From owner-freebsd-security Sun Apr 6 00:26:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA01349 for security-outgoing; Sun, 6 Apr 1997 00:26:41 -0800 (PST) Received: from unique.usn.blaze.net.au (unique.usn.blaze.net.au [203.17.53.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA01329; Sun, 6 Apr 1997 00:26:25 -0800 (PST) Received: (from davidn@localhost) by unique.usn.blaze.net.au (8.8.5/8.8.5) id SAA00461; Sun, 6 Apr 1997 18:25:42 +1000 (EST) Message-ID: <19970406182542.49014@usn.blaze.net.au> Date: Sun, 6 Apr 1997 18:25:42 +1000 From: David Nugent To: Darren Reed Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: root logins on secure tty's ? References: <199704011422.GAA03481@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 In-Reply-To: <199704011422.GAA03481@freefall.freebsd.org>; from Darren Reed on Apr 04, 1997 at 12:17:28AM Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Apr 04, 1997 at 12:17:28AM, Darren Reed wrote: > for some reason, in 2.2.1 source, /bin/login root logins appear > to be broken on secure tty's. Yes, known problem and the fix is already in the tree. That breakage which only existed for something less than 2 days was just very poor timing. :-( > in my ttys, I enable ttyv1 as secure, rootok == 1 and I get prompted > for a password. The intention of the code was to always ask for a password if a root login is attempted if the tty is not secure. Unfortunately, you have to invert the logic to get the correct result. > Is this (perhaps) a leftover from the breakin earlier in the year ? No. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ From owner-freebsd-security Sun Apr 6 21:30:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA17575 for security-outgoing; Sun, 6 Apr 1997 21:30:11 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA17507 for ; Sun, 6 Apr 1997 21:30:04 -0700 (PDT) Received: from minor.stranger.com (stranger.vip.best.com [204.156.129.250]) by who.cdrom.com (8.8.5/8.6.11) with SMTP id SAA27789 for ; Sun, 6 Apr 1997 18:07:04 -0700 (PDT) Received: from dog.farm.org (dog.farm.org [207.111.140.47]) by minor.stranger.com (8.6.12/8.6.12) with ESMTP id SAA06277 for ; Sun, 6 Apr 1997 18:12:48 -0700 Received: (from dk@localhost) by dog.farm.org (8.7.5/dk#3) id SAA10270; Sun, 6 Apr 1997 18:05:43 -0700 (PDT) Message-ID: <19970406180541.YU61664@dog.farm.org> Date: Sun, 6 Apr 1997 18:05:41 -0700 From: dk@farm.org (=?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?= Dmitry Kohmanyuk) To: freebsd-security@freebsd.org Subject: inetd.conf: fingerd -l ? X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 Reply-To: dk+@ua.net X-Class: Fast X-OS-Used: FreeBSD 2.2-960501-SNAP X-NIC-Handle: DK379 X-Pager-Email: dk@interpage.net Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I wonder why the default inetd.conf does not have -l for fingerd (syslogging). It already has -s (disallow host queries and forwarding). (this is for rev.1.25 and earlier) From owner-freebsd-security Mon Apr 7 10:36:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA25912 for security-outgoing; Mon, 7 Apr 1997 10:36:59 -0700 (PDT) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA25876; Mon, 7 Apr 1997 10:36:37 -0700 (PDT) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id TAA23949; Mon, 7 Apr 1997 19:36:11 +0200 (MET DST) Message-Id: <199704071736.TAA23949@gvr.win.tue.nl> From: FreeBSD Security Officer To: freebsd-security-notifications@freebsd.org, freebsd-announce@freebsd.org, freebsd-security@freebsd.org, first-teams@first.org Subject: FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Date: Mon, 7 Apr 1997 19:36:00 +0200 (MET DST) Reply-To: security-officer@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-97:03 Security Advisory FreeBSD, Inc. Topic: sysinstall bug Category: core Module: sysinstall Announced: 1997-04-07 Affects: FreeBSD 2.1, FreeBSD 2.1.5, FreeBSD 2.1.6 and FreeBSD 2.1.7 FreeBSD 2.2 and FreeBSD 2.2.1. Corrected: all versions as of 1997-04-01. This includes the installation floppies for FreeBSD 2.2.1 found on: ftp://ftp.FreeBSD.org/pub/FreeBSD/2.2.1-RELEASE/floppies/newer/ Also the CDROM of FreeBSD 2.2.1 has this problem corrected. Source: FreeBSD FreeBSD only: yes Patches: ============================================================================= I. Background Sysinstall is used both for fresh installations of FreeBSD as well as post installation updates, like installing packages from CDROM or ftp sites. II. Problem Description One of the port installation options in sysinstall is to install an anonymous ftp setup on the system. In such a setup, an extra user needs to be created on the system, with username 'ftp'. This user is created with the shell equal to '/bin/date' and an empty password. III. Impact Under some circumstances, this will allow unauthorized access of system resources. IV. Solution(s) Change the entry of the ftp user such that is has an invalid password and an invalid shell. This can be done by becoming the superuser, and use the vipw command. Go to the line that starts with ftp:: and change ftp:: to ftp:*: Also change, on the same line, the shell from /bin/date to /nonexistent. If you have not yet used sysinstall to create an anonymous ftp setup, but are planning to, please apply one of the following patches: Patch for FreeBSD 2.1.5, 2.1.6, 2.2 and 2.2.1: --- anonFTP.c 1996/04/28 03:26:42 1.14 +++ anonFTP.c 1997/04/07 17:20:16 @@ -195,7 +195,7 @@ return (DITEM_SUCCESS); /* succeeds if already exists */ } - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); fptr = fopen(_PATH_MASTERPASSWD,"a"); if (! fptr) { Patch for FreeBSD 2.1: --- anonFTP.c 1995/11/12 07:27:55 1.6 +++ anonFTP.c 1997/04/03 19:29:21 @@ -201,7 +201,7 @@ return (RET_SUCCESS); /* succeeds if already exists */ } - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); fptr = fopen(_PATH_MASTERPASSWD,"a"); if (! fptr) { ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc Security notifications: security-notifications@freebsd.org Security public discussion: security@freebsd.org Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM0kvaFUuHi5z0oilAQHzVgP/TwmyRgBAF1Hs/jSihpAzFTRfHXdX/8+r 7mO7OHtM8vBTX1SPaYOr+DdSI2PkcSU4Y8O2OsdR3O4asV52LT5d/qWqJVQbN8bM majL9ufeH3WotZHEJAo6nHf0/Cw+Aml2MytnaBiOHhvtiiY9aAEiYQve5TEwVbhE 92/GUaLo3uY= =VjRL -----END PGP SIGNATURE----- From owner-freebsd-security Tue Apr 8 11:48:45 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA23379 for security-outgoing; Tue, 8 Apr 1997 11:48:45 -0700 (PDT) Received: from sakaki.communique.net (sakaki.Communique.Net [204.27.65.7]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA23372 for ; Tue, 8 Apr 1997 11:48:43 -0700 (PDT) Received: from hawke (066.btr2.Communique.Net [204.27.124.66]) by sakaki.communique.net (8.8.5/8.8.5) with SMTP id NAA29122 for ; Tue, 8 Apr 1997 13:45:38 -0500 (CDT) Message-Id: <3.0.1.32.19970408104637.00804100@192.0.2.2> X-Sender: hawke#207.55.131.114@192.0.2.2 X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 08 Apr 1997 10:46:37 -0500 To: freebsd-security@freebsd.org From: HawkeWerks Multimedia Subject: qpopper 2.2 and CERT advisory CA-97.09 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- does anyone know if this vulnerability applies here? or does anyone have the exploit? I will be glad to test it myself. Thanks Lloyd Duhon Vice President, Research and Development Zoron, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBVAwUBM0poTbs1iRWteA9hAQHtpQH/ck2SGZ4fImFq1BRKM7aF6KVr9nAbrFNT X64cmbvENUuR5yTy9n3F4wIWwnmn3aFDSR/JyANWg0g7dvWPHUaUmA== =OCRK -----END PGP SIGNATURE----- Hawke http://www.hawkewerks.com/ hawke@hawkewerks.com PGP Mail Preferred! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQBNAzJ9SkAAAAECANxvu4wZLgc/igkNRcANpiSxFHn3IdDULwyQY1oG3ktdSnEq v0XMMN4gOKmYKRK1Zxg9PGP8UyRouzWJFa14D2EABRG0LEhhd2tlV2Vya3MgTXVs dGltZWRpYSA8aGF3a2VAaGF3a2V3ZXJrcy5jb20+iQBVAwUQMn1KiLs1iRWteA9h AQHqWQIAzUD6GYD6YR7UURHZrooIb5pD3c4T4pNT7SEVFMmmB+AV9yq1pBHoK6Mf sKjCy2QhQEEdL1+rOSnmuUZIMJpkNw== =3L3b -----END PGP PUBLIC KEY BLOCK----- From owner-freebsd-security Tue Apr 8 15:35:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA06099 for security-outgoing; Tue, 8 Apr 1997 15:35:38 -0700 (PDT) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA06078 for ; Tue, 8 Apr 1997 15:35:33 -0700 (PDT) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id PAA24993 for ; Tue, 8 Apr 1997 15:37:48 -0700 (PDT) Received: (qmail 25891 invoked by uid 110); 8 Apr 1997 22:34:24 -0000 Message-ID: <19970408223424.25890.qmail@suburbia.net> Subject: ipfilter-proff.shar.gz To: hackers@freebsd.org Date: Wed, 9 Apr 1997 08:34:23 +1000 (EST) Cc: security@freebsd.org, current@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I've addressed what I consider all outstanding issues with ipfilter insofar as one can without stepping on too many toes. This is complete. I haven't tested it under 2.2, but any changes should be very minimal. /usr/src/contrib/ipfilter can be, and should be zorched after this shar unpacks. Review is appreciated, but anything but bug-fixes will fall on deaf ears. The code is available as: ftp.freebsd.org/FreeBSD/incoming/ipfilter-proff.shar.gz (100k) and from GNATS as `kern/3234'. Unpack the three new source trees and two patch files: root@current# cd /usr root@current# unshar Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA10441 for security-outgoing; Tue, 8 Apr 1997 16:30:03 -0700 (PDT) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA10393; Tue, 8 Apr 1997 16:29:55 -0700 (PDT) Message-Id: <199704082329.QAA10393@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA245011847; Wed, 9 Apr 1997 09:24:07 +1000 From: Darren Reed Subject: Re: ipfilter-proff.shar.gz To: proff@suburbia.net Date: Wed, 9 Apr 1997 09:24:07 +1000 (EST) Cc: hackers@freebsd.org, security@freebsd.org, current@freebsd.org In-Reply-To: <19970408223424.25890.qmail@suburbia.net> from "proff@suburbia.net" at Apr 9, 97 08:34:23 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk There was one other issue I'd like to see resolved and that was how IP Filter should be included within FreeBSD if the current layout isn't satisfactory. I recall the last email I read on the subject was from Julian, but in this, i really need a decision made by someone who is authorised to make that sort of decision before any changes to the current layout are made. Darren From owner-freebsd-security Tue Apr 8 16:58:42 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA13045 for security-outgoing; Tue, 8 Apr 1997 16:58:42 -0700 (PDT) Received: from ouray.cudenver.edu (aybaram@ouray.cudenver.edu [132.194.10.9]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA13040 for ; Tue, 8 Apr 1997 16:58:36 -0700 (PDT) Received: by ouray.cudenver.edu (5.65/DEC-OSF/1.2) id AA16709; Tue, 8 Apr 1997 18:00:03 -0600 From: aybaram@ouray.cudenver.edu (Alex Baram) Message-Id: <9704090000.AA16709@ouray.cudenver.edu> To: security@freebsd.org Date: Tue, 8 Apr 1997 18:00:03 -0600 (MDT) X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk unsubscribe From owner-freebsd-security Wed Apr 9 13:37:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA16294 for security-outgoing; Wed, 9 Apr 1997 13:37:46 -0700 (PDT) Received: from desk.jhs.no_domain (slip139-92-4-182.mu.de.ibm.net [139.92.4.182]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA16225; Wed, 9 Apr 1997 13:37:06 -0700 (PDT) Received: from desk.jhs.no_domain (localhost [127.0.0.1]) by desk.jhs.no_domain (8.7.5/8.6.9) with ESMTP id TAA08869; Wed, 9 Apr 1997 19:33:38 +0200 (MET DST) Message-Id: <199704091733.TAA08869@desk.jhs.no_domain> To: Darren Reed cc: proff@suburbia.net, hackers@freebsd.org, security@freebsd.org, current@freebsd.org, julian@freebsd.org, kaveman@magna.com.au Subject: Re: ipfilter-proff.shar.gz From: "Julian H. Stacey" Reply-To: "Julian H. Stacey" X-Email: jhs@freebsd.org, Fallback: jhs@gil.physik.rwth-aachen.de X-Organization: Vector Systems Ltd. X-Mailer: EXMH 1.6.7, PGP PGP key on web X-Web: http://www.freebsd.org/~jhs/ X-Address: Holz Strasse 27d, 80469 Munich, Germany X-Tel: Phone +49.89.268616, Fax +49.89.2608126, Data +49.89.26023276 In-reply-to: Your message of "Wed, 09 Apr 1997 09:24:07 +1000." <199704082329.QAA10393@freefall.freebsd.org> Date: Wed, 09 Apr 1997 19:33:37 +0200 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, Reference: > From: Darren Reed > > ... IP Filter ... > > I recall the last email I read on the subject was from Julian, > > Darren Which Julian ? Loads of them in FreeBSD :-) Chronologically : ... Julian.Elischer: julian@freebsd.org Julian Stacey jhs@freebsd.org Julian.Jenkins: kaveman@magna.com.au julianj@vast.unsw.edu.au Julian.Assange: proff@suburbia.net proff@iq.org If anyone is _The_ Julian in FreeBSD, it'd be Elischer, (he was first here, & is julian@freebsd.org). I had assumed you meant Elischer, but Gary Jennejohn (there are at least 3 Garys) told me you didn't mean Elischer, so maybe you meant Jenkins or Assange, or another new Julian ? Whilst every last Julian is undoubtedly a great boon & blessing to FreeBSD ;-)) it does seem the name is more common than one might imagine, so please folks, append at least a Surname initial to the Julians, Thanks :-) A.N.Other Julian .... Julian S. -- Julian H. Stacey jhs@freebsd.org http://www.freebsd.org/~jhs/ From owner-freebsd-security Wed Apr 9 20:04:12 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA07833 for security-outgoing; Wed, 9 Apr 1997 20:04:12 -0700 (PDT) Received: from mail.webspan.net (mail.webspan.net [206.154.70.7]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA07766; Wed, 9 Apr 1997 20:03:57 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970116) with ESMTP id XAA12591; Wed, 9 Apr 1997 23:02:58 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPN/970116) with ESMTP id XAA03578; Wed, 9 Apr 1997 23:02:57 -0400 (EDT) To: "Julian H. Stacey" cc: Darren Reed , proff@suburbia.net, hackers@freebsd.org, security@freebsd.org, current@freebsd.org, julian@freebsd.org, kaveman@magna.com.au Reply-To: chat@freebsd.org From: "Gary Palmer" Subject: Re: ipfilter-proff.shar.gz In-reply-to: Your message of "Wed, 09 Apr 1997 19:33:37 +0200." <199704091733.TAA08869@desk.jhs.no_domain> Date: Wed, 09 Apr 1997 23:02:57 -0400 Message-ID: <3575.860641377@orion.webspan.net> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk "Julian H. Stacey" wrote in message ID <199704091733.TAA08869@desk.jhs.no_domain>: > I had assumed you meant Elischer, but Gary Jennejohn (there are at least > 3 Garys) told me you didn't mean Elischer, so maybe you meant Jenkins or > Assange, or another new Julian ? There are WAY more than three Garys these, days, and everytime I read a mail which blames a `Gary' for something I have to stop and think ``was that me??''. It's enough to make a guy insecure! (Reply-To: set appropriately) Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info From owner-freebsd-security Thu Apr 10 06:05:56 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA03954 for security-outgoing; Thu, 10 Apr 1997 06:05:56 -0700 (PDT) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA03942 for ; Thu, 10 Apr 1997 06:05:50 -0700 (PDT) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id GAA00207 for ; Thu, 10 Apr 1997 06:08:13 -0700 (PDT) Received: (qmail 4666 invoked by uid 110); 10 Apr 1997 13:02:01 -0000 Message-ID: <19970410130201.4665.qmail@suburbia.net> Subject: ipfilter-proff.shar backported to 2.2.1 To: hackers@freebsd.org Date: Thu, 10 Apr 1997 23:02:01 +1000 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I have uploaded an updated version of ipfilter-proff.shar as ftp://ftp.FreeBSD.org/pub/FreeBSD/incoming/ipfilter.shar.gz. This latter version corrects two tiny Makefile bugs (in relation to man page creation), and adds support for FreeBSD-2.2. -- I've addressed what I consider all outstanding issues with ipfilter for FreeBSD as one can without stepping on too many toes. This is a complete make worldable build system. /usr/src/contrib/ipfilter can be, and should be zorched after this shar unpacks (presuming you were running current). Unpack the three new source trees and two patch files: root@paranoia# cd /usr root@paranoia# unshar Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA10128 for security-outgoing; Thu, 10 Apr 1997 07:54:42 -0700 (PDT) Received: from relaybr.eunet.fr (relaybr.EUnet.fr [193.107.210.133]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA10122 for ; Thu, 10 Apr 1997 07:54:36 -0700 (PDT) Received: from ericf.EUnet-Bretagne.fr ([193.107.210.161]) by relaybr.eunet.fr (8.6.12/8.6.9) with SMTP id RAA16771; Thu, 10 Apr 1997 17:02:26 +0200 Message-ID: <334D0245.1B11@EUnet-Bretagne.fr> Date: Thu, 10 Apr 1997 17:07:49 +0200 From: Eric Feillant Reply-To: Eric.Feillant@EUnet-Bretagne.fr Organization: EUnet BRETAGNE groupe EUnet X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: ipfilter@postbox.anu.edu.au CC: security@freebsd.org Subject: IPNAT, HOW ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, We are just trying to run IPNAT. We have to interfaces: One internal: ed1 wich network number is: 192.168.1 One external: ed0 wich network number is: 193.107.210 we want to translate one static address: 192.168.1.1 to 193.107.210.225 So we wrote this file: nat ed0 192.168.1.1/32 -> 193.107.210.225/32 and run: ipnat -f thisfile It does not seem to work. Any Idea ? Thanx..... Eric. -- ========= ____ ===== Eric Feillant ======== / / / ___ ___ /_ ====== EUnet BRETAGNE ======= /---- / / / / /___/ / ======= 140, bd de Creach Gwen ====== /____ /___/ / / /___ /_ ======== 29000 QUIMPER, France ===== Bretagne ========= Tel:(+33) 298101620 Fax:(+33) 298828788 Eric.Feillant@EUnet.fr http://www.EUnet.fr Partenaire CISCO, CHECKPOINT (FIREWALL), BAY NETWORKS, UB NETWORK, SUN, CITRIX From owner-freebsd-security Thu Apr 10 10:33:01 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA19209 for security-outgoing; Thu, 10 Apr 1997 10:33:01 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA19183; Thu, 10 Apr 1997 10:32:43 -0700 (PDT) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.5/8.8.4) with SMTP id KAA00860; Thu, 10 Apr 1997 10:15:36 -0700 (PDT) Message-ID: <334D2033.2781E494@whistle.com> Date: Thu, 10 Apr 1997 10:15:31 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: chat@freebsd.org CC: "Julian H. Stacey" , Darren Reed , proff@suburbia.net, hackers@freebsd.org, security@freebsd.org, current@freebsd.org, julian@freebsd.org, kaveman@magna.com.au Subject: Re: ipfilter-proff.shar.gz References: <3575.860641377@orion.webspan.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Gary Palmer wrote: > > "Julian H. Stacey" wrote in message ID > <199704091733.TAA08869@desk.jhs.no_domain>: > > I had assumed you meant Elischer, but Gary Jennejohn (there are at least > > 3 Garys) told me you didn't mean Elischer, so maybe you meant Jenkins or > > Assange, or another new Julian ? > > There are WAY more than three Garys these, days, and everytime I read > a mail which blames a `Gary' for something I have to stop and think > ``was that me??''. It's enough to make a guy insecure! > > (Reply-To: set appropriately) > > Gary > -- > Gary Palmer FreeBSD Core Team Member > FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info I've never been in a group with mor ethan 1 julian before.. it's kind of unique to have 3.5 of us floating around.. :) julian (E) From owner-freebsd-security Thu Apr 10 14:04:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA00358 for security-outgoing; Thu, 10 Apr 1997 14:04:34 -0700 (PDT) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA00346 for ; Thu, 10 Apr 1997 14:04:26 -0700 (PDT) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id OAA07307 for ; Thu, 10 Apr 1997 14:06:45 -0700 (PDT) Received: (qmail 12124 invoked by uid 110); 10 Apr 1997 21:03:42 -0000 Message-ID: <19970410210342.12123.qmail@suburbia.net> Subject: ipfilter-proff-final.shar.gz To: hackers@freebsd.org Date: Fri, 11 Apr 1997 07:03:42 +1000 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk ftp://ftp.freebsd.org/pub/FreeBSD/incoming/ipfilter-proff-final.shar.gz (112k) I'm done. I've tested this release fairly heavily under both -current and 2.2.1 and am happy with it. I have heavy time contraints for the next few weeks/months, and I know avalon is facing similar difficulties. I'm handing over the torch to another bearer. This is what remains to be done (CVS maintence only -- those just wanting to use the code don't need to worry about any of this) is: 1) A new cvs module src/contrib-sys needs to be created 2) src/sys-contrib/ipfilter needs to be imported as a new vendor branch (I'm gambling that all my changes in that tree or some currupted variant thereof will make it into Darren's public release :) 3) src/sbin/ipf and src/lkm/if_ipf need to be imported. 4) src/sys/netinet/{fil.c,ip_compat.h,ip_fil.[ch],ip_frag.[ch], ip_nat.[ch],ip_state.[ch]} can be Attic'ed :) 5) src/contrib/ipfilter can be zorched -Julian # This archive contains: # # src/ipfilter-proff-README # src/etc-ipfilter-proff.diff # src/sys-ipfilter-proff-2.2.1.diff # src/sys-ipfilter-proff-current-970411.diff # src/contrib-sys # src/contrib-sys/ipfilter [...] # src/lkm/if_ipf # src/lkm/if_ipf/Makefile # src/sbin/ipf # src/sbin/ipf/ipfstat # src/sbin/ipf/ipfstat/Makefile # src/sbin/ipf/ipftest # src/sbin/ipf/ipftest/Makefile # src/sbin/ipf/Makefile # src/sbin/ipf/Makefile.inc # src/sbin/ipf/mkfilters # src/sbin/ipf/mkfilters/Makefile # src/sbin/ipf/ipf # src/sbin/ipf/ipf/Makefile # src/sbin/ipf/ipmon # src/sbin/ipf/ipmon/Makefile # src/sbin/ipf/ipnat # src/sbin/ipf/ipnat/Makefile # [...] XUnpack the three new source trees and two patch files: X X root@paranoia# cd /usr X root@paranoia# unshar Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA03670 for security-outgoing; Thu, 10 Apr 1997 15:15:16 -0700 (PDT) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id PAA03663 for ; Thu, 10 Apr 1997 15:15:11 -0700 (PDT) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 1.60 #1) id 0wFS7R-0002cN-00; Thu, 10 Apr 1997 16:15:01 -0600 To: HawkeWerks Multimedia Subject: Re: qpopper 2.2 and CERT advisory CA-97.09 Cc: freebsd-security@freebsd.org In-reply-to: Your message of "Tue, 08 Apr 1997 10:46:37 CDT." <3.0.1.32.19970408104637.00804100@192.0.2.2> References: <3.0.1.32.19970408104637.00804100@192.0.2.2> Date: Thu, 10 Apr 1997 16:15:01 -0600 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <3.0.1.32.19970408104637.00804100@192.0.2.2> HawkeWerks Multimedia writes: : does anyone know if this vulnerability applies here? or does anyone have : the exploit? I will be glad to test it myself. To the best of my knowledge, qpopper is not vulnerable to the latest problems that the imap advisory is about. Warner From owner-freebsd-security Thu Apr 10 21:59:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA26305 for security-outgoing; Thu, 10 Apr 1997 21:59:34 -0700 (PDT) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id VAA26298 for ; Thu, 10 Apr 1997 21:59:29 -0700 (PDT) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 1.60 #1) id 0wFYQo-0003Ga-00; Thu, 10 Apr 1997 22:59:26 -0600 To: security@freebsd.org Subject: David Sacerdote: qualcomm POP server Date: Thu, 10 Apr 1997 22:59:26 -0600 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk FYI. Headers slightly edited. Warner ------- Forwarded Message MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Wed, 9 Apr 1997 16:04:56 -0600 Reply-To: David Sacerdote Sender: Bugtraq List From: David Sacerdote Subject: qualcomm POP server To: BUGTRAQ@NETSPACE.ORG - -----BEGIN PGP SIGNED MESSAGE----- Since CERT took up the information in the Secure Networks advisory imap.advisory.04.02.97, as part of CA 97.09, they neglected to repeat the section which explicitly mentions that the Qualcomm Popper, and other POP servers not derived from the University of Washington POP server are not vulnerable. The consequences have ranged from queries via email to administrators of large networks completely disabling POP, even though they are not running vulnerable POP servers. I remind administrators that although virtually all IMAP servers are affected, almost no POP servers are. Remarkably few sites run ipop2d and ipop3d, even in comparison to the number of sites running the University of Washington IMAP server. None of the Qualcomm, University of California at Berkeley, or University of California at Davis POP servers are vulnerable, and those three seem to be by far the most widely deployed POP servers. Administrators are urged NOT to panic, and blindly disable POP service for their users, but to issue the command: telnet mail.server.machine 110 and look at the version string they see. There is no reason whatsoever to disable POP service unless they see some mention of the University of Washington, as in: +OK testing.secnet.com POP3 3.3(20) w/IMAP2 client (Comments to MRC@CAC.Washington.EDU) at Wed, 9 Apr 1997 15:20:15 -0x00 (MDT) The full text of the Secure Networks advisory on imapd and ipop3d, published on April 2, 1997, can be found at ftp://ftp.secnet.com/pub/advisories I urge administrators who run POP or IMAP servers who have not already read this advisory to do so. I would of course, much appreciate it if CERT were to undertake a policy of issuing a credit to the initial publisher of a piece of information somewhere in their advisory. David Sacerdote - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM0vYVf93ojDw1UhtAQFx8wQAlq2c0sh7tBgu+xliidicBWnunxoEP+vd pbZVfUGUYrKWt9Gv2OXseSQlTjixDLkhBsbHAHzqCqjuS4tfp9ebaxmPUORWV3NZ IxzcXaRKS3L3HbW5Jxd5tPgAtJoZunn8tN+7A5lDB3iGFCQcl6AHJZfR2MO2DiTO 2J6E7BJpKqk= =vfXZ - -----END PGP SIGNATURE----- ------- End of Forwarded Message From owner-freebsd-security Fri Apr 11 04:12:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA11397 for security-outgoing; Fri, 11 Apr 1997 04:12:29 -0700 (PDT) Received: from relaybr.eunet.fr (relaybr.EUnet.fr [193.107.210.133]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id EAA11381 for ; Fri, 11 Apr 1997 04:12:24 -0700 (PDT) Received: from ericf.EUnet-Bretagne.fr ([193.107.210.161]) by relaybr.eunet.fr (8.6.12/8.6.9) with SMTP id NAA18566; Fri, 11 Apr 1997 13:14:34 +0200 Message-ID: <334E1E71.6396@EUnet-Bretagne.fr> Date: Fri, 11 Apr 1997 13:20:17 +0200 From: Eric Feillant Reply-To: Eric.Feillant@EUnet-Bretagne.fr Organization: EUnet BRETAGNE groupe EUnet X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: proff@suburbia.net CC: ipfilter , Darren Reed , security@freebsd.org Subject: Re: ipfilter-proff-final.shar.gz References: <19970410210342.12123.qmail@suburbia.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk proff@suburbia.net wrote: > > ftp://ftp.freebsd.org/pub/FreeBSD/incoming/ipfilter-proff-final.shar.gz (112k) > > I'm done. I've tested this release fairly heavily under both -current > and 2.2.1 and am happy with it. I have heavy time contraints for > the next few weeks/months, and I know avalon is facing similar > difficulties. I'm handing over the torch to another bearer. No more troubles for installing this package now... We are still trying to run IPNAT without any good results.... our natrules: map ed0 192.168.1.1/32 -> 193.107.210.225/32 our external interface is ed0 (193.107.210) our internal interface is ed1 (192.168.1) Any idea ????? Thanx. eric. -- ========= ____ ===== Eric Feillant ======== / / / ___ ___ /_ ====== EUnet BRETAGNE ======= /---- / / / / /___/ / ======= 140, bd de Creach Gwen ====== /____ /___/ / / /___ /_ ======== 29000 QUIMPER, France ===== Bretagne ========= Tel:(+33) 298101620 Fax:(+33) 298828788 Eric.Feillant@EUnet.fr http://www.EUnet.fr From owner-freebsd-security Fri Apr 11 06:31:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA18361 for security-outgoing; Fri, 11 Apr 1997 06:31:16 -0700 (PDT) Received: from thelab.hub.org (hal-ns1-20.netcom.ca [207.181.94.84]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA18323; Fri, 11 Apr 1997 06:31:05 -0700 (PDT) Received: from thelab.hub.org (localhost [127.0.0.1]) by thelab.hub.org (8.8.5/8.8.2) with SMTP id KAA05599; Fri, 11 Apr 1997 10:26:27 -0300 (ADT) Date: Fri, 11 Apr 1997 10:26:27 -0300 (ADT) From: The Hermit Hacker To: "Serge A. Babkin" cc: khetan@iafrica.com, security@freebsd.org, hackers@freebsd.org Subject: Re: SATAN under FreeBSD In-Reply-To: <199704111311.TAA06060@hq.icb.chel.su> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 11 Apr 1997, Serge A. Babkin wrote: > > > Or just set in the options that the .pl suffix means a HTML file. > > > It worked great for me. The only problem is that I found > > > absolutely no usefulness in SATAN. The "holes" it reported > > > about were so idiotic. > > > > > Any useful resources that I can look through on how to debug > > things? For instance, one of the machines at the office is an old > > Altos machine running 'Sendmail 5.59/Altos-2.0 ready'...I'd like to be > > able to test that one for any holes. > > I awaited a like thing from SATAN too. But almost all it did was analysing > the NFS exports :-( Looking at the work on SATAN, and what it was trying to address, why isn't there a list compiled of 'how to break into an insecure system'? Something that a system adminstrator could sit down and go through, one by one, to test their systems? One of the 'papers' that I've come across through Yahoo is found at: http://www.geocities.com/SiliconValley/Lakes/6866/admin.html which details several different methods of cracking into a system, but its by no means complete, and all of them fail even on that old Altos machine, so, like SATAN, is practically useless. Does anyone else know of something similar? Maybe start up a 'Improving Security' section off of the FreeBSD web pages with links to *good* papers like the above? Marc G. Fournier Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org From owner-freebsd-security Fri Apr 11 08:59:21 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA25653 for security-outgoing; Fri, 11 Apr 1997 08:59:21 -0700 (PDT) Received: from casimir.easynet.fr (casimir.easynet.fr [194.51.27.235]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA25643 for ; Fri, 11 Apr 1997 08:59:17 -0700 (PDT) Received: (qmail 20916 invoked from network); 11 Apr 1997 15:59:43 -0000 Received: from casimir.easynet.fr (@194.51.27.235) by casimir.easynet.fr with SMTP; 11 Apr 1997 15:59:43 -0000 Date: Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) From: David Ramahefason To: security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Virutal Interfaces how ?? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi, I've seen that aliasing on IP was allowed under FreeBSD, but How do I specify the name of those Interfaces as on Linux ??? de0:0-de0:1 etc.... Cheers |David Ramahefason, rama@easynet.fr,systems@easynet.fr| |Administrateur Systeme/Reseau, Easynet France SA | |Think different Think BSD http://www.FreeBSD.org | |Wrap around probs with Python http://www.python.org | From owner-freebsd-security Fri Apr 11 09:42:13 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA29814 for security-outgoing; Fri, 11 Apr 1997 09:42:13 -0700 (PDT) Received: from lestat.nas.nasa.gov (lestat.nas.nasa.gov [129.99.50.29]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA29786; Fri, 11 Apr 1997 09:42:06 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.7.5/8.6.12) with SMTP id JAA18709; Fri, 11 Apr 1997 09:36:47 -0700 (PDT) Message-Id: <199704111636.JAA18709@lestat.nas.nasa.gov> X-Authentication-Warning: lestat.nas.nasa.gov: Host localhost [127.0.0.1] didn't use HELO protocol To: David Ramahefason Cc: security@freebsd.org, hackers@freebsd.org Subject: Re: Virutal Interfaces how ?? Reply-To: Jason Thorpe From: Jason Thorpe Date: Fri, 11 Apr 1997 09:36:45 -0700 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) David Ramahefason wrote: > I've seen that aliasing on IP was allowed under FreeBSD, > but How do I specify the name of those Interfaces as on > Linux ??? de0:0-de0:1 etc.... You don't ... you simply do: ifconfig de0 alias xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx ...and the new address is stashed in the interfaces address list. (This is how it works under NetBSD, anyhow, and I wouldn't think FreeBSD would be any different) Jason R. Thorpe thorpej@nas.nasa.gov NASA Ames Research Center Home: 408.866.1912 NAS: M/S 258-6 Work: 415.604.0935 Moffett Field, CA 94035 Pager: 415.428.6939 From owner-freebsd-security Fri Apr 11 11:11:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA08268 for security-outgoing; Fri, 11 Apr 1997 11:11:27 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA08232; Fri, 11 Apr 1997 11:11:11 -0700 (PDT) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.5/8.8.4) with SMTP id LAA01265; Fri, 11 Apr 1997 11:08:07 -0700 (PDT) Message-ID: <334E7E02.446B9B3D@whistle.com> Date: Fri, 11 Apr 1997 11:08:02 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: David Ramahefason CC: security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Virutal Interfaces how ?? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk David Ramahefason wrote: > > Hi, > > I've seen that aliasing on IP was allowed under FreeBSD, > but How do I specify the name of those Interfaces as on > Linux ??? de0:0-de0:1 etc.... > > Cheers > > |David Ramahefason, rama@easynet.fr,systems@easynet.fr| > |Administrateur Systeme/Reseau, Easynet France SA | > |Think different Think BSD http://www.FreeBSD.org | > |Wrap around probs with Python http://www.python.org | they don't have individual names.. all addresses apply equally to the interface.. From owner-freebsd-security Fri Apr 11 11:17:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA08775 for security-outgoing; Fri, 11 Apr 1997 11:17:17 -0700 (PDT) Received: from sam.networx.ie (ts13-12.dublin.indigo.ie [194.125.134.62]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA08767; Fri, 11 Apr 1997 11:17:07 -0700 (PDT) Received: from mip1.networx.ie (mip1.networx.ie [194.9.12.1]) by sam.networx.ie (8.6.12/8.6.12) with SMTP id RAA10287; Fri, 11 Apr 1997 17:50:50 +0100 X-Organisation: I.T. NetworX Ltd X-Business: Network Consultancy and Training X-Address: 67 Merrion Square, Dublin 2, Ireland X-Voice: +353-1-676-8866 X-Fax: +353-1-676-8868 Received: from mike.networx.ie by mip1.networx.ie Date: Fri, 11 Apr 1997 18:47:55 BST From: Michael Ryan Reply-To: mike@NetworX.ie Subject: Re: Virutal Interfaces how ?? To: David Ramahefason Cc: security@FreeBSD.ORG, hackers@FreeBSD.ORG Message-Id: Priority: Normal Mime-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) David Ramahefason wrote: > I've seen that aliasing on IP was allowed under FreeBSD, > but How do I specify the name of those Interfaces as on > Linux ??? de0:0-de0:1 etc.... If alias is on same IP network: # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.255 alias If alias is on different IP network: # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias Bye, Mike --- From owner-freebsd-security Fri Apr 11 12:22:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA13543 for security-outgoing; Fri, 11 Apr 1997 12:22:51 -0700 (PDT) Received: from bastion.netlink.co.uk (root@PLiG.net [194.88.140.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA13523; Fri, 11 Apr 1997 12:22:45 -0700 (PDT) Received: (from trig@localhost) by bastion.netlink.co.uk (8.8.5/8.6.12) id UAA02103; Fri, 11 Apr 1997 20:24:49 +0100 (BST) From: Christiaan Keet (systems) Message-Id: <199704111924.UAA02103@bastion.netlink.co.uk> Subject: Re: Virutal Interfaces how ?? In-Reply-To: from Michael Ryan at "Apr 11, 97 06:47:55 pm" To: mike@NetworX.ie Date: Fri, 11 Apr 1997 20:24:49 +0100 (BST) Cc: rama@easynet.fr, security@FreeBSD.ORG, hackers@FreeBSD.ORG Reply-To: trig@netlink.co.uk X-URL: http://www.plig.net/~keet X-Mailer: ELM [version 2.4ME+ PL30 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Michael Ryan wrote: > On Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) David Ramahefason wrote: > > > I've seen that aliasing on IP was allowed under FreeBSD, > > but How do I specify the name of those Interfaces as on > > Linux ??? de0:0-de0:1 etc.... > > If alias is on same IP network: > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.255 alias > > If alias is on different IP network: > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias We use this quite extensively, but is there any way of de-configuring one of these aliases without rebooting the machine? With Linux you can just do an 'ifconfig ed0 down' I believe. Christiaan -- - Christiaan Keet - trig@netlink.net.uk - Senior Systems Developer - Netlink - From owner-freebsd-security Fri Apr 11 15:19:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA25341 for security-outgoing; Fri, 11 Apr 1997 15:19:15 -0700 (PDT) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA25318; Fri, 11 Apr 1997 15:19:07 -0700 (PDT) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.5/8.8.4) with SMTP id PAA08261; Fri, 11 Apr 1997 15:13:23 -0700 (PDT) Message-ID: <334EB77D.167EB0E7@whistle.com> Date: Fri, 11 Apr 1997 15:13:17 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: trig@netlink.co.uk CC: mike@NetworX.ie, rama@easynet.fr, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Virutal Interfaces how ?? References: <199704111924.UAA02103@bastion.netlink.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Christiaan Keet (systems) wrote: > > Michael Ryan wrote: > > On Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) David Ramahefason wrote: > > > > > I've seen that aliasing on IP was allowed under FreeBSD, > > > but How do I specify the name of those Interfaces as on > > > Linux ??? de0:0-de0:1 etc.... > > > > If alias is on same IP network: > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.255 alias > > > > If alias is on different IP network: > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias > > We use this quite extensively, but is there any way of de-configuring > one of these aliases without rebooting the machine? With Linux you > can just do an 'ifconfig ed0 down' I believe. > > Christiaan > > -- > - Christiaan Keet - trig@netlink.net.uk - Senior Systems Developer - Netlink - ifconfig xx0 delete From owner-freebsd-security Fri Apr 11 19:00:35 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA08294 for security-outgoing; Fri, 11 Apr 1997 19:00:35 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA08274; Fri, 11 Apr 1997 19:00:26 -0700 (PDT) Received: from awfulhak.demon.co.uk (localhost.lan.awfulhak.org [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id VAA09518; Fri, 11 Apr 1997 21:44:45 +0100 (BST) Message-Id: <199704112044.VAA09518@awfulhak.demon.co.uk> X-Mailer: exmh version 1.6.9 8/22/96 To: trig@netlink.co.uk cc: mike@NetworX.ie, rama@easynet.fr, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Virutal Interfaces how ?? In-reply-to: Your message of "Fri, 11 Apr 1997 20:24:49 BST." <199704111924.UAA02103@bastion.netlink.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 11 Apr 1997 21:44:45 +0100 From: Brian Somers Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Michael Ryan wrote: > > On Fri, 11 Apr 1997 17:59:43 +0200 (MET DST) David Ramahefason wrote: > > > > > I've seen that aliasing on IP was allowed under FreeBSD, > > > but How do I specify the name of those Interfaces as on > > > Linux ??? de0:0-de0:1 etc.... > > > > If alias is on same IP network: > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.255 alias > > > > If alias is on different IP network: > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias > > We use this quite extensively, but is there any way of de-configuring > one of these aliases without rebooting the machine? With Linux you > can just do an 'ifconfig ed0 down' I believe. "down" stops the interface. Try ifconfig ed0 inet x.x.x.x delete > Christiaan > > -- > - Christiaan Keet - trig@netlink.net.uk - Senior Systems Developer - Netlink - -- Brian , Don't _EVER_ lose your sense of humour.... From owner-freebsd-security Fri Apr 11 19:13:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA08683 for security-outgoing; Fri, 11 Apr 1997 19:13:46 -0700 (PDT) Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id TAA08678 for ; Fri, 11 Apr 1997 19:13:40 -0700 (PDT) Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id MAA23890; Sat, 12 Apr 1997 12:13:08 +1000 From: Darren Reed Message-Id: <199704120213.MAA23890@plum.cyber.com.au> Subject: Re: ipfilter-proff-final.shar.gz To: Eric.Feillant@EUnet-Bretagne.fr Date: Sat, 12 Apr 1997 12:13:08 +1000 (EST) Cc: proff@suburbia.net, ipfilter@postbox.anu.edu.au, darrenr@cyber.com.au, security@freebsd.org In-Reply-To: <334E1E71.6396@EUnet-Bretagne.fr> from "Eric Feillant" at Apr 11, 97 01:20:17 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In some mail I received from Eric Feillant, sie wrote > > proff@suburbia.net wrote: > > > > ftp://ftp.freebsd.org/pub/FreeBSD/incoming/ipfilter-proff-final.shar.gz (112k) > > > > I'm done. I've tested this release fairly heavily under both -current > > and 2.2.1 and am happy with it. I have heavy time contraints for > > the next few weeks/months, and I know avalon is facing similar > > difficulties. I'm handing over the torch to another bearer. > > > No more troubles for installing this package now... > > We are still trying to run IPNAT without any good results.... > > our natrules: > > map ed0 192.168.1.1/32 -> 193.107.210.225/32 > > our external interface is ed0 (193.107.210) > our internal interface is ed1 (192.168.1) If you have multiple hosts inside your network, on the 192.168.1 net, then you need to use "192.168.1.0/24". Darren From owner-freebsd-security Fri Apr 11 22:49:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA15793 for security-outgoing; Fri, 11 Apr 1997 22:49:02 -0700 (PDT) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA15763; Fri, 11 Apr 1997 22:48:53 -0700 (PDT) Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.5/8.7.3) id PAA08378; Sat, 12 Apr 1997 15:18:29 +0930 (CST) From: Michael Smith Message-Id: <199704120548.PAA08378@genesis.atrad.adelaide.edu.au> Subject: Re: Virutal Interfaces how ?? In-Reply-To: <199704111924.UAA02103@bastion.netlink.co.uk> from Christiaan Keet at "Apr 11, 97 08:24:49 pm" To: trig@netlink.co.uk Date: Sat, 12 Apr 1997 15:18:29 +0930 (CST) Cc: mike@NetworX.ie, rama@easynet.fr, security@FreeBSD.ORG, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Christiaan Keet stands accused of saying: > > > > If alias is on different IP network: > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias > > We use this quite extensively, but is there any way of de-configuring > one of these aliases without rebooting the machine? With Linux you > can just do an 'ifconfig ed0 down' I believe. ifconfig ed0 delete will remove one alias at a time. Not perhaps as nice as being able to delete a nominated alias, but it can be adequate. > Christiaan -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[ From owner-freebsd-security Sat Apr 12 03:52:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA25716 for security-outgoing; Sat, 12 Apr 1997 03:52:57 -0700 (PDT) Received: from unique.usn.blaze.net.au (unique.usn.blaze.net.au [203.17.53.17]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA25711; Sat, 12 Apr 1997 03:52:50 -0700 (PDT) Received: (from davidn@localhost) by unique.usn.blaze.net.au (8.8.5/8.8.5) id UAA28988; Sat, 12 Apr 1997 20:51:59 +1000 (EST) Message-ID: <19970412205159.29664@usn.blaze.net.au> Date: Sat, 12 Apr 1997 20:51:59 +1000 From: David Nugent To: Michael Smith Cc: trig@netlink.co.uk, mike@NetworX.ie, rama@easynet.fr, security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Virutal Interfaces how ?? References: <199704111924.UAA02103@bastion.netlink.co.uk> <199704120548.PAA08378@genesis.atrad.adelaide.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.69e In-Reply-To: <199704120548.PAA08378@genesis.atrad.adelaide.edu.au>; from Michael Smith on Sat Apr 12 15:18:29 EST 1997 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat Apr 12 15:18:29 EST 1997, Michael Smith writes: > Christiaan Keet stands accused of saying: > > > > > > If alias is on different IP network: > > > # ifconfig ed0 inet 194.9.12.99 netmask 255.255.255.0 alias > > > > We use this quite extensively, but is there any way of de-configuring > > one of these aliases without rebooting the machine? With Linux you > > can just do an 'ifconfig ed0 down' I believe. > > ifconfig ed0 delete > > will remove one alias at a time. And starts with the primary IP. :-) > Not perhaps as nice as being able to delete a nominated alias, > but it can be adequate. ifconfig ed0 -alias ^ works fine. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ From owner-freebsd-security Sat Apr 12 12:08:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA16313 for security-outgoing; Sat, 12 Apr 1997 12:08:19 -0700 (PDT) Received: from dfdc006.hq.af.mil (dfdc006.hq.af.mil [134.205.95.24]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA16308 for ; Sat, 12 Apr 1997 12:08:16 -0700 (PDT) Received: by dfdc006.hq.af.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BC4753.4CF3B930@dfdc006.hq.af.mil>; Sat, 12 Apr 1997 15:07:55 -0400 Message-ID: From: "Gregory, Scott, SrA, SAF/AADXT" To: "Security (E-mail)" Cc: "'sgregory@crosslink.net'" , "'gregory@afpubs.hq.af.mil'" Subject: Setting up Password Expiration and System Utilization Date: Sat, 12 Apr 1997 15:04:28 -0400 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 Encoding: 24 TEXT Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I am running 2.2.1-Release. I have read the man page for passwd, but haven't been able to setup password expiration. Where do I add the expirations time? I added it to the passwd file with vipw, but it never expired my password. After I changed my password the time entry was removed from the password file. How do I set the passwords to always expire in xx days? Is there any way to keep a list of old password so they cannot be reused? Also, what are good system utilization numbers? I'm trying to figure out at what point I am stressing my system other than the obvious slow down. I have a Pent-Pro 200, 128 meg ram, 256meg swap, 2.2 gig Seagate FW SCSI for the system, 2 x 4 gig Seagate FW SCSI drives for data, 2940 UW SCSI controller, 8x SCSI-2 CD ROM, SMC PCI network card, Seagate 4gig DAT Backup (SCSI-2). I hope this has made sense, I'm trying to get this put before the network goes down for maintence. Please reply to this address or sgregory@crossslink.net or gregory@afpubs.hq.af.mil. Thanks, Scott