5G@lcmail2.lc.ca.gov> for freebsd-isp@freebsd.org; Fri, 6 Apr 2001 05:53:05 -0700 (PDT) Received: from tagalong ([165.107.42.167]) by lcmail2.lc.ca.gov (PMDF V5.2-27 #40821) with SMTP id <0GBD001B1FSGVH@lcmail2.lc.ca.gov> for freebsd-isp@freebsd.org; Fri, 06 Apr 2001 05:53:05 -0700 (PDT) Date: Fri, 06 Apr 2001 05:52:53 -0700 From: Drew Tomlinson Subject: Configuring FP Extensions w/Apache To: freebsd-isp@freebsd.org Message-id: MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: 7bit Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have successfully added the FrontPage extensions to my Apache 1.3.17 server. I can connect and publish via my FrontPage client from a PC on my internal network. However, I can not connect from and external source via the Internet. I get a an error that tells me to look in a file called wecerr.txt for details. This file says "You are not authorized to perform the current operation." I suspect that the problem either has something to do with NAT (running on my 3Com 812 router) or some security setting relating to the client PC being on a different subnet than the Apache server. Does anyone have any ideas? Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 6 6:26:26 2001 Delivered-To: freebsd-isp@freebsd.org Received: from waterfall.typhoon.co.jp (waterfall.typhoon.co.jp [202.33.21.60]) by hub.freebsd.org (Postfix) with ESMTP id D27D837B43E; Fri, 6 Apr 2001 06:26:20 -0700 (PDT) (envelope-from fbsd@typhoon.co.jp) Received: from typhoon.co.jp (thunder.waterfall.typhoon.co.jp [192.168.3.23]) by waterfall.typhoon.co.jp (8.11.3/8.11.3/waterfall) with ESMTP id f36DQI603491; Fri, 6 Apr 2001 22:26:18 +0900 (JST) Message-ID: <3ACDC3F9.F88589A2@typhoon.co.jp> Date: Fri, 06 Apr 2001 22:26:17 +0900 From: Reg X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,ja,zh-TW,ko MIME-Version: 1.0 To: freebsd-isp@freebsd.org Cc: freebsd-questions@freebsd.org Subject: Boot-sequence hangs with Cyclom-8YoP+ Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! Has anyone managed to get a Cyclade Cyclom-8YoP+ (PCI) card working on a 3.5.1 system? I have added: device cy0 to my kernel configuration, recompiled and rebooted. The problem is that although it detects the said Cyclade board, and all other devices, it hangs just before where it would normally say: changing root device to wd0s1a It boots fine without the said Cyclade board. I've also tried enabling: options CY_PCI_FASTINTR but that made the booting process hang immediately after it detected the Cyclade board. A Google search revealed similar questions/problems on various lists but I have yet to find an answer to this problem. The machine in question is a DELL "PowerEdge300", PIII800MHz, 64MB RAM, 10GB Disks. I would appreciate any pointers. Happy Friday. Best Regards, Reg. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Apr 6 12:17:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns1.officeonweb.net (ns1.officeonweb.net [209.61.157.241]) by hub.freebsd.org (Postfix) with ESMTP id 2CE0937B424 for ; Fri, 6 Apr 2001 12:17:26 -0700 (PDT) (envelope-from mdickerson@officeonweb.net) Received: from sami002 (1Cust167.tnt12.denver.co.da.uu.net [63.14.43.167]) by ns1.officeonweb.net (8.9.3/8.9.3) with SMTP id NAA55948 for ; Fri, 6 Apr 2001 13:18:20 -0600 (MDT) (envelope-from mdickerson@officeonweb.net) Message-Id: <3.0.6.32.20010406131802.0096ac10@officeonweb.net> X-Sender: succes03@officeonweb.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Fri, 06 Apr 2001 13:18:02 -0600 To: freebsd-isp@freebsd.org From: mdickerson@officeonweb.net Subject: 4 port nic Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry if I'm being a bonehead. but ... I searched the archives (and my own mail boxes) but couldn't find what I was looking for :(. A while back on this list someone posted a 4 port nic for freebsd. Does any know/remember a card that definitely does work? TIA, mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 7 6:43: 7 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail2.lig.bellsouth.net (mail2.lig.bellsouth.net [207.203.120.41]) by hub.freebsd.org (Postfix) with ESMTP id D040937B42C for ; Sat, 7 Apr 2001 06:42:59 -0700 (PDT) (envelope-from jim@siteplus.net) Received: from siteplus.net (host-208-60-234-31.cha.bellsouth.net [208.60.234.31]) by mail2.lig.bellsouth.net (3.3.5alt/0.75.2) with ESMTP id JAA10734 for ; Sat, 7 Apr 2001 09:42:58 -0400 (EDT) Message-ID: <3ACF1957.E9177B52@siteplus.net> Date: Sat, 07 Apr 2001 09:42:47 -0400 From: Jim Weeks X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Look familiar? Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While checking one of my apache error logs this morning, I find a long list of the following error. I was wondering if it makes sense to anyone? I am especially curious about characters "À¯". [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not exist: /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not exist: /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe Thanks, -- Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 7 7:22:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from surreal.nl (surreal.nl [212.204.236.10]) by hub.freebsd.org (Postfix) with ESMTP id EC53B37B422 for ; Sat, 7 Apr 2001 07:22:51 -0700 (PDT) (envelope-from walter@binity.com) Received: by surreal.nl (Postfix, from userid 666) id 5D4937FE9C; Sat, 7 Apr 2001 16:23:50 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by surreal.nl (Postfix) with ESMTP id EEC989EE82; Sat, 7 Apr 2001 16:23:47 +0200 (CEST) Date: Sat, 7 Apr 2001 16:23:47 +0200 (CEST) From: Walter Hop To: Jim Weeks Cc: Subject: Re: Look familiar? In-Reply-To: <3ACF1957.E9177B52@siteplus.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT X-Virus-Scanned: This message passed the virus scan (BinityScan 0.9/AVP) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [in reply to Jim Weeks , 07/04/01] > While checking one of my apache error logs this morning, I find a long > list of the following error. > I was wondering if it makes sense to anyone? I am especially curious > about characters "À¯". > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > exist: > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe This is the result of someone trying an IIS exploit on your webserver... Since you aren't running Windows, there's no harm done, nothing to worry about. :) -- Walter Hop | +31 6 24290808 | PGP key ID: 0x84813998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 7 7:29:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from www.golsyd.net.au (golsyd.net.au [203.57.20.1]) by hub.freebsd.org (Postfix) with ESMTP id 1C75637B423 for ; Sat, 7 Apr 2001 07:29:40 -0700 (PDT) (envelope-from kaltorak@quake.com.au) Received: from [203.164.12.28] by www.quake.com.au (NTMail 4.30.0012/AB6169.63.5724aadf) with ESMTP id ecvaaaaa for ; Sun, 8 Apr 2001 00:29:57 +1000 Message-ID: <3ACF2531.49B7CC17@quake.com.au> Date: Sun, 08 Apr 2001 00:33:21 +1000 From: Kal Torak X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jim Weeks Cc: freebsd-isp@freebsd.org Subject: Re: Look familiar? References: <3ACF1957.E9177B52@siteplus.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jim Weeks wrote: > > While checking one of my apache error logs this morning, I find a long > list of the following error. > I was wondering if it makes sense to anyone? I am especially curious > about characters "À¯". > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > exist: > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > exist: > /usr/local/www/data/scripts/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/winnt/system32/cmd.exe Looks like some sort of buffer overflow attack, and they are then trying to spawn the cmd shell (if you can even call it a shell)... Since your unix system is not windows, even if the buffer overflow worked they sure wouldnt be able to run cmd.exe :P Obviously this is one of the great new holes in NT + ISS that are found every second day... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 7 8:14:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.bna.bellsouth.net (mail1.bna.bellsouth.net [205.152.150.13]) by hub.freebsd.org (Postfix) with ESMTP id 99A6737B422 for ; Sat, 7 Apr 2001 08:14:22 -0700 (PDT) (envelope-from jim@siteplus.net) Received: from veager.siteplus.net (host-208-60-234-31.cha.bellsouth.net [208.60.234.31]) by mail1.bna.bellsouth.net (3.3.5alt/0.75.2) with ESMTP id LAA27206; Sat, 7 Apr 2001 11:14:16 -0400 (EDT) Date: Sat, 7 Apr 2001 11:14:04 -0400 (EDT) From: Jim Weeks To: Kal Torak Cc: Walter Hop , freebsd-isp@FreeBSD.ORG Subject: Re: Look familiar? In-Reply-To: <3ACF2531.49B7CC17@quake.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for the quick response. =20 I am not familiar with ISS, so I wasn't sure if this was a known attack ploy. I have had a few other file not found errors that look suspicious as well as this sendmail error. Apr 4 00:19:57 aurora sendmail[8764]: AAA08756: Truncated MIME Content-Disposition header due to field size (possible attack)=20 -- Jim Weeks On Sun, 8 Apr 2001, Kal Torak wrote: > Jim Weeks wrote: > >=20 > > While checking one of my apache error logs this morning, I find a long > > list of the following error. > > I was wondering if it makes sense to anyone? I am especially curious > > about characters "=C0=AF". > >=20 > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > > exist: > > /usr/local/www/data/scripts/..=C0=AF..=C0=AF..=C0=AF..=C0=AF..=C0=AF..= =C0=AF..=C0=AF..=C0=AF/winnt/system32/cmd.exe > >=20 > > [Sat Apr 7 05:55:02 2001] [error] [client 207.31.75.150] File does not > > exist: > > /usr/local/www/data/scripts/..=C0=AF..=C0=AF..=C0=AF..=C0=AF..=C0=AF..= =C0=AF..=C0=AF..=C0=AF/winnt/system32/cmd.exe >=20 >=20 > Looks like some sort of buffer overflow attack, and they are then trying > to spawn the cmd shell (if you can even call it a shell)... >=20 > Since your unix system is not windows, even if the buffer overflow worked > they sure wouldnt be able to run cmd.exe :P > Obviously this is one of the great new holes in NT + ISS that are found > every second day... >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Apr 7 8:32:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.gtw.net (mail.gtw.net [208.33.253.12]) by hub.freebsd.org (Postfix) with SMTP id B4F9E37B424 for ; Sat, 7 Apr 2001 08:32:40 -0700 (PDT) (envelope-from john@day-light.com) Received: (qmail 2697 invoked from network); 7 Apr 2001 15:32:37 -0000 Received: from 70.pm3.gtw.net (HELO w1) (63.161.82.70) by mail.gtw.net with SMTP; 7 Apr 2001 15:32:37 -0000 Reply-To: From: "John Brooks" To: Subject: RE: djbdns or tinydns Date: Sat, 7 Apr 2001 10:30:37 -0500 Message-ID: <000401c0bf77$b529c1c0$0b00a8c0@dle> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <93582.986294463@verdi.nethelp.no> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks everyone for your helpful insights, I'm going to try it out on one of my client LAN's to gain some experience. -- John Brooks Email: john@stlbsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message