From owner-freebsd-security Sun Aug 20 0:30: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from pentium2.arends.hobby.nl (pm30-55.hobby.nl [212.72.224.185]) by hub.freebsd.org (Postfix) with ESMTP id 6E0C437B424 for ; Sun, 20 Aug 2000 00:30:02 -0700 (PDT) Received: from localhost (r.a.arends@localhost) by pentium2.arends.hobby.nl (8.9.3/8.9.3) with ESMTP id JAA00470; Sun, 20 Aug 2000 09:30:16 +0200 (CEST) (envelope-from r.a.arends@kader.hobby.nl) X-Authentication-Warning: pentium2.arends.hobby.nl: r.a.arends owned process doing -bs Date: Sun, 20 Aug 2000 09:30:16 +0200 (CEST) From: Richard Arends X-Sender: r.a.arends@pentium2.arends.hobby.nl To: Joe Oliveiro Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, Michael Maxwell , freebsd-security@FreeBSD.ORG Subject: RE: Need to install stelnet,sftp ?????????????????? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, On Sun, 20 Aug 2000, Joe Oliveiro wrote: > try using the locate command > ie: locate sftp cd /usr/ports make search key=sftp Greetings, Richard. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 9:11: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from ajax2.sovam.com (ajax2.sovam.com [194.67.1.173]) by hub.freebsd.org (Postfix) with ESMTP id 1E1A837B423 for ; Sun, 20 Aug 2000 09:11:02 -0700 (PDT) Received: from ts16-a98.dial.sovam.com ([195.239.3.98]:1853 "EHLO pentium" ident: "NO-IDENT-SERVICE[2]" whoson: "expohard@online.ru" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax2.sovam.com with ESMTP id ; Sun, 20 Aug 2000 20:10:52 +0400 Reply-To: From: "Vladimir I. Kulakov" To: Subject: "snmp.sample" in /usr/local/etc/rc.d/ Date: Sun, 20 Aug 2000 20:09:44 +0400 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 7bit Message-Id: <20000820161100Z274714-23170+33643@ajax2.sovam.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, all ! I've just moved my server from FreeBSD 2.2.5 to 4.0 due to total hardware upgrade and many security holes. After upgrade I've mounted the hard disk from the previous mashine and moved all user's data from /usr/home/ from it to the new hard disk. The new mashine had new root password, of course. But at the next day after upgrade I've suddenly noticed two new scripts in /usr/local/etc/rc.d/ which intended to start at every bootup process and which I've never installed. Moreover, at the /usr/local/sbin/ there two more files appeared (snmpd and the second something like this). I've never installed snmp on that mashine and mtree tells me such files never existed there. In the log files there are nothing special. The new system was installed from a "clear" distribution. Was this a troyan programs? How can I check my server for such security holes? And how such programs could be installed? May be my mistake was mounting my old disk with securigy holes then working connected to the Internet ? But how the hacker could execute programs even from insecure disk on a secure mashine? Help me, please !!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 13:33:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E44F337B440; Sun, 20 Aug 2000 13:33:53 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA36001; Sun, 20 Aug 2000 13:33:53 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 20 Aug 2000 13:33:53 -0700 (PDT) From: Kris Kennaway To: "Vladimir I. Kulakov" Cc: freebsd-security@FreeBSD.org Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ In-Reply-To: <20000820161100Z274714-23170+33643@ajax2.sovam.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Aug 2000, Vladimir I. Kulakov wrote: > But at the next day after upgrade I've suddenly noticed > two new scripts in /usr/local/etc/rc.d/ which intended to > start at every bootup process and which I've never installed. Sounds like you or someone else with root access installed a port. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 13:49:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 095F037B423 for ; Sun, 20 Aug 2000 13:49:41 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id RAA20400; Sun, 20 Aug 2000 17:49:18 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200008202049.RAA20400@ns1.via-net-works.net.ar> Subject: Re: PPTP In-Reply-To: from Jim Durham at "Aug 19, 0 03:57:08 am" To: durham@w2xo.pgh.pa.us (Jim Durham) Date: Sun, 20 Aug 2000 17:49:17 -0300 (GMT) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Jim Durham escribió: > Does anyone have any advice regarding security problems caused by > PPTP using PopTop on FreeBSD? > > We'd like to implement this, but I'm a little nervous about it, > having heard that the cypher has been cracked. Is this true? So it seems. Search bugtraq on www.securityfocus.com for PPTP and you will find the relevant articles. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 19:30:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from vindaloo.allsolutions.com.au (vindaloo.allsolutions.com.au [203.111.24.54]) by hub.freebsd.org (Postfix) with ESMTP id B33F137B422 for ; Sun, 20 Aug 2000 19:30:43 -0700 (PDT) Received: from ASPerth1.allsolutions.com.au (aspns.internal [192.9.200.250]) by vindaloo.allsolutions.com.au (8.9.3/8.9.3) with SMTP id KAA29297 for ; Mon, 21 Aug 2000 10:30:35 +0800 (WST) (envelope-from David_May@allsolutions.com.au) Received: by ASPerth1.allsolutions.com.au(Lotus SMTP MTA v1.2 (600.1 3-26-1998)) id 48256942.000E21A8 ; Mon, 21 Aug 2000 10:34:21 +0800 X-Lotus-FromDomain: ALL SOLUTIONS From: "David May" To: freebsd-security@FreeBSD.ORG Message-ID: <48256942.00072D07.00@ASPerth1.allsolutions.com.au> Date: Mon, 21 Aug 2000 10:34:17 +0800 Subject: Re: [Q] why does my firewall degrade Web performance? Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry this was a bit off-topic. Perhaps I should have posted my question as "what is the performance cost of security ?" :) Thanks to everybody who made suggestions about this problem. I have not resolved it yet but number of the suggestions posted have been tried. One thing is clear from the contradictory nature of comments received so far: I need to benchmark the system to get a clearer picture of the problem. So far, it looks like the hardware and cabling are sound and firewall CPU performance is not a problem. I am waiting for the new FreeBSD 4.1 CD-ROM from Walnut Creek/BSDI so I can try the more up-to-date software but that may take another 3-4 weeks to arrive. If I find the answer I will post the results here and in freebsd-ipfw in case others find it useful. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 19:34:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 1AA4737B423 for ; Sun, 20 Aug 2000 19:34:35 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id MAA10347; Mon, 21 Aug 2000 12:34:30 +1000 (EST) From: Darren Reed Message-Id: <200008210234.MAA10347@cairo.anu.edu.au> Subject: Re: [Q] why does my firewall degrade Web performance? To: David_May@allsolutions.com.au (David May) Date: Mon, 21 Aug 2000 12:34:30 +1000 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <48256942.00072D07.00@ASPerth1.allsolutions.com.au> from "David May" at Aug 21, 2000 10:34:17 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from David May, sie said: > > > Sorry this was a bit off-topic. Perhaps I should have posted my > question as "what is the performance cost of security ?" :) > > Thanks to everybody who made suggestions about this problem. I have not > resolved it yet but number of the suggestions posted have been tried. > > One thing is clear from the contradictory nature of comments received > so far: I need to benchmark the system to get a clearer picture of the > problem. > > So far, it looks like the hardware and cabling are sound and firewall > CPU performance is not a problem. I am waiting for the new FreeBSD 4.1 > CD-ROM from Walnut Creek/BSDI so I can try the more up-to-date software > but that may take another 3-4 weeks to arrive. If I find the answer I > will post the results here and in freebsd-ipfw in case others find it > useful. I doubt very much if the end-result of going from whatever you are on now to what come with 4.1 will result in a performance boost. If anything, there will be more features exacting a larger performance hit :-) Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 20 19:50:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-002.npt-sdsl.stargate.net [208.223.229.2]) by hub.freebsd.org (Postfix) with ESMTP id 9262037B424 for ; Sun, 20 Aug 2000 19:50:13 -0700 (PDT) Received: from shazam.w2xo.pgh.pa.us (shazam.w2xo.pgh.pa.us [192.168.5.3]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id CAA42930; Mon, 21 Aug 2000 02:49:36 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Sun, 20 Aug 2000 22:50:20 -0400 (EDT) From: Jim Durham To: Fernando Schapachnik Cc: freebsd-security@FreeBSD.ORG Subject: Re: PPTP In-Reply-To: <200008202049.RAA20400@ns1.via-net-works.net.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Aug 2000, Fernando Schapachnik wrote: > En un mensaje anterior, Jim Durham escribi=F3: > > Does anyone have any advice regarding security problems caused by > > PPTP using PopTop on FreeBSD? > >=20 > > We'd like to implement this, but I'm a little nervous about it, > > having heard that the cypher has been cracked. Is this true? >=20 > So it seems. Search bugtraq on www.securityfocus.com for PPTP and you wil= l=20 > find the relevant articles. >=20 >=20 Will do. Thank you, Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 0:44:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from web9201.mail.yahoo.com (web9201.mail.yahoo.com [216.136.129.34]) by hub.freebsd.org (Postfix) with SMTP id 1FE8A37B423 for ; Mon, 21 Aug 2000 00:44:48 -0700 (PDT) Message-ID: <20000821074455.23839.qmail@web9201.mail.yahoo.com> Received: from [202.174.129.8] by web9201.mail.yahoo.com; Mon, 21 Aug 2000 00:44:55 PDT Date: Mon, 21 Aug 2000 00:44:55 -0700 (PDT) From: Yohanes Rahmad To: FreeBSD-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 1:10:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from ajax2.sovam.com (ajax2.sovam.com [194.67.1.173]) by hub.freebsd.org (Postfix) with ESMTP id 90CF137B43F for ; Mon, 21 Aug 2000 01:10:22 -0700 (PDT) Received: from ts16-a478.dial.sovam.com ([195.239.4.224]:1075 "EHLO pentium" ident: "NO-IDENT-SERVICE[2]" whoson: "expohard@online.ru" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax2.sovam.com with ESMTP id ; Mon, 21 Aug 2000 12:10:09 +0400 Reply-To: From: "Vladimir I. Kulakov" To: "CrazZzy Slash" Cc: Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ Date: Mon, 21 Aug 2000 12:09:12 +0400 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20000821081020Z277228-23170+34169@ajax2.sovam.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi! > > Can you send me your /tmp/install.log? There is no such file !!! :--( Do you think it was deleted by a hacker? > > Hi, all ! > > > > I've just moved my server from FreeBSD 2.2.5 to 4.0 due > > to total hardware upgrade and many security holes. > > > > After upgrade I've mounted the hard disk from the previous > > mashine and moved all user's data from /usr/home/ from it > > to the new hard disk. The new mashine had new root > > password, of course. > > > > But at the next day after upgrade I've suddenly noticed > > two new scripts in /usr/local/etc/rc.d/ which intended to > > start at every bootup process and which I've never installed. > > > > Moreover, at the /usr/local/sbin/ there two more > > files appeared (snmpd and the second something like this). > > I've never installed snmp on that mashine and mtree > > tells me such files never existed there. > > > > In the log files there are nothing special. > > > > The new system was installed from a "clear" > > distribution. > > > > Was this a troyan programs? How can I check > > my server for such security holes? And how > > such programs could be installed? > > > > May be my mistake was mounting my old disk with > > securigy holes then working connected to the Internet ? > > But how the hacker could execute programs even > > from insecure disk on a secure mashine? > > > > Help me, please !!! > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 1:24:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from maildrop.velocet.net (maildrop.velocet.net [216.126.74.5]) by hub.freebsd.org (Postfix) with ESMTP id 1E0E837B43E for ; Mon, 21 Aug 2000 01:24:29 -0700 (PDT) Received: from magus (anime.ca [204.138.55.45]) by maildrop.velocet.net (Postfix) with SMTP id 0783D78206 for ; Mon, 21 Aug 2000 04:24:22 -0400 (EDT) Message-ID: <004501c00b49$37be2420$0300a8c0@anime.ca> From: "William Wong" To: Subject: icmptypes Date: Mon, 21 Aug 2000 04:24:15 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there, When building a firewall, is there any advantage to restricting allowed icmp types? And if there is, which icmptypes should be allowed in at the minimum? - Will To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 1:28:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id 3611737B42C for ; Mon, 21 Aug 2000 01:28:39 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id KAA07314; Mon, 21 Aug 2000 10:28:20 +0200 Date: Mon, 21 Aug 2000 10:28:20 +0200 (MET DST) From: Mipam To: William Wong Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: <004501c00b49$37be2420$0300a8c0@anime.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sure sure.... Basically, you just wish to allow icmp requests and icmp reply's (type 8 and 0). Deny the rest. Also make sure to deny any icmp fragmented packets. For the rest what you wish to deny or allow is up to you :) Bye, Mipam. On Mon, 21 Aug 2000, William Wong wrote: > Hi there, > > When building a firewall, is there any advantage to restricting allowed icmp > types? > And if there is, which icmptypes should be allowed in at the minimum? > > - Will > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 3:54:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.port.ru (mx6.port.ru [194.67.23.42]) by hub.freebsd.org (Postfix) with ESMTP id 1954437B42C for ; Mon, 21 Aug 2000 03:54:41 -0700 (PDT) Received: from [212.96.98.32] (helo=[212.96.98.32]) by smtp6.port.ru with esmtp (Exim 3.14 #4) id 13QpDk-000Gft-00; Mon, 21 Aug 2000 14:54:28 +0400 Date: Mon, 21 Aug 2000 14:54:22 +0400 (MSD) From: Jaroshenko Serge X-Sender: jaroshenko@freebsd.merlin.ru To: William Wong Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: <004501c00b49$37be2420$0300a8c0@anime.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! read www.obfuscation.org/ipf/ipf-howto.txt . By this doc: icmp-type 0 icmp-type 3 icmp-type 8 icmp-type 11 On Mon, 21 Aug 2000, William Wong wrote: > Hi there, > > When building a firewall, is there any advantage to restricting allowed icmp > types? > And if there is, which icmptypes should be allowed in at the minimum? > > - Will > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 4:18:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id F1B7837B423 for ; Mon, 21 Aug 2000 04:18:23 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id NAA07509; Mon, 21 Aug 2000 13:17:59 +0200 Date: Mon, 21 Aug 2000 13:17:59 +0200 (MET DST) From: Mipam To: Jaroshenko Serge Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Aug 2000, Jaroshenko Serge wrote: > > Hi! > read www.obfuscation.org/ipf/ipf-howto.txt . > > By this doc: > > icmp-type 0 > icmp-type 3 > icmp-type 8 > icmp-type 11 > Okay, however, why not block in all icmp and let yourself be able to ping to the outside. With state keeping you'll recieve the reply's. Unless of course you wish ppl to ping you initially? Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 4:59:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp2.port.ru (mx2.port.ru [194.67.23.33]) by hub.freebsd.org (Postfix) with ESMTP id B589B37B424 for ; Mon, 21 Aug 2000 04:59:46 -0700 (PDT) Received: from [212.96.98.32] (helo=[212.96.98.32]) by smtp2.port.ru with esmtp (Exim 3.14 #44) id 13QqEs-000Nzc-00; Mon, 21 Aug 2000 15:59:41 +0400 Date: Mon, 21 Aug 2000 15:59:35 +0400 (MSD) From: Jaroshenko Serge X-Sender: jaroshenko@freebsd.merlin.ru To: Mipam Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Aug 2000, Mipam wrote: > On Mon, 21 Aug 2000, Jaroshenko Serge wrote: > > > > > Hi! > > read www.obfuscation.org/ipf/ipf-howto.txt . > > > > By this doc: > > > > icmp-type 0 > > icmp-type 3 > > icmp-type 8 > > icmp-type 11 > > > > Okay, however, why not block in all icmp and let yourself be able to ping > to the outside. O'key, if don't need traceroute or icmp destination-unreachable - block in all proto icmp , but in this case your browser or (ftp client) long time wait response from unreachable destination! > With state keeping you'll recieve the reply's. Try it! > Unless of course you wish ppl to ping you initially? > Bye, > > Mipam. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 5: 9:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id C502337B422 for ; Mon, 21 Aug 2000 05:09:26 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id OAA07552; Mon, 21 Aug 2000 14:09:17 +0200 Date: Mon, 21 Aug 2000 14:09:17 +0200 (MET DST) From: Mipam To: Jaroshenko Serge Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > With state keeping you'll recieve the reply's. > > Try it! > hmm you're right... you'll need to explicitly allow them to be able to receive the answers. What was i thinking? Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 5:30:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from james.coopcom.com.au (james.coopcom.com.au [203.36.148.140]) by hub.freebsd.org (Postfix) with ESMTP id 415A437B424 for ; Mon, 21 Aug 2000 05:30:10 -0700 (PDT) Received: from bsd.tcc-comp.com.au (bsd.tcc-comp.com.au [203.36.148.141]) by james.coopcom.com.au (8.9.3/8.9.3) with ESMTP id XAA29072 for ; Mon, 21 Aug 2000 23:44:43 +1000 From: curl@tcc-comp.com.au Received: from curl (curl.tcc-comp.com.au [203.36.148.139]) by bsd.tcc-comp.com.au (8.9.3/8.9.3) with SMTP id RAA06604 for ; Sun, 20 Aug 2000 17:55:56 +1000 (EST) Message-Id: <200008200755.RAA06604@bsd.tcc-comp.com.au> Date: Sun, 20 Aug 2000 17:55:21 +1000 To: freebsd-security@freebsd.org Subject: Re: Routing firewall w/ipfw questions X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v1.61 b62 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 19 Aug 2000, Todd Backman wrote: > I am setting up a firewall to protect a class c network and am having > difficulty with routing. Here is the scenario (ips changed to protect the > guilty): [...] > Is your upstream provider advertising and routing the class c to your system? > BTW...has anyone discussed some sort of document pool for various projects > that freebsd users implement? There are many of us out here that have done [...] > .02. And, yes, I am willing to donate time/resources (and my docs) to the > project. I'd really like to see a FreeBSD ISP project/doc system. (for the operator, not a user connecting).. Then we could dump our linux box's. --- Stephen Walsh (vk3heg) TCC Computers (Internet Services) http://www.tcc-comp.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 5:30:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from james.coopcom.com.au (james.coopcom.com.au [203.36.148.140]) by hub.freebsd.org (Postfix) with ESMTP id 750F137B42C for ; Mon, 21 Aug 2000 05:30:10 -0700 (PDT) Received: from bsd.tcc-comp.com.au (bsd.tcc-comp.com.au [203.36.148.141]) by james.coopcom.com.au (8.9.3/8.9.3) with ESMTP id XAA29075 for ; Mon, 21 Aug 2000 23:44:46 +1000 Received: from bsd.tcc-comp.com.au (bsd.tcc-comp.com.au [203.36.148.141]) by bsd.tcc-comp.com.au (8.9.3/8.9.3) with SMTP id QAA06456 for ; Sun, 20 Aug 2000 16:55:52 +1000 (EST) Date: Sun, 20 Aug 2000 16:55:52 +1000 (EST) From: Stephen Walsh To: freebsd-security@freebsd.org Subject: Re: Routing firewall w/ipfw questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 19 Aug 2000, Todd Backman wrote: > I am setting up a firewall to protect a class c network and am having > difficulty with routing. Here is the scenario (ips changed to protect the > guilty): [...] > Is your upstream provider advertising and routing the class c to your system? > BTW...has anyone discussed some sort of document pool for various projects > that freebsd users implement? There are many of us out here that have done [...] > .02. And, yes, I am willing to donate time/resources (and my docs) to the > project. I'd really like to see a FreeBSD ISP project/doc system. (for the operator, not a user connecting).. Then we could dump our linux box's. === Stephen Walsh - VK3HEG TCC Computers (Internet Services) http://www.tcc-comp.com.au Ph: (+61)-0409-149641 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 5:31:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx7.port.ru (mx7.port.ru [194.67.23.44]) by hub.freebsd.org (Postfix) with ESMTP id 6C9A437B43F for ; Mon, 21 Aug 2000 05:31:40 -0700 (PDT) Received: from [212.96.98.32] (helo=[212.96.98.32]) by mx7.port.ru with esmtp (Exim 3.14 #4) id 13Qqjn-0000Ds-00; Mon, 21 Aug 2000 16:31:39 +0400 Date: Mon, 21 Aug 2000 16:31:13 +0400 (MSD) From: Jaroshenko Serge X-Sender: jaroshenko@freebsd.merlin.ru To: Mipam Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Aug 2000, Mipam wrote: > > > With state keeping you'll recieve the reply's. > > > > Try it! > > > hmm you're right... you'll need to explicitly allow them to be able to > receive the answers. What was i thinking? > Bye, > > Mipam. Read www.obfuscation.org/ipf/ipf-howto.txt ... - answer for all your question! Good doc! Sorry for bad english! Best regards. Serge. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 7:30:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 4DB8B37B423 for ; Mon, 21 Aug 2000 07:30:51 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA06409; Mon, 21 Aug 2000 10:30:44 -0400 (EDT) (envelope-from wollman) Date: Mon, 21 Aug 2000 10:30:44 -0400 (EDT) From: Garrett Wollman Message-Id: <200008211430.KAA06409@khavrinen.lcs.mit.edu> To: Michael Maxwell Cc: freebsd-security@FreeBSD.ORG Subject: Re: Log message improvement for rpc.statd In-Reply-To: <200008191817.NAA09304@drwho.xnet.com> References: <200008191817.NAA09304@drwho.xnet.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > RPC is, by nature, insecure. Not true. It's just our implementation (copied from Sun) that's insecure. There are plenty of secure RPC protocols around -- including some that fit within the Sun ONC framework (such as RPCSEC_GSS as used in Kerberos 5's admin protocol). -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 8: 7:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from fnal.gov (heffalump.fnal.gov [131.225.9.20]) by hub.freebsd.org (Postfix) with ESMTP id 12DC537B424 for ; Mon, 21 Aug 2000 08:07:06 -0700 (PDT) Received: from nova.fnal.gov ([131.225.18.207]) by smtp.fnal.gov (PMDF V6.0-24 #44770) with ESMTP id <0FZN00MM8DYW3J@smtp.fnal.gov> for freebsd-security@FreeBSD.ORG; Mon, 21 Aug 2000 10:06:32 -0500 (CDT) Received: from localhost (tez@localhost) by nova.fnal.gov (8.9.3+Sun/8.9.1) with ESMTP id KAA20800; Mon, 21 Aug 2000 10:06:31 -0500 (CDT) Date: Mon, 21 Aug 2000 10:06:31 -0500 (CDT) From: Tim Zingelman Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ In-reply-to: <20000821081020Z277228-23170+34169@ajax2.sovam.com> X-Sender: tez@nova.fnal.gov To: "Vladimir I. Kulakov" Cc: freebsd-security@FreeBSD.ORG Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII X-Authentication-warning: nova.fnal.gov: tez owned process doing -bs Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Aug 2000, Vladimir I. Kulakov wrote: > > > But at the next day after upgrade I've suddenly noticed > > > two new scripts in /usr/local/etc/rc.d/ which intended to > > > start at every bootup process and which I've never installed. Note that only files ending in .sh will be executed at boot time, so a file like 'snmpd.sh.sample' is pretty much harmless. > > > Moreover, at the /usr/local/sbin/ there two more > > > files appeared (snmpd and the second something like this). > > > I've never installed snmp on that mashine and mtree > > > tells me such files never existed there. The package/port named ucd-snmp (in /usr/ports/net/ucd-snmp) installs the following files (and many others): /usr/local/etc/rc.d/snmpd.sh.sample /usr/local/sbin/snmpd /usr/local/sbin/snmptrapd If these are the files you are seeing, then someone installed this port or this package. This command should get rid of it: pkg_delete ucd-snmp-4.1.2 (If the version number is wrong, ls /var/db/pkg, to see it.) - Tim P.S. You will likely get much more help from mailing lists like this one if you provide much more detail than you did... statements "snmpd and the second something like this", cause me to think, if you don't make the effort to even know the file names, why should I make the effort to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 14:34:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from maildrop.velocet.net (maildrop.velocet.net [216.126.74.5]) by hub.freebsd.org (Postfix) with ESMTP id 2F62637B443 for ; Mon, 21 Aug 2000 14:34:27 -0700 (PDT) Received: from magus (anime.ca [204.138.55.45]) by maildrop.velocet.net (Postfix) with SMTP id D7BB578205 for ; Mon, 21 Aug 2000 17:34:25 -0400 (EDT) Message-ID: <003c01c00bb7$94783340$0300a8c0@anime.ca> From: "William Wong" To: References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> Subject: Re: icmptypes Date: Mon, 21 Aug 2000 17:34:25 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there, Thanks for the responses. I've got a somewhat follow up question. Instead of just dropping an icmp packet with say ipfw's deny rule, is there a "polite" way to deny the packet. To clarify, I want to send an equivalent of a "tcp reset" back, to let them know it's closed. Or is there no such thing as this for the icmp protocol? I'm not that familiar with this protocol as you can see. - Will ----- Original Message ----- From: "Sean Winn" To: "William Wong" Sent: Monday, August 21, 2000 5:10 AM Subject: Re: icmptypes > So far I've found no major need to drop ICMP except for redirect. > From: "Mipam" > > Sure sure.... > > > > Basically, you just wish to allow icmp requests and icmp reply's (type 8 > > and 0). > > Deny the rest. Also make sure to deny any icmp fragmented packets. > > For the rest what you wish to deny or allow is up to you :) > > Bye, > > > > Mipam. > > > And if there is, which icmptypes should be allowed in at the minimum? > > > > > > - Will To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 14:37:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id D6C4437B424 for ; Mon, 21 Aug 2000 14:37:14 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 2366C1C07; Mon, 21 Aug 2000 17:37:14 -0400 (EDT) Date: Mon, 21 Aug 2000 17:37:14 -0400 From: Bill Fumerola To: William Wong Cc: freebsd-security@freebsd.org Subject: Re: icmptypes Message-ID: <20000821173714.D57333@jade.chc-chimes.com> References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <003c01c00bb7$94783340$0300a8c0@anime.ca>; from willwong@anime.ca on Mon, Aug 21, 2000 at 05:34:25PM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 21, 2000 at 05:34:25PM -0400, William Wong wrote: > Thanks for the responses. I've got a somewhat follow up question. > Instead of just dropping an icmp packet with say ipfw's deny rule, is there > a "polite" way to deny the packet. To clarify, I want to send an equivalent > of a "tcp reset" back, to let them know it's closed. Or is there no such > thing as this for the icmp protocol? I'm not that familiar with this > protocol as you can see. Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude of DoS related problems, but you're at least being a good neighbor.... -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 14:59:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from maildrop.velocet.net (maildrop.velocet.net [216.126.74.5]) by hub.freebsd.org (Postfix) with ESMTP id 304F037B506 for ; Mon, 21 Aug 2000 14:59:29 -0700 (PDT) Received: from magus (anime.ca [204.138.55.45]) by maildrop.velocet.net (Postfix) with SMTP id 391A978205; Mon, 21 Aug 2000 17:59:27 -0400 (EDT) Message-ID: <006301c00bbb$13b9afa0$0300a8c0@anime.ca> From: "William Wong" To: "Bill Fumerola" Cc: References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com> Subject: Re: icmptypes Date: Mon, 21 Aug 2000 17:59:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi Bill, I tried to "reset icmp" and it said that reset it only valid for tcp packets. Would the polite way be to use some sort of "unreach" code? Regards, - Will > > Instead of just dropping an icmp packet with say ipfw's deny rule, is there > > a "polite" way to deny the packet. To clarify, I want to send an equivalent > > of a "tcp reset" back, to let them know it's closed. Or is there no such > > thing as this for the icmp protocol? > > Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude > of DoS related problems, but you're at least being a good neighbor.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 15: 3:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id DC19837B50D for ; Mon, 21 Aug 2000 15:03:51 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 6E9E21C6C; Mon, 21 Aug 2000 18:03:51 -0400 (EDT) Date: Mon, 21 Aug 2000 18:03:51 -0400 From: Bill Fumerola To: William Wong Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000821180351.H57333@jade.chc-chimes.com> References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com> <006301c00bbb$13b9afa0$0300a8c0@anime.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <006301c00bbb$13b9afa0$0300a8c0@anime.ca>; from willwong@anime.ca on Mon, Aug 21, 2000 at 05:59:26PM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 21, 2000 at 05:59:26PM -0400, William Wong wrote: > I tried to "reset icmp" and it said that reset it only valid for tcp > packets. Would the polite way be to use some sort of "unreach" code? That's what I get for not reading your entire message... instead of deny use 'unreach ICMPCODE' example from memory: # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 15:13:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 041AA37B424 for ; Mon, 21 Aug 2000 15:13:17 -0700 (PDT) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id PAA31227; Mon, 21 Aug 2000 15:12:22 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200008212212.PAA31227@gndrsh.dnsmgr.net> Subject: Re: icmptypes In-Reply-To: <006301c00bbb$13b9afa0$0300a8c0@anime.ca> from William Wong at "Aug 21, 2000 05:59:26 pm" To: willwong@anime.ca (William Wong) Date: Mon, 21 Aug 2000 15:12:21 -0700 (PDT) Cc: billf@chimesnet.com (Bill Fumerola), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Charset iso-8859-1 unsupported, filtering to ASCII...] > Hi Bill, > > I tried to "reset icmp" and it said that reset it only valid for tcp > packets. Would the polite way be to use some sort of "unreach" code? Please read the RFC documenting icmp, don't have the number off hand, but is a protocol violation to generate an icmp packet due to an icmp packet, except for very specific conditions (icmp echo request -> icmp echo reply, icmp netmask request -> icmp netmask reply and I think there is one other). The major reason being you can quite easily create an icmp storm if you start sending icmp packets in responds to icmp packets. Just allow 0,3,8,11 (and sometimes 12, though they are very rare, they can help to cleanup a connection attempt that has gone wrong) and deny or deny/log all the others. You may also want to allow icmp type 5 out of your system, and possibly in from _trusted_ routers. There is no polite way to deny an icmp packet, the action of descarding it is the best thing to do if you want to protect yourself. Please read the fine paper you have been pointed to by others, trust that some of the brightest minds in internet security have either looked at or help draft it, and follow it's recomendations. > Regards, > - Will > > > > Instead of just dropping an icmp packet with say ipfw's deny rule, is > there > > > a "polite" way to deny the packet. To clarify, I want to send an > equivalent > > > of a "tcp reset" back, to let them know it's closed. Or is there no > such > > > thing as this for the icmp protocol? > > > > Instead of 'deny' use 'reset'. Of course, this opens you up to a multitude > > of DoS related problems, but you're at least being a good neighbor.... > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 15:17:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id BB74637B50B for ; Mon, 21 Aug 2000 15:17:04 -0700 (PDT) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id PAA31247; Mon, 21 Aug 2000 15:16:04 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200008212216.PAA31247@gndrsh.dnsmgr.net> Subject: Re: icmptypes In-Reply-To: <20000821180351.H57333@jade.chc-chimes.com> from Bill Fumerola at "Aug 21, 2000 06:03:51 pm" To: billf@chimesnet.com (Bill Fumerola) Date: Mon, 21 Aug 2000 15:16:03 -0700 (PDT) Cc: willwong@anime.ca (William Wong), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, Aug 21, 2000 at 05:59:26PM -0400, William Wong wrote: > > > I tried to "reset icmp" and it said that reset it only valid for tcp > > packets. Would the polite way be to use some sort of "unreach" code? > > That's what I get for not reading your entire message... > > instead of deny use 'unreach ICMPCODE' > > example from memory: > # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 The 8 case would be okay, but returning an icmp unreach for an icmp echo reply would be a violation of the protocol spec. I would recomend against it. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 15:18:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 0A15137B423 for ; Mon, 21 Aug 2000 15:18:26 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 965761C6D; Mon, 21 Aug 2000 18:18:25 -0400 (EDT) Date: Mon, 21 Aug 2000 18:18:25 -0400 From: Bill Fumerola To: "Rodney W. Grimes" Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000821181825.I57333@jade.chc-chimes.com> References: <20000821180351.H57333@jade.chc-chimes.com> <200008212216.PAA31247@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200008212216.PAA31247@gndrsh.dnsmgr.net>; from freebsd@gndrsh.dnsmgr.net on Mon, Aug 21, 2000 at 03:16:03PM -0700 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 21, 2000 at 03:16:03PM -0700, Rodney W. Grimes wrote: > > example from memory: > > # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 > > The 8 case would be okay, but returning an icmp unreach for an icmp echo > reply would be a violation of the protocol spec. I would recomend > against it. Yes, unreaching 0 would be nonsense I suppose. On a side note, RFC and protocol blah blah is nice, but sometimes you just have to drop packets and break spec if the machine is a target. If this is being used as a border firewall or some such, then I would certainly heed Rod's advice on being careful what to break. For a single machine, I'd be less worried. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 15:28: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from ibb0021.ibb.uu.nl (ibb0021.ibb.uu.nl [131.211.124.21]) by hub.freebsd.org (Postfix) with ESMTP id 39D1B37B423 for ; Mon, 21 Aug 2000 15:28:00 -0700 (PDT) Received: by ibb0021.ibb.uu.nl (Postfix) id D64D17B1; Tue, 22 Aug 2000 00:27:17 +0200 (CEST) Date: Tue, 22 Aug 2000 00:27:17 +0200 From: Mipam To: William Wong Cc: Bill Fumerola , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000822002717.A14704@ibb0021.ibb.uu.nl> Reply-To: mipam@ibb.net References: <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> <003c01c00bb7$94783340$0300a8c0@anime.ca> <20000821173714.D57333@jade.chc-chimes.com> <006301c00bbb$13b9afa0$0300a8c0@anime.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <006301c00bbb$13b9afa0$0300a8c0@anime.ca>; from willwong@anime.ca on Mon, Aug 21, 2000 at 05:59:26PM -0400 X-Obviously: All email clients suck. Only Mutt sucks less! X-Editor: Vi X-Operating-System: BSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I tried to "reset icmp" and it said that reset it only valid for tcp > packets. Would the polite way be to use some sort of "unreach" code? > Yup, a normal response when you send a machine a ping packet and it's not up, the router will send you an icmp unreachable back (icmp type 3). That's what you can do as well as response to a icmp packet to be polite i guess. On the other hand.. consider letting icmp types 0,3,8 and 11 through as was discussed before. And just drop all fragmented icmp packets. Or perhaps only allow 0 and 11 in. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 17:30:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.whistle.com (gatekeeper.whistle.com [207.76.204.2]) by hub.freebsd.org (Postfix) with ESMTP id D0C1E37B422 for ; Mon, 21 Aug 2000 17:30:49 -0700 (PDT) Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by gatekeeper.whistle.com (8.9.3/8.9.3) with ESMTP id RAA17083; Mon, 21 Aug 2000 17:30:49 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.3) id RAA63947; Mon, 21 Aug 2000 17:30:49 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200008220030.RAA63947@bubba.whistle.com> Subject: Re: PPTP In-Reply-To: from Jim Durham at "Aug 19, 2000 03:57:08 am" To: Jim Durham Date: Mon, 21 Aug 2000 17:30:49 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jim Durham writes: > Does anyone have any advice regarding security problems caused by > PPTP using PopTop on FreeBSD? > > We'd like to implement this, but I'm a little nervous about it, > having heard that the cypher has been cracked. Is this true? > How about root access from buffer overflows, etc? FYI- Another alternative to PopTop is the net/mpd-netgraph port. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 18:27:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 9BF2837B43C for ; Mon, 21 Aug 2000 18:27:20 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id TAA56027; Mon, 21 Aug 2000 19:27:18 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id TAA42980; Mon, 21 Aug 2000 19:26:13 -0600 (MDT) Message-Id: <200008220126.TAA42980@harmony.village.org> To: Mipam Subject: Re: icmptypes Cc: Jaroshenko Serge , William Wong , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 21 Aug 2000 13:17:59 +0200." References: Date: Mon, 21 Aug 2000 19:26:13 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mipam writes: : Okay, however, why not block in all icmp and let yourself be able to ping : to the outside. With state keeping you'll recieve the reply's. : Unless of course you wish ppl to ping you initially? DO NOT BLOCK ALL ICMP PACKETS. There, I'm done shouting. Blocking all ICMP packets breaks path mtu discovery. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 18:29:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 42C6A37B43C for ; Mon, 21 Aug 2000 18:29:42 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id TAA56073; Mon, 21 Aug 2000 19:29:41 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id TAA43045; Mon, 21 Aug 2000 19:28:36 -0600 (MDT) Message-Id: <200008220128.TAA43045@harmony.village.org> To: "William Wong" Subject: Re: icmptypes Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 21 Aug 2000 17:34:25 EDT." <003c01c00bb7$94783340$0300a8c0@anime.ca> References: <003c01c00bb7$94783340$0300a8c0@anime.ca> <007701c00b4f$9c905340$4c9409cb@labyrinth.net.au> Date: Mon, 21 Aug 2000 19:28:36 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <003c01c00bb7$94783340$0300a8c0@anime.ca> "William Wong" writes: : Thanks for the responses. I've got a somewhat follow up question. : Instead of just dropping an icmp packet with say ipfw's deny rule, is there : a "polite" way to deny the packet. To clarify, I want to send an equivalent : of a "tcp reset" back, to let them know it's closed. Or is there no such : thing as this for the icmp protocol? I'm not that familiar with this : protocol as you can see. For ICMP packets, drop them on the floor, but make sure that you have the path mtu types enabled. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 19:53:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 1C41D37B42C for ; Mon, 21 Aug 2000 19:53:54 -0700 (PDT) Received: from chimp (chimp [192.168.0.2]) by cage.simianscience.com (8.9.3/8.9.3) with ESMTP id WAA17637; Mon, 21 Aug 2000 22:53:19 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20000821224628.00b05ad0@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 21 Aug 2000 22:47:12 -0400 To: Fernando Schapachnik , durham@w2xo.pgh.pa.us (Jim Durham) From: Mike Tancsa Subject: Re: PPTP Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200008202049.RAA20400@ns1.via-net-works.net.ar> References: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:49 PM 8/20/2000 -0300, Fernando Schapachnik wrote: >En un mensaje anterior, Jim Durham escribi=F3: > > Does anyone have any advice regarding security problems caused by > > PPTP using PopTop on FreeBSD? > > > > We'd like to implement this, but I'm a little nervous about it, > > having heard that the cypher has been cracked. Is this true? > >So it seems. Search bugtraq on www.securityfocus.com for PPTP and you will >find the relevant articles. I am under the impression that the version in the ports, does not do data=20 encryption.... Only at the authentication phase. ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 21 23: 8:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.networkiowa.com (ns1.networkiowa.com [209.234.64.192]) by hub.freebsd.org (Postfix) with ESMTP id 1B30737B424 for ; Mon, 21 Aug 2000 23:08:55 -0700 (PDT) Received: from raccoon.com (dsl.72.145.networkiowa.com [209.234.72.145]) by ns1.networkiowa.com (8.9.3/8.9.3) with ESMTP id BAA03349 for ; Tue, 22 Aug 2000 01:14:10 -0500 Message-ID: <39A218F9.99C14E3D@raccoon.com> Date: Tue, 22 Aug 2000 01:08:57 -0500 From: John Lengeling X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Will PGPnet work with 4.1-STABLE IPSEC? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone tried to get PGPnet working with IPSEC/racoon under 4.1-STABLE? Since this is the first time that I am trying to get an IPSEC VPN client package working with FreeBSD's IPSEC, are there any recommend VPN clients to use other than PGPnet? johnl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 8:17:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from world.std.com (world-f.std.com [199.172.62.5]) by hub.freebsd.org (Postfix) with ESMTP id 9908937B43C for ; Tue, 22 Aug 2000 08:17:26 -0700 (PDT) Received: (from lowell@localhost) by world.std.com (8.9.3/8.9.3) id LAA16210; Tue, 22 Aug 2000 11:17:26 -0400 (EDT) To: freebsd-security@freeBSD.org Subject: Re: icmptypes References: <20000821180351.H57333@jade.chc-chimes.com> <20000821181825.I57333@jade.chc-chimes.com> From: Lowell Gilbert Date: 22 Aug 2000 11:17:25 -0400 In-Reply-To: billf@chimesnet.com's message of 22 Aug 2000 00:18:46 +0200 Message-ID: Lines: 28 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org billf@chimesnet.com (Bill Fumerola) writes: > On Mon, Aug 21, 2000 at 03:16:03PM -0700, Rodney W. Grimes wrote: > > > > example from memory: > > > # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 > > > > The 8 case would be okay, but returning an icmp unreach for an icmp echo > > reply would be a violation of the protocol spec. I would recomend > > against it. > > Yes, unreaching 0 would be nonsense I suppose. > > On a side note, RFC and protocol blah blah is nice, but sometimes you > just have to drop packets and break spec if the machine is a target. Dropping packets is never a violation of the protocol spec. Returning ICMP "unreachable" errors in response to other ICMP packets would be. This is an important distinction. [It's also what Rodney Grimes actually said.] > If this is being used as a border firewall or some such, then I would > certainly heed Rod's advice on being careful what to break. For a single > machine, I'd be less worried. The gains, however, are fairly small. And some things *will* break. At a very minimum, allow echo replies (possibly via stateful tracking), dest unreachable, TTL exceeded, and header error. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 13:20:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id D20EE37B424 for ; Tue, 22 Aug 2000 13:20:45 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 66E8C1C6B; Tue, 22 Aug 2000 16:20:45 -0400 (EDT) Date: Tue, 22 Aug 2000 16:20:45 -0400 From: Bill Fumerola To: Lowell Gilbert Cc: freebsd-security@freeBSD.org Subject: Re: icmptypes Message-ID: <20000822162045.M57333@jade.chc-chimes.com> References: <20000821180351.H57333@jade.chc-chimes.com> <20000821181825.I57333@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from lowell@world.std.com on Tue, Aug 22, 2000 at 11:17:25AM -0400 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Aug 22, 2000 at 11:17:25AM -0400, Lowell Gilbert wrote: > > If this is being used as a border firewall or some such, then I would > > certainly heed Rod's advice on being careful what to break. For a single > > machine, I'd be less worried. > > The gains, however, are fairly small. And some things *will* break. > At a very minimum, allow echo replies (possibly via stateful > tracking), dest unreachable, TTL exceeded, and header error. Respectfully, I'd say that the gains of doing funky things that break RFC are sometimes fairly large[1]. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org 1. For machines that are under heavy attack. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 14: 5:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id A44E737B424 for ; Tue, 22 Aug 2000 14:05:56 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id VAA03040; Tue, 22 Aug 2000 21:00:16 GMT Date: Tue, 22 Aug 2000 21:00:05 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Bill Fumerola Cc: Lowell Gilbert , freebsd-security@FreeBSD.ORG Subject: Probing protocol in IPsec In-Reply-To: <20000822162045.M57333@jade.chc-chimes.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear All, Does any one know about the probing protocol that is performed in ipsec Do you know about any document discussing this issue? Thank you in advance Ali. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 14:29: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from ibb0021.ibb.uu.nl (ibb0021.ibb.uu.nl [131.211.124.21]) by hub.freebsd.org (Postfix) with ESMTP id C450A37B43C for ; Tue, 22 Aug 2000 14:29:04 -0700 (PDT) Received: by ibb0021.ibb.uu.nl (Postfix) id E574F7B1; Tue, 22 Aug 2000 23:28:21 +0200 (CEST) Date: Tue, 22 Aug 2000 23:28:21 +0200 From: Mipam To: Lowell Gilbert Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000822232821.D633@ibb0021.ibb.uu.nl> Reply-To: mipam@ibb.net References: <20000821180351.H57333@jade.chc-chimes.com> <20000821181825.I57333@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from lowell@world.std.com on Tue, Aug 22, 2000 at 11:17:25AM -0400 X-Obviously: All email clients suck. Only Mutt sucks less! X-Editor: Vi X-Operating-System: BSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Dropping packets is never a violation of the protocol spec. Returning > ICMP "unreachable" errors in response to other ICMP packets would be. > This is an important distinction. [It's also what Rodney Grimes > actually said.] > Hmmm, Normally when you ping for example a host on another network which isnt up, the router in between wil return icmp unreach to you. However, When you return an icmp unreach with source ip from the host which is supposed to be down, it's a little bit strange indeed :) And indeed, blocking all icmp types is far from optimal. Some choose to do so and take the inconveniences which come with it, personally i dont. But then again, some also choose to deny all packets with any ip option in it, causing problems for traceroute and such. So, it's also a bit personal choice. Same with fragmented packets. Of course, when reply's are given which are a violation to the protocol specs, then it's bad. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 14:30:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay1.pair.com (relay1.pair.com [209.68.1.20]) by hub.freebsd.org (Postfix) with SMTP id 7CAA937B424 for ; Tue, 22 Aug 2000 14:29:52 -0700 (PDT) Received: (qmail 24544 invoked from network); 22 Aug 2000 21:29:50 -0000 Received: from npae02-1224.pae.embratel.net.br (HELO sparc2) (200.228.129.224) by relay1.pair.com with SMTP; 22 Aug 2000 21:29:50 -0000 X-pair-Authenticated: 200.228.129.224 From: "Christian Jacken" To: Subject: Which version of FreeBSD to choose / secure shell / OpenBSD Date: Tue, 22 Aug 2000 18:30:38 -0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi friends@freebsd.org, possibly I did overlook something, but for which version of FreeBSD (if possible please include the URL) should I look for if I want to install a very stable version of FreeBSD on an remotely administered webserver in the US (I'm in Brazil)? Which secure shell could I run on this server without infringing any US patents/copyright laws? Do you think that OpenBSD has a real advantage over FreeBSD because of better cryptography/safety? Thank you very much, Christian Jacken PLEASE CC => christian@jacken.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 16:42:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from wind.imbris.com (wind.imbris.com [216.18.130.7]) by hub.freebsd.org (Postfix) with ESMTP id 7F86A37B443 for ; Tue, 22 Aug 2000 16:42:17 -0700 (PDT) Received: from lan.imbris.com (lan.imbris.com [216.18.129.5]) by wind.imbris.com (8.9.3/8.9.3) with ESMTP id QAA74058 for ; Tue, 22 Aug 2000 16:40:36 -0700 (PDT) Date: Tue, 22 Aug 2000 11:53:36 +0100 (GMT Daylight Time) From: Rick To: freebsd-security@freebsd.org Subject: 3.5 and 4.0 with sendmail 8.9.3 Message-ID: X-X-Sender: rickm@wind.imbris.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fun problem? Wanna get a machine to reach max load and never return to normal? Watch sendmail processes explode faster that you can refresh PS? Try this? Here is what we have: tested two machines: Alpha 500a running 4.0 and I386 running 3.5, only common attributes: BT-958 SCSI card and etherlink III 10/100 cards. Which BTW the BT958 goes into mailbox busy, 192 commands, scsi clear both machines, problem is confirmed with the BL driver. Doesn't happen with an Adaptec. Note 3 versions of firmware for Busslogics was tried on 3 seperate cards. All reacted the same. Mail is on one central server and aliase file along with password updates are passed from another machine, via nfs, at various times during the day. 9/10 times not a problem all works as planned. when we fail: aliase.db file is not rebuilt and set to 0 bytes. Aliase file is correct at proper value and number of bytes. Error message is aliase file is locked and can't run new aliases. Now of coarse sendmail looking at the aliase file goes off the deep end and attempts to do local delivery and can't. The only way so far to clear this problem is to shutdown now and do a control D to bring back up in multi user. Forget reading the console port. It scrolls faster than a 2K page running at DS3 speed. Nothing different in the logs, either. Killing sendmail doesn't work. No locks can be found and until this occurs system swears the file is locked. Not just locked in shared mode, but in executive mode. Now we have tried a simple copy, a mv and various other ideas and the problem is persistant on the regular aliase file. Today by varying the sequence the newliase command went off into space, lost somewhere in the great memory void. The system did not attempt to rebuild but the file did not say it was locked. Killed out of processes ok. But could not rebuild aliase file. Again single user mode back to multi and you can clear, go about your business. I stress the fact this is a random error. It may happen once in a 3 day period or once every few hours. Any help would be appreciated. Rick McGee Network Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 16:45:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3437437B422; Tue, 22 Aug 2000 16:45:09 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id QAA85594; Tue, 22 Aug 2000 16:45:09 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 22 Aug 2000 16:45:08 -0700 (PDT) From: Kris Kennaway To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Probing protocol in IPsec In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Aug 2000, Ali Alaoui El Hassani wrote: > Dear All, > Does any one know about the probing protocol that is performed in ipsec You'll have to ask the question a bit better..I dont know what you mean by "probing protocol". > Do you know about any document discussing this issue? The RFCs, and the documentation at www.kame.net regarding the implementation in FreeBSD. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 21: 2:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 7570B37B423 for ; Tue, 22 Aug 2000 21:02:41 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 22 Aug 2000 21:01:31 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id VAA46337; Tue, 22 Aug 2000 21:02:36 -0700 (PDT) (envelope-from cjc) Date: Tue, 22 Aug 2000 21:02:36 -0700 From: "Crist J . Clark" To: Lowell Gilbert Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes Message-ID: <20000822210236.G28027@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20000821180351.H57333@jade.chc-chimes.com> <20000821181825.I57333@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from lowell@world.std.com on Tue, Aug 22, 2000 at 11:17:25AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Aug 22, 2000 at 11:17:25AM -0400, Lowell Gilbert wrote: > billf@chimesnet.com (Bill Fumerola) writes: > > > On Mon, Aug 21, 2000 at 03:16:03PM -0700, Rodney W. Grimes wrote: > > > > > > example from memory: > > > > # ipfw add unreach filter-prohib icmp from any to any icmptypes 0,8 > > > > > > The 8 case would be okay, but returning an icmp unreach for an icmp echo > > > reply would be a violation of the protocol spec. I would recomend > > > against it. > > > > Yes, unreaching 0 would be nonsense I suppose. > > > > On a side note, RFC and protocol blah blah is nice, but sometimes you > > just have to drop packets and break spec if the machine is a target. > > Dropping packets is never a violation of the protocol spec. Returning > ICMP "unreachable" errors in response to other ICMP packets would be. > This is an important distinction. [It's also what Rodney Grimes > actually said.] Actually, generating an error message in response to an error message violates the RFCs. An error response to a non-error reporting ICMP message is OK... but dropping is OK too. See section 3.2.2 of RFC1122. RFC1122 is one of the most useful ones, I encourage everyone to have a look there when questions like this pop up. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 22:37:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from mindcrime.bit0.com (mindcrime.bit0.com [208.6.169.69]) by hub.freebsd.org (Postfix) with ESMTP id DBC5B37B440 for ; Tue, 22 Aug 2000 22:37:51 -0700 (PDT) Received: from localhost (mandrews@localhost) by mindcrime.bit0.com (8.9.3/8.9.3) with ESMTP id BAA68463 for ; Wed, 23 Aug 2000 01:36:47 -0400 (EDT) (envelope-from mandrews@bit0.com) Date: Wed, 23 Aug 2000 01:36:46 -0400 (EDT) From: Mike Andrews To: freebsd-security@freebsd.org Subject: scp and >2GB files Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Any plans to improve scp so it can copy files larger than 2^31 bytes? For those that haven't tried it, scp dies with "lost connection" almost immediately after authenticating. (I'm guessing it's seeing the file size as a negative number and getting confused.) It would make a disk-to-disk backup solution I'm working on much easier. With scp not able to do this easily, I'm not sure what I can use as a quick replacement - maybe dump/restore to stdout run over an ssh pipeline, or maybe rdist. I've run tar over an ssh pipeline, but tar doesn't like files over 2^31 bytes either... This is OpenSSH on 4.1-RELEASE, btw. Mike Andrews (MA12) * mandrews@dcr.net * http://www.bit0.com/ www.fark.com: If it's not news, it's Fark. (Or something like that.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 23:16: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 566AF37B424 for ; Tue, 22 Aug 2000 23:16:05 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 22 Aug 2000 23:14:56 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id XAA47182; Tue, 22 Aug 2000 23:15:57 -0700 (PDT) (envelope-from cjc) Date: Tue, 22 Aug 2000 23:15:56 -0700 From: "Crist J . Clark" To: Mike Andrews Cc: freebsd-security@FreeBSD.ORG Subject: Re: scp and >2GB files Message-ID: <20000822231556.J28027@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from mandrews@bit0.com on Wed, Aug 23, 2000 at 01:36:46AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Aug 23, 2000 at 01:36:46AM -0400, Mike Andrews wrote: > Any plans to improve scp so it can copy files larger than 2^31 bytes? For > those that haven't tried it, scp dies with "lost connection" almost > immediately after authenticating. (I'm guessing it's seeing the file size > as a negative number and getting confused.) > > It would make a disk-to-disk backup solution I'm working on much easier. > With scp not able to do this easily, I'm not sure what I can use as a > quick replacement - maybe dump/restore to stdout run over an ssh pipeline, > or maybe rdist. I've run tar over an ssh pipeline, but tar doesn't like > files over 2^31 bytes either... > > This is OpenSSH on 4.1-RELEASE, btw. Isn't, $ scp file1 remote:file2 Same as, $ ssh remote 'cat > file2' < file1 But prolly doesn't have that limit. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 23:34:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 167F437B43F for ; Tue, 22 Aug 2000 23:34:36 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 22 Aug 2000 23:33:28 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id XAA47310 for freebsd-security@freebsd.org; Tue, 22 Aug 2000 23:34:32 -0700 (PDT) (envelope-from cjc) Date: Tue, 22 Aug 2000 23:34:32 -0700 From: "Crist J . Clark" To: freebsd-security@freebsd.org Subject: Blackhat Firewall-1 Codes Message-ID: <20000822233432.K28027@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone been playing with the demonstration codes for Checkpoint's Firewall-1 from the Blackhat Briefing Presentations by Lopatic and McDonald? The URL with the codes and other information is at, http://www.dataprotect.com/bh2000/ I have been trying to get the 'fw1tun' codes to run under FreeBSD. I have been getting, $ ./icmp [args] sendto: Invalid argument I've been running the programs in the debugger, but I just don't have the experience with coding raw datagrams and sendto(3) to figure out exactly what the problem is. It's probably something obvious and the codes are only 140 and 230 lines long. Anyone have any advice? Oh, just for the record, I am trying to see if some firewalls we have (ones not on the Internet, so no games from any kids out there) can be exploited. -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 23:38:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3e127.neo.rr.com [24.93.184.127]) by hub.freebsd.org (Postfix) with ESMTP id 437EC37B423 for ; Tue, 22 Aug 2000 23:38:16 -0700 (PDT) Received: from localhost (mike@localhost) by jason.argos.org (8.10.1/8.10.1) with ESMTP id e7N6Z2Z04347; Wed, 23 Aug 2000 02:35:02 -0400 Date: Wed, 23 Aug 2000 02:35:02 -0400 (EDT) From: Mike Nowlin To: Warner Losh Cc: William Wong , freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: <200008220128.TAA43045@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For ICMP packets, drop them on the floor, but make sure that you have > the path mtu types enabled. > > Warner Mebbe we should put in something into the kernel that always lets those packets through... (Just kidding... :) ) Actually, maybe a warning message (with a sysctl knob to turn it off) that gets triggered when these packets are blocked by ipfw & friends might not be a completely horrible idea. If people start seeing "this is dumb" messages show up, they'll probably ask "Why?". Enlightenment for the masses. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Understated/funny man-page sentence of the current time period: From route(4) on FreeBSD-3.4, DESCRIPTION section: "FreeBSD provides some packet routing facilities." ...duh....... Mike Nowlin, N8NVW mike@argos.org http://www.viewsnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 23:40: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id 636E037B424 for ; Tue, 22 Aug 2000 23:39:58 -0700 (PDT) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id AAA04483; Wed, 23 Aug 2000 00:39:52 -0600 (MDT) Message-Id: <200008230639.AAA04483@faith.cs.utah.edu> Subject: Re: Blackhat Firewall-1 Codes To: cjclark@alum.mit.edu Date: Wed, 23 Aug 2000 00:39:52 -0600 (MDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20000822233432.K28027@149.211.6.64.reflexcom.com> from "Crist J . Clark" at Aug 22, 2000 11:34:32 PM From: "David G. Andersen" X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Without looking at all at the code, but speaking from having ported numerous of these things to FreeBSD, I'll hazard a few guesses: - differing levels of "rawness" between BSD and Linux; BSD raw sockets perform an htons() on the ip_len, ip_off, and ip_tos fields. - set sin_len in your struct sockaddr_in; not all systems have this field. - set IP_HDRINCLUDE and other friends when opening the raw socket, if they're not already. Happy porting. -Dave Lo and behold, Crist J . Clark once said: > > > I have been trying to get the 'fw1tun' codes to run under FreeBSD. I > have been getting, > > $ ./icmp [args] > sendto: Invalid argument > > Oh, just for the record, I am trying to see if some firewalls we have > (ones not on the Internet, so no games from any kids out there) can be > exploited. > -- > Crist J. Clark cjclark@alum.mit.com -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 22 23:47:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id 83B5437B43E for ; Tue, 22 Aug 2000 23:47:37 -0700 (PDT) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id AAA04684; Wed, 23 Aug 2000 00:43:35 -0600 (MDT) Message-Id: <200008230643.AAA04684@faith.cs.utah.edu> Subject: Re: icmptypes To: mike@argos.org (Mike Nowlin) Date: Wed, 23 Aug 2000 00:43:35 -0600 (MDT) Cc: imp@village.org (Warner Losh), willwong@anime.ca (William Wong), freebsd-security@FreeBSD.ORG In-Reply-To: from "Mike Nowlin" at Aug 23, 2000 02:35:02 AM From: "David G. Andersen" X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ugh. That's the job of the tool that sets up the firewall for the user, or the {book, manpage, etc} the user uses to learn how to set up their firewall. If you start trying to build policy into the firewall tools themselves, you'll just get a headache. ... of course, the FreeBSD firewall examples deny ICMP unconditionally. :) -Dave Lo and behold, Mike Nowlin once said: > > Actually, maybe a warning message (with a sysctl knob to turn it off) that > gets triggered when these packets are blocked by ipfw & friends might not > be a completely horrible idea. If people start seeing "this is > dumb" messages show up, they'll probably ask "Why?". > > Enlightenment for the masses. -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 0:14:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id 5E31F37B422 for ; Wed, 23 Aug 2000 00:14:54 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id DAA31089; Wed, 23 Aug 2000 03:13:34 -0400 (EDT) Date: Wed, 23 Aug 2000 03:13:34 -0400 (EDT) From: To: Mike Nowlin Cc: freebsd-security@FreeBSD.ORG Subject: Re: icmptypes In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 23 Aug 2000, Mike Nowlin wrote: > Actually, maybe a warning message (with a sysctl knob to turn it off) that > gets triggered when these packets are blocked by ipfw & friends might not > be a completely horrible idea. If people start seeing "this is > dumb" messages show up, they'll probably ask "Why?". I have a better idea. How about if we just shoot every unqualified, idiotic, moron who is a so called "IT Professional". If you don't know your job QUIT, you just make it harder for the rest of us that do. Can this thread PLEASE DIE NOW!? LET IT DIE DIE DIE! ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tommorow?" BSD: "Are you guys coming or what?" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 1:18:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A40FA37B43C; Wed, 23 Aug 2000 01:18:33 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA54056; Wed, 23 Aug 2000 01:18:33 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 23 Aug 2000 01:18:33 -0700 (PDT) From: Kris Kennaway To: Mike Andrews Cc: freebsd-security@freebsd.org Subject: Re: scp and >2GB files In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 23 Aug 2000, Mike Andrews wrote: > Any plans to improve scp so it can copy files larger than 2^31 bytes? For Talk to the OpenSSH developers - see www.openssh.com for contact info. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 1:35:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from smp.kyx.net (cr95838-a.crdva1.bc.wave.home.com [24.113.134.64]) by hub.freebsd.org (Postfix) with ESMTP id 9383E37B422 for ; Wed, 23 Aug 2000 01:35:11 -0700 (PDT) Received: by smp.kyx.net (Postfix, from userid 500) id 56E043A21D; Wed, 23 Aug 2000 01:35:45 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: Rick , freebsd-security@freebsd.org Subject: Re: 3.5 and 4.0 with sendmail 8.9.3 Date: Wed, 23 Aug 2000 01:31:21 -0700 X-Mailer: KMail [version 1.0.29.2] Content-Type: text/plain References: In-Reply-To: MIME-Version: 1.0 Message-Id: <0008230135450N.36794@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Make a backup of the files that flake regularly. Create a watchdog that looks for the files flaking after a copy and copy from the backups in that case. Use a lock file or some other form of interlock to disable the watchdog during a copy so that the watchdog doesn't collide with a copy. Watchdog will wake up after the lock is removed and if the file is flaked, hopefully resore your system before it goes off the deep end again. But I'm sure there are other solutions, including using some sort of reliable protocol for the transfer so that the files don't flake in the first place. cheers, --dr On Tue, 22 Aug 2000, Rick wrote: > Fun problem? > > Wanna get a machine to reach max load and never return to normal? > Watch sendmail processes explode faster that you can refresh PS? > Try this? > > Here is what we have: tested two machines: Alpha 500a running 4.0 and I386 > running 3.5, only common attributes: BT-958 SCSI card and etherlink III > 10/100 cards. Which BTW the BT958 goes into mailbox busy, 192 commands, > scsi clear both machines, problem is confirmed with the BL driver. Doesn't > happen with an Adaptec. Note 3 versions of firmware for Busslogics was > tried on 3 seperate cards. All reacted the same. > > Mail is on one central server and aliase file along with password updates > are passed from another machine, via nfs, at various times during the day. > > 9/10 times not a problem all works as planned. > > when we fail: aliase.db file is not rebuilt and set to 0 bytes. > Aliase file is correct at proper value and number of bytes. > > Error message is aliase file is locked and can't run new aliases. > Now of coarse sendmail looking at the aliase file goes off the deep end > and attempts to do local delivery and can't. > > The only way so far to clear this problem is to shutdown now and do a > control D to bring back up in multi user. Forget reading the console port. > It scrolls faster than a 2K page running at DS3 speed. Nothing different > in the logs, either. > > Killing sendmail doesn't work. No locks can be found and until this occurs > system swears the file is locked. Not just locked in shared mode, but in > executive mode. > > Now we have tried a simple copy, a mv and various other ideas and the > problem is persistant on the regular aliase file. > > Today by varying the sequence the newliase command went off into space, > lost somewhere in the great memory void. The system did not attempt to > rebuild but the file did not say it was locked. Killed out of processes > ok. But could not rebuild aliase file. > > Again single user mode back to multi and you can clear, go about your > business. > > I stress the fact this is a random error. It may happen once in a 3 day > period or once every few hours. > > Any help would be appreciated. > > > > Rick McGee > Network Engineer > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- dursec.com ltd. / kyx.net - we're from the future pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D pgp key: http://www.dursec.com/drkey.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 1:51:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from smp.kyx.net (cr95838-a.crdva1.bc.wave.home.com [24.113.134.64]) by hub.freebsd.org (Postfix) with ESMTP id 2155037B424 for ; Wed, 23 Aug 2000 01:51:21 -0700 (PDT) Received: by smp.kyx.net (Postfix, from userid 500) id AF3583A21D; Wed, 23 Aug 2000 01:51:55 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: Rick , freebsd-security@freebsd.org Subject: Re: 3.5 and 4.0 with sendmail 8.9.3 Date: Wed, 23 Aug 2000 01:49:39 -0700 X-Mailer: KMail [version 1.0.29.2] Content-Type: text/plain References: <0008230135450N.36794@smp.kyx.net> In-Reply-To: <0008230135450N.36794@smp.kyx.net> MIME-Version: 1.0 Message-Id: <0008230151550S.36794@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Or thinking outloud... an even better solution would be to copy them to a temp location and have a local process that checks them for integrity before overwriting the old ones. An aliases mailbox directory as it were, and postman process that looks for damaged mail. cheers, --dr On Wed, 23 Aug 2000, Dragos Ruiu wrote: > Make a backup of the files that flake regularly. > > Create a watchdog that looks for the files flaking after a > copy and copy from the backups in that case. > > Use a lock file or some other form of interlock to > disable the watchdog during a copy so that the > watchdog doesn't collide with a copy. Watchdog > will wake up after the lock is removed and if the > file is flaked, hopefully resore your system before > it goes off the deep end again. > > But I'm sure there are other solutions, including > using some sort of reliable protocol for the > transfer so that the files don't flake in the first > place. > > cheers, > --dr > > > > On Tue, 22 Aug 2000, Rick wrote: > > Fun problem? > > > > Wanna get a machine to reach max load and never return to normal? > > Watch sendmail processes explode faster that you can refresh PS? > > Try this? > > > > Here is what we have: tested two machines: Alpha 500a running 4.0 and I386 > > running 3.5, only common attributes: BT-958 SCSI card and etherlink III > > 10/100 cards. Which BTW the BT958 goes into mailbox busy, 192 commands, > > scsi clear both machines, problem is confirmed with the BL driver. Doesn't > > happen with an Adaptec. Note 3 versions of firmware for Busslogics was > > tried on 3 seperate cards. All reacted the same. > > > > Mail is on one central server and aliase file along with password updates > > are passed from another machine, via nfs, at various times during the day. > > > > 9/10 times not a problem all works as planned. > > > > when we fail: aliase.db file is not rebuilt and set to 0 bytes. > > Aliase file is correct at proper value and number of bytes. > > > > Error message is aliase file is locked and can't run new aliases. > > Now of coarse sendmail looking at the aliase file goes off the deep end > > and attempts to do local delivery and can't. > > > > The only way so far to clear this problem is to shutdown now and do a > > control D to bring back up in multi user. Forget reading the console port. > > It scrolls faster than a 2K page running at DS3 speed. Nothing different > > in the logs, either. > > > > Killing sendmail doesn't work. No locks can be found and until this occurs > > system swears the file is locked. Not just locked in shared mode, but in > > executive mode. > > > > Now we have tried a simple copy, a mv and various other ideas and the > > problem is persistant on the regular aliase file. > > > > Today by varying the sequence the newliase command went off into space, > > lost somewhere in the great memory void. The system did not attempt to > > rebuild but the file did not say it was locked. Killed out of processes > > ok. But could not rebuild aliase file. > > > > Again single user mode back to multi and you can clear, go about your > > business. > > > > I stress the fact this is a random error. It may happen once in a 3 day > > period or once every few hours. > > > > Any help would be appreciated. > > > > > > > > Rick McGee > > Network Engineer > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- > dursec.com ltd. / kyx.net - we're from the future > pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D > pgp key: http://www.dursec.com/drkey.asc > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- dursec.com ltd. / kyx.net - we're from the future pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D pgp key: http://www.dursec.com/drkey.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 2: 6:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from plum.flirble.org (plum.flirble.org [195.40.6.20]) by hub.freebsd.org (Postfix) with ESMTP id 0B79837B424; Wed, 23 Aug 2000 02:06:40 -0700 (PDT) Received: from scot (helo=localhost) by plum.flirble.org with local-esmtp (Exim 3.12 #5) id 13RWUY-00052a-00; Wed, 23 Aug 2000 10:06:38 +0100 Date: Wed, 23 Aug 2000 10:06:38 +0100 (BST) From: scot@poptart.org X-Sender: scot@plum.flirble.org To: Kris Kennaway Cc: Mike Andrews , freebsd-security@freebsd.org Subject: Re: scp and >2GB files In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ... or just implement it yourself for those one-off occasions using "cat BIGFILE | ssh ... 'cat - >BIGFILE'" On Wed, 23 Aug 2000, Kris Kennaway wrote: > On Wed, 23 Aug 2000, Mike Andrews wrote: > > > Any plans to improve scp so it can copy files larger than 2^31 bytes? For > > Talk to the OpenSSH developers - see www.openssh.com for contact info. > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 12: 0:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11]) by hub.freebsd.org (Postfix) with ESMTP id 8306B37B423 for ; Wed, 23 Aug 2000 11:58:03 -0700 (PDT) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id e7NIvg191323 for ; Wed, 23 Aug 2000 13:57:46 -0500 (COT) Date: Wed, 23 Aug 2000 13:57:42 -0500 (COT) From: Buliwyf McGraw To: freebsd-security@FreeBSD.ORG Subject: ttywatcher - telnetsnoop Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Somebody knows if there is a program like ttywatcher (for Sun) or telnetsnoop (for linux), included in the FreeBSD ports??? ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 12: 5: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 34F0B37B423 for ; Wed, 23 Aug 2000 12:05:06 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e7NJ3Zw13848; Wed, 23 Aug 2000 12:03:35 -0700 (PDT) Date: Wed, 23 Aug 2000 12:03:35 -0700 From: Alfred Perlstein To: Buliwyf McGraw Cc: freebsd-security@FreeBSD.ORG Subject: Re: ttywatcher - telnetsnoop Message-ID: <20000823120335.B4854@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from buliwyf@libertad.univalle.edu.co on Wed, Aug 23, 2000 at 01:57:42PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Buliwyf McGraw [000823 12:00] wrote: > > Somebody knows if there is a program like ttywatcher (for Sun) or > telnetsnoop (for linux), included in the FreeBSD ports??? I think you're looking for: ~ % man -k snoop snp(4) - tty snoop interface watch(8) - snoop on another tty line -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 12: 7:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 53BD837B42C for ; Wed, 23 Aug 2000 12:07:30 -0700 (PDT) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA37310; Wed, 23 Aug 2000 12:06:42 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200008231906.MAA37310@gndrsh.dnsmgr.net> Subject: Re: ttywatcher - telnetsnoop In-Reply-To: from Buliwyf McGraw at "Aug 23, 2000 01:57:42 pm" To: buliwyf@libertad.univalle.edu.co (Buliwyf McGraw) Date: Wed, 23 Aug 2000 12:06:42 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Somebody knows if there is a program like ttywatcher (for Sun) or > telnetsnoop (for linux), included in the FreeBSD ports??? man -k snoop should turn up the snp(4) device, and the associted utility watch(8). -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 12: 7:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 63C3737B423 for ; Wed, 23 Aug 2000 12:07:26 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id TAA08594; Wed, 23 Aug 2000 19:00:57 GMT Date: Wed, 23 Aug 2000 19:00:56 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Buliwyf McGraw Cc: freebsd-security@FreeBSD.ORG Subject: Re: ttywatcher - telnetsnoop In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Look At tcpdump I hope it helps Ali. On Wed, 23 Aug 2000, Buliwyf McGraw wrote: > > Somebody knows if there is a program like ttywatcher (for Sun) or > telnetsnoop (for linux), included in the FreeBSD ports??? > > ======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle > ======================================================================= > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 12:27:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from wind.imbris.com (wind.imbris.com [216.18.130.7]) by hub.freebsd.org (Postfix) with ESMTP id E9E4437B423 for ; Wed, 23 Aug 2000 12:27:11 -0700 (PDT) Received: from lan.imbris.com (lan.imbris.com [216.18.129.5]) by wind.imbris.com (8.9.3/8.9.3) with ESMTP id MAA63615; Wed, 23 Aug 2000 12:25:34 -0700 (PDT) Date: Wed, 23 Aug 2000 07:38:38 +0100 (GMT Daylight Time) From: Rick To: Dragos Ruiu Cc: freebsd-security@freebsd.org Subject: Re: 3.5 and 4.0 with sendmail 8.9.3 In-Reply-To: <0008230135450N.36794@smp.kyx.net> Message-ID: X-X-Sender: rickm@wind.imbris.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think it is a great idea, except the file is already locked in exec. Very unforgiving at this point. I suppose I could write a C route to test and clear the lock, even though I can't find the existance of one. Question is does it push the lock to stack? Rick On Wed, 23 Aug 2000, Dragos Ruiu wrote: > Make a backup of the files that flake regularly. > > Create a watchdog that looks for the files flaking after a > copy and copy from the backups in that case. > > Use a lock file or some other form of interlock to > disable the watchdog during a copy so that the > watchdog doesn't collide with a copy. Watchdog > will wake up after the lock is removed and if the > file is flaked, hopefully resore your system before > it goes off the deep end again. > > But I'm sure there are other solutions, including > using some sort of reliable protocol for the > transfer so that the files don't flake in the first > place. > > cheers, > --dr > > > > On Tue, 22 Aug 2000, Rick wrote: > > Fun problem? > > > > Wanna get a machine to reach max load and never return to normal? > > Watch sendmail processes explode faster that you can refresh PS? > > Try this? > > > > Here is what we have: tested two machines: Alpha 500a running 4.0 and I386 > > running 3.5, only common attributes: BT-958 SCSI card and etherlink III > > 10/100 cards. Which BTW the BT958 goes into mailbox busy, 192 commands, > > scsi clear both machines, problem is confirmed with the BL driver. Doesn't > > happen with an Adaptec. Note 3 versions of firmware for Busslogics was > > tried on 3 seperate cards. All reacted the same. > > > > Mail is on one central server and aliase file along with password updates > > are passed from another machine, via nfs, at various times during the day. > > > > 9/10 times not a problem all works as planned. > > > > when we fail: aliase.db file is not rebuilt and set to 0 bytes. > > Aliase file is correct at proper value and number of bytes. > > > > Error message is aliase file is locked and can't run new aliases. > > Now of coarse sendmail looking at the aliase file goes off the deep end > > and attempts to do local delivery and can't. > > > > The only way so far to clear this problem is to shutdown now and do a > > control D to bring back up in multi user. Forget reading the console port. > > It scrolls faster than a 2K page running at DS3 speed. Nothing different > > in the logs, either. > > > > Killing sendmail doesn't work. No locks can be found and until this occurs > > system swears the file is locked. Not just locked in shared mode, but in > > executive mode. > > > > Now we have tried a simple copy, a mv and various other ideas and the > > problem is persistant on the regular aliase file. > > > > Today by varying the sequence the newliase command went off into space, > > lost somewhere in the great memory void. The system did not attempt to > > rebuild but the file did not say it was locked. Killed out of processes > > ok. But could not rebuild aliase file. > > > > Again single user mode back to multi and you can clear, go about your > > business. > > > > I stress the fact this is a random error. It may happen once in a 3 day > > period or once every few hours. > > > > Any help would be appreciated. > > > > > > > > Rick McGee > > Network Engineer > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- > dursec.com ltd. / kyx.net - we're from the future > pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D > pgp key: http://www.dursec.com/drkey.asc > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 13:16:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from mindcrime.bit0.com (mindcrime.bit0.com [208.6.169.69]) by hub.freebsd.org (Postfix) with ESMTP id C297037B423 for ; Wed, 23 Aug 2000 13:16:43 -0700 (PDT) Received: from localhost (mandrews@localhost) by mindcrime.bit0.com (8.9.3/8.9.3) with ESMTP id QAA71709; Wed, 23 Aug 2000 16:15:38 -0400 (EDT) (envelope-from mandrews@bit0.com) Date: Wed, 23 Aug 2000 16:15:38 -0400 (EDT) From: Mike Andrews To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: scp and >2GB files In-Reply-To: <20000822231556.J28027@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Aug 2000, Crist J . Clark wrote: > On Wed, Aug 23, 2000 at 01:36:46AM -0400, Mike Andrews wrote: > > Any plans to improve scp so it can copy files larger than 2^31 bytes? For > > those that haven't tried it, scp dies with "lost connection" almost > > immediately after authenticating. (I'm guessing it's seeing the file size > > as a negative number and getting confused.) > > > > It would make a disk-to-disk backup solution I'm working on much easier. > > With scp not able to do this easily, I'm not sure what I can use as a > > quick replacement - maybe dump/restore to stdout run over an ssh pipeline, > > or maybe rdist. I've run tar over an ssh pipeline, but tar doesn't like > > files over 2^31 bytes either... > > > > This is OpenSSH on 4.1-RELEASE, btw. > > Isn't, > > $ scp file1 remote:file2 > > Same as, > > $ ssh remote 'cat > file2' < file1 Yeah, that works of course, as did Scot's pipe variation... Why is it the incredibly obvious solutions never occur to me until after I post to a mailing list and make myself look really stupid? Thanks, though. :) Mike Andrews (MA12) * mandrews@dcr.net * http://www.bit0.com/ www.fark.com: If it's not news, it's Fark. (Or something like that.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 15:36:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 18F3E37B424 for ; Wed, 23 Aug 2000 15:36:42 -0700 (PDT) Received: from softweyr.com ([208.187.122.225]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id QAA19863; Wed, 23 Aug 2000 16:36:29 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <39A45383.9456CDA@softweyr.com> Date: Wed, 23 Aug 2000 16:43:15 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.1-RC i386) X-Accept-Language: en MIME-Version: 1.0 To: Christian Jacken Cc: security@FreeBSD.ORG Subject: Re: Which version of FreeBSD to choose / secure shell / OpenBSD References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christian Jacken wrote: > > Hi friends@freebsd.org, > > possibly I did overlook something, but for which version of FreeBSD (if > possible please include the URL) should I look for if I want to install a > very stable version of FreeBSD on an remotely administered webserver in the > US (I'm in Brazil)? 4.0 or 4.1. The 4.1 disks should be available Real Soon Now (tm). > Which secure shell could I run on this server without infringing any US > patents/copyright laws? OpenSSH. > Do you think that OpenBSD has a real advantage over FreeBSD because of > better cryptography/safety? This is probably not the right forum to ask that question. If you're not familiar with how to go about securing a BSD system, the answer is yes. The OpenBSD "secure by default" installation is designed to prevent you from shooting yourself in the foot if you don't know what you're doing. If you do have a good idea how to secure a BSD system, and spend some time turning off services you don't need on a FreeBSD system and/or installing secure alternatives, it is as secure as OpenBSD. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 18:32:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 2423637B42C for ; Wed, 23 Aug 2000 18:32:56 -0700 (PDT) Received: (qmail 13592 invoked by uid 1000); 23 Aug 2000 13:33:48 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Aug 2000 13:33:48 -0000 Date: Wed, 23 Aug 2000 08:33:48 -0500 (CDT) From: Mike Silbersack To: Wes Peters Cc: Christian Jacken , security@FreeBSD.ORG Subject: Re: Which version of FreeBSD to choose / secure shell / OpenBSD In-Reply-To: <39A45383.9456CDA@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 23 Aug 2000, Wes Peters wrote: > Christian Jacken wrote: > > > Which secure shell could I run on this server without infringing any US > > patents/copyright laws? > > OpenSSH. > Isn't OpenSSH still non-free for commercial use in the US until the RSA patent expires? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 21: 6:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E3A1F37B42C; Wed, 23 Aug 2000 21:06:37 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA14597; Wed, 23 Aug 2000 21:06:37 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 23 Aug 2000 21:06:37 -0700 (PDT) From: Kris Kennaway To: Mike Silbersack Cc: Wes Peters , Christian Jacken , security@FreeBSD.ORG Subject: Re: Which version of FreeBSD to choose / secure shell / OpenBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 23 Aug 2000, Mike Silbersack wrote: > > On Wed, 23 Aug 2000, Wes Peters wrote: > > > Christian Jacken wrote: > > > > > Which secure shell could I run on this server without infringing any US > > > patents/copyright laws? > > > > OpenSSH. > > > > Isn't OpenSSH still non-free for commercial use in the US until the RSA > patent expires? No, only if you use the SSH1 protocol, which relies on RSA keys. DSA keys work fine in SSH2 and have no patent baggage. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 21: 7: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux11.cso.uiuc.edu (ux11.cso.uiuc.edu [128.174.5.105]) by hub.freebsd.org (Postfix) with ESMTP id 3E49437B424; Wed, 23 Aug 2000 21:06:56 -0700 (PDT) Received: from localhost by ux11.cso.uiuc.edu (8.10.1/8.10.1) with ESMTP id e7O46sO18556; Wed, 23 Aug 2000 23:06:55 -0500 (CDT) X-Authentication-Warning: ux11.cso.uiuc.edu: brueggma owned process doing -bs Date: Wed, 23 Aug 2000 23:06:54 -0500 (CDT) From: Eric Brueggmann X-Sender: brueggma@ux11.cso.uiuc.edu To: freebsd-isp@freebsd.org Cc: security@freebsd.org Subject: after "make world" Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I try to keep my box up to date, and cvsup every week or so with cron. And make install world when ever there is a security alert. My question to the list is: What kind of scripts do shell server admins use after they make world? This question is in regaurds to permissions, suid, sgid, etc.. Do you upgrade often enough to even warrent a script like this? Below is a little script, of some of the stuff that I have collected over the past couple of weeks. Am I missing something? Thanks for the help, Eric Brueggmann Hobbiest P.S. Sorry for posting to 2 lists, I thought it pertained to both of `em. I know my spelling sucks.. =============================================================================== #!/bin/sh # Run this after a make world, for better security. chflags noschg /bin/* chflags noschg /usr/bin/* chflags noschg /sbin/* chflags noschg /usr/sbin/* chflags noschg /bin ; chflags noschg /sbin chflags noschg /usr/bin ; chflags noschg /usr/sbin cd /var/log; chmod g-w,o-r * ; chmod a+r wtmp echo "Edit /etc/rc.conf and change the kernellevel to 2" for i in ` find / -type f -perm -2000 | egrep -wv "lockfile" ` ; do chmod g-s $i ; done for i in ` find / -type f -perm -4000 | egrep -wv "man|login|passwd|su|ssh|sendmail|procmail|sudo|mail.local" ` ; do chmod u-s $i ; done for i in ` find / -type d -perm -002 | egrep -v "tmp" ` ; do chmod o-w $i ; done chmod 700 /root # cd to /home and chmod 700 every directory except "apache|newuser|ftp|?????" chflags schg /bin/* chflags schg /usr/bin/* chflags schg /sbin/* chflags schg /usr/sbin/* chflags schg /bin ; chflags schg /sbin chflags schg /usr/bin ; chflags schg /usr/sbin # To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 21:57:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id D8C9437B43C for ; Wed, 23 Aug 2000 21:57:37 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id AAA03676 for security@freebsd.org; Thu, 24 Aug 2000 00:57:37 -0400 (EDT) Date: Thu, 24 Aug 2000 00:57:37 -0400 (EDT) From: Igor Roshchin Message-Id: <200008240457.AAA03676@giganda.komkon.org> To: security@freebsd.org Subject: named -- unapproved update (?) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! I recently started a named server on one of the computers. This server is not announced as a primary or secondary DNS server for any of domains, nor it is listed in /etc/resolv.conf of any computer (besides the computer it's running on). Immediately, I started seeing a message: Aug 21 18:18:31 MYHOST named[1480]: unapproved update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com where "clientdomain.com" - is one of the local domains, and apparently the quering host is in that domain (i.e. strangehost.clientdomain.com), and is physically on the same segment of the network (XXX.XXX.XXX), and on the same internal (Ethernet) network. This message appears twice or four times at once, and each such group is spaced from each other by 1-2 to 10 minutes. Unfortunately currently I have no access to that box, and all I know that it's running Windows (2000?). I am sure it does not have MYHOST in any of the configurations. Questions: 1. What those requests mean ? 2. What are the possible reasons for them ? 3. How did [could ?] that host discover the DNS running, except for by scanning all local hosts ? Why would it do that ? I know that there exists some trojan that sends some strange queries to DNS servers, basically scanning some networks, but it is somewhat different here. Any ideas what all this could be ? Or is it just Windows 2000 strangeness ? If so, is there is any way to get rid of those annoying messages ? Thanks, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 22: 9:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 0599137B424 for ; Wed, 23 Aug 2000 22:09:11 -0700 (PDT) Received: (qmail 14097 invoked by uid 1000); 23 Aug 2000 17:10:03 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Aug 2000 17:10:03 -0000 Date: Wed, 23 Aug 2000 12:10:03 -0500 (CDT) From: Mike Silbersack To: Kris Kennaway Cc: Wes Peters , Christian Jacken , security@FreeBSD.ORG Subject: Re: Which version of FreeBSD to choose / secure shell / OpenBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 23 Aug 2000, Kris Kennaway wrote: > On Wed, 23 Aug 2000, Mike Silbersack wrote: > > No, only if you use the SSH1 protocol, which relies on RSA keys. DSA keys > work fine in SSH2 and have no patent baggage. > > Kris Good point, I had forgotten about that aspect of ssh2. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 22:12:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210]) by hub.freebsd.org (Postfix) with ESMTP id F082D37B42C for ; Wed, 23 Aug 2000 22:12:43 -0700 (PDT) Received: from forge (www.kpi.com.au [203.39.132.210]) by www.kpi.com.au (8.9.3/8.9.3) with SMTP id PAA11609; Thu, 24 Aug 2000 15:16:34 +1000 (EST) (envelope-from shevlandj@kpi.com.au) From: "Joe Shevland" To: "Igor Roshchin" , Subject: RE: named -- unapproved update (?) Date: Thu, 24 Aug 2000 15:18:03 +1000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <200008240457.AAA03676@giganda.komkon.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm out of my depth here to answer all your questions, but 1) Win2K has = a 'feature' to automatically update the DNS with its information which = may be what you're seeing. I see a lot of 'microsoft-ds' packets = floating around anyway from the Win2K boxes. I can't fathom what an = abortion of a feature this is. 3) I'm not sure, I suspect a broadcast UDP request (??) and finally, yes, I believe you can turn this behaviour off in the LAN = settings (uncheck the 'Register this connections details in the DNS' = checkbox in your Control Panel->Network Settings->LAN->TCP/IP->Advanced = settings. Keen to know more on this also, Joe > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Igor Roshchin > Sent: Thursday, August 24, 2000 2:58 PM > To: security@FreeBSD.ORG > Subject: named -- unapproved update (?) >=20 >=20 >=20 > Hello! >=20 > I recently started a named server on one of the computers. > This server is not announced as a primary or secondary DNS server > for any of domains, nor it is listed in /etc/resolv.conf > of any computer (besides the computer it's running on). >=20 > Immediately, I started seeing a message: > Aug 21 18:18:31 MYHOST named[1480]: unapproved=20 > update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com > where "clientdomain.com" - is one of the local domains, and=20 > apparently the quering host is > in that domain (i.e. strangehost.clientdomain.com), and is=20 > physically on the same segment of the network (XXX.XXX.XXX), > and on the same internal (Ethernet) network. > This message appears twice or four times at once, and each such group > is spaced from each other by 1-2 to 10 minutes. >=20 > Unfortunately currently I have no access to that box, and all I=20 > know that it's > running Windows (2000?). I am sure it does not have MYHOST in any of = the=20 > configurations. >=20 > Questions: > 1. What those requests mean ? > 2. What are the possible reasons for them ? > 3. How did [could ?] that host discover the DNS running, > except for by scanning all local hosts ? Why would it do that ? > I know that there exists some trojan that sends some strange queries > to DNS servers, basically scanning some networks, but it is somewhat > different here. > Any ideas what all this could be ? > Or is it just Windows 2000 strangeness ? If so, is there is any > way to get rid of those annoying messages ? >=20 > Thanks, >=20 > Igor >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Aug 23 22:17: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by hub.freebsd.org (Postfix) with ESMTP id BA31037B424 for ; Wed, 23 Aug 2000 22:17:02 -0700 (PDT) Received: from craigc (ip133.gte8.rb1.bel.nwlink.com [209.20.237.133]) by smtp.nwlink.com (8.9.3/8.9.1) with SMTP id WAA29409; Wed, 23 Aug 2000 22:16:50 -0700 (PDT) Message-ID: <0ef801c00d8c$468ea570$0201010a@craigc> From: "Craig Critchley" To: "Igor Roshchin" , References: <200008240457.AAA03676@giganda.komkon.org> Subject: Re: named -- unapproved update (?) Date: Wed, 23 Aug 2000 22:29:29 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If it is indeed Windows 2000 machine with Active Directory Service stuff going on it, it is trying to do a dynamic DNS update. Basically it wants to add its name and IP to the zone its configured to be in. ADS will do this to any DNS it is configured to query, and it won't give up. This is a Microsoft misfeature. It can be turned off by a registry entry, but there is no UI for it - look in MS's knowledge base (I'm sorry that I don't ahve the details immediately available.) Or have them get rid of ADS entirely. How exactly it found your machine to update is not clear to me. Perhaps it is broadcasting to the subnet. I don't pretend to understand Active Directory Service, all I've done is turn it off once or twice. ...Craig ----- Original Message ----- From: "Igor Roshchin" To: Sent: Wednesday, August 23, 2000 9:57 PM Subject: named -- unapproved update (?) > > Hello! > > I recently started a named server on one of the computers. > This server is not announced as a primary or secondary DNS server > for any of domains, nor it is listed in /etc/resolv.conf > of any computer (besides the computer it's running on). > > Immediately, I started seeing a message: > Aug 21 18:18:31 MYHOST named[1480]: unapproved update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com > where "clientdomain.com" - is one of the local domains, and apparently the quering host is > in that domain (i.e. strangehost.clientdomain.com), and is > physically on the same segment of the network (XXX.XXX.XXX), > and on the same internal (Ethernet) network. > This message appears twice or four times at once, and each such group > is spaced from each other by 1-2 to 10 minutes. > > Unfortunately currently I have no access to that box, and all I know that it's > running Windows (2000?). I am sure it does not have MYHOST in any of the > configurations. > > Questions: > 1. What those requests mean ? > 2. What are the possible reasons for them ? > 3. How did [could ?] that host discover the DNS running, > except for by scanning all local hosts ? Why would it do that ? > I know that there exists some trojan that sends some strange queries > to DNS servers, basically scanning some networks, but it is somewhat > different here. > Any ideas what all this could be ? > Or is it just Windows 2000 strangeness ? If so, is there is any > way to get rid of those annoying messages ? > > Thanks, > > Igor > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 0:54:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from plum.flirble.org (plum.flirble.org [195.40.6.20]) by hub.freebsd.org (Postfix) with ESMTP id 7C56237B424 for ; Thu, 24 Aug 2000 00:54:33 -0700 (PDT) Received: from scot (helo=localhost) by plum.flirble.org with local-esmtp (Exim 3.12 #5) id 13RrqA-000Lxc-00; Thu, 24 Aug 2000 08:54:22 +0100 Date: Thu, 24 Aug 2000 08:54:22 +0100 (BST) From: scot@poptart.org X-Sender: scot@plum.flirble.org To: Igor Roshchin Cc: security@freebsd.org Subject: Re: named -- unapproved update (?) In-Reply-To: <200008240457.AAA03676@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yeah - I had the same thing when I installed a Win2K server. It tried to poke SVR entries at the primary NS for the zone that corresponds to it's domain, for stuff like the domain's active directory and Kerberos hosts. That's why it checks name servers during install and usually wants to become a master that zone. We've moved our Win2K servers into a subdomain that we allow updates to (eg. win2k.my.domain) which fixed everything.. Hope that helps Scot On Thu, 24 Aug 2000, Igor Roshchin wrote: > > Hello! > > I recently started a named server on one of the computers. > This server is not announced as a primary or secondary DNS server > for any of domains, nor it is listed in /etc/resolv.conf > of any computer (besides the computer it's running on). > > Immediately, I started seeing a message: > Aug 21 18:18:31 MYHOST named[1480]: unapproved update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com > where "clientdomain.com" - is one of the local domains, and apparently the quering host is > in that domain (i.e. strangehost.clientdomain.com), and is > physically on the same segment of the network (XXX.XXX.XXX), > and on the same internal (Ethernet) network. > This message appears twice or four times at once, and each such group > is spaced from each other by 1-2 to 10 minutes. > > Unfortunately currently I have no access to that box, and all I know that it's > running Windows (2000?). I am sure it does not have MYHOST in any of the > configurations. > > Questions: > 1. What those requests mean ? > 2. What are the possible reasons for them ? > 3. How did [could ?] that host discover the DNS running, > except for by scanning all local hosts ? Why would it do that ? > I know that there exists some trojan that sends some strange queries > to DNS servers, basically scanning some networks, but it is somewhat > different here. > Any ideas what all this could be ? > Or is it just Windows 2000 strangeness ? If so, is there is any > way to get rid of those annoying messages ? > > Thanks, > > Igor > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 1:26:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.malawi.net (mail.malawi.net [208.148.169.7]) by hub.freebsd.org (Postfix) with ESMTP id 2C8E137B422 for ; Thu, 24 Aug 2000 01:26:29 -0700 (PDT) Received: from Sysanalyst ([208.148.168.141]) by mail.malawi.net (8.10.0/8.10.0) with SMTP id e7OARbu08125 for ; Thu, 24 Aug 2000 12:27:38 +0200 (CAT) Message-ID: <011d01c00da4$ae786fa0$8da894d0@Sysanalyst.galaxy> Reply-To: "Kondie" From: "Kondie" To: Subject: Help on kerberos, ssh Date: Thu, 24 Aug 2000 10:24:09 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_011A_01C00DB5.705600A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_011A_01C00DB5.705600A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I am rather new to Unix systems administration. I am running a FreeBSD = server and would very much appreciate any assistance on how kerberos and = ssh work and what I would risk if I implement them on my system. I have = read FreeBSD security handbook on kerberos and the man pages, but they = seem to only point at how to use them, and not exactly what they are = about. Regards, Kondwani. ------=_NextPart_000_011A_01C00DB5.705600A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

I am rather new to Unix systems administration. I am = running a=20 FreeBSD server and would very much appreciate any assistance on how = kerberos and=20 ssh work and what I would risk if I implement them on my system. I have = read=20 FreeBSD security handbook on kerberos and the man pages, but they seem = to only=20 point at how to use them, and not exactly what they are = about.

Regards,

Kondwani.

------=_NextPart_000_011A_01C00DB5.705600A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 2:24:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from plum.flirble.org (plum.flirble.org [195.40.6.20]) by hub.freebsd.org (Postfix) with ESMTP id 421C637B423 for ; Thu, 24 Aug 2000 02:24:53 -0700 (PDT) Received: from scot (helo=localhost) by plum.flirble.org with local-esmtp (Exim 3.12 #5) id 13RtFi-000Mte-00; Thu, 24 Aug 2000 10:24:50 +0100 Date: Thu, 24 Aug 2000 10:24:50 +0100 (BST) From: scot@poptart.org X-Sender: scot@plum.flirble.org To: Kondie Cc: freebsd-security@FreeBSD.org Subject: Re: Help on kerberos, ssh In-Reply-To: <011d01c00da4$ae786fa0$8da894d0@Sysanalyst.galaxy> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We've just implemented Kerberos V internally and are very pleased with it - we replaced Sun's NIS+ with a mixture of Kerberos and standard NIS (the NIS password maps have "*" as the password field). But - it's not a simple concept and the documentation isn't all that great - I'd recoment you get hold of "Kerberos : A network authentication system" by Brian Tung if you want to go this way. Kerberos works by way of shared secrets - all the servers that provide services share a key with the KDC (which authenticates users and provides tickets to services), - so that they can talk securely - as do you the user (your password) and the KDC. This is different to the SSH model which is public key based and doesn't require the administrator to distribute shared keys amongst machines. We use a version of SSH compiled with Kerberos support - which just adds another way for the SSH server to know it's really you trying to login (as opposed to RSA or password authentication). Kerberos allows verification for the user that the machine he's requesting a service from really is that machine and not someone impersonating the machine. SSH allows this only after the first time you've talked to the machine (the known_hosts feature) - but this isn't an enterprise wide thing. In short, I'd say the Kerberos is best for medium to large organisations that have a lot of machines and users - and SSH is good for communicating with hosts that aren't in your enterprise. Hope that helps... Scot On Thu, 24 Aug 2000, Kondie wrote: > Hello, > > I am rather new to Unix systems administration. I am running a FreeBSD > server and would very much appreciate any assistance on how kerberos > and ssh work and what I would risk if I implement them on my system. I > have read FreeBSD security handbook on kerberos and the man pages, but > they seem to only point at how to use them, and not exactly what they > are about. > > Regards, > > Kondwani. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 4:27:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail1.enter.net (mail1.enter.net [63.65.0.21]) by hub.freebsd.org (Postfix) with ESMTP id 6BBA837B423 for ; Thu, 24 Aug 2000 04:27:40 -0700 (PDT) Received: from enter.net (adjmp.enter.net [63.94.128.130]) by mail1.enter.net (8.11.0/8.11.0) with ESMTP id e7OBRcR07609 for ; Thu, 24 Aug 2000 07:27:38 -0400 Message-ID: <39A506AA.75FD8B51@enter.net> Date: Thu, 24 Aug 2000 07:27:38 -0400 From: Daniel Hauer X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-9mdk i586) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: How to apply patches? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I am about to participate in the implementation of several production servers running FreeBSD 4.1. I am familiar with FreeBSD, having used it personally for several years, however, I have always applied patches by cvsuping sources and recompiling. This will not be possible in this enviroment, however, as recompiling the the entire source will clobber several custom compiled programs/daemons on these servers. Is there a link or site with a "how-to" on how to apply for example, kernel patches, as I hear there may be one coming for this supposed attack on Yahoo? If there is no site, could someone out there give me a quick and dirty tutorial. We do also have several people in our shop that do know C and C++ so if I don't understand it, they will. Thank you in advance. -- Regards, Daniel Hauer. http://www.enter.net "The Road To The Internet Starts There!" *************************************************************************** Windoze is for GAMES, UNIX is for the rest of us. UNIX is like the sights on a loaded gun. If you aim the gun at your foot and pull the trigger, it is the basic function of UNIX to accurately deliver the bullet from the gun to the target. In this case, it's your foot. *************************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 6:17: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from altair.net-resource.com (mail.polyphemus.org [216.204.7.252]) by hub.freebsd.org (Postfix) with SMTP id 4E3D237B422 for ; Thu, 24 Aug 2000 06:16:58 -0700 (PDT) Received: (qmail 19932 invoked from network); 24 Aug 2000 13:16:50 -0000 Received: from gauss.lightship.net (HELO nrmail.com) (216.204.1.222) by mail.polyphemus.org with SMTP; 24 Aug 2000 13:16:50 -0000 Message-ID: <39A52041.B83D3C64@nrmail.com> Date: Thu, 24 Aug 2000 09:16:49 -0400 From: Bill Munger X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i686) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: Re: after "make world" Content-Type: multipart/mixed; boundary="------------55FAC5B90003E9E80A9620C1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. --------------55FAC5B90003E9E80A9620C1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Keep in mind that by doing this kind of thing you are crippling an important part of intrusion detection, i.e. a tripwire-esque filesystem checker to alert you of funky stuff going on with your systems. It's better to be forced to reload a damaged system from media than to be unaware of a compromised machine or one under attack. A machine should be hardened against attack (whether from remote or local sources), but should be permissive enough that once compromised, the admins are immediately made aware of the problem. Eric Brueggmann wrote: > > Hello, > > I try to keep my box up to date, and cvsup every week or so with > cron. And make install world when ever there is a security alert. My > question to the list is: What kind of scripts do shell server admins use > after they make world? This question is in regaurds to permissions, suid, > sgid, etc.. Do you upgrade often enough to even warrent a script like > this? Below is a little script, of some of the stuff that I have > collected over the past couple of weeks. Am I missing something? > > Thanks for the help, > Eric Brueggmann > Hobbiest > > P.S. Sorry for posting to 2 lists, I thought it pertained to both of `em. > I know my spelling sucks.. > > =============================================================================== > > #!/bin/sh > > # Run this after a make world, for better security. > > chflags noschg /bin/* > chflags noschg /usr/bin/* > chflags noschg /sbin/* > chflags noschg /usr/sbin/* > chflags noschg /bin ; chflags noschg /sbin > chflags noschg /usr/bin ; chflags noschg /usr/sbin > cd /var/log; chmod g-w,o-r * ; chmod a+r wtmp > > etc ... --------------55FAC5B90003E9E80A9620C1 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mozilla-Status2: 00000000 Message-ID: <39A51EE4.365078ED@nrmail.com> Date: Thu, 24 Aug 2000 09:11:00 -0400 From: Bill Munger X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i686) X-Accept-Language: en MIME-Version: 1.0 To: Eric Brueggmann Subject: Re: after "make world" References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Keep in mind that by doing this kind of thing you are crippling an important part of intrusion detection, i.e. a tripwire-esque filesystem checker to alert you of funky stuff going on with your systems. It's better to be forced to reload a damaged system from media than to be unaware of a compromised machine or one under attack. A machine should be hardened against attack (whether from remote or local sources), but should be permissive enough that once compromised, the admins are immediately made aware of the problem. Eric Brueggmann wrote: > > Hello, > > I try to keep my box up to date, and cvsup every week or so with > cron. And make install world when ever there is a security alert. My > question to the list is: What kind of scripts do shell server admins use > after they make world? This question is in regaurds to permissions, suid, > sgid, etc.. Do you upgrade often enough to even warrent a script like > this? Below is a little script, of some of the stuff that I have > collected over the past couple of weeks. Am I missing something? > > Thanks for the help, > Eric Brueggmann > Hobbiest > > P.S. Sorry for posting to 2 lists, I thought it pertained to both of `em. > I know my spelling sucks.. > > =============================================================================== > > #!/bin/sh > > # Run this after a make world, for better security. > > chflags noschg /bin/* > chflags noschg /usr/bin/* > chflags noschg /sbin/* > chflags noschg /usr/sbin/* > chflags noschg /bin ; chflags noschg /sbin > chflags noschg /usr/bin ; chflags noschg /usr/sbin > cd /var/log; chmod g-w,o-r * ; chmod a+r wtmp > > echo "Edit /etc/rc.conf and change the kernellevel to 2" > > for i in ` find / -type f -perm -2000 | egrep -wv "lockfile" ` ; do chmod g-s $i ; done > > for i in ` find / -type f -perm -4000 | egrep -wv "man|login|passwd|su|ssh|sendmail|procmail|sudo|mail.local" ` ; do chmod u-s $i ; done > > for i in ` find / -type d -perm -002 | egrep -v "tmp" ` ; do chmod o-w $i ; done > > chmod 700 /root > # cd to /home and chmod 700 every directory except "apache|newuser|ftp|?????" > > chflags schg /bin/* > chflags schg /usr/bin/* > chflags schg /sbin/* > chflags schg /usr/sbin/* > chflags schg /bin ; chflags schg /sbin > chflags schg /usr/bin ; chflags schg /usr/sbin > > # > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --------------55FAC5B90003E9E80A9620C1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 7: 0:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-002.npt-sdsl.stargate.net [208.223.229.2]) by hub.freebsd.org (Postfix) with ESMTP id D576D37B42C for ; Thu, 24 Aug 2000 07:00:10 -0700 (PDT) Received: from w2xo.w2xo.pgh.pa.us (w2xo.w2xo.pgh.pa.us [192.168.5.1]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id OAA57254 for ; Thu, 24 Aug 2000 14:00:09 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Thu, 24 Aug 2000 14:00:09 +0000 (GMT) From: Jim Durham To: freebsd-security@freebsd.org Subject: mpd-netgraph buffer errors Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am trying out mpd-netgraph for a pptp server on 4.1-RELEASE. On the first try, using my laptop here at work on the LAN, it worked right away. Taking the laptop home for a "real test", I got the following error messages from the mpd daemon, and it failed to work. [pptp] error writing len 27 frame to bypass: No buffer space available Taking the laptop back to work today and trying it again from here, I get the same error. Scanning the mail archives, I see another instance of a fellow having the same sort of thing...worked the first time..then didn't work any more. Anyone here had experience with this? Thanks, Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 7:27:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from wolf.vailsys.com (ns2.l3.vailsys.com [209.247.226.202]) by hub.freebsd.org (Postfix) with ESMTP id 2C95A37B424 for ; Thu, 24 Aug 2000 07:27:46 -0700 (PDT) Received: from gator.vail (gator.vail [192.168.128.53]) by wolf.vailsys.com (8.9.3/8.9.3) with ESMTP id JAA05595; Thu, 24 Aug 2000 09:27:40 -0500 (CDT) (envelope-from daniel@vailsys.com) Received: from vailsys.com (inspiron.w3n.net [209.247.226.250] (may be forged)) by gator.vail (8.9.3/8.9.0) with ESMTP id JAA15086; Thu, 24 Aug 2000 09:27:38 -0500 (CDT) Message-ID: <39A53366.B95EAEFD@vailsys.com> Date: Thu, 24 Aug 2000 09:38:30 -0500 From: Dan Riley X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14-15mdk i686) X-Accept-Language: en MIME-Version: 1.0 To: scot@poptart.org Cc: Igor Roshchin , security@FreeBSD.ORG Subject: Re: named -- unapproved update (?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org scot@poptart.org wrote: > > Yeah - I had the same thing when I installed a Win2K server. [ snip ] > > Immediately, I started seeing a message: > > Aug 21 18:18:31 MYHOST named[1480]: unapproved update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com [ snip ] > > Questions: > > 1. What those requests mean ? > > 2. What are the possible reasons for them ? > > 3. How did [could ?] that host discover the DNS running, Our Win2k hosts when running as dhcp clients were all doing the same exact thing. There is an option in the dhcp client configuration to disable this behavior. HTH Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 8:14:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 00B3337B424 for ; Thu, 24 Aug 2000 08:14:49 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id LAA59454; Thu, 24 Aug 2000 11:14:46 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <200008240457.AAA03676@giganda.komkon.org> References: <200008240457.AAA03676@giganda.komkon.org> Date: Thu, 24 Aug 2000 11:15:33 -0400 To: Igor Roshchin , security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: named -- unapproved update (?) Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:57 AM -0400 8/24/00, Igor Roshchin wrote: >Immediately, I started seeing a message: >Aug 21 18:18:31 MYHOST named[1480]: > unapproved update from [XXX.XXX.XXX.NNN].4110 for clientdomain.com >where "clientdomain.com" - is one of the local domains, >and apparently the quering host is in that domain... > >Unfortunately currently I have no access to that box, and >all I know that it's running Windows (2000?). I am sure it >does not have MYHOST in any of the configurations. > >Questions: >1. What those requests mean ? >2. What are the possible reasons for them ? With Win2k, microsoft uses DNS for a number of things. Part of this is that each win2k client will, BY DEFAULT, want to do dynamic DNS updates of whatever DNS server it feels is the right one to register with. >3. How did [could ?] that host discover the DNS running, > except for by scanning all local hosts ? Why would it > do that ? That's a good question, I don't know. It should be discovering it via dhcp. How does that win2k machine get it's IP config? >Or is it just Windows 2000 strangeness ? If so, is there is >any way to get rid of those annoying messages ? There is an option hidden away in the control panels. During install it's in the 'advanced options' part of the tcp/ip config. After install, you have to go into: Control Panels/ Network & Dialup Connections/ Local Area Connection Then click on the 'Properties' button, Then select "Internet Protocols (TCP/IP), Then click on "Properties", Then click on "Advanced" Then click on the tab setting for "DNS", And at the bottom of the dialog window you'll see a checkbox for the "Register this connection's addresses in DNS" option. You want that checkbox to be off. Simple, isn't it? --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 10: 5: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.telemere.net (mail.telemere.net [63.224.9.4]) by hub.freebsd.org (Postfix) with ESMTP id C03AE37B422 for ; Thu, 24 Aug 2000 10:05:00 -0700 (PDT) Received: by mail.telemere.net (Postfix, from userid 1001) id 3582620F01; Thu, 24 Aug 2000 12:08:06 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by mail.telemere.net (Postfix) with ESMTP id 333B51D101; Thu, 24 Aug 2000 12:08:06 -0500 (CDT) Date: Thu, 24 Aug 2000 12:07:59 -0500 (CDT) From: Visigoth To: Daniel Hauer Cc: freebsd-security@freebsd.org Subject: Re: How to apply patches? In-Reply-To: <39A506AA.75FD8B51@enter.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You may want to look into customizing your /etc/cvsupfile a little bit to get what you want. CVSup is capable of only updateing certain portions of your source ex. *default host=cvsup5.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs *default tag=RELENG_4 *default delete use-rel-suffix src-sys *default tag=. ports-all doc-all < end cvsupfile > This cvsupfile will only update the source for your kernel, you can also select other individual portions of the OS as your project allows... Have fun... ;) Damieon Stark Sr. Unix Systems Administrator visigoth@telemere.net PGP Public Key: www.telemere.net/~visigoth/visigoth.asc ____________________________________________________________________________ | M$ -Where do you want to go today? | Linux -Where do you want to go tomorrow?| FreeBSD - The POWER to serve Freebsd -Are you guys coming or what? | http://www.freebsd.org | | - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOaVIYznmC/+RTnGeEQJwXACdGuG6qeHcsaU5cWXRK45NYd4QtUQAoMxA B4Nuk+rIDlVgUyKV/xgoMrNs =ZxN4 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 10:15:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id CF0C537B423 for ; Thu, 24 Aug 2000 10:15:24 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id RAA17423; Thu, 24 Aug 2000 17:10:52 GMT Date: Thu, 24 Aug 2000 17:10:51 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Visigoth Cc: Daniel Hauer , freebsd-security@FreeBSD.ORG Subject: SSH problem ??? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear All, I have set a small network that is composed of two machines that are communicating through a router. I installed ssh in the two machines and it was working well. but when the IPaddresses of the two machines changed, I could not use ssh btw these two machines, itgives authentication error. Does anybody know why? if yes? how do I tackle the problem ? Ali. On Thu, 24 Aug 2000, Visigoth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > You may want to look into customizing your /etc/cvsupfile a little > bit to get what you want. CVSup is capable of only updateing certain > portions of your source ex. > > > > *default host=cvsup5.FreeBSD.org > *default base=/usr > *default prefix=/usr > *default release=cvs > *default tag=RELENG_4 > *default delete use-rel-suffix > > src-sys > > *default tag=. > ports-all > doc-all > < end cvsupfile > > > This cvsupfile will only update the source for your kernel, you can also > select other individual portions of the OS as your project allows... > > Have fun... ;) > > Damieon Stark > Sr. Unix Systems Administrator > visigoth@telemere.net > > PGP Public Key: www.telemere.net/~visigoth/visigoth.asc > > ____________________________________________________________________________ > | > M$ -Where do you want to go today? | > Linux -Where do you want to go tomorrow?| FreeBSD - The POWER to serve > Freebsd -Are you guys coming or what? | http://www.freebsd.org > | > | > - ---------------------------------------------------------------------------- > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.1i > > iQA/AwUBOaVIYznmC/+RTnGeEQJwXACdGuG6qeHcsaU5cWXRK45NYd4QtUQAoMxA > B4Nuk+rIDlVgUyKV/xgoMrNs > =ZxN4 > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 10:38:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from exchange.lightrealm.com (exchange.lightrealm.com [216.122.95.4]) by hub.freebsd.org (Postfix) with ESMTP id 5251A37B43F for ; Thu, 24 Aug 2000 10:38:22 -0700 (PDT) Received: by EXCHANGE with Internet Mail Service (5.5.2650.21) id ; Thu, 24 Aug 2000 10:46:16 -0700 Message-ID: From: Rush Carskadden To: 'Ali Alaoui El Hassani' <961BE653994@stud.alakhawayn.ma>, Visigoth Cc: Daniel Hauer , freebsd-security@FreeBSD.ORG Subject: RE: SSH problem ??? Date: Thu, 24 Aug 2000 10:46:13 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ali Alaoui El Hassani, It depends on what the error is. If the error says "WARNING: HOST IDENTIFICATION HAS CHANGED! IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!", then the key information for the machines has gotten mixed up. It is best to remove the keys for the affected hosts from your hosts list. If that is not the error, please reply with what the error is. It is also possible that you have some DNS related problems. ok, Rush Carskadden -----Original Message----- From: Ali Alaoui El Hassani [mailto:961BE653994@stud.alakhawayn.ma] Sent: Thursday, August 24, 2000 10:11 AM To: Visigoth Cc: Daniel Hauer; freebsd-security@FreeBSD.ORG Subject: SSH problem ??? Dear All, I have set a small network that is composed of two machines that are communicating through a router. I installed ssh in the two machines and it was working well. but when the IPaddresses of the two machines changed, I could not use ssh btw these two machines, itgives authentication error. Does anybody know why? if yes? how do I tackle the problem ? Ali. On Thu, 24 Aug 2000, Visigoth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > You may want to look into customizing your /etc/cvsupfile a little > bit to get what you want. CVSup is capable of only updateing certain > portions of your source ex. > > > > *default host=cvsup5.FreeBSD.org > *default base=/usr > *default prefix=/usr > *default release=cvs > *default tag=RELENG_4 > *default delete use-rel-suffix > > src-sys > > *default tag=. > ports-all > doc-all > < end cvsupfile > > > This cvsupfile will only update the source for your kernel, you can also > select other individual portions of the OS as your project allows... > > Have fun... ;) > > Damieon Stark > Sr. Unix Systems Administrator > visigoth@telemere.net > > PGP Public Key: www.telemere.net/~visigoth/visigoth.asc > > ____________________________________________________________________________ > | > M$ -Where do you want to go today? | > Linux -Where do you want to go tomorrow?| FreeBSD - The POWER to serve > Freebsd -Are you guys coming or what? | http://www.freebsd.org > | > | > - ---------------------------------------------------------------------------- > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.1i > > iQA/AwUBOaVIYznmC/+RTnGeEQJwXACdGuG6qeHcsaU5cWXRK45NYd4QtUQAoMxA > B4Nuk+rIDlVgUyKV/xgoMrNs > =ZxN4 > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 11:21:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 782B937B424 for ; Thu, 24 Aug 2000 11:21:20 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id SAA17650; Thu, 24 Aug 2000 18:16:52 GMT Date: Thu, 24 Aug 2000 18:16:51 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Rush Carskadden Cc: Visigoth , Daniel Hauer , freebsd-security@FreeBSD.ORG Subject: RE: SSH problem ??? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I thank you for your reply. the error is Disconnected, authentication error no further authentication methods available. Best Regards, Ali. On Thu, 24 Aug 2000, Rush Carskadden wrote: > Ali Alaoui El Hassani, > It depends on what the error is. If the error says "WARNING: HOST > IDENTIFICATION HAS CHANGED! IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING > NASTY!", then the key information for the machines has gotten mixed up. It > is best to remove the keys for the affected hosts from your hosts list. If > that is not the error, please reply with what the error is. It is also > possible that you have some DNS related problems. > > ok, > Rush Carskadden > > > -----Original Message----- > From: Ali Alaoui El Hassani [mailto:961BE653994@stud.alakhawayn.ma] > Sent: Thursday, August 24, 2000 10:11 AM > To: Visigoth > Cc: Daniel Hauer; freebsd-security@FreeBSD.ORG > Subject: SSH problem ??? > > > Dear All, > I have set a small network that is composed of two machines that are > communicating through a router. I installed ssh in the two machines and > it was working well. but when the IPaddresses of the two machines changed, > I could not use ssh btw these two machines, itgives authentication error. > Does anybody know why? > if yes? how do I tackle the problem ? > Ali. > > > > > > > On Thu, 24 Aug 2000, Visigoth wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > > > You may want to look into customizing your /etc/cvsupfile a little > > bit to get what you want. CVSup is capable of only updateing certain > > portions of your source ex. > > > > > > > > *default host=cvsup5.FreeBSD.org > > *default base=/usr > > *default prefix=/usr > > *default release=cvs > > *default tag=RELENG_4 > > *default delete use-rel-suffix > > > > src-sys > > > > *default tag=. > > ports-all > > doc-all > > < end cvsupfile > > > > > This cvsupfile will only update the source for your kernel, you can also > > select other individual portions of the OS as your project allows... > > > > Have fun... ;) > > > > Damieon Stark > > Sr. Unix Systems Administrator > > visigoth@telemere.net > > > > PGP Public Key: www.telemere.net/~visigoth/visigoth.asc > > > > > ____________________________________________________________________________ > > | > > M$ -Where do you want to go today? | > > Linux -Where do you want to go tomorrow?| FreeBSD - The POWER to serve > > Freebsd -Are you guys coming or what? | http://www.freebsd.org > > | > > | > > - > ---------------------------------------------------------------------------- > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 6.5.1i > > > > iQA/AwUBOaVIYznmC/+RTnGeEQJwXACdGuG6qeHcsaU5cWXRK45NYd4QtUQAoMxA > > B4Nuk+rIDlVgUyKV/xgoMrNs > > =ZxN4 > > -----END PGP SIGNATURE----- > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 12:28:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.workofstone.net (w121.z208177130.sjc-ca.dsl.cnc.net [208.177.130.121]) by hub.freebsd.org (Postfix) with ESMTP id 44E5137B424 for ; Thu, 24 Aug 2000 12:28:53 -0700 (PDT) Received: from timberwolf (w126.z064001106.sjc-ca.dsl.cnc.net [64.1.106.126]) by mail.workofstone.net (8.9.3/8.9.3) with ESMTP id MAA19313; Thu, 24 Aug 2000 12:28:09 -0700 (PDT) Message-Id: <200008241928.MAA19313@mail.workofstone.net> To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Cc: Visigoth , Daniel Hauer , freebsd-security@FreeBSD.ORG Subject: Re: SSH problem ??? Reply-To: "Sean J. Schluntz" In-Reply-To: Your message of "Thu, 24 Aug 2000 18:16:51 -0000." Date: Thu, 24 Aug 2000 12:23:47 -0700 From: schluntz@timberwolf.workofstone.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Ali Alaoui El Hassani writes: >Dear Sir, >I thank you for your reply. >the error is Disconnected, authentication error no further authentication >methods available. Actually, that error means exactially what it says, you have run out of authentication methods. The sshd server has looked at the methods your have setup in your sshd(2)_config file and has not been able to ok all of the ones you have picked. if your "RequiredAuthentications" is set to publickey and you don't have your public key on the system you will get this error. if your "RequiredAuthentications" is set to publickey,password and you don't have your public key on the system, but you do give it your correct password you will still get the error because it was not able to authenticate _all_ of the _required_ methods. Same goes if you have hostbased set but arn't coming from a host you have setup as authorized. -Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 12:42:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 89D1C37B422 for ; Thu, 24 Aug 2000 12:42:07 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id TAA17898; Thu, 24 Aug 2000 19:37:39 GMT Date: Thu, 24 Aug 2000 19:37:39 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: "Sean J. Schluntz" Cc: Visigoth , Daniel Hauer , freebsd-security@FreeBSD.ORG Subject: Re: SSH problem ??? In-Reply-To: <200008241928.MAA19313@mail.workofstone.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I thank you for your help. Ali. On Thu, 24 Aug 2000 schluntz@timberwolf.workofstone.net wrote: > > In message , Ali > Alaoui El Hassani writes: > >Dear Sir, > >I thank you for your reply. > >the error is Disconnected, authentication error no further authentication > >methods available. > > Actually, that error means exactially what it says, you have run out of > authentication methods. The sshd server has looked at the methods your > have setup in your sshd(2)_config file and has not been able to ok all > of the ones you have picked. > > if your "RequiredAuthentications" is set to publickey and you don't have > your public key on the system you will get this error. > > if your "RequiredAuthentications" is set to publickey,password and you don't > have your public key on the system, but you do give it your correct > password you will still get the error because it was not able to authenticate > _all_ of the _required_ methods. Same goes if you have hostbased set but > arn't coming from a host you have setup as authorized. > > -Sean > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 13: 1:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (ipl-229-002.npt-sdsl.stargate.net [208.223.229.2]) by hub.freebsd.org (Postfix) with ESMTP id 4C3F237B423 for ; Thu, 24 Aug 2000 13:01:17 -0700 (PDT) Received: from w2xo.w2xo.pgh.pa.us (w2xo.w2xo.pgh.pa.us [192.168.5.1]) by w2xo.pgh.pa.us (8.9.3/8.9.3) with ESMTP id UAA58291; Thu, 24 Aug 2000 20:00:27 GMT (envelope-from durham@w2xo.pgh.pa.us) Date: Thu, 24 Aug 2000 20:00:27 +0000 (GMT) From: Jim Durham To: "Christopher T. Griffiths" Cc: security@FreeBSD.ORG Subject: Re: mpd-netgraph buffer errors In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 24 Aug 2000, Christopher T. Griffiths wrote: > I was having the same issue with mpd. If anyone has a workaround please > let me know. > > Same setup and situation as below. > > Thanks > > Chris > > On Thu, 24 Aug 2000, Jim Durham wrote: > > > I am trying out mpd-netgraph for a pptp server on 4.1-RELEASE. > > > > On the first try, using my laptop here at work on the LAN, it > > worked right away. > > > > Taking the laptop home for a "real test", I got the following > > error messages from the mpd daemon, and it failed to work. > > > > [pptp] error writing len 27 frame to bypass: No buffer space available I am e-mailing back and forth with Archie, the maintainer of the port, and he says to ignore the error. It's not what's causing the problem I my case, it involves going through address translation. If I connect directly to the server on the inside NIC, it works with the same config files. Coming in through the NATD bombs. -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 13: 4:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id C8C4837B422 for ; Thu, 24 Aug 2000 13:04:22 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 24 Aug 2000 13:03:15 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id NAA59257; Thu, 24 Aug 2000 13:04:21 -0700 (PDT) (envelope-from cjc) Date: Thu, 24 Aug 2000 13:04:21 -0700 From: "Crist J . Clark" To: "David G. Andersen" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Blackhat Firewall-1 Codes Message-ID: <20000824130421.A59226@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20000822233432.K28027@149.211.6.64.reflexcom.com> <200008230639.AAA04483@faith.cs.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200008230639.AAA04483@faith.cs.utah.edu>; from dga@pobox.com on Wed, Aug 23, 2000 at 12:39:52AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Aug 23, 2000 at 12:39:52AM -0600, David G. Andersen wrote: > Without looking at all at the code, but speaking from having ported > numerous of these things to FreeBSD, I'll hazard a few guesses: > > - differing levels of "rawness" between BSD and Linux; > BSD raw sockets perform an htons() on the ip_len, ip_off, > and ip_tos fields. > > - set sin_len in your struct sockaddr_in; not all systems > have this field. > > - set IP_HDRINCLUDE and other friends when opening the raw socket, > if they're not already. > > Happy porting. Hmmm.. Is this just FreeBSD as opposed to a *BSD thing? The authors claim the codes were "developed and tested on OpenBSD and Linux." > Lo and behold, Crist J . Clark once said: > > > > > > I have been trying to get the 'fw1tun' codes to run under FreeBSD. I > > have been getting, > > > > $ ./icmp [args] > > sendto: Invalid argument > > > > Oh, just for the record, I am trying to see if some firewalls we have > > (ones not on the Internet, so no games from any kids out there) can be > > exploited. > > -- > > Crist J. Clark cjclark@alum.mit.com > > > -- > work: dga@lcs.mit.edu me: dga@pobox.com > MIT Laboratory for Computer Science http://www.angio.net/ -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 20:48:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from web4701.mail.yahoo.com (web4701.mail.yahoo.com [216.115.105.201]) by hub.freebsd.org (Postfix) with SMTP id B4C3B37B42C for ; Thu, 24 Aug 2000 20:48:24 -0700 (PDT) Message-ID: <20000825034824.11470.qmail@web4701.mail.yahoo.com> Received: from [206.180.159.81] by web4701.mail.yahoo.com; Thu, 24 Aug 2000 20:48:24 PDT Date: Thu, 24 Aug 2000 20:48:24 -0700 (PDT) From: Kurt Wuensche Subject: Route strangeness To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have recently been having strange occurences related to FBSD 2.2.5 routing. I am running static routing with icmp redirects turned off. What happens is that for no apparent reason the default route no longer works. The weird part is that netstat -nr and ifconfig show the default route still USGc and that the interface is up. I can even ping the gateway on my isp, but the packets go no further. Thinking it was an isp problem I called the isp. Their routing is apparently ok. Still pings from them sometimes don't come back. When this happens my host is also not visible from the internet, with a ping to an ip address returning request timeout errors. Even weirder is that a telnet by ip number to the machine remotely eventually shows a login prompt, but only after waiting for almost two minutes! I have run route monitor and tcpdump and examined messages. So far tcpdump has not shown any clues while route monitor occassionally shows RTM_LOSING messages from pid 0 and the user ppp process. messages shows nothing. Then for no reason, routing will work again. A reset also seems to fix the problem. I have a friend running 2.2.8 and the same identical things are happening to him. Any ideas? __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 21:58:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (roble.com [206.40.34.50]) by hub.freebsd.org (Postfix) with ESMTP id 50FA037B43F for ; Thu, 24 Aug 2000 21:58:37 -0700 (PDT) Received: from roble2.roble.com (roble2.roble.com [206.40.34.52]) by roble.com with SMTP id VAA10363 for ; Thu, 24 Aug 2000 21:58:42 -0700 (PDT) Date: Thu, 24 Aug 2000 21:58:31 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org Subject: ipfw & ospf Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does anyone know why trafshow/tcpdump still reports OSPF traffic after the application of these ipfw rules? /sbin/ipfw add 115 deny ospf from any to any /sbin/ipfw add 115 deny all from 224.0.0.0/8 to any TIA, -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 22:45: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with SMTP id 5240037B42C for ; Thu, 24 Aug 2000 22:44:59 -0700 (PDT) Received: by border.alcanet.com.au id <115389>; Fri, 25 Aug 2000 15:44:49 +1000 Content-return: prohibited Date: Fri, 25 Aug 2000 15:44:48 +1000 From: Peter Jeremy Subject: Re: ipfw & ospf In-reply-to: ; from marquis@roble.com on Thu, Aug 24, 2000 at 09:58:31PM -0700 To: Roger Marquis Cc: freebsd-security@FreeBSD.ORG Mail-followup-to: Roger Marquis , freebsd-security@FreeBSD.ORG Message-Id: <00Aug25.154449est.115389@border.alcanet.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.4i References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-Aug-24 21:58:31 -0700, Roger Marquis wrote: >Does anyone know why trafshow/tcpdump still reports OSPF traffic >after the application of these ipfw rules? > > /sbin/ipfw add 115 deny ospf from any to any > /sbin/ipfw add 115 deny all from 224.0.0.0/8 to any The BPF tap points used for trafshow/tcpdump are on the LAN side of the filtering rules, so you will still see OSPF traffic generated on the LAN. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 24 23:58:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 51B9237B43C for ; Thu, 24 Aug 2000 23:58:21 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 24 Aug 2000 23:57:11 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.9.3/8.9.3) id XAA62613; Thu, 24 Aug 2000 23:58:17 -0700 (PDT) (envelope-from cjc) Date: Thu, 24 Aug 2000 23:58:17 -0700 From: "Crist J . Clark" To: Kurt Wuensche Cc: freebsd-security@FreeBSD.ORG Subject: Re: Route strangeness Message-ID: <20000824235817.A62475@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20000825034824.11470.qmail@web4701.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000825034824.11470.qmail@web4701.mail.yahoo.com>; from kwuensche@yahoo.com on Thu, Aug 24, 2000 at 08:48:24PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Aug 24, 2000 at 08:48:24PM -0700, Kurt Wuensche wrote: > I have recently been having strange occurences > related to FBSD 2.2.5 routing. I am running static > routing with icmp redirects turned off. What happens > is that for no apparent reason the default route no > longer works. The weird part is that netstat -nr and > ifconfig show the default route still USGc and that > the interface > is up. I can even ping the gateway on my isp, but the > packets go no further. What do you mean? If you ping it, the packets shouldn't go further. Do you mean that you have trouble trying to ping machines past it? What does a 'traceroute -n' return for those? > Thinking it was an isp problem > I called the isp. Their routing is apparently ok. > Still pings from them sometimes > don't come back. When this happens my host is also > not visible > from the internet, with a ping to an ip address > returning > request timeout errors. The exact messages please. > Even weirder is that a telnet > by ip number > to the machine remotely eventually shows a login > prompt, but only > after waiting for almost two minutes! I have run > route > monitor and tcpdump and examined messages. So far > tcpdump has not shown any clues while route monitor > occassionally shows RTM_LOSING messages from pid 0 and > the user ppp process. messages shows nothing. Then > for no reason, routing will work again. A reset also > seems to fix the problem. I have a friend running > 2.2.8 and the same identical things are happening to > him. Any ideas? DNS problems? -- Crist J. Clark cjclark@alum.mit.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 25 1:22:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 2566437B424 for ; Fri, 25 Aug 2000 01:22:31 -0700 (PDT) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13SEks-00042e-00; Fri, 25 Aug 2000 10:22:26 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id KAA21028; Fri, 25 Aug 2000 10:22:24 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 20781; Fri Aug 25 10:21:11 2000 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13SEjf-0001cT-00; Fri, 25 Aug 2000 10:21:11 +0200 From: Sheldon Hearn Reply-To: freebsd-questions@freebsd.org To: Visigoth Cc: Daniel Hauer , freebsd-security@freebsd.org Subject: Re: How to apply patches? In-reply-to: Your message of "Thu, 24 Aug 2000 12:07:59 EST." Date: Fri, 25 Aug 2000 10:21:11 +0200 Message-ID: <6228.967191671@axl.fw.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ Please exclude freebsd-security in follow-ups. ] On Thu, 24 Aug 2000 12:07:59 EST, Visigoth wrote: > You may want to look into customizing your /etc/cvsupfile a little > bit to get what you want. CVSup is capable of only updateing certain > portions of your source ex. Actually, if you want to protect local modications to the tree while still receiving updates to modified files, you really should start thinking about checking out your tree with CVS. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 25 1:45:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id BD63537B43F for ; Fri, 25 Aug 2000 01:45:18 -0700 (PDT) Received: (qmail 73444 invoked by uid 1001); 25 Aug 2000 08:40:22 -0000 Date: Fri, 25 Aug 2000 11:40:22 +0300 From: Peter Pentchev To: freebsd-questions@freebsd.org Cc: Visigoth , Daniel Hauer