From owner-freebsd-security Sun Apr 30 0: 1:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id AF7F637B6AE; Sun, 30 Apr 2000 00:01:29 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id KAA37115; Sun, 30 Apr 2000 10:04:08 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Sun, 30 Apr 2000 10:04:06 +0300 (EEST) From: Adrian Penisoara To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG Subject: Re: mail/imap-uw port: upgraded from 4.7b to 4.7c(1) [still 12.264] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Sat, 29 Apr 2000, Kris Kennaway wrote: > On Sun, 30 Apr 2000, Adrian Penisoara wrote: > > > Hi, > > > > Could you please check out the new version committed yesterday ? > > Yeah, I will when I get the chance. THanks for the reminder :) > > > BTW, while we're at it: the port auditing folks should take a look at > > mlock sources (in imap-utils source tarball) -- it's a SGID executable! > > One would hope this is okay, given they imap-uw folks claim to have > performed a comprehensive audit on the set[ug]id parts of their code. Nope, they DON'T ! They just stated this is a sample locking utility with minimal auditing... from what I recall from the first time I included mlock in the port. > > Kris > Thanks, Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 30 6:40:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from nightmare.dreamchaser.org (nightmare.dreamchaser.org [206.230.42.65]) by hub.freebsd.org (Postfix) with SMTP id 0074637B7F3 for ; Sun, 30 Apr 2000 06:40:48 -0700 (PDT) (envelope-from garya@dreamchaser.org) Received: from dreamchaser.org (imagination.dreamchaser.org [206.230.42.83]) by nightmare.dreamchaser.org (8.6.12/8.6.12) with ESMTP id HAA08063 for ; Sun, 30 Apr 2000 07:51:05 -0600 Message-ID: <390C37DC.7003341C@dreamchaser.org> Date: Sun, 30 Apr 2000 07:40:44 -0600 From: Gary Aitken X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en-US MIME-Version: 1.0 To: security@freebsd.org Subject: unsubscribe Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe security@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 1 8:18:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from vtopus.cs.vt.edu (vtopus.cs.vt.edu [128.173.40.24]) by hub.freebsd.org (Postfix) with ESMTP id 8212537B511 for ; Mon, 1 May 2000 08:18:42 -0700 (PDT) (envelope-from dhagan@cs.vt.edu) Received: from localhost (dhagan@localhost) by vtopus.cs.vt.edu (8.9.1a/8.9.1) with ESMTP id LAA14563; Mon, 1 May 2000 11:18:09 -0400 (EDT) Date: Mon, 1 May 2000 11:18:09 -0400 (EDT) From: Daniel Hagan To: Fabio da Silva Cunha Cc: freebsd-security@freebsd.org Subject: Re: e-mail auditing in sendmail 8.9.3/8.10.1 In-Reply-To: <3.0.6.32.20000429012053.014f1ec0@mymail.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 29 Apr 2000, Fabio da Silva Cunha wrote: > I need to copy all mail processed (in / out) through my mail server > (FreeBSD/Sendmail) to one user account (auditor@mydomain.com.br) it's > possible with sendmail 8.9.3/8.10.1 ? The Oct 99 ;login: (USENIX publication) had an article on this problem. See vol. 24 no. 5 p. 62. It included a sendmail cf setup that copied mail sent by/to local users. It may not do exactly what you want, but it should be a starting point. Daniel -- Daniel Hagan Computer Science CSE dhagan@cs.vt.edu http://www.cs.vt.edu/~dhagan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 1 15:53:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 50DC837B588 for ; Mon, 1 May 2000 15:53:42 -0700 (PDT) (envelope-from reichert@numachi.com) Received: (qmail 7507 invoked by uid 1001); 1 May 2000 22:53:40 -0000 Date: Mon, 1 May 2000 18:53:40 -0400 From: Brian Reichert To: freebsd-security@freebsd.org Subject: OpenSSH-1.2.2 + S/Key Message-ID: <20000501185340.A7346@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I _must_ be missing something. The manpage for sshd(8) gushes about 'supports one-time password authentication with skey', but I can't make it work. - I used keyinit(1) to initalize an s/key password. I tested it by telnetting in. - The manpage for sshd says that 'SkeyAuthentication yes' says s/key authentication is 'allowed', whatever that means. (It also says this value is default, but I put it in anyway, for maintainability's sake.) But, when I connect via ssh (either using a stock ssh client, or the openssh client), I don't get challenged for my s/key OTP. I tested removing my password from /etc/passwd, in case openssh was merely using s/key as a failover. But, this didn't work either. So - what did I miss? -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Daytime number: (781) 273-4100 x161 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 1 16:26: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0C90937B588; Mon, 1 May 2000 16:26:05 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id QAA26138; Mon, 1 May 2000 16:26:05 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 1 May 2000 16:26:05 -0700 (PDT) From: Kris Kennaway To: Brian Reichert Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH-1.2.2 + S/Key In-Reply-To: <20000501185340.A7346@numachi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 1 May 2000, Brian Reichert wrote: > I _must_ be missing something. Yeah, it's not activated yet. I have patches almost ready to do this - they work fine for OPIE logins (OPIE is the successor to S/Key, but OpenBSD still call it S/Key), but aren't quite complete for presenting realistic "fake" challenges for nonexistent users so that attackers can't figure out whether an account is OPIE-enabled. I can send them to you for testing if you'd like. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 1 20:47:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id 4288F37B6B2 for ; Mon, 1 May 2000 20:47:51 -0700 (PDT) (envelope-from reichert@numachi.com) Received: (qmail 8708 invoked by uid 1001); 2 May 2000 03:47:49 -0000 Date: Mon, 1 May 2000 23:47:49 -0400 From: Brian Reichert To: Kris Kennaway Cc: Brian Reichert , freebsd-security@freebsd.org Subject: Re: OpenSSH-1.2.2 + S/Key Message-ID: <20000501234749.A8682@numachi.com> References: <20000501185340.A7346@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i In-Reply-To: ; from kris@FreeBSD.org on Mon, May 01, 2000 at 04:26:05PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, May 01, 2000 at 04:26:05PM -0700, Kris Kennaway wrote: > On Mon, 1 May 2000, Brian Reichert wrote: > > > I _must_ be missing something. > > Yeah, it's not activated yet. I have patches almost ready to do this - > > I can send them to you for > testing if you'd like. Yes, please! I have no idea how non-functional the patches may be, but I'm willing to poke. I have Solaris and FreeBSD platforms (and stock ssh) to test against... > Kris > > ---- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Daytime number: (781) 273-4100 x161 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 1 23:43:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from mta2.snfc21.pbi.net (mta2.snfc21.pbi.net [206.13.28.123]) by hub.freebsd.org (Postfix) with ESMTP id 0C5CA37BA2B; Mon, 1 May 2000 23:43:44 -0700 (PDT) (envelope-from q3OY@earthlink.net) Received: from earthlink.net ([207.215.186.168]) by mta2.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with SMTP id <0FTX009LG6MS0H@mta2.snfc21.pbi.net>; Mon, 1 May 2000 23:42:39 -0700 (PDT) Received: from localhost (user50@localhost) by ibis.prod.itd.earthlink.net (8.9.3/8.9.3) with ESMTP id VAA27118 for ; Wed, 09 Feb 2000 21:11:50 -0800 Date: Wed, 09 Feb 2000 13:06:34 -0800 From: The Digital Yearbook <4pE1@earthlink.net> Subject: Hello High School Alumni X-Sender: 2os0@earthlink.net To: Ji6U@aol.com Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear High School Alumni, This email is to inform you of a new website that allows you to stay in touch with your high school friends. www.tdyalumni.com Wouldn't it be great to surprise an old friend with an email. Spark up that old friendship, see what the captain of the football team is up to today, find out if the prom queen is still all that. Go to www.tdyalumni.com and contact them now! This is the number one site for contacting high school alumni. The Digital Yearbook allows you to create your own personal page, which mcan include now and then photos, yearbook pages, group/team photos, or your own collage of photos. With over 25,000 schools listed on The Digital Yearbook you are able to not only stay in touch with friends from your high school, but you are also able to rekindle friendships with people you meet from any other high school in the United States. If you would like to be removed from this automated mailing list please CLICK HERE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 8:33:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.11.80]) by hub.freebsd.org (Postfix) with ESMTP id 0D5E637B631 for ; Wed, 3 May 2000 08:33:36 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by kobayashi.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id KAA22019 for ; Wed, 3 May 2000 10:33:32 -0500 (EST) (envelope-from ajk@iu.edu) Date: Wed, 3 May 2000 10:33:32 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@kobayashi.uits.iupui.edu To: security@freebsd.org Subject: Cryptographic dump(8) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've just extended dump(8) and restore(8) to encipher dump lists and inode data with CBC 3DES, leaving the headers as cleartext. Keys can be entered from the tty or a cleartext file. The purpose is to safely transport and store dumps containing sensitive data. The question: what is the best way to verify a key handed to restore(8) to decipher a dump? My best thought so far is to store a checksum for the dumplist, which is just a bitmap of inodes on the tape, in its header. When restore tries to decipher the dumplist it will run its own checksum and compare. -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 10:19:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id A52AC37BC74 for ; Wed, 3 May 2000 10:18:49 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id KAA63329; Wed, 3 May 2000 10:18:40 -0700 (PDT) (envelope-from dillon) Date: Wed, 3 May 2000 10:18:40 -0700 (PDT) From: Matthew Dillon Message-Id: <200005031718.KAA63329@apollo.backplane.com> To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :I've just extended dump(8) and restore(8) to encipher dump lists :and inode data with CBC 3DES, leaving the headers as cleartext. :Keys can be entered from the tty or a cleartext file. The :purpose is to safely transport and store dumps containing :sensitive data. : :The question: what is the best way to verify a key handed to :restore(8) to decipher a dump? My best thought so far is to :store a checksum for the dumplist, which is just a bitmap of :inodes on the tape, in its header. When restore tries to :decipher the dumplist it will run its own checksum and compare. : :-- :Andrew J. Korty, Lead Security Engineer :Office of the Vice President for Information Technology :Indiana University Store something like this in the header: [random (16 bytes)][MD5 of entire header including random, not including the MD5 itself] [ .................. entire block is encrypted (entire header, including random and MD5)] Restore would then decrypt the header using the user-supplied key, then MD5 it and compare the MD5 against the decrypted MD5. Storing a random sequence in the header that is MD5'd as well as encrypted is very important because otherwise someone trying to break the encryption can 'guess' at what the contents of the header was in order to try to reverse-engineer the encryption. Also, putting a random number in each block is important if each block is separately encrypted, for the same reason. Using /dev/random to obtain your random numbers is considered to be acceptable. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 10:46:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id B485637BC0A for ; Wed, 3 May 2000 10:46:13 -0700 (PDT) (envelope-from JHowie@msn.com) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Wed, 3 May 2000 10:45:53 -0700 Message-ID: <008401bfb528$7ec82b30$fd01a8c0@pacbell.net> From: "John Howie" To: "Andrew J. Korty" , References: Subject: Re: Cryptographic dump(8) Date: Wed, 3 May 2000 10:52:49 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6000 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew, Here is a proposal. The observant may know where the idea comes from :-) It is more work than your idea but is more flexible and probably more secure. How it works: 1) Every user has a Public/Private Key pair; 2) When the dump is run a random symmetric key is chosen and the data encrypted with it. For every user who is to be allowed access to the tape, their uid and a copy of the symmetric key which is encrypted with their individual public key is written to a file. The file of users and encrypted keys is written to the tape/filesystem; and 3) When restore is run the user's uid and the encrypted symmetric key are retrieved from the keyfile. The user's private key is used to decrypt the symmetric key which is then used to decrypt the tape. This solution offers many benefits, including (and certainly not limited to): 1) The symmetric key is random, and not easy to guess/break; 2) More than one user can restore the dump without actually knowing the key used to encrypt it; 3) Ability to add/remove permission to restore an encrypted tape. Disadvantages: 1) Requires a PKI; 2) A lot more work to implement that your proposed solution (which works fine). Cheers, john... ----- Original Message ----- From: "Andrew J. Korty" To: Sent: Wednesday, May 03, 2000 8:33 AM Subject: Cryptographic dump(8) > I've just extended dump(8) and restore(8) to encipher dump lists > and inode data with CBC 3DES, leaving the headers as cleartext. > Keys can be entered from the tty or a cleartext file. The > purpose is to safely transport and store dumps containing > sensitive data. > > The question: what is the best way to verify a key handed to > restore(8) to decipher a dump? My best thought so far is to > store a checksum for the dumplist, which is just a bitmap of > inodes on the tape, in its header. When restore tries to > decipher the dumplist it will run its own checksum and compare. > > -- > Andrew J. Korty, Lead Security Engineer > Office of the Vice President for Information Technology > Indiana University > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 11: 9:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id DD23937B7D6 for ; Wed, 3 May 2000 11:09:42 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1109 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Wed, 3 May 2000 13:06:09 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Wed, 3 May 2000 13:06:04 -0500 (CDT) From: James Wyatt To: Matthew Dillon Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005031718.KAA63329@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 3 May 2000, Matthew Dillon wrote: [ losts stuff deleted ] > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. > > Using /dev/random to obtain your random numbers is considered to be > acceptable. How can you tell how much entropy is in the 'pool' for /dev/random and it's about to start being not-so-random? Pull a sample once in a while and Chi test it? I like being able to know. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 11:39:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.11.80]) by hub.freebsd.org (Postfix) with ESMTP id 01BBC37BD00 for ; Wed, 3 May 2000 11:39:38 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by kobayashi.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id NAA22578; Wed, 3 May 2000 13:39:26 -0500 (EST) (envelope-from ajk@iu.edu) Date: Wed, 3 May 2000 13:39:26 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@kobayashi.uits.iupui.edu To: Matthew Dillon Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005031718.KAA63329@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 3 May 2000, Matthew Dillon wrote: > Store something like this in the header: > > [random (16 bytes)][MD5 of entire header including random, not including > the MD5 itself] > > [ .................. entire block is encrypted (entire header, including > random and MD5)] > > Restore would then decrypt the header using the user-supplied key, then > MD5 it and compare the MD5 against the decrypted MD5. > > Storing a random sequence in the header that is MD5'd as well as > encrypted is very important because otherwise someone trying to break > the encryption can 'guess' at what the contents of the header was in > order to try to reverse-engineer the encryption. That sounds good, but I should probably leave the very first header as cleartext. That way, I can put a flag there to tell restore whether or not this tape is encrypted or not. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. Would it be acceptable to encrypt the header and block together but each header/block pair separately? I don't think I have room to add anything in the block, so maybe I could get that randomness from what I add to the header (CBC should propagate it a little). -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 11:43:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from kobayashi.uits.iupui.edu (kobayashi.uits.iupui.edu [134.68.11.80]) by hub.freebsd.org (Postfix) with ESMTP id 90B4F37BDC2 for ; Wed, 3 May 2000 11:43:37 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by kobayashi.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id NAA22595; Wed, 3 May 2000 13:43:34 -0500 (EST) (envelope-from ajk@iu.edu) Date: Wed, 3 May 2000 13:43:34 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@kobayashi.uits.iupui.edu To: John Howie Cc: security@freebsd.org Subject: Re: Cryptographic dump(8) In-Reply-To: <008401bfb528$7ec82b30$fd01a8c0@pacbell.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 3 May 2000, John Howie wrote: > Andrew, > > Here is a proposal. The observant may know where the idea comes from :-) It > is more work than your idea but is more flexible and probably more secure. [...] That's a great idea, but I need it to work yesterday. :-( I am trying to make it easy to add support for different algorithms, so maybe your proposal will be a future project. -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 14: 4: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id B3E2237B565 for ; Wed, 3 May 2000 14:04:04 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id OAA64975; Wed, 3 May 2000 14:04:02 -0700 (PDT) (envelope-from dillon) Date: Wed, 3 May 2000 14:04:02 -0700 (PDT) From: Matthew Dillon Message-Id: <200005032104.OAA64975@apollo.backplane.com> To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :That sounds good, but I should probably leave the very first :header as cleartext. That way, I can put a flag there to tell :restore whether or not this tape is encrypted or not. : :> Also, putting a random number in each block is important if each block :> is separately encrypted, for the same reason. : :Would it be acceptable to encrypt the header and block together :but each header/block pair separately? I don't think I have room :to add anything in the block, so maybe I could get that randomness :from what I add to the header (CBC should propagate it a little). : :-- :Andrew J. Korty, Lead Security Engineer :Office of the Vice President for Information Technology :Indiana University Maybe. I don't know. Random is always best but it would probably be acceptable to seed the encryption of later blocks with data from the original header. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 14: 6: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 22CAD37BF26 for ; Wed, 3 May 2000 14:06:04 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id OAA65010; Wed, 3 May 2000 14:06:01 -0700 (PDT) (envelope-from dillon) Date: Wed, 3 May 2000 14:06:01 -0700 (PDT) From: Matthew Dillon Message-Id: <200005032106.OAA65010@apollo.backplane.com> To: James Wyatt Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :How can you tell how much entropy is in the 'pool' for /dev/random and :it's about to start being not-so-random? Pull a sample once in a while and :Chi test it? I like being able to know. - Jy@ I suppose you could, but since /dev/random is system-wide it should be very random. Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 14:32:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from tusk.mountain-inter.net (tusk.mountain-inter.net [204.244.200.1]) by hub.freebsd.org (Postfix) with ESMTP id EE02C37B9DC for ; Wed, 3 May 2000 14:32:09 -0700 (PDT) (envelope-from sreid@sea-to-sky.net) Received: from grok.localnet (unknown@analog20.sq.mntn.net [204.244.200.29]) by tusk.mountain-inter.net (8.10.0/8.10.0) with ESMTP id e43LW9n20183; Wed, 3 May 2000 14:32:10 -0700 Received: by grok.localnet (Postfix, from userid 1000) id A6837212E07; Wed, 3 May 2000 14:28:43 -0700 (PDT) Date: Wed, 3 May 2000 14:28:43 -0700 From: Steve Reid To: James Wyatt Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <20000503142843.A411@grok.localnet> References: <200005031718.KAA63329@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from James Wyatt on Wed, May 03, 2000 at 01:06:04PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 03, 2000 at 01:06:04PM -0500, James Wyatt wrote: > How can you tell how much entropy is in the 'pool' for /dev/random and > it's about to start being not-so-random? Pull a sample once in a while and > Chi test it? I like being able to know. - Jy@ A Chi test won't work. As I understand it, the random device repeatedly uses MD5 over a pool of bits, which means the output will pass all of the usual statistical tests. I think (but am not sure) that the function is cryptographically strong. If it is then you should be "okay" as long as there was lots of entropy when you started. Since you're using 3DES you're already depending on cryptographic security; it's not like you're generating a "one time pad" for perfect security (/dev/random wouldn't suffice for that anyway because of the way it uses MD5). If you use /dev/random it will EOF when the "entropy counter" (a bogus concept but what can you do) reaches zero. This can be a VERY BAD THING(tm) if your application isn't expecting it because you may end up using only a partial key! Always check return values and handle them accordingly. You could just use /dev/urandom ("u" for "unlimited"?) which never EOFs and hope that the output is cryptographically strong enough. But check return values on IO calls anyway, just because it's a good idea. Most importantly, RTFM! `man 4 random` To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 15:21: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from mtiwmhc21.worldnet.att.net (mtiwmhc21.worldnet.att.net [204.127.131.46]) by hub.freebsd.org (Postfix) with ESMTP id 5905C37B506 for ; Wed, 3 May 2000 15:21:03 -0700 (PDT) (envelope-from shalunov@att.net) Received: from sharik.worldnet.att.net ([12.68.38.74]) by mtiwmhc21.worldnet.att.net (InterMail vM.4.01.02.39 201-229-119-122) with ESMTP id <20000503222101.JZXG1339.mtiwmhc21.worldnet.att.net@sharik.worldnet.att.net>; Wed, 3 May 2000 22:21:01 +0000 Received: (from shalunov@localhost) by sharik.worldnet.att.net (8.9.2/8.9.2) id SAA00803; Wed, 3 May 2000 18:21:01 -0400 (EDT) (envelope-from shalunov) To: Matthew Dillon Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic dump(8) References: <200005031718.KAA63329@apollo.backplane.com> From: stanislav shalunov Date: 03 May 2000 18:21:00 -0400 In-Reply-To: Matthew Dillon's message of "Wed, 3 May 2000 10:18:40 -0700 (PDT)" Message-ID: <87snvz46nn.fsf@sharik.worldnet.att.net> Lines: 33 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon writes: > [random (16 bytes)][MD5 of entire header including random, not including > the MD5 itself] > [ .................. entire block is encrypted (entire header, including > random and MD5)] > > Restore would then decrypt the header using the user-supplied key, then > MD5 it and compare the MD5 against the decrypted MD5. Doesn't this seem too complex? Storing MD5 of the cleartext header as first two blocks is enough (and somewhat guards you against poor choice of IV, too; poor choice of IV isn't catastrophic with CBC). Mallory still can modify tape in the middle and you won't notice it. If you're happy with two passes for restore, you could put MD5 of the entire tape in the end. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. I'm afraid you've either missed the fact that he uses CBC, or might be missing the implications of this. How much random data do you want to put into an 8-byte block, anyway? > Using /dev/random to obtain your random numbers is considered to be > acceptable. The bandwidth of /dev/random is far too small even on busiest machines to provide (unnecessary) random data for each block. -- stanislav shalunov | Speaking only for myself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 17:40:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id E404C37BA2F; Wed, 3 May 2000 17:40:25 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Wed, 3 May 2000 20:40:11 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Mike Nowlin Cc: Dan Tso , Fabio da Silva Cunha , freebsd-security@FreeBSD.ORG Subject: Re: e-mail auditing in sendmail 8.9.3/8.10.1 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 29 Apr 2000, Mike Nowlin wrote: > It also depends on what you're trying to catch. It's trivial for someone > to bypass whatever you do to sendmail for outgoing messages - just open a > connection directly to the receiving machine on port 25 and "emulate" > sendmail - some mail readers can do this anyway, avoiding sendmail. > Firewalling can help -- if I remember correctly, there's some > sort of rule in ipfw or ipf that provides "only allow packets destined for > port 25 of some other machine if they're originating on a program running > as root" capability.... If you're just trying to catch someone doing a > particular thing, and you have enough drive space available, tcpdump and > ports/net/tcpshow can record everything on port 25 as sorta-text... Here's an example of that: ipfw add 1000 pass tcp from any to any 25 uid 0 out # or "uid root" ipfw add 1100 deny log logamount 0 tcp from any to any 25 out (I need to MFC logamount 0... try some big number like 1000 instead, as you don't really want to fill your logs up...) This will give non-root users EACCES if they attempt to connect to port 25 outbound. This doesn't solve everything, but it would keep spammers on your system from doing their spamming without using your MTA. > --mike -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 23:29:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 4A0BA37BEBA for ; Wed, 3 May 2000 23:29:03 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA05648; Thu, 4 May 2000 08:28:52 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005040628.IAA05648@grimreaper.grondar.za> To: Matthew Dillon Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: <200005031718.KAA63329@apollo.backplane.com> In-Reply-To: <200005031718.KAA63329@apollo.backplane.com> ; from Matthew Dillon "Wed, 03 May 2000 10:18:40 MST." Date: Thu, 04 May 2000 08:28:52 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Store something like this in the header: [ Good stuff snipped. ] > Storing a random sequence in the header that is MD5'd as well as > encrypted is very important because otherwise someone trying to break > the encryption can 'guess' at what the contents of the header was in > order to try to reverse-engineer the encryption. Yes! It is _very_ important that the random number is cryptographically secure, ant that it is first, so as to maximise the security of the block cipher. It is also important to use one of the "feedback" modes, to spread the entropy over the whole block, seeing that this block is of paramount importance. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. Correct. > Using /dev/random to obtain your random numbers is considered to be > acceptable. "Vital". M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 23:32: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id BC57B37BEBA for ; Wed, 3 May 2000 23:31:51 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA05674; Thu, 4 May 2000 08:31:41 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005040631.IAA05674@grimreaper.grondar.za> To: James Wyatt Cc: Matthew Dillon , "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: In-Reply-To: ; from James Wyatt "Wed, 03 May 2000 13:06:04 EST." Date: Thu, 04 May 2000 08:31:41 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Wed, 3 May 2000, Matthew Dillon wrote: > [ losts stuff deleted ] > > Also, putting a random number in each block is important if each block > > is separately encrypted, for the same reason. > > > > Using /dev/random to obtain your random numbers is considered to be > > acceptable. > > How can you tell how much entropy is in the 'pool' for /dev/random and > it's about to start being not-so-random? Pull a sample once in a while and > Chi test it? I like being able to know. - Jy@ /dev/random only gives out enough bytes to cover its current pool size estimate; after that it blocks. /dev/urandom will give a hash of the pool and continue stirring to pool for as long as you read it. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 3 23:35:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 93FB537BFAC for ; Wed, 3 May 2000 23:35:17 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA05693; Thu, 4 May 2000 08:35:13 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005040635.IAA05693@grimreaper.grondar.za> To: "Andrew J. Korty" Cc: Matthew Dillon , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: In-Reply-To: ; from "Andrew J. Korty" "Wed, 03 May 2000 13:39:26 EST." Date: Thu, 04 May 2000 08:35:13 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > That sounds good, but I should probably leave the very first > header as cleartext. That way, I can put a flag there to tell > restore whether or not this tape is encrypted or not. Fair enough. > > Also, putting a random number in each block is important if each block > > is separately encrypted, for the same reason. > > Would it be acceptable to encrypt the header and block together > but each header/block pair separately? I don't think I have room > to add anything in the block, so maybe I could get that randomness > from what I add to the header (CBC should propagate it a little). The more you separate, the better chance you give for certain types of attacks; you are not giving much at all, but you are adding a tiny weakness. Attackers can use anything "known" about the structure of the data, and you are giving them the boundaries. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 1:53:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from tld.follo.net (tld.follo.net [195.204.143.184]) by hub.freebsd.org (Postfix) with ESMTP id 096B837B87F for ; Thu, 4 May 2000 01:53:26 -0700 (PDT) (envelope-from terje@elde.net) Received: by tld.follo.net (Postfix, from userid 1001) id 973537D73; Thu, 4 May 2000 10:53:13 +0200 (CEST) Date: Thu, 4 May 2000 10:53:13 +0200 From: Terje Elde To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <20000504105313.E350@tld.follo.net> References: <200005031718.KAA63329@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.14i In-Reply-To: ; from ajk@iu.edu on Wed, May 03, 2000 at 01:39:26PM -0500 X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Andrew J. Korty (ajk@iu.edu) [000504 09:27]: > That sounds good, but I should probably leave the very first > header as cleartext. That way, I can put a flag there to tell > restore whether or not this tape is encrypted or not. ... and which algorithm is used for symmetric encryption, as well as hash. You probably also want to stuff in some block sizes. Terje -- Terje Elde | Yes Interactive AS | voice: +47 64 85 52 00 terje@yes.no | http://www.yes.no/ | fax: +47 64 85 52 01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 11:11:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 1B5BE37C18F for ; Thu, 4 May 2000 11:11:20 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA11480; Thu, 4 May 2000 14:10:47 -0400 (EDT) (envelope-from cjc) Date: Thu, 4 May 2000 14:10:47 -0400 From: "Crist J. Clark" To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <20000504141047.B11123@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from ajk@iu.edu on Wed, May 03, 2000 at 10:33:32AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 03, 2000 at 10:33:32AM -0500, Andrew J. Korty wrote: > I've just extended dump(8) and restore(8) to encipher dump lists > and inode data with CBC 3DES, leaving the headers as cleartext. > Keys can be entered from the tty or a cleartext file. The > purpose is to safely transport and store dumps containing > sensitive data. Everyone seems pretty excited about this possible extension to dump-restore, but I have a few IMHOs that do not seem to have come up in the thread. IMHO, secure transport and secure storage are two different issues. True, if the dump is encrypted from the get-go, secure transport is moot, but for me and for others I am sure, secure storage is not needed or desired. I don't want people peaking at dumps over the network, but as for the media, I use the physical security of the media (a safe or lockbox) rather than encryption. You may ask what's the problem with just adding the extra layer of encryption to the dump? First and foremost, is how to store the keys to the dumps securely. If I am making dumps for a company or other entity, it may not be me who is doing the restore. The electronic keys and any passwords involved must be documented. And they must be kept as long as the backups are kept. If you toss a floppy with the keys on it and a Post-It with the password in with your dump tapes, where is this added security? You need to lock all that up... so why not lock unencrypted tapes in the first place and skip the headaches. Tape, which still is the medium of choice for dumps (yes, others, including the ridiculously cheap HDD, are options), is not known for being the most reliable. If the process is not designed well, corruption on one small part of the tape renders the dump useless. If it is unencrypted, you can pull the raw data off of the dump and it could still be quite salvageable. Unfortunately, I saw in the thread that this solution "was needed yesterday." I hope that means things like recovery from partial media failure are not overlooked or sacrificed. Because, and this is another huge issue, if incompatibilities in the dump-restore process arise, your data may again be lost forever. Or we get dump-retore bloat for backcompatibility. This should be done right the first time... at least to within reason. Before I finish I want to say that this is by no means to say that I do not think this would be a very useful thing. For individuals who may find secure storage unacceptable and won't find documenting keys and passwords such a chore, it is a boon. What I really find facinating however, is the potential to backup data to an untrusted backup server. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 11:22:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from verbal.uits.iupui.edu (dhcp-uits-18-12.uits.indiana.edu [129.79.18.12]) by hub.freebsd.org (Postfix) with ESMTP id EA1F237C1F4 for ; Thu, 4 May 2000 11:22:24 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by verbal.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id NAA26504; Thu, 4 May 2000 13:20:12 -0500 (EST) (envelope-from ajk@iu.edu) X-Authentication-Warning: verbal.uits.iupui.edu: ajk owned process doing -bs Date: Thu, 4 May 2000 13:20:12 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@verbal.uits.iupui.edu To: Mark Murray Cc: Matthew Dillon , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005040628.IAA05648@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Store something like this in the header: > > [ Good stuff snipped. ] > > > Storing a random sequence in the header that is MD5'd as well as > > encrypted is very important because otherwise someone trying to break > > the encryption can 'guess' at what the contents of the header was in > > order to try to reverse-engineer the encryption. > > Yes! It is _very_ important that the random number is cryptographically > secure, ant that it is first, so as to maximise the security of the block > cipher. It is also important to use one of the "feedback" modes, to spread > the entropy over the whole block, seeing that this block is of paramount > importance. I was under the impression that the CBC mode would also propagate this entry throughout the block. Must I use one of the feedback modes? -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 11:33:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from verbal.uits.iupui.edu (dhcp-uits-18-12.uits.indiana.edu [129.79.18.12]) by hub.freebsd.org (Postfix) with ESMTP id B63F537C335 for ; Thu, 4 May 2000 11:33:23 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by verbal.uits.iupui.edu (8.9.3/8.9.3) with ESMTP id NAA26542; Thu, 4 May 2000 13:31:15 -0500 (EST) (envelope-from ajk@iu.edu) X-Authentication-Warning: verbal.uits.iupui.edu: ajk owned process doing -bs Date: Thu, 4 May 2000 13:31:15 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@verbal.uits.iupui.edu To: Mark Murray Cc: Matthew Dillon , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005040635.IAA05693@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > That sounds good, but I should probably leave the very first > > header as cleartext. That way, I can put a flag there to tell > > restore whether or not this tape is encrypted or not. > > Fair enough. I'm starting to second guess this decision, since an attacker could get inode numbers from the cleartext headers and perform known-text attacks by guessing which binaries have those inode numbers. If I need to put the random string at the beginning of the header, then we're throwing the old file format out the window anyway, so I might as well encrypt everything. > > > Also, putting a random number in each block is important if each block > > > is separately encrypted, for the same reason. > > > > Would it be acceptable to encrypt the header and block together > > but each header/block pair separately? I don't think I have room > > to add anything in the block, so maybe I could get that randomness > > from what I add to the header (CBC should propagate it a little). > > The more you separate, the better chance you give for certain types of > attacks; you are not giving much at all, but you are adding a tiny > weakness. Attackers can use anything "known" about the structure > of the data, and you are giving them the boundaries. The reason for the separation is so that one corrupted block does not render the entire tape useless. -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 13:15:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 33DE037C1E1 for ; Thu, 4 May 2000 13:15:27 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id WAA07617; Thu, 4 May 2000 22:15:33 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005042015.WAA07617@grimreaper.grondar.za> To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: In-Reply-To: ; from "Andrew J. Korty" "Thu, 04 May 2000 13:20:12 EST." Date: Thu, 04 May 2000 22:15:32 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I was under the impression that the CBC mode would also propagate this > entry throughout the block. Must I use one of the feedback modes? Yes. I have no hard references in front of me, but I'll put ${bodypart} on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. IE not good enough to stave off known plaintext attacks. CBC is what you'd use if the entire plaintext is of unpredictable structure. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 13:22:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id F2F8137C254 for ; Thu, 4 May 2000 13:22:16 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id WAA07642; Thu, 4 May 2000 22:22:23 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005042022.WAA07642@grimreaper.grondar.za> To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: In-Reply-To: ; from "Andrew J. Korty" "Thu, 04 May 2000 13:31:15 EST." Date: Thu, 04 May 2000 22:22:23 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm starting to second guess this decision, since an attacker could > get inode numbers from the cleartext headers and perform known-text > attacks by guessing which binaries have those inode numbers. You are thinking about this in very much the right way! :-) > If I need to put the random string at the beginning of the header, > then we're throwing the old file format out the window anyway, so > I might as well encrypt everything. ...Unless you could flag it in some creative way "the rest of this is encrypted; sod off"? > The reason for the separation is so that one corrupted block does > not render the entire tape useless. Could you break it in a way that would not compromise the crypto; that is break the stream at ${count} ${units}, rather than at "logical" boundaries, in such a way that the stream can be recovered at some point at the expense of maybe losing a ${block} if it contains a corruption? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 15:30:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 1D44B37B98A for ; Thu, 4 May 2000 15:30:44 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <115878>; Fri, 5 May 2000 08:30:45 +1000 Content-return: prohibited From: Peter Jeremy Subject: Re: Cryptographic dump(8) In-reply-to: ; from ajk@iu.edu on Thu, May 04, 2000 at 01:34:31AM +1000 To: "Andrew J. Korty" Cc: security@FreeBSD.ORG Message-Id: <00May5.083045est.115878@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0i Content-type: text/plain; charset=us-ascii References: Date: Fri, 5 May 2000 08:30:43 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-May-04 01:34:31 +1000, "Andrew J. Korty" wrote: >I've just extended dump(8) and restore(8) to encipher dump lists >and inode data with CBC 3DES, leaving the headers as cleartext. BTW, unless you're using H/W encryption, 3DES is quite slow - and will probably be the limiting factor in your dump/restore speed. This may or may not be an issue. If it is, you might like to look at alternative algorithms. Another comment that people haven't mentioned is that since you're dumping in a non-standard format, your restore program is critical. Remember to keep a couple of known-good copies around in an format you can get at - eg tar a copy of the restore onto the front of each backup, or build your own bootable, recovery CD including it. >The question: what is the best way to verify a key handed to >restore(8) to decipher a dump? Matt suggested storing an unencrypted hash of the unencrypted header, together with the encrypted header. Another option, if your key management (which you seem to have glossed over) can handle larger keys: Define the key as the concatenation of the 3DES key and 8 bytes of random data. Those 8 bytes are stored encrypted in the header. After decryption, verify that you get back the random data you started with. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 18:20:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id E96D137B5B4 for ; Thu, 4 May 2000 18:20:03 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <116340>; Fri, 5 May 2000 11:19:51 +1000 Content-return: prohibited From: Peter Jeremy Subject: Re: Cryptographic dump(8) In-reply-to: <200005042015.WAA07617@grimreaper.grondar.za>; from mark@grondar.za on Fri, May 05, 2000 at 06:16:30AM +1000 To: Mark Murray Cc: "Andrew J. Korty" , security@FreeBSD.ORG Message-Id: <00May5.111951est.116340@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0i Content-type: text/plain; charset=us-ascii References: <200005042015.WAA07617@grimreaper.grondar.za> Date: Fri, 5 May 2000 11:17:30 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-May-05 06:16:30 +1000, Mark Murray wrote: >> I was under the impression that the CBC mode would also propagate this >> entry throughout the block. Must I use one of the feedback modes? > >Yes. Not exactly. > I have no hard references in front of me, but I'll put ${bodypart} >on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. Bzzzt. You lose (I hope you didn't set ${bodypart} to anything important). You are thinking of ECB (Electronic Code Book): This mode takes each block and individually encrypts it. CBC (Cipher Block Chaining) is Cn = Ek(C(n-1) XOR Pn) An initialisation vector (IV) is XOR'd with the first block. CFB (Cipher feedback) is Cn = Pn XOR Ek(C(n-1)) OFB (Output feedback) is Cn = Pn XOR (Rn = Ek(R(n-1))) As for propagation: ECB: the output block depends on the key only. OFB: the output block depends on the key and IV only. CBC and CFB: the output block depends on key, IV and all preceeding plaintext (They all have different behaviours regarding corruption and synchronisation - which is important if your backup tape loses a few bits). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 20:18:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from mtiwmhc26.worldnet.att.net (mtiwmhc26.worldnet.att.net [204.127.131.51]) by hub.freebsd.org (Postfix) with ESMTP id D2E6E37B59C for ; Thu, 4 May 2000 20:18:12 -0700 (PDT) (envelope-from shalunov@att.net) Received: from sharik.worldnet.att.net ([12.68.48.32]) by mtiwmhc26.worldnet.att.net (InterMail vM.4.01.02.39 201-229-119-122) with ESMTP id <20000505031810.RGNL12683.mtiwmhc26.worldnet.att.net@sharik.worldnet.att.net>; Fri, 5 May 2000 03:18:10 +0000 Received: (from shalunov@localhost) by sharik.worldnet.att.net (8.9.2/8.9.2) id XAA01371; Thu, 4 May 2000 23:18:10 -0400 (EDT) (envelope-from shalunov) To: Mark Murray Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic dump(8) References: <200005042015.WAA07617@grimreaper.grondar.za> From: stanislav shalunov Date: 04 May 2000 23:18:10 -0400 In-Reply-To: Mark Murray's message of "Thu, 04 May 2000 22:15:32 +0200" Message-ID: <877ld9vg5p.fsf@sharik.worldnet.att.net> Lines: 14 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mark Murray writes: > Yes. I have no hard references in front of me, but I'll put ${bodypart} > on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. IE not > good enough to stave off known plaintext attacks. CBC is what you'd use > if the entire plaintext is of unpredictable structure. You must be confusing CBC with ECB. CBC is the correct chaining mode to use for this application. Feedback modes would do more harm than good. -- stanislav shalunov | Speaking only for myself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 20:29:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id C6A5A37B66C for ; Thu, 4 May 2000 20:29:18 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: from dragon.nuxi.com (root@trang.cdrom.com [204.216.28.153]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id UAA99103 for ; Thu, 4 May 2000 20:29:16 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id UAA09576 for security@freebsd.org; Thu, 4 May 2000 20:29:14 -0700 (PDT) (envelope-from obrien) Date: Thu, 4 May 2000 20:29:14 -0700 From: "David O'Brien" To: security@freebsd.org Subject: Packet-Filtering Firewall: An Expnasion of an Existing Implementation Message-ID: <20000504202913.A8299@dragon.nuxi.com> Reply-To: obrien@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://www.cs.technion.ac.il/Courses/Computer-Networks-Lab/projects/spring98/fwmanager/ This is a bunch of enhancements to the FreeBSD IPFW facility and a GUI. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 20:30:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-026.npt-sdsl.stargate.net [208.223.229.26]) by hub.freebsd.org (Postfix) with ESMTP id 8340137B9E5 for ; Thu, 4 May 2000 20:30:06 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from w2xo.pgh.pa.us (shazam.w2xo.pgh.pa.us [192.168.5.3]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id DAA44454 for ; Fri, 5 May 2000 03:29:41 GMT (envelope-from durham@w2xo.pgh.pa.us) Message-ID: <39124044.EAB72303@w2xo.pgh.pa.us> Date: Thu, 04 May 2000 23:30:12 -0400 From: Jim Durham Organization: dis- X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: I got spammed from my localhost.. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I discovered when I went to read my e-mail this evening a bunch of mail from my Mailer-Daemon for non-existant addresses and such for mail that I did not send. I found that someone has been relaying through my sendmail all day long. He is appearing as "localhost" which is an allowable address to relay in my access database for sendmail. Anybody know any place to start looking for a trojan horse or something of that sort in my system? The security runs don't report any new setuid root files. The daily run output indicates that a system in korea was warned many times of insufficient disk space. I would assume my /var/spool/mqueue filled up and that system is the perpetrator? Any ideas appreciated... -- Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 21: 9:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 36DBF37B59C for ; Thu, 4 May 2000 21:09:52 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 1350 invoked by uid 1000); 5 May 2000 04:09:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 5 May 2000 04:09:50 -0000 Date: Fri, 5 May 2000 00:09:48 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: David O'Brien Cc: security@freebsd.org Subject: Re: Packet-Filtering Firewall: An Expnasion of an Existing Implementation In-Reply-To: <20000504202913.A8299@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a bit off topic, but I'm choosing to post here because I might not be the only one interested in this quote: "Being a research-oriented OS, FreeBSD is, as implied by its name, a Free Code OS, i.e. it is distributed along with the entire code and can be compiled and altered at will in private environments." The use "private environments" here is unclear I believe. Am I mistaken in understanding that it can be compiled and altered at will in any and all environments? I don't mean to "troll" the list or anything of the sort, I'm simply an obsessive and quite picky guy when it comes to details ;) This looks like a great package, I thank you for bringing this to the list, I'm on my way to try this out now. Regards, Matt On Thu, 4 May 2000, David O'Brien wrote: : Date: Thu, 4 May 2000 23:29:14 -0400 : From: David O'Brien : To: security@freebsd.org : Subject: Packet-Filtering Firewall: An Expnasion of an Existing : Implementation : : http://www.cs.technion.ac.il/Courses/Computer-Networks-Lab/projects/spring98/fwmanager/ : : This is a bunch of enhancements to the FreeBSD IPFW facility and a GUI. : : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message : Matt Heckaman matt@arpa.mail.net http://www.lucida.qc.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5EkmOdMMtMcA1U5ARApCXAKDivmb+vjbJYp1IGJDe2vRd7ucm9wCgwy0U +9KRjD8xsYZR+7e0MghV760= =Li72 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 22:59:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 8782237B69C for ; Thu, 4 May 2000 22:59:53 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id HAA09922; Fri, 5 May 2000 07:59:39 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005050559.HAA09922@grimreaper.grondar.za> To: Peter Jeremy Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) References: <00May5.112203est.116381@border.alcanet.com.au> In-Reply-To: <00May5.112203est.116381@border.alcanet.com.au> ; from Peter Jeremy "Fri, 05 May 2000 11:21:12 +1000." Date: Fri, 05 May 2000 07:59:39 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I have no hard references in front of me, but I'll put ${bodypart} > >on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. > > Bzzzt. You lose (I hope you didn't set ${bodypart} to anything important). > You are thinking of ECB (Electronic Code Book): This mode takes each > block and individually encrypts it. :-) You are correct. ECB is what I was thinking about, and CBC and CFB are what I was reccommending for use. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 23: 0:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 3C6A337BE40 for ; Thu, 4 May 2000 23:00:26 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA09944; Fri, 5 May 2000 08:00:32 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005050600.IAA09944@grimreaper.grondar.za> To: stanislav shalunov Cc: freebsd-security@freebsd.org Subject: Re: Cryptographic dump(8) References: <877ld9vg5p.fsf@sharik.worldnet.att.net> In-Reply-To: <877ld9vg5p.fsf@sharik.worldnet.att.net> ; from stanislav shalunov "04 May 2000 23:18:10 -0400." Date: Fri, 05 May 2000 08:00:32 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > You must be confusing CBC with ECB. Correct, I was. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 23: 8:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from draenor.org (draenor.org [196.36.204.219]) by hub.freebsd.org (Postfix) with ESMTP id 29B1937B989 for ; Thu, 4 May 2000 23:08:07 -0700 (PDT) (envelope-from marcs@draenor.org) Received: from marcs by draenor.org with local (Exim 3.12 #1) id 12nbIm-00017n-00 for freebsd-security@freebsd.org; Fri, 05 May 2000 08:09:28 +0200 Date: Fri, 5 May 2000 08:09:28 +0200 From: Marc Silver To: freebsd-security@freebsd.org Subject: Firewall Rules Message-ID: <20000505080928.Q80532@draenor.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i X-Operating-System: FreeBSD 3.4-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey all, I am currently working on some documentation on ipfw and natd with ppp. The following rules are for a basic dialup firewall that will allow connections on port 80. Are these rules sound, and if not, how could they be improved? If possible, please reply to me, as I am not subscribed to FreeBSD-security. :) Thanks, Marc fwcmd="/sbin/ipfw" $fwcmd -f flush $fwcmd add divert natd all from any to any via tun0 $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via fxp0 $fwcmd add allow tcp from any to any out xmit tun0 setup $fwcmd add allow tcp from any to any via tun0 established $fwcmd add pass log tcp from any to any 80 setup $fwcmd add reset log tcp from any to any 113 in recv tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 $fwcmd add 65435 allow icmp from any to any $fwcmd add 65435 deny log ip from any to any To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 23:37:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 03CBF37B5AA for ; Thu, 4 May 2000 23:37:44 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA28542; Fri, 5 May 2000 00:37:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA46998; Fri, 5 May 2000 00:37:38 -0600 (MDT) Message-Id: <200005050637.AAA46998@harmony.village.org> To: Jim Durham Subject: Re: I got spammed from my localhost.. Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 04 May 2000 23:30:12 EDT." <39124044.EAB72303@w2xo.pgh.pa.us> References: <39124044.EAB72303@w2xo.pgh.pa.us> Date: Fri, 05 May 2000 00:37:38 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39124044.EAB72303@w2xo.pgh.pa.us> Jim Durham writes: : I found that someone has been relaying through my sendmail all day : long. He is appearing as "localhost" which is an allowable address : to relay in my access database for sendmail. Without a header, it is impossible to know if this is a localhost or a localhost. There are differences :-). He might have is IP address setup to return localhost for queries to it (reverse dns). Help us out and send us at least one header. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 23:38:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 68EF037BA32 for ; Thu, 4 May 2000 23:38:50 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA28546; Fri, 5 May 2000 00:38:48 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA47015; Fri, 5 May 2000 00:38:45 -0600 (MDT) Message-Id: <200005050638.AAA47015@harmony.village.org> To: Peter Jeremy Subject: Re: Cryptographic dump(8) Cc: "Andrew J. Korty" , security@FreeBSD.ORG In-reply-to: Your message of "Fri, 05 May 2000 08:30:43 +1000." <00May5.083045est.115878@border.alcanet.com.au> References: <00May5.083045est.115878@border.alcanet.com.au> Date: Fri, 05 May 2000 00:38:45 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <00May5.083045est.115878@border.alcanet.com.au> Peter Jeremy writes: : BTW, unless you're using H/W encryption, 3DES is quite slow - and will : probably be the limiting factor in your dump/restore speed. This may : or may not be an issue. If it is, you might like to look at : alternative algorithms. How slow is quite slow? My dumps rarely run faster than a few hundered kbps (usually about 150). Even though my tape drive can go faster than that. My fs has too many small files for dump to get good performance out of. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 4 23:47:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id C36F537B683 for ; Thu, 4 May 2000 23:47:39 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id XAA18082; Thu, 4 May 2000 23:46:41 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <016c01bfb65d$aaf59c20$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "Marc Silver" , Subject: Re: Firewall Rules Date: Thu, 4 May 2000 23:42:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I am currently working on some documentation on ipfw and natd with ppp. >The following rules are for a basic dialup firewall that will allow >connections on port 80. Are these rules sound, and if not, how could >they be improved? Are you talking about User-PPP? (I assume so, since you use 'tun0' in your rules.) You do know that ppp(8) has built-in NAT and filtering (which is easier than IPFW), so that you don't need IPFW and NATD? Anyway: >fwcmd="/sbin/ipfw" >$fwcmd -f flush >$fwcmd add divert natd all from any to any via tun0 >$fwcmd add allow ip from any to any via lo0 >$fwcmd add allow ip from any to any via fxp0 >$fwcmd add allow tcp from any to any out xmit tun0 setup >$fwcmd add allow tcp from any to any via tun0 established >$fwcmd add pass log tcp from any to any 80 setup This one will allow incoming connections to your web server. BTW, 'allow' and 'pass' are the same, is there a particular reason you changed terminology? Also, you probably won't want to log this, since web traffic generates huge amounts of connections, and your web server will log it all anyway... >$fwcmd add reset log tcp from any to any 113 in recv tun0 I'd remove the 'log' from this one also, since you'll get a lot of attempted connections here from sendmail... >$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 >$fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 >$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 >$fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 >$fwcmd add 65435 allow icmp from any to any You might consider adding '$fwcmd allow udp from any to any 33434-33463' if you want to let people do a traceroute to you... >$fwcmd add 65435 deny log ip from any to any You might want to also take a look at the anti-spoofing rules in the SIMPLE section of /etc/rc.firewall. Good Luck! --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 0: 0:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from draenor.org (draenor.org [196.36.204.219]) by hub.freebsd.org (Postfix) with ESMTP id 49E5837BAFE for ; Fri, 5 May 2000 00:00:14 -0700 (PDT) (envelope-from marcs@draenor.org) Received: from marcs by draenor.org with local (Exim 3.12 #1) id 12nc76-0001BK-00; Fri, 05 May 2000 09:01:28 +0200 Date: Fri, 5 May 2000 09:01:28 +0200 From: Marc Silver To: Dan O'Connor Cc: freebsd-security@freebsd.org Subject: Re: Firewall Rules Message-ID: <20000505090128.A4456@draenor.org> References: <016c01bfb65d$aaf59c20$0200000a@danco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <016c01bfb65d$aaf59c20$0200000a@danco>; from dan@mostgraveconcern.com on Thu, May 04, 2000 at 11:42:00PM -0700 X-Operating-System: FreeBSD 3.4-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey Dan, Your feedback is much appreciated, and I have modified the rules (and my document) based on your suggestions. On Thu, May 04, 2000 at 11:42:00PM -0700, Dan O'Connor wrote: > > > Are you talking about User-PPP? (I assume so, since you use 'tun0' in your > rules.) You do know that ppp(8) has built-in NAT and filtering (which is > easier than IPFW), so that you don't need IPFW and NATD? > Do you feel that userland ppp is as safe as the kernel firewalling options? I would like to gain a better understanding. What are the major differences between the two? > This one will allow incoming connections to your web server. BTW, 'allow' > and 'pass' are the same, is there a particular reason you changed > terminology? Also, you probably won't want to log this, since web traffic > generates huge amounts of connections, and your web server will log it all > anyway... Didn't know that pass and allow were the same thing....thanks. Also, the logging of http was a typo, but thanks for pointing it out. > You might consider adding '$fwcmd allow udp from any to any 33434-33463' if > you want to let people do a traceroute to you... Also very useful, thank you. > You might want to also take a look at the anti-spoofing rules in the SIMPLE > section of /etc/rc.firewall. Will look at this too. Thanks, Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 1:49:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from syrenna.deep-ocean.net (ca-ol-bordeaux-7-4.abo.wanadoo.fr [62.161.110.4]) by hub.freebsd.org (Postfix) with ESMTP id 2B8F637BB55 for ; Fri, 5 May 2000 01:49:36 -0700 (PDT) (envelope-from olivier.cortes@free.fr) Received: from pozeidon (pozeidon.deep-ocean.net [192.168.0.12]) by syrenna.deep-ocean.net (8.9.3/8.9.3) with SMTP id KAA09518 for ; Fri, 5 May 2000 10:47:41 +0200 (CEST) (envelope-from olivier.cortes@free.fr) From: "Olivier Cortes" To: "FreeBSD security" Subject: RE: Packet-Filtering Firewall: An Expnasion of an Existing Implementation Date: Fri, 5 May 2000 10:47:45 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2776.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 In-Reply-To: Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hello all :) when compiling the fwmd, i have this errors : ------------------------------------- gcc Des.cpp Md5.cpp FWMCrypt.cpp FWMDatabase.cpp FWMTime.cpp FWMRules.cpp FWMDaemon.cpp -o fwmd FWMDaemon.cpp: In function `int LogProcess(int)': FWMDaemon.cpp:1380: passing `int *' as argument 6 of `recvfrom(int, void *, unsigned int, int, sockaddr *, socklen_t *)' changes signedness FWMDaemon.cpp: In function `BOOL CollectIPFWStats()': FWMDaemon.cpp:1832: passing `int *' as argument 5 of `getsockopt(int, int, int, void *, socklen_t *)' changes signedness *** Error code 1 Stop in /root/fwmd. --------------------------------------- do you have the same problems ? i use FreeBSD 4.0-RELEASE did you patched the source ? if so, i will too. thanx in advance. Olivier Cortes Deep Ocean WebMaster www.deep-ocean.net > -----Message d'origine----- > De : owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]De la part de Matt Heckaman > Envoyé : vendredi 5 mai 2000 06:10 > À : David O'Brien > Cc : security@freebsd.org > Objet : Re: Packet-Filtering Firewall: An Expnasion of an Existing > Implementation > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is a bit off topic, but I'm choosing to post here because I might not > be the only one interested in this quote: > > "Being a research-oriented OS, FreeBSD is, as implied by its name, > a Free Code OS, i.e. it is distributed along with the entire code > and can be compiled and altered at will in private environments." > > The use "private environments" here is unclear I believe. Am I mistaken in > understanding that it can be compiled and altered at will in any and all > environments? I don't mean to "troll" the list or anything of the sort, > I'm simply an obsessive and quite picky guy when it comes to details ;) > > This looks like a great package, I thank you for bringing this to the > list, I'm on my way to try this out now. > > Regards, > Matt > > On Thu, 4 May 2000, David O'Brien wrote: > > : Date: Thu, 4 May 2000 23:29:14 -0400 > : From: David O'Brien > : To: security@freebsd.org > : Subject: Packet-Filtering Firewall: An Expnasion of an Existing > : Implementation > : > : http://www.cs.technion.ac.il/Courses/Computer-Networks-Lab/projects/spring98/fwmanager/ > : > : This is a bunch of enhancements to the FreeBSD IPFW facility and a GUI. > : > : > : To Unsubscribe: send mail to majordomo@FreeBSD.org > : with "unsubscribe freebsd-security" in the body of the message > : > > Matt Heckaman > matt@arpa.mail.net > http://www.lucida.qc.ca > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.1 (FreeBSD) > Comment: http://www.lucida.qc.ca/pgp > > iD8DBQE5EkmOdMMtMcA1U5ARApCXAKDivmb+vjbJYp1IGJDe2vRd7ucm9wCgwy0U > +9KRjD8xsYZR+7e0MghV760= > =Li72 > -----END PGP SIGNATURE----- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 2:13:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2EAE037BB8C; Fri, 5 May 2000 02:13:26 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id CAA00894; Fri, 5 May 2000 02:13:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 5 May 2000 02:13:24 -0700 (PDT) From: Kris Kennaway To: Warner Losh Cc: Peter Jeremy , "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005050638.AAA47015@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 5 May 2000, Warner Losh wrote: > How slow is quite slow? My dumps rarely run faster than a few > hundered kbps (usually about 150). Even though my tape drive can go > faster than that. My fs has too many small files for dump to get good > performance out of. The unmodified OpenSSL (used in e.g. libdes) gets about 500kbps for 3DES encryption on my PPro 233 - if you enable the asm optimizations per my patch sent to -current a few weeks back, it brings it up to about 1900kbps. Blowfish is much faster that this for the same key strength, although I don't have exact numbers to hand. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 4:53:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-026.npt-sdsl.stargate.net [208.223.229.26]) by hub.freebsd.org (Postfix) with ESMTP id D06CC37B7AE for ; Fri, 5 May 2000 04:53:11 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from w2xo.pgh.pa.us (shazam.w2xo.pgh.pa.us [192.168.5.3]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id LAA46027; Fri, 5 May 2000 11:52:26 GMT (envelope-from durham@w2xo.pgh.pa.us) Message-ID: <3912B61A.9E0DD9A5@w2xo.pgh.pa.us> Date: Fri, 05 May 2000 07:52:58 -0400 From: Jim Durham Organization: dis- X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: freebsd-security@FreeBSD.ORG Subject: Re: I got spammed from my localhost.. References: <39124044.EAB72303@w2xo.pgh.pa.us> <200005050637.AAA46998@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh writes: > >In message <39124044.EAB72303@w2xo.pgh.pa.us> Jim Durham writes: >: I found that someone has been relaying through my sendmail all day >: long. He is appearing as "localhost" which is an allowable address >: to relay in my access database for sendmail. > >Without a header, it is impossible to know if this is a localhost or a >localhost. There are differences :-). He might have is IP address >setup to return localhost for queries to it (reverse dns). I don't have an outgoing header. When I saw the problem, I shut down sendmail. I brought it back up in about 10 minutes in -odq mode. Apparently all the mail had cleared. The only thing that tipped me off were the messages from my Mailer-Daemon about refused connections. Here is one of those. You will see it lists the original as from localhost. I hesitate to post something this long to the list, so I have truncated this. You will see that the original is listed as from "localhost 127.0.0.1" in the 2nd case. Another thing is that /var/log/maillog doesn't seem to show any *successful* connections, only rejects. The body of the message was some cell-phone offer. It does have a "mailto:" on it. Truthfully, I'm not sure *what* was going on. >From MAILER-DAEMON Thu May 4 06:02:07 2000 Return-Path: Received: from localhost (localhost) by w2xo.pgh.pa.us (8.9.3/8.9.3) with internal id GAB38613; Thu, 4 May 2000 06:02:07 GMT (envelope-from MAILER-DAEMON) Date: Thu, 4 May 2000 06:02:07 GMT From: Mail Delivery Subsystem Message-Id: <200005040602.GAB38613@w2xo.pgh.pa.us> To: postmaster MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="GAB38613.957420127/w2xo.pgh.pa.us" Subject: Postmaster notify: User unknown Auto-Submitted: auto-generated (postmaster-notification) Status: RO X-Status: D X-Keywords: X-UID: 50153 This is a MIME-encapsulated message --GAB38613.957420127/w2xo.pgh.pa.us The original message was received at Thu, 4 May 2000 06:01:01 GMT from localhost ----- The following addresses had permanent fatal errors ----- ----- Transcript of session follows ----- ... while talking to pnet.seojon.co.kr.: >>> RCPT To: <<< 550 ... User unknown 550 ... User unknown --GAB38613.957420127/w2xo.pgh.pa.us Content-Type: message/delivery-status Reporting-MTA: dns; w2xo.pgh.pa.us Received-From-MTA: DNS; localhost Arrival-Date: Thu, 4 May 2000 06:01:01 GMT Final-Recipient: RFC822; e7QZWNbG6@seojon.co.kr Action: failed Status: 5.1.1 Remote-MTA: DNS; pnet.seojon.co.kr Diagnostic-Code: SMTP; 550 ... User unknown Last-Attempt-Date: Thu, 4 May 2000 06:02:00 GMT --GAB38613.957420127/w2xo.pgh.pa.us Content-Type: message/rfc822 Return-Path: Received: from localhost (localhost) Date: Thu, 4 May 2000 06:01:01 GMT From: Mail Delivery Subsystem Message-Id: <200005040601.GAA38613@w2xo.pgh.pa.us> To: MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="GAA38613.957420061/w2xo.pgh.pa.us" Content-Transfer-Encoding: 8bit Subject: Returned mail: User unknown Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --GAA38613.957420061/w2xo.pgh.pa.us The original message was received at Thu, 4 May 2000 05:55:47 GMT from localhost [127.0.0.1] -- Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 5:46:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from tempest.waterspout.com (tempest.waterspout.com [208.13.56.2]) by hub.freebsd.org (Postfix) with ESMTP id 8558237B876; Fri, 5 May 2000 05:46:38 -0700 (PDT) (envelope-from ajk@iu.edu) Received: from localhost (ajk@localhost) by tempest.waterspout.com (8.9.3/8.9.3) with ESMTP id HAA56982; Fri, 5 May 2000 07:46:36 -0500 (EST) (envelope-from ajk@iu.edu) Date: Fri, 5 May 2000 07:46:36 -0500 (EST) From: "Andrew J. Korty" X-Sender: ajk@tempest.waterspout.com To: Kris Kennaway Cc: Warner Losh , Peter Jeremy , security@FreeBSD.org Subject: Re: Cryptographic dump(8) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Fri, 5 May 2000, Warner Losh wrote: > > > How slow is quite slow? My dumps rarely run faster than a few > > hundered kbps (usually about 150). Even though my tape drive can go > > faster than that. My fs has too many small files for dump to get good > > performance out of. > > The unmodified OpenSSL (used in e.g. libdes) gets about 500kbps for 3DES > encryption on my PPro 233 - if you enable the asm optimizations per my > patch sent to -current a few weeks back, it brings it up to about > 1900kbps. Blowfish is much faster that this for the same key strength, > although I don't have exact numbers to hand. Well, like I said, I'm trying to make it easy to add cipher types. I have CBC 3DES working currently, but I can see how keeping the tape streaming could be a worry. I see Blowfish in libcrypto, but where is the documentation? -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 6:59:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id 4E85437B9A5 for ; Fri, 5 May 2000 06:59:45 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id GAA19186; Fri, 5 May 2000 06:56:09 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <019201bfb699$aa17c800$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "Marc Silver" Cc: Subject: Re: Firewall Rules Date: Fri, 5 May 2000 06:56:07 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Do you feel that userland ppp is as safe as the kernel firewalling >options? I would like to gain a better understanding. What are the >major differences between the two? As far as I know, they both work about the same. IPFW has more flexibility, with complexity being the trade off. These are the /etc/ppp/ppp.conf rules I used before I got my DSL line (and switched to IPFW/NATD): # Prevent ICMP, DNS (53), and NTP (123) from keeping the connection alive: set filter alive 0 deny icmp set filter alive 1 deny udp src eq 53 set filter alive 2 deny udp dst eq 53 set filter alive 3 deny udp src eq 123 set filter alive 4 deny udp dst eq 123 set filter alive 5 permit 0 0 # Prevent NTP (123) from causing a dialup: set filter dial 0 deny udp src eq 123 set filter dial 1 deny udp dst eq 123 set filter dial 2 permit 0 0 # Allow ident (113), ftp (20 & 21), SSH (22), SMTP (25), DNS (53), # HTTP (80) IN & OUT, POP3 (110), NNTP (119), NTP (123), HTTPS (443), # SOCKS (1080), CVS (5998, 5999), ICMP (ping) and traceroute (>33433). # Everything else is blocked by default: set filter in 0 permit tcp dst eq 113 set filter out 0 permit tcp src eq 113 set filter in 1 permit tcp src eq 20 dst gt 1023 set filter out 1 permit tcp dst eq 20 set filter in 2 permit tcp src eq 21 estab set filter out 2 permit tcp dst eq 21 set filter in 3 permit tcp src eq 22 set filter out 3 permit tcp dst eq 22 set filter in 4 permit tcp src eq 25 set filter out 4 permit tcp dst eq 25 set filter in 5 permit udp src eq 53 set filter out 5 permit udp dst eq 53 set filter in 6 permit tcp src eq 80 set filter out 6 permit tcp dst eq 80 set filter in 7 permit tcp dst eq 80 set filter out 7 permit tcp src eq 80 set filter in 8 permit tcp src eq 110 set filter out 8 permit tcp dst eq 110 set filter in 9 permit tcp src eq 119 set filter out 9 permit tcp dst eq 119 set filter in 10 permit udp src eq 123 set filter out 10 permit udp dst eq 123 set filter in 11 permit tcp src eq 443 set filter out 11 permit tcp dst eq 443 set filter in 12 permit udp src eq 443 set filter out 12 permit udp dst eq 443 set filter in 13 permit tcp src eq 1080 set filter out 13 permit tcp dst eq 1080 set filter in 14 permit udp src eq 1080 set filter out 14 permit udp dst eq 1080 set filter in 15 permit tcp src eq 5998 set filter out 15 permit tcp dst eq 5998 set filter in 16 permit tcp src eq 5999 set filter out 16 permit tcp dst eq 5999 set filter in 17 permit icmp set filter out 17 permit icmp set filter in 18 permit udp dst gt 33433 set filter out 18 permit udp src gt 33433 Hope they help! --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 7:17:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from cricket.mindcrime.net (cricket.mindcrime.net [209.70.202.96]) by hub.freebsd.org (Postfix) with ESMTP id 2383A37B572 for ; Fri, 5 May 2000 07:17:14 -0700 (PDT) (envelope-from sagem@cricket.mindcrime.net) Received: from cricket.mindcrime.net (cricket.mindcrime.net [209.70.202.96]) by cricket.mindcrime.net (8.9.3/8.9.3) with ESMTP id JAA28208; Fri, 5 May 2000 09:17:49 GMT (envelope-from sagem@cricket.mindcrime.net) Date: Fri, 5 May 2000 09:17:49 +0000 (GMT) From: sage@mindcrime.net X-Sender: sagem@cricket.mindcrime.net To: "Dan O'Connor" Cc: Marc Silver , freebsd-security@FreeBSD.ORG Subject: Re: Firewall Rules In-Reply-To: <019201bfb699$aa17c800$0200000a@danco> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Send over your ipfw rules set as well, so i can see the differences in the 2 if you wouldn't mind. /sm On Fri, 5 May 2000, Dan O'Connor wrote: > >Do you feel that userland ppp is as safe as the kernel firewalling > >options? I would like to gain a better understanding. What are the > >major differences between the two? > > As far as I know, they both work about the same. IPFW has more flexibility, > with complexity being the trade off. > > These are the /etc/ppp/ppp.conf rules I used before I got my DSL line (and > switched to IPFW/NATD): > > # Prevent ICMP, DNS (53), and NTP (123) from keeping the connection alive: > set filter alive 0 deny icmp > set filter alive 1 deny udp src eq 53 > set filter alive 2 deny udp dst eq 53 > set filter alive 3 deny udp src eq 123 > set filter alive 4 deny udp dst eq 123 > set filter alive 5 permit 0 0 > > # Prevent NTP (123) from causing a dialup: > set filter dial 0 deny udp src eq 123 > set filter dial 1 deny udp dst eq 123 > set filter dial 2 permit 0 0 > > # Allow ident (113), ftp (20 & 21), SSH (22), SMTP (25), DNS (53), > # HTTP (80) IN & OUT, POP3 (110), NNTP (119), NTP (123), HTTPS (443), > # SOCKS (1080), CVS (5998, 5999), ICMP (ping) and traceroute (>33433). > # Everything else is blocked by default: > > set filter in 0 permit tcp dst eq 113 > set filter out 0 permit tcp src eq 113 > set filter in 1 permit tcp src eq 20 dst gt 1023 > set filter out 1 permit tcp dst eq 20 > set filter in 2 permit tcp src eq 21 estab > set filter out 2 permit tcp dst eq 21 > set filter in 3 permit tcp src eq 22 > set filter out 3 permit tcp dst eq 22 > set filter in 4 permit tcp src eq 25 > set filter out 4 permit tcp dst eq 25 > set filter in 5 permit udp src eq 53 > set filter out 5 permit udp dst eq 53 > set filter in 6 permit tcp src eq 80 > set filter out 6 permit tcp dst eq 80 > set filter in 7 permit tcp dst eq 80 > set filter out 7 permit tcp src eq 80 > set filter in 8 permit tcp src eq 110 > set filter out 8 permit tcp dst eq 110 > set filter in 9 permit tcp src eq 119 > set filter out 9 permit tcp dst eq 119 > set filter in 10 permit udp src eq 123 > set filter out 10 permit udp dst eq 123 > set filter in 11 permit tcp src eq 443 > set filter out 11 permit tcp dst eq 443 > set filter in 12 permit udp src eq 443 > set filter out 12 permit udp dst eq 443 > set filter in 13 permit tcp src eq 1080 > set filter out 13 permit tcp dst eq 1080 > set filter in 14 permit udp src eq 1080 > set filter out 14 permit udp dst eq 1080 > set filter in 15 permit tcp src eq 5998 > set filter out 15 permit tcp dst eq 5998 > set filter in 16 permit tcp src eq 5999 > set filter out 16 permit tcp dst eq 5999 > set filter in 17 permit icmp > set filter out 17 permit icmp > set filter in 18 permit udp dst gt 33433 > set filter out 18 permit udp src gt 33433 > > > Hope they help! > > --Dan > > -- > Dan O'Connor > On Matters of Most Grave Concern > http://www.mostgraveconcern.com > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 10:25:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from Rigel.orionsys.com (rigel.orionsys.com [205.148.224.9]) by hub.freebsd.org (Postfix) with ESMTP id D3C1F37B9F8 for ; Fri, 5 May 2000 10:25:52 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) Received: from localhost (root@localhost) by Rigel.orionsys.com (8.9.3/8.9.3) with ESMTP id KAA07143; Fri, 5 May 2000 10:25:43 -0700 (PDT) (envelope-from root@Rigel.orionsys.com) X-Envelope-From: root@Rigel.orionsys.com X-Envelope-To: freebsd-security@FreeBSD.ORG X-Envelope-Host: freebsd.org. Date: Fri, 5 May 2000 10:25:42 -0700 (PDT) From: David Babler To: Jim Durham Cc: freebsd-security@FreeBSD.ORG Subject: Re: I got spammed from my localhost.. In-Reply-To: <39124044.EAB72303@w2xo.pgh.pa.us> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 4 May 2000, Jim Durham wrote: > I discovered when I went to read my e-mail this evening a bunch of > mail from my Mailer-Daemon for non-existant addresses and such for > mail that I did not send. > > I found that someone has been relaying through my sendmail all day > long. He is appearing as "localhost" which is an allowable address > to relay in my access database for sendmail. You have two significant errors. First, your sendmail is operating as an Open Relay, which is why you are or were hammered by spammers. You're also likely to show up on one or more blacklists because of that, though you currently aren't on the major ones. The second is that your configuration also makes you an ANONYMOUS relay, because you're resolving all legitimate SMTP contacts as coming from localhost. See the complete relay test message below... the significant line (other than the fact you're an open relay in the first place) is: Received: from Rigel.orionsys.com (localhost [127.0.0.1]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with SMTP id QAA46683 for ; Fri, 5 May 2000 16:57:08 GMT (envelope-from nobody@w2xo.pgh.pa.us) Note that sendmail is reversing the incoming contact, which should be "Rigel.orionsys.com [205.148.224.9]" in this case, to "(localhost [127.0.0.1])". This is why it relays; sendmail believes all email originates locally regardless of reality. Looks like a DNS/hostname problem. -Dave ---- Test Message From nobody@w2xo.pgh.pa.us Fri May 5 10:17:42 2000 Received: from w2xo.pgh.pa.us (ipl-229-026.npt-sdsl.stargate.net [208.223.229.26]) by Rigel.orionsys.com (8.9.3/8.9.3) with ESMTP id KAA06269 for ; Fri, 5 May 2000 10:13:26 -0700 (PDT) (envelope-from nobody@w2xo.pgh.pa.us) From: nobody@w2xo.pgh.pa.us X-Envelope-From: nobody@w2xo.pgh.pa.us X-Envelope-To: Received: from Rigel.orionsys.com (localhost [127.0.0.1]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with SMTP id QAA46683 for ; Fri, 5 May 2000 16:57:08 GMT (envelope-from nobody@w2xo.pgh.pa.us) To: postmaster@rigel.orionsys.com Subject: test for susceptibility to third-party mail relay Date: Fri, 05 May 2000 16:56:58 GMT Message-Id: Sender: dbabler@rigel.orionsys.com This is a test of third-party mail relay, generated by the "rlytest" utility. Target host = w2xo.pgh.pa.us Test performed by A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to attack and hijack by Internet vandals and spammers. For information on how to secure a mail server against third-party relay, visit . Relay: 206.210.78.220 200005050956 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 16:36:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 3584237B69A; Fri, 5 May 2000 16:36:42 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip52.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.52]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id RAA09231; Fri, 5 May 2000 17:36:36 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <39135B2E.A1FF0593@softweyr.com> Date: Fri, 05 May 2000 17:37:18 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Matt Heckaman Cc: "David O'Brien" , security@FreeBSD.ORG Subject: Re: Packet-Filtering Firewall: An Expnasion of an Existing Implementation References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt Heckaman wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This is a bit off topic, but I'm choosing to post here because I might not > be the only one interested in this quote: > > "Being a research-oriented OS, FreeBSD is, as implied by its name, > a Free Code OS, i.e. it is distributed along with the entire code > and can be compiled and altered at will in private environments." > > The use "private environments" here is unclear I believe. Am I mistaken in > understanding that it can be compiled and altered at will in any and all > environments? I don't mean to "troll" the list or anything of the sort, > I'm simply an obsessive and quite picky guy when it comes to details ;) You are not mistaken. FreeBSD is provided with complete source to the entire system, including all of the tools necessary to build the system itself. You can customize it to your needs as you wish, and are under no legal obligation to contribute your modifications to anyone. FreeBSD is also free as in "free beer", it can be downloaded from an internet FTP server at no licensing cost whatsoever. You do have to pay for some method of transporting the bits onto your computer, either via the internet or by purchasing a CD-ROM. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 20: 2: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 896B037BDFD; Fri, 5 May 2000 20:02:00 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA24172; Fri, 5 May 2000 20:02:00 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 5 May 2000 20:02:00 -0700 (PDT) From: Kris Kennaway To: Mark Murray Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005042022.WAA07642@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 4 May 2000, Mark Murray wrote: > Could you break it in a way that would not compromise the crypto; > that is break the stream at ${count} ${units}, rather than at > "logical" boundaries, in such a way that the stream can be recovered > at some point at the expense of maybe losing a ${block} if it > contains a corruption? I have something like this I use for my backups: it dumps the data as a fixed volume-size (multi-part) .tgz file which is encrypted blockwise (using openssl(1)) and then concatenated into the output stream - i.e. each new .tgz subvolume is encrypted separately, so the maximum data loss I get from a single bit media error (or in fact lots of errors clustered within the same volume) is one volume's worth of plaintext. Decryption verification is taken care of by the underlying tar/gzip header - i.e. you decrypt the block and see if it's a valid .tgz file. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 20:35:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id CFF0437B538; Fri, 5 May 2000 20:35:37 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA26638; Fri, 5 May 2000 20:35:37 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 5 May 2000 20:35:37 -0700 (PDT) From: Kris Kennaway To: "Andrew J. Korty" Cc: Warner Losh , Peter Jeremy , security@FreeBSD.org Subject: Re: Cryptographic dump(8) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 5 May 2000, Andrew J. Korty wrote: > I see Blowfish in libcrypto, but where is the documentation? In .pod format (pod2man(1)) in /usr/src/crypto/openssl/docs/crypto. We don't install the manpages by default yet. You can uncomment the section in the secure/lib/libcrypto/Makefile if you don't mind it spamming a whole bunch of system manpages by installing manpages of its own with the same name (err.3, passwd.1, etc) You can do blowfish encryption (plus a whole lot of other useful crypto operations) from the commandline using openssl(1) - use is fairly self-explanatory. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 5 22:15:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from ogyo.pointer-software.com (ogyo.pointer-software.com [210.164.96.147]) by hub.freebsd.org (Postfix) with ESMTP id 1748637BD7A for ; Fri, 5 May 2000 22:15:05 -0700 (PDT) (envelope-from horio@acm.org) Message-Id: <200005060515.OAA14105@ogyo.pointer-software.com> Date: Sat, 06 May 2000 14:13:41 +0900 From: horio shoichi Organization: pointer software X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.0.34 i686) X-Accept-Language: ja, en MIME-Version: 1.0 To: David Babler Cc: Jim Durham , freebsd-security@FreeBSD.ORG Subject: Re: I got spammed from my localhost.. References: Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit X-Received: from acm.org (horio@char.near.this [10.0.172.11]) by long.near.this (8.9.3/8.9.3) with ESMTP id OAA18622; Sat, 6 May 2000 14:13:00 +0900 (JST) X-Received: from acm.org (horio@char.near.this [10.0.172.11]) by long.near.this (8.9.3/8.9.3) with ESMTP id OAA18622; Sat, 6 May 2000 14:13:00 +0900 (JST) X-Received: from acm.org (horio@char.near.this [10.0.172.11]) by long.near.this (8.9.3/8.9.3) with ESMTP id OAA18622; Sat, 6 May 2000 14:13:00 +0900 (JST) X-Message-Id: <3913AA05.9427287F@acm.org> X-Message-Id: <3913AA05.9427287F@acm.org> X-Message-Id: <3913AA05.9427287F@acm.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David Babler wrote: > > On Thu, 4 May 2000, Jim Durham wrote: > > > I discovered when I went to read my e-mail this evening a bunch of > > mail from my Mailer-Daemon for non-existant addresses and such for > > mail that I did not send. > > > > I found that someone has been relaying through my sendmail all day > > long. He is appearing as "localhost" which is an allowable address > > to relay in my access database for sendmail. > > You have two significant errors. First, your sendmail is operating as an > Open Relay, which is why you are or were hammered by spammers. You're also > likely to show up on one or more blacklists because of that, though you > currently aren't on the major ones. The second is that your configuration > also makes you an ANONYMOUS relay, because you're resolving all legitimate > SMTP contacts as coming from localhost. See the complete relay test > message below... the significant line (other than the fact you're an open > relay in the first place) is: > > Received: from Rigel.orionsys.com (localhost [127.0.0.1]) > by w2xo.pgh.pa.us (8.9.3/8.9.3) with SMTP id QAA46683 > for ; Fri, 5 May 2000 16:57:08 GMT > (envelope-from nobody@w2xo.pgh.pa.us) > > Note that sendmail is reversing the incoming contact, which should be > "Rigel.orionsys.com [205.148.224.9]" in this case, to "(localhost > [127.0.0.1])". This is why it relays; sendmail believes all email > originates locally regardless of reality. Looks like a DNS/hostname > problem. > > -Dave > > ---- Test Message Sorry to ask this, but did you send the test message without mangling 'From ' ? Following message appeared in my mailbox that took me a few 'serious' seconds. horio shoichi : From - Sat May 6 12:06:10 2000 : Received: from w2xo.pgh.pa.us (ipl-229-026.npt-sdsl.stargate.net : [208.223.229.26]) : by Rigel.orionsys.com (8.9.3/8.9.3) with ESMTP id KAA06269 : for ; Fri, 5 May 2000 10:13:26 -0700 (PDT ) : (envelope-from nobody@w2xo.pgh.pa.us) : From: nobody@w2xo.pgh.pa.us : X-Envelope-From: nobody@w2xo.pgh.pa.us : X-Envelope-To: : Received: from Rigel.orionsys.com (localhost [127.0.0.1]) : by w2xo.pgh.pa.us (8.9.3/8.9.3) with SMTP id QAA46683 : for ; Fri, 5 May 2000 16:57:08 GMT : (envelope-from nobody@w2xo.pgh.pa.us) : To: postmaster@rigel.orionsys.com : Subject: test for susceptibility to third-party mail relay : Date: Fri, 05 May 2000 16:56:58 GMT : Message-Id: : Sender: dbabler@rigel.orionsys.com : Status: : X-Mozilla-Status: 8001 : X-Mozilla-Status2: 00000000 : X-UIDL: 387ac1b900005e1c : : This is a test of third-party mail relay, generated by the : "rlytest" utility. : : Target host = w2xo.pgh.pa.us : Test performed by : : A well-configured mail server should NOT relay third-party email. : Otherwise, the server is subject to attack and hijack by Internet : vandals and spammers. : : For information on how to secure a mail server against third-party : relay, visit . : : Relay: 206.210.78.220 : 200005050956 : : : : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 6 19:13: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 233FD37B973; Sat, 6 May 2000 19:13:04 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA38305; Sat, 6 May 2000 19:13:03 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 6 May 2000 19:13:03 -0700 (PDT) From: Kris Kennaway To: Brian Reichert Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH-1.2.2 + S/Key In-Reply-To: <20000501234749.A8682@numachi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 1 May 2000, Brian Reichert wrote: > Yes, please! I have no idea how non-functional the patches may > be, but I'm willing to poke. I have Solaris and FreeBSD platforms > (and stock ssh) to test against... See www.freebsd.org/~kris/ssh-opie.tgz for the patches. I think I included everything there. They should work correctly for OPIE logins, the only thing missing is they don't return fake OPIE challenges for nonexistent users as well as I'd like. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 6 21:28:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id CD8C737B998 for ; Sat, 6 May 2000 21:28:06 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id VAA00938; Sat, 6 May 2000 21:28:04 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <013001bfb7dc$a3195de0$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: Cc: Subject: Re: Firewall Rules Date: Sat, 6 May 2000 21:28:03 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Send over your ipfw rules set as well, so i can see the differences in the >2 if you wouldn't mind. No problem... From the 'simple' section of my /etc/rc.firewall: # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Stop spoofing ${fwcmd} add deny log all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny log all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny log all from 192.168.0.0:255.255.0.0 to any via ${oif} ${fwcmd} add deny log all from any to 192.168.0.0:255.255.0.0 via ${oif} ${fwcmd} add deny log all from 172.16.0.0:255.240.0.0 to any via ${oif} ${fwcmd} add deny log all from any to 172.16.0.0:255.240.0.0 via ${oif} # Stop draft-manning-dsua-01.txt nets on the outside interface ${fwcmd} add deny log all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny log all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny log all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny log all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny log all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny log all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny log all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny log all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny log all from 240.0.0.0/4 to any via ${oif} ${fwcmd} add deny log all from any to 240.0.0.0/4 via ${oif} # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # HTTP - Allow outside access to web server ${fwcmd} add pass tcp from any to any 80 setup # SMTP - Allow access to sendmail for incoming e-mail ${fwcmd} add pass tcp from any to any 25 # DNS - Allow queries out in the world ${fwcmd} add pass udp from any to any 53 ${fwcmd} add pass udp from any 53 to any ${fwcmd} add pass tcp from any to any 53 ${fwcmd} add pass tcp from any 53 to any # IDENT - Open the port (sendmail seems to use it...) but send reset ${fwcmd} add reset tcp from any to any 113 in recv ${oif} # FTP - Allow outbound, deny inbound ${fwcmd} add pass tcp from any 20 to any setup ${fwcmd} add deny log tcp from any to ${onet}:${omask} 21 in via ${oif} setup ${fwcmd} add pass tcp from any to ${inet}:${imask} 21 setup # Uncomment these and comment-out 'deny' rule above to open up FTP # ${fwcmd} add pass log tcp from any to any 20 setup # ${fwcmd} add pass log tcp from any 21 to any setup # ${fwcmd} add pass log tcp from any to any 21 setup # SSH Login ${fwcmd} add pass tcp from any to any 22 setup ${fwcmd} add pass log tcp from any 22 to any setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # SMB - Allow local traffic ${fwcmd} add pass udp from any to any 137-139 via ${iif} # NTP - Allow queries out in the world ${fwcmd} add pass udp from any 123 to any 123 # ICMP - Allow ping, et. al., for testing ${fwcmd} add pass icmp from any to any # TRACEROUTE - Allow for within 30 hops. ${fwcmd} add pass udp from any to any 33434-33463 # Reject broadcasts from outside interface ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 via ${oif} # Reject&Log SMB connections from outside interface ${fwcmd} add 64000 deny log udp from any to any 137-139 via ${oif} # Reject&Log all other connections from outside interface ${fwcmd} add 65000 deny log ip from any to any via ${oif} I have a static IP, so if you're using DHCP you'll also want to open ports 67-68... --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message