From owner-freebsd-security Sun Oct 14 12:40:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from vlmfg.com (w194.z064000243.lax-ca.dsl.cnc.net [64.0.243.194]) by hub.freebsd.org (Postfix) with ESMTP id 44DBB37B40D for ; Sun, 14 Oct 2001 12:40:30 -0700 (PDT) Received: from localhost [64.225.124.232] by vlmfg.com (SMTPD32-6.00) id AB9F2F2001A0; Sun, 14 Oct 2001 12:46:39 -0700 To: FreeBSD-security@FreeBSD.org From: friendz@openxxx.net X-Mailer: Perl+Mail::Sender 0.7.08 by Jan Krynicky Subject: Hello, your friend recommended openxxx.net to you Message-Id: <200110141246162.SM00207@localhost> Date: Sun, 14 Oct 2001 12:46:42 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You have been invited to check out this adult site by one of your friends who visited us. click here , our URL is: http://www.openxxx.net/ enjoy, OpenXXX TEAM 2001 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 14 23:31:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp.agama.com (smtp.agama.com [195.239.248.3]) by hub.freebsd.org (Postfix) with ESMTP id 31F4537B409 for ; Sun, 14 Oct 2001 23:31:55 -0700 (PDT) Received: from esp.agama.com (esp.agama.com [195.239.248.10]) by smtp.agama.com (8.11.6/8.11.0) with SMTP id f9F6VN150096; Mon, 15 Oct 2001 10:31:23 +0400 (MSD) Content-Type: text/plain; charset="koi8-r" From: "Eugene S. Panenko" To: "alexus" , Subject: Re: Only an ftp account Date: Mon, 15 Oct 2001 10:31:24 +0400 X-Mailer: KMail [version 1.2] References: <000b01c15345$9ace6170$0d00a8c0@alexus> In-Reply-To: <000b01c15345$9ace6170$0d00a8c0@alexus> MIME-Version: 1.0 Message-Id: <01101510273500.13315@esp.agama.com> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You may also set shell to /usr/bin/passwd to let the user to change his password. 12 ïËÔÑÂÒØ 2001 21:44, alexus ÎÁÐÉÓÁÌ: > just change shell to /sbin/nologin > > and this user won't be able login on shell while he/she'll be able to use > ftp > > ----- Original Message ----- > From: "Dave" > To: > Sent: Friday, October 12, 2001 1:38 PM > Subject: Only an ftp account > > > How would I be able to give an account to someone where they can only > > login and use FTP? Shell interpeters, sendmail, and virtually all the > > other parts of the system should not be at their disposal. > > > > How does one accomplish the creation of such a 'ftp-locked' account? > > > > I've heard some discussion about jails, but man jail(1) and jail(2) only > > talk about freezing a process, so I think this might not be the solution > > I need. > > > > Thanks. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Regards, Eugene Panenko system programmer OOO Teleross http://www.online.ru | http://www.aport.ru | http://www.omen.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 1:20:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 0E45637B403; Mon, 15 Oct 2001 01:20:23 -0700 (PDT) Received: from localhost (ilmar@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9F8K1292393; Mon, 15 Oct 2001 04:20:07 -0400 (EDT) (envelope-from ilmar@watson.org) Date: Mon, 15 Oct 2001 04:19:59 -0400 (EDT) From: "Ilmar S. Habibulin" To: Kris Kennaway Cc: Maxim Sobolev , kris@FreeBSD.org, security@FreeBSD.org Subject: Re: Recent major changes in the NetBSD audit system In-Reply-To: <20011013151002.B74378@xor.obsecurity.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 13 Oct 2001, Kris Kennaway wrote: > > FYI: http://www.netbsd.org/Changes/#audit-011013 > Looks cool. Anyone want to port it over? I think it should be review as part of TrustedBSD audit subsystem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 2:20:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id 1F92037B408 for ; Mon, 15 Oct 2001 02:20:10 -0700 (PDT) Received: (qmail 65947 invoked by uid 1000); 15 Oct 2001 09:20:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Oct 2001 09:20:08 -0000 Date: Mon, 15 Oct 2001 11:20:08 +0200 (CEST) From: Attila Nagy To: Gabor Zahemszky Cc: security@freebsd.org Subject: Re: recovery from 'rm -rf /' In-Reply-To: <20011012140523.A339@zg.CoDe.hu> Message-ID: <20011015111942.V45257-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > > i have no solution, bbut i heard smtg interesting on the radio this > > morning: > > there are only 3 companies in the world who are really specialised in > > doing such stuff, and one of these is in Hungary... they are said to be > > very helpful, and maybe you find them and talk to them about it... they > > have repeatedly offered help at no cost, so maybe you are lucky... > > unfortunately I do not know their name, so... maybe google will help > Their name is K=FCrt Kft. http://www.kurt.hu/english/ -------------------------------------------------------------------------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194) H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 3:13: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 50E9B37B61A; Mon, 15 Oct 2001 03:12:44 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.245.129.93.Dial1.SanJose1.Level3.net [209.245.129.93]) by falcon.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id f9FACY425003; Mon, 15 Oct 2001 03:12:34 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9F9xtW03033; Mon, 15 Oct 2001 02:59:55 -0700 (PDT) (envelope-from cjc) Date: Mon, 15 Oct 2001 02:59:55 -0700 From: "Crist J. Clark" To: "Ilmar S. Habibulin" Cc: Kris Kennaway , Maxim Sobolev , kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system Message-ID: <20011015025955.O309@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20011013151002.B74378@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from ilmar@watson.org on Mon, Oct 15, 2001 at 04:19:59AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Oct 15, 2001 at 04:19:59AM -0400, Ilmar S. Habibulin wrote: > > > On Sat, 13 Oct 2001, Kris Kennaway wrote: > > > > FYI: http://www.netbsd.org/Changes/#audit-011013 > > Looks cool. Anyone want to port it over? > I think it should be review as part of TrustedBSD audit subsystem. It's not _that_ kind of audit system. From reading the commit messages, it looks like this NetBSD "audit" mechanism is just about making something like the present FreeBSD /etc/security script except much more configurable. It watches for changes in specific files and mails you a diff when it notices a change. (That's what I glean from the commit message.) It's not "auditing" in the sense that most security people use it. BTW, what ever happened to breaking up /etc/security into something like a periodic(8) format? Is someone still working on that? Maybe this NetBSD thingie can be imported as part of/in spite of that. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 7:19:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9BA8537B40B; Mon, 15 Oct 2001 07:19:39 -0700 (PDT) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9FEJG095941; Mon, 15 Oct 2001 10:19:16 -0400 (EDT) (envelope-from arr@watson.org) Date: Mon, 15 Oct 2001 10:19:15 -0400 (EDT) From: "Andrew R. Reiter" To: "Ilmar S. Habibulin" Cc: Kris Kennaway , Maxim Sobolev , kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In general, the specifics of 12th of October audit system change would be covered by the trustedbsd audit system since we're doing much more fine grained auditing than that is being done here in NetBSD. Pulling specific information, such as that listed in the url below, would be the job of the pre/post selected audited records and the person who configures that. I see the importance of what they are doing, but I also feel that they are going the tripwire route -- which is flawed since it relies on trusting hte kernel for valid information. Andrew On Mon, 15 Oct 2001, Ilmar S. Habibulin wrote: : : :On Sat, 13 Oct 2001, Kris Kennaway wrote: : :> > FYI: http://www.netbsd.org/Changes/#audit-011013 :> Looks cool. Anyone want to port it over? :I think it should be review as part of TrustedBSD audit subsystem. : : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 11: 8: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from sherline.net (216-203-226-2.customer.algx.net [216.203.226.2]) by hub.freebsd.org (Postfix) with SMTP id E75C137B409 for ; Mon, 15 Oct 2001 11:07:58 -0700 (PDT) Received: (qmail 24481 invoked from network); 15 Oct 2001 18:07:56 -0000 Received: from server.sherline.net (HELO server) (216.203.226.3) by sherline.net with SMTP; 15 Oct 2001 18:07:56 -0000 Message-ID: <007f01c155a4$53166a60$03e2cbd8@server> From: "Jeremiah Gowdy" To: Subject: FreeBSD IPFW Date: Mon, 15 Oct 2001 11:07:59 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to protect my network. I'm wondering why ipfw is returning packets, which I assume it's doing, when it filters a particular port like this: "139/tcp filtered netbios-ssn" result from an nmap scan. I would rather, like blackhole, just silently drop the packet, which causes the port scanner to lag all to hell and wait for the response timeout. Of course I have blackhole turned on, and that works for the FreeBSD box itself, but it does not work for the packets blocked by ipfw. Is there an IPFW option to drop a packet silently with no RST or ICMP returned (or anything else) ? Thanks. ___________________________________________ Jeremiah Gowdy IT Manager - Senior Network Administrator Sherline Products Inc 3235 Executive Ridge Vista CA 92083-8527 IT Dept: 760-727-9492 Sales: 1-800-541-0735 International: (760) 727-5857 Fax: (760) 727-7857 ___________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 11:34:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from bgmail4.impsat.net.co (bgmail4.impsat.net.co [200.31.19.6]) by hub.freebsd.org (Postfix) with ESMTP id 443F137B401 for ; Mon, 15 Oct 2001 11:34:53 -0700 (PDT) Received: from [206.114.11.102] (helo=oemcomputer) by bgmail4.impsat.net.co with smtp (Exim 3.16 #1) id 15tAFv-0003mJ-00 for freebsd-security@freebsd.org; Mon, 15 Oct 2001 11:06:19 -0500 Reply-To: From: " Rueda" To: Subject: =?iso-8859-1?Q?M=E1s_de_15.000_Empresas_a_su_disposici=F3n?= Date: Mon, 15 Oct 2001 11:04:22 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mensaje enviado por rueda@elsitio.net.co Empres@s - Colombia Potente Herramienta para Mercadeo y Ventas. Encuentre los clientes que usted necesita, con un simple click en nuestra base de datos de más de 15Mil Empresas Importantes de Colombia, con más de 70.000 directivos y ejecutivos. La Base de Datos y la Aplicación le permiten localizar y calificar sus mejores prospectos, aprender más sobre sus clientes, proveedores y competidores y crear eficientes campañas de correo, teléfono, e-mail, fax y campañas de campo. La Base de Datos de Empresas (más de 15Mil) maneja los siguientes campos: Razón Social, sigla, Nit, dirección, teléfono, fax, actividad empresarial (código CIIU Rev. 3.0), número de empleados, ciudad y departamento. La Base de Datos de directivos y ejecutivos (más de 70Mil) maneja los siguientes campos: nombre, cargo, area por cargos, dirección, teléfono, fax. Estas bases de datos se encuentran relacionadas, de tal forma que la aplicación hace búsquedas simples o complejas por todos estos campos, agrupa diferentes tipos de búsquedas, prepara e imprime reportes, rótulos y cartas, hace llamadas telefónicas y envía email´s. COMO VALOR AGREGADO le damos acceso a toda la información sobre COMERCIO EXTERIOR, a través de enlaces Vía Internet a las Bases de Datos de MINCOMEX (27000 Importadores), PROEXPO (4.000 Exportadores y sus ejecutivos), Y LA COMUNIDAD ANDINA. También le facilitamos la conexión a sus propios enlaces. Solicite información adicional vía email sobre contenido de la base de datos, fuentes de la información, actualización, funciones que permite ejecutar la aplicación, versiones, precios y empresas que la estan utilizando, o enviando los siguientes datos al Fax 6178102 - 6179073 Bogotá – Colombia o llamando directamente a Florentino Rueda, gerente comercial al Cel. 033-3396180 Empresa Nit Ciudad Dirección Teléfono Fax Nombre Cargo P.D. Si este mensaje no es de su interés, considere dirigirlo a la Gerencia General y/o Mercadeo, si no desea recibir mensajes como este, por favor déjenos saberlo a rueda@elsitio.net.co para eliminar su dirección en nuestra base de datos. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 12:23: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from greg.cex.ca (h24-207-26-100.dlt.dccnet.com [24.207.26.100]) by hub.freebsd.org (Postfix) with SMTP id B848437B408 for ; Mon, 15 Oct 2001 12:23:04 -0700 (PDT) Received: (qmail 21586 invoked by uid 1001); 15 Oct 2001 18:55:56 -0000 Date: Mon, 15 Oct 2001 11:55:56 -0700 From: Greg White To: security@freebsd.org Subject: Re: FreeBSD IPFW Message-ID: <20011015115556.A16917@greg.cex.ca> Mail-Followup-To: security@freebsd.org References: <007f01c155a4$53166a60$03e2cbd8@server> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007f01c155a4$53166a60$03e2cbd8@server>; from jgowdy@home.com on Mon, Oct 15, 2001 at 11:07:59AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Oct 15, 2001 at 11:07:59AM -0700, Jeremiah Gowdy wrote: > I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to > protect my network. I'm wondering why ipfw is returning packets, which I > assume it's doing, when it filters a particular port like this: > > "139/tcp filtered netbios-ssn" > > result from an nmap scan. I would rather, like blackhole, just silently > drop the packet, which causes the port scanner to lag all to hell and wait > for the response timeout. Of course I have blackhole turned on, and that > works for the FreeBSD box itself, but it does not work for the packets > blocked by ipfw. Is there an IPFW option to drop a packet silently with no > RST or ICMP returned (or anything else) ? Someone correct me if I'm wrong here, but in every instance I have seen nmap return that result, it is _because_ of the behaviour you say you're looking for. An unfiltered port would have responded with RST, and nmap knows this, so that if no RST comes back, it calls the port 'filtered'. Similar results for UDP with no returned port-unreachable. Using ipfw's 'deny' should produce the results you saw above, and do what you want. -- Greg White To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 12:24:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from oksala.org (modemcable005.86-201-24.timi.mc.videotron.ca [24.201.86.5]) by hub.freebsd.org (Postfix) with ESMTP id AA98F37B403 for ; Mon, 15 Oct 2001 12:24:50 -0700 (PDT) Received: from videotron.ca (silence [24.201.86.5]) by oksala.org (8.11.6/8.11.1) with ESMTP id f9FJNgh84725 for ; Mon, 15 Oct 2001 15:23:42 -0400 (EDT) (envelope-from "ghislainl"@videotron.ca) Message-Id: <200110151923.f9FJNgh84725@oksala.org> Date: Mon, 15 Oct 2001 15:23:42 -0400 From: Pierre-Luc =?iso-8859-1?Q?Lesp=E9rance?= X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: Re: FreeBSD IPFW References: <007f01c155a4$53166a60$03e2cbd8@server> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jeremiah Gowdy wrote: > > I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to > protect my network. I'm wondering why ipfw is returning packets, which I > assume it's doing, when it filters a particular port like this: > > "139/tcp filtered netbios-ssn" > > result from an nmap scan. I would rather, like blackhole, just silently > drop the packet, which causes the port scanner to lag all to hell and wait > for the response timeout. Of course I have blackhole turned on, and that > works for the FreeBSD box itself, but it does not work for the packets > blocked by ipfw. Is there an IPFW option to drop a packet silently with no > RST or ICMP returned (or anything else) ? > I tried IPFilter with net.inet.tcp.blackhole and some return-icmp First I send "destination unreachable" using that rule block return-icmp (3) in quick on ed0 proto tcp from any to any port = 21 And I used nmap and it showed 21/tcp closed ftp And after that I try "IP header bad" block return-icmp (12) in quick on ed0 proto tcp from any to any port = 21 and It wasn't showed in the nmap ( 2.54BETA29 ) report  I don't know if it's what you want and I KNOW that IPFilter isn't IPFW ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 13:18:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 9B7E237B401 for ; Mon, 15 Oct 2001 13:18:29 -0700 (PDT) Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001) id 543C21DA7; Mon, 15 Oct 2001 22:18:22 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP id EF8A1559C; Mon, 15 Oct 2001 22:18:21 +0200 (CEST) Date: Mon, 15 Oct 2001 22:18:21 +0200 (CEST) From: Krzysztof Zaraska X-Sender: kzaraska@lhotse.zaraska.dhs.org To: Greg White , Jeremiah Gowdy Cc: security@FreeBSD.ORG Subject: Re: FreeBSD IPFW In-Reply-To: <20011015115556.A16917@greg.cex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 15 Oct 2001, Greg White wrote: > On Mon, Oct 15, 2001 at 11:07:59AM -0700, Jeremiah Gowdy wrote: > > I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to > > protect my network. I'm wondering why ipfw is returning packets, which I > > assume it's doing, when it filters a particular port like this: > > > > "139/tcp filtered netbios-ssn" > > > > result from an nmap scan. I would rather, like blackhole, just silently > > drop the packet, which causes the port scanner to lag all to hell and wait > > for the response timeout. Of course I have blackhole turned on, and that > > works for the FreeBSD box itself, but it does not work for the packets > > blocked by ipfw. Is there an IPFW option to drop a packet silently with no > > RST or ICMP returned (or anything else) ? > > Someone correct me if I'm wrong here, but in every instance I have seen > nmap return that result, it is _because_ of the behaviour you say you're > looking for. An unfiltered port would have responded with RST, and nmap > knows this, so that if no RST comes back, it calls the port 'filtered'. > Similar results for UDP with no returned port-unreachable. > > Using ipfw's 'deny' should produce the results you saw above, and do > what you want. Yes, this is right. 'deny' just drops the packet on the floor silently. If you want to make sure, just run tcpdump on scanning box and lunch nmap. You should see only "one-way" traffic -- that is, from scanning host to scanned host. As of blackhole turned on -- well, since you told ipfw to drop the packet before it reaches TCP stack this will have no effect here. Please also note, that if you are doing UDP scan on filtered port nmap may report it as open. This is due to the fact that open UDP port returns no reply while a closed one returns ICMP Port Unreachable. Since a blocked port also returns no reply, it may be reported as open, while it is filtered. Krzysztof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 14:15:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 3FB7637B405 for ; Mon, 15 Oct 2001 14:15:49 -0700 (PDT) Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001) id 19B531DA7; Mon, 15 Oct 2001 23:15:48 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP id A4BA2559C; Mon, 15 Oct 2001 23:15:48 +0200 (CEST) Date: Mon, 15 Oct 2001 23:15:48 +0200 (CEST) From: Krzysztof Zaraska X-Sender: kzaraska@lhotse.zaraska.dhs.org To: "Andrew R. Reiter" Cc: security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 15 Oct 2001, Andrew R. Reiter wrote: > I see the importance of what they are doing, but I also feel that they are > going the tripwire route -- which is flawed since it relies on trusting > hte kernel for valid information. Could you explain this a little more in detail? If tripwire-like solutions are flawed, how should it work then? Thanks in advance, Krzysztof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 14:54:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6A27037B403 for ; Mon, 15 Oct 2001 14:54:05 -0700 (PDT) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9FLZpB02593; Mon, 15 Oct 2001 17:35:52 -0400 (EDT) (envelope-from arr@watson.org) Date: Mon, 15 Oct 2001 17:35:50 -0400 (EDT) From: "Andrew R. Reiter" To: Krzysztof Zaraska Cc: security@FreeBSD.ORG Subject: Re: Recent major changes in the NetBSD audit system In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What I meant by being flawed is that I look at from the perspective of how easy it would be to bypass the system, which given a kernel module would not be too difficult. I would be able to intercept the system calls and audit their arguments and return whatever information I please. Tripwire, atleast the last version I ran, essentially relied on the fact that the kernel's information was valid and was not tampered with, therefore allowing one to hide changes to monitored files or directories. Monitoring system file changes, if you think about it, can really extend all the way back to monitoring in kernel function calls. How can one really be certain that a call to read() is really executing the code found at the sysent[SYS_read].sy_call pointer? You could keep a valid list of addresses somewhere read-only (floppy?) and compare the functions nightly... however, this does not stop one from implementing a backdoor that provides a 7-byte jump overwrite -- keeping the address in the sy_call pointer the same, but changing the function itself. This would bypass the check. I started to tinker with doing function call checksumming -- essentially doing checks of the function data itself, but #1 I was losing sight of my end goal (monitoring system files) and #2 started worrying about the overhead this would cause us. Each checksum validation would most likely have to occur at the time of the functiion call and that would be nuts. I haven't thought about other ways to do this in a good manner... Im sure others have. Anyone want to chime in? Andrew On Mon, 15 Oct 2001, Krzysztof Zaraska wrote: :Could you explain this a little more in detail? If tripwire-like solutions :are flawed, how should it work then? : :Thanks in advance, : :Krzysztof : : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 15 14:57: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mel-rti17.wanadoo.fr (smtprt17.wanadoo.fr [193.252.19.228]) by hub.freebsd.org (Postfix) with ESMTP id 6B71A37B40C for ; Mon, 15 Oct 2001 14:56:58 -0700 (PDT) Received: from citronier.wanadoo.fr (193.252.19.222) by mel-rti17.wanadoo.fr; 15 Oct 2001 23:56:57 +0200 Received: from there (193.251.39.66) by citronier.wanadoo.fr; 15 Oct 2001 23:56:53 +0200 Message-ID: <3bcb5ba53c53b465@citronier.wanadoo.fr> (added by citronier.wanadoo.fr) Content-Type: text/plain; charset="iso-8859-1" From: Thiebaut To: security@freebsd.org Subject: samba problem Date: Mon, 15 Oct 2001 23:57:03 +0200 X-Mailer: KMail [version 1.3] References: <007f01c155a4$53166a60$03e2cbd8@server> <200110151923.f9FJNgh84725@oksala.org> In-Reply-To: <200110151923.f9FJNgh84725@oksala.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org seems i have a strange problem : I use a samba file server that uses X windows. When I upload files from a windows 2000 clien, the server (freebsd 4.4) seems to stop working : I can't ping anymore, I can not use any connections either. Very serious DOS. I have to reboot to get a connection back. The very strange thing is that when I do not startx the samba server is working fine ... Anyone experienced this before ? By. Th To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 0:55:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from holmes.infopro.spb.su (holmes.infopro.spb.su [195.242.2.2]) by hub.freebsd.org (Postfix) with ESMTP id A6A4237B409 for ; Tue, 16 Oct 2001 00:55:06 -0700 (PDT) Received: from barrymore.peterlink.ru (barrymore.peterlink.ru [195.242.2.8]) by holmes.infopro.spb.su (8.9.1/8.9.1) with ESMTP id LAA08597 for ; Tue, 16 Oct 2001 11:55:04 +0400 (MSD) Received: from kostasoft.spb.ru (spb-3-100.dialup.peterlink.ru [195.242.18.100]) by barrymore.peterlink.ru (8.9.1/8.9.1) with ESMTP id LAA25269 for ; Tue, 16 Oct 2001 11:55:03 +0400 (MSD) Received: from adv2 [192.168.0.4] by kostasoft [127.0.0.1] with SMTP (MDaemon.v2.84.R) for ; Tue, 16 Oct 2001 11:51:45 +0400 Reply-To: From: "Yuri Muhitov" To: Subject: Using IPFW with dynamic IP Date: Tue, 16 Oct 2001 11:51:43 +0400 Message-ID: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal X-MDaemon-Deliver-To: freebsd-security@FreeBSD.ORG X-Return-Path: muhitov@kostasoft.spb.ru Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all! I use dial-up and my ISP assigns IP addresses dynamically. How can I compose IPFW rules? 1. Which variable can I use in IPFW configuration script to designate my dynamic IP? 2. Can I call my IPFW configuration script automatically when dynamic IP is assigned? All manuals which I have describe IPFW configuration using static IP. Any help is highly appreciated. Yuri. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 1:15:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 34C4E37B408 for ; Tue, 16 Oct 2001 01:15:43 -0700 (PDT) Received: from IBMKA (ibmka.internethelp.ru. [192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with ESMTP id MAA06786; Tue, 16 Oct 2001 12:15:36 +0400 (MSD) Date: Tue, 16 Oct 2001 12:14:58 +0400 From: "Nickolay A.Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A.Kritsky" X-Priority: 3 (Normal) Message-ID: <4263631096.20011016121458@internethelp.ru> To: "Yuri Muhitov" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Using IPFW with dynamic IP In-reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> References: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Yuri, Tuesday, October 16, 2001, 11:51:43 AM, you wrote: YM> Hi all! YM> I use dial-up and my ISP assigns IP addresses dynamically. YM> How can I compose IPFW rules? YM> 1. Which variable can I use in IPFW configuration script to designate my YM> dynamic IP? YM> 2. Can I call my IPFW configuration script automatically when dynamic IP is YM> assigned? YM> All manuals which I have describe IPFW configuration using static IP. YM> Any help is highly appreciated. YM> Yuri. add following lines in your /etc/rc.firewall script: if [ "x$external_ip" != "x" ] #here come all Internet-related rules fi after establishing dial-up connection and aquiring dynamic ip, call `external_ip = dynamic_ip ; export external_ip ; /bin/sh /etc/rc.firewall' Hope that helps ;------------------------------------------- ; NKritsky ; SysAdmin InternetHelp.Ru ; http://www.internethelp.ru ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 1:23:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id 173CB37B40B for ; Tue, 16 Oct 2001 01:23:15 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f9G8N6i54015; Tue, 16 Oct 2001 16:23:06 +0800 (KRAST) Date: Tue, 16 Oct 2001 16:23:34 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.53d) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <121109462558.20011016162334@morning.ru> To: "Yuri Muhitov" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Using IPFW with dynamic IP In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> References: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi all! > I use dial-up and my ISP assigns IP addresses dynamically. > How can I compose IPFW rules? > 1. Which variable can I use in IPFW configuration script to designate my > dynamic IP? > 2. Can I call my IPFW configuration script automatically when dynamic IP is > assigned? > All manuals which I have describe IPFW configuration using static IP. > Any help is highly appreciated. > Yuri. See http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_fw.c?rev=1.158&content-type=text/x-cvsweb-markup optionally, http://www.morning.ru/~poige/patchzone/ it could give you a bit more information delaing with that > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 2: 8:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from terminus.dnttm.ro (terminus.dnttm.ro [193.226.98.11]) by hub.freebsd.org (Postfix) with ESMTP id D669B37B40E for ; Tue, 16 Oct 2001 02:08:41 -0700 (PDT) Received: from unix.edc.dnttm.ro (edc.dnttm.ro [193.226.98.104]) by terminus.dnttm.ro (8.9.3/8.9.3) with ESMTP id MAA17164 for ; Tue, 16 Oct 2001 12:08:33 +0300 Received: (from root@localhost) by unix.edc.dnttm.ro (8.11.6/8.11.2) id f9G98WS86891 for freebsd-security@freebsd.org; Tue, 16 Oct 2001 12:08:32 +0300 (EEST) (envelope-from titus) Received: (from titus@localhost) by unix.edc.dnttm.ro (8.11.6/8.11.2av) id f9G98U086883 for freebsd-security@FreeBSD.ORG; Tue, 16 Oct 2001 12:08:30 +0300 (EEST) (envelope-from titus) Date: Tue, 16 Oct 2001 12:08:30 +0300 From: titus manea To: freebsd-security@FreeBSD.ORG Subject: Re: Using IPFW with dynamic IP Message-ID: <20011016120830.A86862@unix.edc.dnttm.ro> References: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru>; from muhitov@kostasoft.spb.ru on Tue, Oct 16, 2001 at 11:51:43AM +0400 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can either use the "me" keyword in the rules (check ipfw docs), or run a script from /etc/ppp/ppp.linkup which you can pass ppp variable MYADDR. On Tue, Oct 16, 2001 at 11:51:43AM +0400, Yuri Muhitov wrote: > Hi all! > > I use dial-up and my ISP assigns IP addresses dynamically. > How can I compose IPFW rules? > > 1. Which variable can I use in IPFW configuration script to designate my > dynamic IP? > 2. Can I call my IPFW configuration script automatically when dynamic IP is > assigned? > > All manuals which I have describe IPFW configuration using static IP. > > Any help is highly appreciated. > > Yuri. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __________________________________________________________________________ Titus Manea | Eastern Digital Inc. Lab owner | http://2edc.com | +40-56-192091 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 6:29:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 4424F37B405 for ; Tue, 16 Oct 2001 06:29:14 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 027D914C40; Tue, 16 Oct 2001 15:29:12 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Cc: Subject: Re: Using IPFW with dynamic IP References: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> From: Dag-Erling Smorgrav Date: 16 Oct 2001 15:29:12 +0200 In-Reply-To: <2E8E747BA4D4994CB49D56AF57F1728208B28B@adv.KOSTASOFT.kostasoft.spb.ru> Message-ID: Lines: 10 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Yuri Muhitov" writes: > I use dial-up and my ISP assigns IP addresses dynamically. > How can I compose IPFW rules? Either use ipfw's "me" keyword (see the man pages), or use ppp's built-in packet filter (again, see the man pages). DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 8: 0:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from dragon.awen.com (dragon.awen.com [66.120.7.18]) by hub.freebsd.org (Postfix) with ESMTP id DACF137B408 for ; Tue, 16 Oct 2001 08:00:50 -0700 (PDT) Received: from dragon.awen.com (localhost [127.0.0.1]) by dragon.awen.com (8.12.1/8.12.1) with ESMTP id f9GF0ooC000470 for ; Tue, 16 Oct 2001 08:00:50 -0700 (PDT) Received: (from mburgett@localhost) by dragon.awen.com (8.12.1/8.12.1/Submit) id f9GF0ovH000469; Tue, 16 Oct 2001 08:00:50 -0700 (PDT) Message-Id: <200110161500.f9GF0ovH000469@dragon.awen.com> From: "Mike Burgett" To: "security@freebsd.org" Date: Tue, 16 Oct 2001 08:00:50 -0700 Reply-To: "Mike Burgett" X-Mailer: PMMail 2000 Professional (2.20.2360) For Windows 2000 (5.0.2195;2) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: NIS and udp listening Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry if this is the wrong forum. I've looked in the archives, and didn't see anything about this. I'm running NIS client/server on a 4.4-RELEASE box, and I seem to get a udp port per server (most in the <= 1024 range, though I've seen some higher) opened and listening: nobody httpd 360 5 udp4 *:968 *:* root sendmail 272 4 udp4 *:973 *:* root named 205 14 udp4 *:1024 *:* When I disable NIS, this goes away. Is this normal? Would someone please be kind enough to point me to the FM I should be R'ing? Thanks, Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 10:38:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id C466537B409 for ; Tue, 16 Oct 2001 10:38:22 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id f9GHcBm12030 for security@freebsd.org; Tue, 16 Oct 2001 13:38:11 -0400 (EDT) (envelope-from str) Date: Tue, 16 Oct 2001 13:38:11 -0400 (EDT) From: Igor Roshchin Message-Id: <200110161738.f9GHcBm12030@giganda.komkon.org> To: security@freebsd.org Subject: tcp_wrappers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! on a 4.x system: tcpd_chk(8) barks: warning: /etc/hosts.allow, line 71: popper: service possibly not wrapped From some side symptoms I suspect it might be the case. Does it make sense to run tcp_wrappers from the ports collection on the popper daemon ? I noticed that tcp_wrappers port in its Makefile has : .if exists(/usr/include/tcpd.h) FORBIDDEN= tcp_wrappers is in the base system .endif I wonder if there is any conflict if I used both base-system tcp_wrappers, and the one from ports (the latter for wrapping a particular daemon). Thanks, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 13:21:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-3.dsl.lsan03.pacbell.net [63.207.60.3]) by hub.freebsd.org (Postfix) with ESMTP id D1A8E37B403 for ; Tue, 16 Oct 2001 13:21:51 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 7B00166B0E; Tue, 16 Oct 2001 13:21:51 -0700 (PDT) Date: Tue, 16 Oct 2001 13:21:51 -0700 From: Kris Kennaway To: Igor Roshchin Cc: security@freebsd.org Subject: Re: tcp_wrappers Message-ID: <20011016132151.B21030@xor.obsecurity.org> References: <200110161738.f9GHcBm12030@giganda.komkon.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="bCsyhTFzCvuiizWE" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200110161738.f9GHcBm12030@giganda.komkon.org>; from str@giganda.komkon.org on Tue, Oct 16, 2001 at 01:38:11PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 16, 2001 at 01:38:11PM -0400, Igor Roshchin wrote: >=20 > Hello! >=20 > on a 4.x system: tcpd_chk(8) barks: > warning: /etc/hosts.allow, line 71: popper: service possibly not wrapped > >From some side symptoms I suspect it might be the case. > Does it make sense to run tcp_wrappers from the ports collection > on the popper daemon ? >=20 > I noticed that tcp_wrappers port in its Makefile has : >=20 > .if exists(/usr/include/tcpd.h) > FORBIDDEN=3D tcp_wrappers is in the base system > .endif >=20 > I wonder if there is any conflict if I used both base-system tcp_wrappers, > and the one from ports (the latter for wrapping a particular daemon). There's absolutely no reason for you to install the port - everything it contains is functionally available in the base system (with tcpd replaced by inetd). Kris --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7zJbfWry0BWjoQKURAmV1AKCgdSiacgQkoWOfPE9uK/rsuvlMcwCfQw+N T4Ww1hOnUM1Qaz1HFqk7nUM= =zfC4 -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 22:55:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from netra.netcologne.de (netra.netcologne.de [194.8.194.106]) by hub.freebsd.org (Postfix) with ESMTP id 1639737B408 for ; Tue, 16 Oct 2001 22:55:16 -0700 (PDT) Received: from emre.de (sys-125.netcologne.de [194.8.193.125]) by netra.netcologne.de (8.9.1/8.9.1) with ESMTP id HAA22093 for ; Wed, 17 Oct 2001 07:55:12 +0200 (MET DST) X-Ncc-Regid: de.netcologne Message-ID: <3BCD1DFB.2030103@emre.de> Date: Wed, 17 Oct 2001 07:58:19 +0200 From: Emre Bastuz User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; de-DE; rv:0.9.2) Gecko/20010726 Netscape6/6.1 X-Accept-Language: de-DE MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: DoS ? Limiting closed port RST response ? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, just this morning I have noticed the following messages in my /var/log/messages that somehow make me nervous: Oct 16 20:55:53 MyHost inetd[5492]: warning: can't get client address: Connection reset by peer Oct 16 20:55:53 MyHost inetd[5493]: warning: can't get client address: Connection reset by peer Oct 16 20:55:53 MyHost inetd[5493]: refused connection from unknown, service imapd (tcp) Oct 16 20:55:53 MyHost inetd[5493]: refused connection from unknown, service imapd (tcp) Oct 16 20:55:53 MyHost inetd[5492]: refused connection from unknown, service teapop (tcp) Oct 16 20:55:53 MyHost inetd[5492]: refused connection from unknown, service teapop (tcp) Oct 16 20:55:54 MyHost /kernel: Limiting closed port RST response from 371 to 200 packets per second Oct 16 20:55:54 MyHost inetd[5494]: warning: can't get client address: Connection reset by peer Oct 16 20:55:54 MyHost inetd[5494]: refused connection from unknown, service ftpd (tcp) Oct 16 20:55:54 MyHost inetd[5494]: refused connection from unknown, service ftpd (tcp) Oct 16 20:55:54 MyHost mysqld[375]: warning: can't get client address: Connection reset by peer Oct 16 20:55:54 MyHost mysqld[375]: warning: can't get client address: Connection reset by peer Oct 16 20:55:54 MyHost mysqld[375]: refused connect from unknown Oct 16 20:55:54 MyHost mysqld[375]: refused connect from unknown Oct 16 20:56:24 MyHost /kernel: Limiting closed port RST response from 480 to 200 packets per second [... goes on like this for a *lot* of lines ...] These messages are repeated several times. It seems that somebody is trying to contact a certain service twice and then causing the "RST" messages, then again trying another service twice, etc.. I´ve checked some websites and found out that the RST messages can be caused by portscans which would make sense somehow. What I don´t get is, why can´t I see any IP addresses as source of the portscans ? Even if this is some kind of DoS Attack thing where the source IP is spoofed (the victim´s IP) I should see it in the log, right ? My system is a FreeBSD 4.3-RELEASE running Snort Version 1.8.1-RELEASE (Build 74). In case this was an attack I´m wondering why Snort did not detect it. Anyway, any help finding out what´s going on with my box will be appreciated. Regards, Emre -- Emre Bastuz info@emre.de http://www.emre.de UIN: 561260 PGP Key ID: 0xEA0E2CA1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 16 23:58:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from yorktown.francisscott.net (yorktown.francisscott.net [216.179.185.125]) by hub.freebsd.org (Postfix) with ESMTP id AD3E237B40D for ; Tue, 16 Oct 2001 23:58:23 -0700 (PDT) Received: from gatekeeper.heavymetal.org (cy565913-a.rdondo1.ca.home.com [24.177.248.173]) by yorktown.francisscott.net (8.11.6/8.11.6) with ESMTP id f9H6wB804364 for ; Tue, 16 Oct 2001 23:58:11 -0700 Received: from zeppelin (zeppelin.heavymetal.org [192.168.250.7]) by gatekeeper.heavymetal.org (8.11.6/8.11.6) with SMTP id f9H6wAX03567 for ; Tue, 16 Oct 2001 23:58:10 -0700 (PDT) (envelope-from scott@lampert.org) Message-ID: <000f01c156d9$152988a0$07faa8c0@zeppelin> From: "Scott Lampert" To: Subject: Bridging Firewall - 3 interfaces - arp issue Date: Tue, 16 Oct 2001 23:58:10 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a box I've setup as a bridging firewall with ipfw. It has 3 interfaces - two are bridged, without IP addresses, and the third has an IP address and is connected to the inside network. Basically it looks like this: ************ * Internet * **+******** | 192.168.1.1/24 | | | bridge outside | +--+-------+ 192.168.1.2/24 | Firewall Box +-----+ +--+-------+ | | bridge inside | | | | +-+-------+ +-----------| Switch | +--------- + I hope the poor ascii art helps rather than hinders. :) In any event, I've noticed after running the firewall for a few hours that I start getting the following message in my dmesg output: arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2! xx ouch, bdg_forward for local pkt The box is complaining about the third interface saying it has the IP its supposed to have. For some reason the box doesn't realize that its own interface is answering arps correctly. Is this normal behavior or have I misconfigured something? Do I need to add the third interface to the bridge configuration? -Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 9: 2: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from nathan-lane.condo.chico.ca.us (adsl-63-207-239-227.dsl.chic01.pacbell.net [63.207.239.227]) by hub.freebsd.org (Postfix) with ESMTP id D744037B403 for ; Wed, 17 Oct 2001 09:01:52 -0700 (PDT) Received: from [192.168.1.10] (localhost.condo.chico.ca.us [127.0.0.1]) by nathan-lane.condo.chico.ca.us (8.10.2/8.10.2) with ESMTP id f9HG0R501510; Wed, 17 Oct 2001 09:00:27 -0700 (PDT) Date: Wed, 17 Oct 2001 09:00:26 -0700 From: Fred Condo To: Max Khon , security@FreeBSD.ORG Subject: Re: [marck@rinet.ru: Re: adduser and passwords] Message-ID: <562796.1003309226@[192.168.1.10]> In-Reply-To: <20011012171022.A24494@iclub.nsu.ru> References: <20011012171022.A24494@iclub.nsu.ru> X-Mailer: Mulberry/2.1.0 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --On Friday 12 October 2001 17:10 +0700 Max Khon wrote: > hi, there! > > Seems like a good idea. I thought just about the same today > when I was adding user who will be able to login only using DSA auth. > Any objections if I commit this? I don't believe this will work. A locked password is a literal '*', not a crypted *. I believe the correct quick and dirty patch should have this: $cryptpwd = crypt($password, &salt) if $password ne "*"; But the question about 'use passwords?' needs to be elaborated so that the sysadmin can choose 'Yes', 'No', or 'Locked password', and the reply has to be recorded in the preferences file. > > ----- Forwarded message from Dmitry Morozovsky ----- > > Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD) > From: Dmitry Morozovsky > To: William Wong > Cc: freebsd-stable@FreeBSD.ORG > Subject: Re: adduser and passwords > > On Fri, 12 Oct 2001, William Wong wrote: > > [...] > > Here is quick'n'dirty fix to adduser (this should be done more politely, > sure ;-) to put '*' when password is empty to not open your system with > passwordless user between adding new user and changing its password. > > Index: adduser.perl > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v > retrieving revision 1.44.2.2 > diff -u -r1.44.2.2 adduser.perl > --- adduser.perl 2001/07/30 23:56:48 1.44.2.2 > +++ adduser.perl 2001/10/12 09:35: > @@ -710,7 +710,7 @@ > if (&new_users_ok) { > $new_users_ok = 1; > > - $cryptpwd = ""; > + $cryptpwd = "*"; > $cryptpwd = crypt($password, &salt) if $password ne ""; > # obscure perl bug > $new_entry = "$name\:" . "$cryptpwd" . > > ----- End forwarded message ----- -- Fred Condo - fred@condo.chico.ca.us Repeal the DMCA. Stop censoring Felten & Ferguson. http://www.macfergus.com/niels/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 10: 0:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from tomts12-srv.bellnexxia.net (tomts12.bellnexxia.net [209.226.175.56]) by hub.freebsd.org (Postfix) with ESMTP id 8E82637B408 for ; Wed, 17 Oct 2001 09:59:22 -0700 (PDT) Received: from cr184391-b ([64.231.32.249]) by tomts12-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with SMTP id <20011017165911.IJVS10438.tomts12-srv.bellnexxia.net@cr184391-b> for ; Wed, 17 Oct 2001 12:59:11 -0400 From: Kian Haghdad To: Subject: Software engineer Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="52440554" Message-Id: <20011017165911.IJVS10438.tomts12-srv.bellnexxia.net@cr184391-b> Date: Wed, 17 Oct 2001 12:59:13 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multipart message in MIME format --52440554 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi: I have got your email from the Web site and I am very interested in working for your company. I have a BS in Electrical Engineering and computer science and worked on my Master degree in Telecommunication engineering (not finished due to the lucrative market!). I have also 7++ years of experience with software development, Internet development and hardware. I have worked for many companies both in Canada and in the United States using different development environments. I am looking for a position which utilizes my experience. I am open to both Permanent position or contract to permanent positions. I have attached my resume and sincerely appreciate your attention, thank you. Sincerely, Kian Haghdad Here is my resume: Kian Haghdad 8 Kingsbridge Crt., Apt. 508 Toronto, Ontario M2R 1L5 Home: (416) 630-7066 Email : khaghdad3@yahoo.com I have more than 7+ years of experience in application development, Database Management, Internet development. I have also been involved in hardware design. My software development experience is mainly in Visual Basic, Visual C++, Visual J++, Visual InterDev, COM, DCOM, MFC, SDKs, MS-Access, MS-SQL, FoxPro, Java script and VB scrip, HTML and DHTML. Over the years I have been responsible for the Development of many applications from design to commercial release. EDUCATION: Sharif University OF Technology, Tehran (The best technical school in Iran) 9/87-6/92 B.S. Degree: Electrical Engineering and computer science Worked on M.S. degree in Telecommunication engineering EXPERIENCE: Unisearch Associates, Concord, Ontario 3/01-Present * Developed an ATL DCOM based Server and MFC client GUI using Visual C++6.0. The application controls the laser beam in the UV instruments and communicates to LasIR using The Parallel port. The result (NO/CO2 and TOL/CO2 ratio) is outputted to the client's computer as a RS232 string. * Developed a DCOM application using visual C++6.0 and embedded .Java script. The application is a data acquisition software which communicates with a spectroscopy software and gets the Data such as Temperature, pressure and gas concentration from a laser instrument (FTIR). Also the application gets other data from a whether station connected to the serial port at real time and using an I/O port draws different charts driving a plotter. User can control the data acquisition parameters by modifying the script file. * Hardware and software design for a current loop with 6 channels to run a plotter using an I/O port. * Transfer the windows based application to the micro controllers using PICMicro. American SkySat, Walnut Creek, California 6/00-3/01 * Involved in the development of a web application in Visual InterDev 6.0 using Active Server Pages (ASP), Microsoft E-Commerce, SQL 7.0, XML, Visual C++ 6.0 and Visual Basic 6.0, Visual J++ 6.0, COM (ATL), DCOM, JavaScript and VB Script. The web server was Microsoft Internet Information Server (IIS), Microsoft site server 3.0, with Microsoft E-Commerce edition 3.0 and FrontPage extension running under the NT Server The web application provides NT related services online. The user can register and buy services and also allows the user to troubleshoot and configure a system at real time online. The web site also provides the capability of chatting online, customer support online, statistical analysis online and transaction online. *Developed a database management application for a medical health care center, using Visual Basic 6.0, SQL 7.0, Crystal report and Access 2000. (Windows 98 and NT) American Computech, Pleasanton, California 3/98-6/00 *Developed different applications using Visual C++, Visual J++, and Access. *Involved in the development of a CRM (Customer Relation Management)web application in Visual InterDev 6.0 using Active Server Pages (ASP), Microsoft E-Commerce, SQL 7.0, XML, Visual Basic 6.0, Visual J++ 6.0, COM, DCOM, JavaScript and VB Script. (Windows 98 and NT) *Developed an application in Visual Basic 5.0, Access 97 and Crystal reports (using ODBC) for financial analyses department of FHP (Concord, California). The application is capable of importing data from other systems, analyzing and processing the data and generating hundreds of reports base on the original data. *Developed an MDI application in Visual C++5,0 and Access 97 for windows called ID maker. The application is designed to drive a digital camera, capture a picture and generate different ID cards using OLE (marketing for schools and clubs). The Cannon digital camera is controlled via DLL functions calls to the camera's driver. The camera is connected via a parallel port. I have also developed several OCXs for this project. *Developed an application in Visual Basic 5.0, Access 97 and Crystal reports (using ODBC). The application is a very large information management system for CBI (City Building Inc. in San Francisco). The application contains 28 relational tables large number of queries forms and reports. Tavanir Co., Tehran, Iran 9/95-3/98 *Developed an application in Visual C++ 5.0 intended for network control managements. The application is able to get information such as voltage, active and reactive power from power plants and transmission stations and specifies transmission state using power flow method after a fault occurs on the transmission line. *Developed an application for voltage drop on the net. The application was developed in Visual Basic 5.0 using graphical OCXs. *Developed hardware for the high voltage network. *Developed an application in Visual C++ 4.0. The application checks the transmitting power on the lines and controls the system's steady state by alarm system. *Developed an application in Visual C++ 4.0 set the protection relays in substations to protect the network's reliability. Pishro Co., Tehran, Iran 11/94-6/95 Designed, developed and implemented electrical systems using computer aided software. The electrical systems were intended for both indoors (Buildings) and outdoors (Airports and Terminals). The systems were designed and based on the standard and regulation of electrical system. Pardis Tower Co, Tehran, Iran 1/93-11/94 Designed simulators for training purpose. *Developed an application in C++ for cycloconvertor simulator. The cycloconvertor is used in the starters of synchronous motors. *Developed application using C++ for control speed of DC motors. The application gets input voltage to the motor, speed of motor and rotor's current. It can control the motor speed based on requested speed. *Developed application using C++ for step motor's control speed. In order to change the angle of dish antenna, the application orders to step motor to change the rotor's situation. SKILLS: Software development Visual C++, Visual Basic, Visual InterDev, Visual J++, MFC, SDKs, COM, DCOM, ATL ActiveXs , C++, Fortran, Intel 8085 Assembler Access. Internet development Visual InterDev 6.0, Active Server Pages (ASP), SQL 7.0, COM, DCOM, Java script. Database development MS-SQL, Access, FoxPro Operating System Used NT, MS-Win, UNIX, VAX, MS-DOS --52440554 Content-Type: application/msword; name="kian_Resume.doc" Content-Transfer-Encoding: Base64 Content-Disposition: attachment; filename="kian_Resume.doc" e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcdWMxIFxkZWZmMFxkZWZsYW5nMTAzM1xkZWZsYW5nZmUx MDMze1xmb250dGJse1xmMFxmcm9tYW5cZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMjAyMDYw MzA1MDQwNTAyMDMwNH1UaW1lcyBOZXcgUm9tYW47fXtcZjJcZm1vZGVyblxmY2hhcnNldDBcZnBy cTF7XCpccGFub3NlIDAyMDcwMzA5MDIwMjA1MDIwNDA0fUNvdXJpZXIgTmV3O30NCntcZjNcZnJv bWFuXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwNTAxMDIwMTA3MDYwMjA1MDd9U3ltYm9s O317XGYxNFxmbmlsXGZjaGFyc2V0MlxmcHJxMntcKlxwYW5vc2UgMDUwMDAwMDAwMDAwMDAwMDAw MDB9V2luZ2RpbmdzO317XGYyOFxmc3dpc3NcZmNoYXJzZXQwXGZwcnEye1wqXHBhbm9zZSAwMjBi MDYwNDAzMDUwNDA0MDIwNH1WZXJkYW5hO30NCntcZjMzXGZyb21hblxmY2hhcnNldDIzOFxmcHJx MiBUaW1lcyBOZXcgUm9tYW4gQ0U7fXtcZjM0XGZyb21hblxmY2hhcnNldDIwNFxmcHJxMiBUaW1l cyBOZXcgUm9tYW4gQ3lyO317XGYzNlxmcm9tYW5cZmNoYXJzZXQxNjFcZnBycTIgVGltZXMgTmV3 IFJvbWFuIEdyZWVrO317XGYzN1xmcm9tYW5cZmNoYXJzZXQxNjJcZnBycTIgVGltZXMgTmV3IFJv bWFuIFR1cjt9DQp7XGYzOFxmcm9tYW5cZmNoYXJzZXQxNzdcZnBycTIgVGltZXMgTmV3IFJvbWFu IChIZWJyZXcpO317XGYzOVxmcm9tYW5cZmNoYXJzZXQxNzhcZnBycTIgVGltZXMgTmV3IFJvbWFu IChBcmFiaWMpO317XGY0MFxmcm9tYW5cZmNoYXJzZXQxODZcZnBycTIgVGltZXMgTmV3IFJvbWFu IEJhbHRpYzt9e1xmNDlcZm1vZGVyblxmY2hhcnNldDIzOFxmcHJxMSBDb3VyaWVyIE5ldyBDRTt9 DQp7XGY1MFxmbW9kZXJuXGZjaGFyc2V0MjA0XGZwcnExIENvdXJpZXIgTmV3IEN5cjt9e1xmNTJc Zm1vZGVyblxmY2hhcnNldDE2MVxmcHJxMSBDb3VyaWVyIE5ldyBHcmVlazt9e1xmNTNcZm1vZGVy blxmY2hhcnNldDE2MlxmcHJxMSBDb3VyaWVyIE5ldyBUdXI7fXtcZjU0XGZtb2Rlcm5cZmNoYXJz ZXQxNzdcZnBycTEgQ291cmllciBOZXcgKEhlYnJldyk7fQ0Ke1xmNTVcZm1vZGVyblxmY2hhcnNl dDE3OFxmcHJxMSBDb3VyaWVyIE5ldyAoQXJhYmljKTt9e1xmNTZcZm1vZGVyblxmY2hhcnNldDE4 NlxmcHJxMSBDb3VyaWVyIE5ldyBCYWx0aWM7fXtcZjI1N1xmc3dpc3NcZmNoYXJzZXQyMzhcZnBy cTIgVmVyZGFuYSBDRTt9e1xmMjU4XGZzd2lzc1xmY2hhcnNldDIwNFxmcHJxMiBWZXJkYW5hIEN5 cjt9e1xmMjYwXGZzd2lzc1xmY2hhcnNldDE2MVxmcHJxMiBWZXJkYW5hIEdyZWVrO30NCntcZjI2 MVxmc3dpc3NcZmNoYXJzZXQxNjJcZnBycTIgVmVyZGFuYSBUdXI7fXtcZjI2NFxmc3dpc3NcZmNo YXJzZXQxODZcZnBycTIgVmVyZGFuYSBCYWx0aWM7fX17XGNvbG9ydGJsO1xyZWQwXGdyZWVuMFxi bHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTtccmVkMFxncmVlbjI1NVxibHVlMjU1O1xyZWQwXGdy ZWVuMjU1XGJsdWUwO1xyZWQyNTVcZ3JlZW4wXGJsdWUyNTU7XHJlZDI1NVxncmVlbjBcYmx1ZTA7 DQpccmVkMjU1XGdyZWVuMjU1XGJsdWUwO1xyZWQyNTVcZ3JlZW4yNTVcYmx1ZTI1NTtccmVkMFxn cmVlbjBcYmx1ZTEyODtccmVkMFxncmVlbjEyOFxibHVlMTI4O1xyZWQwXGdyZWVuMTI4XGJsdWUw O1xyZWQxMjhcZ3JlZW4wXGJsdWUxMjg7XHJlZDEyOFxncmVlbjBcYmx1ZTA7XHJlZDEyOFxncmVl bjEyOFxibHVlMDtccmVkMTI4XGdyZWVuMTI4XGJsdWUxMjg7XHJlZDE5MlxncmVlbjE5MlxibHVl MTkyO317XHN0eWxlc2hlZXR7DQpccWwgXGxpMFxyaTBcd2lkY3RscGFyXG5vb3ZlcmZsb3dcZmFy b21hblxyaW4wXGxpbjBcaXRhcDAgXGZzMjRcbGFuZzEwMzNcbGFuZ2ZlMTAzM1xjZ3JpZFxsYW5n bnAxMDMzXGxhbmdmZW5wMTAzMyBcc25leHQwIE5vcm1hbDt9e1wqXGNzMTAgXGFkZGl0aXZlIERl ZmF1bHQgUGFyYWdyYXBoIEZvbnQ7fXtcczE1XHFsIFxsaTBccmkwXHdpZGN0bHBhcg0KXHR4MFx0 eDk1OVx0eDE5MThcdHgyODc3XHR4MzgzNlx0eDQ3OTVcdHg1NzU0XHR4NjcxM1x0eDc2NzJcdHg4 NjMxXHR4OTU5MFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIFxmMlxmczIwXGxh bmcxMDMzXGxhbmdmZTEwMzNcY2dyaWRcbGFuZ25wMTAzM1xsYW5nZmVucDEwMzMgXHNiYXNlZG9u MCBcc25leHQxNSBQcmVmb3JtYXR0ZWQ7fXtcKlxjczE2IFxhZGRpdGl2ZSBcdWxcY2YyIFxzYmFz ZWRvbjEwIEh5cGVybGluazt9ew0KXHMxN1xxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHg3MDMwXG5v b3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAgXGZzMjJcbGFuZzEwMzNcbGFuZ2ZlMTAz M1xjZ3JpZFxsYW5nbnAxMDMzXGxhbmdmZW5wMTAzMyBcc2Jhc2Vkb24wIFxzbmV4dDE3IEJvZHkg VGV4dDt9e1wqXGNzMTggXGFkZGl0aXZlIFx1bFxjZjEyIFxzYmFzZWRvbjEwIEZvbGxvd2VkSHlw ZXJsaW5rO319e1wqXGxpc3R0YWJsZQ0Ke1xsaXN0XGxpc3R0ZW1wbGF0ZWlkMTcxNjMxNjY0Mlxs aXN0aHlicmlke1xsaXN0bGV2ZWxcbGV2ZWxuZmMyM1xsZXZlbG5mY24yM1xsZXZlbGpjMFxsZXZl bGpjbjBcbGV2ZWxmb2xsb3cwXGxldmVsc3RhcnRhdDBcbGV2ZWxzcGFjZTBcbGV2ZWxpbmRlbnQw e1xsZXZlbHRleHRcbGV2ZWx0ZW1wbGF0ZWlkLTMxMTc3OTkzOFwnMDFcdS0zOTEzID87fXtcbGV2 ZWxudW1iZXJzO31cYlxsb2NoXGFmM1xoaWNoXGFmM1xkYmNoXGFmMFxjaGJyZHINClxicmRybm9u ZVxicmRyY2YxIFxjaHNoZG5nMFxjaGNmcGF0MVxjaGNicGF0MVxmYmlhczAgXGZpLTM2MFxsaTcy MFxqY2xpc3R0YWJcdHg3MjAgfXtcbGlzdGxldmVsXGxldmVsbmZjMjNcbGV2ZWxuZmNuMjNcbGV2 ZWxqYzBcbGV2ZWxqY24wXGxldmVsZm9sbG93MFxsZXZlbHN0YXJ0YXQxXGxldmVsc3BhY2UwXGxl dmVsaW5kZW50MHtcbGV2ZWx0ZXh0XGxldmVsdGVtcGxhdGVpZDY3Njk4NjkxXCcwMW87fXtcbGV2 ZWxudW1iZXJzO31cZjINClxjaGJyZHJcYnJkcm5vbmVcYnJkcmNmMSBcY2hzaGRuZzBcY2hjZnBh dDFcY2hjYnBhdDFcZmJpYXMwIFxmaS0zNjBcbGkxNDQwXGpjbGlzdHRhYlx0eDE0NDAgfXtcbGlz dGxldmVsXGxldmVsbmZjMjNcbGV2ZWxuZmNuMjNcbGV2ZWxqYzBcbGV2ZWxqY24wXGxldmVsZm9s bG93MFxsZXZlbHN0YXJ0YXQxXGxldmVsc3BhY2UwXGxldmVsaW5kZW50MHtcbGV2ZWx0ZXh0XGxl dmVsdGVtcGxhdGVpZDY3Njk4NjkzDQpcJzAxXHUtMzkyOSA/O317XGxldmVsbnVtYmVyczt9XGYx NFxjaGJyZHJcYnJkcm5vbmVcYnJkcmNmMSBcY2hzaGRuZzBcY2hjZnBhdDFcY2hjYnBhdDFcZmJp YXMwIFxmaS0zNjBcbGkyMTYwXGpjbGlzdHRhYlx0eDIxNjAgfXtcbGlzdGxldmVsXGxldmVsbmZj MjNcbGV2ZWxuZmNuMjNcbGV2ZWxqYzBcbGV2ZWxqY24wXGxldmVsZm9sbG93MFxsZXZlbHN0YXJ0 YXQxXGxldmVsc3BhY2UwXGxldmVsaW5kZW50MHtcbGV2ZWx0ZXh0DQpcbGV2ZWx0ZW1wbGF0ZWlk Njc2OTg2ODlcJzAxXHUtMzkxMyA/O317XGxldmVsbnVtYmVyczt9XGYzXGNoYnJkclxicmRybm9u ZVxicmRyY2YxIFxjaHNoZG5nMFxjaGNmcGF0MVxjaGNicGF0MVxmYmlhczAgXGZpLTM2MFxsaTI4 ODBcamNsaXN0dGFiXHR4Mjg4MCB9e1xsaXN0bGV2ZWxcbGV2ZWxuZmMyM1xsZXZlbG5mY24yM1xs ZXZlbGpjMFxsZXZlbGpjbjBcbGV2ZWxmb2xsb3cwXGxldmVsc3RhcnRhdDFcbGV2ZWxzcGFjZTAN ClxsZXZlbGluZGVudDB7XGxldmVsdGV4dFxsZXZlbHRlbXBsYXRlaWQ2NzY5ODY5MVwnMDFvO317 XGxldmVsbnVtYmVyczt9XGYyXGNoYnJkclxicmRybm9uZVxicmRyY2YxIFxjaHNoZG5nMFxjaGNm cGF0MVxjaGNicGF0MVxmYmlhczAgXGZpLTM2MFxsaTM2MDBcamNsaXN0dGFiXHR4MzYwMCB9e1xs aXN0bGV2ZWxcbGV2ZWxuZmMyM1xsZXZlbG5mY24yM1xsZXZlbGpjMFxsZXZlbGpjbjBcbGV2ZWxm b2xsb3cwXGxldmVsc3RhcnRhdDENClxsZXZlbHNwYWNlMFxsZXZlbGluZGVudDB7XGxldmVsdGV4 dFxsZXZlbHRlbXBsYXRlaWQ2NzY5ODY5M1wnMDFcdS0zOTI5ID87fXtcbGV2ZWxudW1iZXJzO31c ZjE0XGNoYnJkclxicmRybm9uZVxicmRyY2YxIFxjaHNoZG5nMFxjaGNmcGF0MVxjaGNicGF0MVxm YmlhczAgXGZpLTM2MFxsaTQzMjBcamNsaXN0dGFiXHR4NDMyMCB9e1xsaXN0bGV2ZWxcbGV2ZWxu ZmMyM1xsZXZlbG5mY24yM1xsZXZlbGpjMFxsZXZlbGpjbjBcbGV2ZWxmb2xsb3cwDQpcbGV2ZWxz dGFydGF0MVxsZXZlbHNwYWNlMFxsZXZlbGluZGVudDB7XGxldmVsdGV4dFxsZXZlbHRlbXBsYXRl aWQ2NzY5ODY4OVwnMDFcdS0zOTEzID87fXtcbGV2ZWxudW1iZXJzO31cZjNcY2hicmRyXGJyZHJu b25lXGJyZHJjZjEgXGNoc2hkbmcwXGNoY2ZwYXQxXGNoY2JwYXQxXGZiaWFzMCBcZmktMzYwXGxp NTA0MFxqY2xpc3R0YWJcdHg1MDQwIH17XGxpc3RsZXZlbFxsZXZlbG5mYzIzXGxldmVsbmZjbjIz XGxldmVsamMwXGxldmVsamNuMA0KXGxldmVsZm9sbG93MFxsZXZlbHN0YXJ0YXQxXGxldmVsc3Bh Y2UwXGxldmVsaW5kZW50MHtcbGV2ZWx0ZXh0XGxldmVsdGVtcGxhdGVpZDY3Njk4NjkxXCcwMW87 fXtcbGV2ZWxudW1iZXJzO31cZjJcY2hicmRyXGJyZHJub25lXGJyZHJjZjEgXGNoc2hkbmcwXGNo Y2ZwYXQxXGNoY2JwYXQxXGZiaWFzMCBcZmktMzYwXGxpNTc2MFxqY2xpc3R0YWJcdHg1NzYwIH17 XGxpc3RsZXZlbFxsZXZlbG5mYzIzXGxldmVsbmZjbjIzXGxldmVsamMwDQpcbGV2ZWxqY24wXGxl dmVsZm9sbG93MFxsZXZlbHN0YXJ0YXQxXGxldmVsc3BhY2UwXGxldmVsaW5kZW50MHtcbGV2ZWx0 ZXh0XGxldmVsdGVtcGxhdGVpZDY3Njk4NjkzXCcwMVx1LTM5MjkgPzt9e1xsZXZlbG51bWJlcnM7 fVxmMTRcY2hicmRyXGJyZHJub25lXGJyZHJjZjEgXGNoc2hkbmcwXGNoY2ZwYXQxXGNoY2JwYXQx XGZiaWFzMCBcZmktMzYwXGxpNjQ4MFxqY2xpc3R0YWJcdHg2NDgwIH17XGxpc3RuYW1lIDt9XGxp c3RpZDYxOTA2ODY3Nn0NCn17XCpcbGlzdG92ZXJyaWRldGFibGV7XGxpc3RvdmVycmlkZVxsaXN0 aWQ2MTkwNjg2NzZcbGlzdG92ZXJyaWRlY291bnQwXGxzMX19e1xpbmZve1x0aXRsZSBCYWJhayBN YWxla2l9e1xhdXRob3IgS0lBTn17XG9wZXJhdG9yIEtJQU59e1xjcmVhdGltXHlyMjAwMVxtbzEw XGR5MlxocjE0XG1pbjIzfXtccmV2dGltXHlyMjAwMVxtbzEwXGR5MTdcaHIxMVxtaW41OH17XHBy aW50aW1ceXIyMDAwXG1vNlxkeTI5XGhyMThcbWluMTl9DQp7XHZlcnNpb245fXtcZWRtaW5zMTd9 e1xub2ZwYWdlczN9e1xub2Z3b3JkczkxOX17XG5vZmNoYXJzNTI0M317XCpcY29tcGFueSBUb3Jv bnRvLCBPbnRhcmlvfXtcbm9mY2hhcnN3czB9e1x2ZXJuODI0N319XG1hcmdsMTQ0MFxtYXJncjE0 NDBcbWFyZ3QxMjYwIA0KXHdpZG93Y3RybFxmdG5ialxhZW5kZG9jXG5veGxhdHRveWVuXGV4cHNo cnRuXG5vdWx0cmxzcGNcZG50Ymxuc2JkYlxub3NwYWNlZm9ydWxcbHl0cHJ0bWV0XGh5cGhjYXBz MFxmb3Jtc2hhZGVcaG9yemRvY1xkZ2hzcGFjZTEyMFxkZ3ZzcGFjZTEyMFxkZ2hvcmlnaW4xNzAx XGRndm9yaWdpbjE5ODRcZGdoc2hvdzFcZGd2c2hvdzANClxqZXhwYW5kXHZpZXdraW5kMVx2aWV3 c2NhbGUxMDBccGdicmRyaGVhZFxwZ2JyZHJmb290XGJkcnJsc3dzaXhcbm9sbmh0YWRqdGJsXG9s ZGFzIFxmZXQwXHNlY3RkIFxsaW5leDBcaGVhZGVyeTE0NDBcZm9vdGVyeTE0NDBcc2VjdGRlZmF1 bHRjbCB7XCpccG5zZWNsdmwxXHBudWNybVxwbnFjXHBuc3RhcnQxXHBuaW5kZW50NzIwXHBuaGFu Z3tccG50eHRhIC59fXtcKlxwbnNlY2x2bDINClxwbnVjbHRyXHBucWNccG5zdGFydDFccG5pbmRl bnQ3MjBccG5oYW5ne1xwbnR4dGEgLn19e1wqXHBuc2VjbHZsM1xwbmRlY1xwbnFjXHBuc3RhcnQx XHBuaW5kZW50NzIwXHBuaGFuZ3tccG50eHRhIC59fXtcKlxwbnNlY2x2bDRccG5sY2x0clxwbnFj XHBuc3RhcnQxXHBuaW5kZW50NzIwXHBuaGFuZ3tccG50eHRhICl9fXtcKlxwbnNlY2x2bDVccG5k ZWNccG5xY1xwbnN0YXJ0MVxwbmluZGVudDcyMFxwbmhhbmd7XHBudHh0YiAofQ0Ke1xwbnR4dGEg KX19e1wqXHBuc2VjbHZsNlxwbmxjbHRyXHBucWNccG5zdGFydDFccG5pbmRlbnQ3MjBccG5oYW5n e1xwbnR4dGIgKH17XHBudHh0YSApfX17XCpccG5zZWNsdmw3XHBubGNybVxwbnFjXHBuc3RhcnQx XHBuaW5kZW50NzIwXHBuaGFuZ3tccG50eHRiICh9e1xwbnR4dGEgKX19e1wqXHBuc2VjbHZsOFxw bmxjbHRyXHBucWNccG5zdGFydDFccG5pbmRlbnQ3MjBccG5oYW5ne1xwbnR4dGIgKH17XHBudHh0 YSApfX17XCpccG5zZWNsdmw5DQpccG5sY3JtXHBucWNccG5zdGFydDFccG5pbmRlbnQ3MjBccG5o YW5ne1xwbnR4dGIgKH17XHBudHh0YSApfX1ccGFyZFxwbGFpbiBcczE1XHFsIFxsaTBccmkwXHdp ZGN0bHBhclx0eDBcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbjBcbGluMFxpdGFwMCBcZjJcZnMyMFxs YW5nMTAzM1xsYW5nZmUxMDMzXGNncmlkXGxhbmducDEwMzNcbGFuZ2ZlbnAxMDMzIHtcYlxmMFxm czIyIEtpYW4gSGFnaGRhZA0KXHBhciB9e1xmMFxmczIyIDggS2luZ3NicmlkZ2UgQ3J0LiwgQXB0 LiA1MDggDQpccGFyIFRvcm9udG8sIE9udGFyaW8gTTJSIDFMNQ0KXHBhciBIb21lOiAoNDE2KSA2 MzAtNzA2Ng0KXHBhciB9e1xmMFxmczIyXGxhbmcxMDM2XGxhbmdmZTEwMzNcbGFuZ25wMTAzNiBF bWFpbFx+OiBcfmtoYWdoZGFkM0B5YWhvby5jb219e1xmMjggDQpccGFyIH17XGYwXGZzMjJcbGFu ZzEwMzZcbGFuZ2ZlMTAzM1xsYW5nbnAxMDM2IA0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJp LTcyMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4tNzIwXGxpbjBcaXRhcDAg e1xiXGlcZjBcZnMyNCANCkkgaGF2ZSBtb3JlIHRoYW4gNysgeWVhcnMgb2YgZXhwZXJpZW5jZSBp biBhcHBsaWNhdGlvbiBkZXZlbG9wbWVudCwgRGF0YWJhc2UgTWFuYWdlbWVudCwgSW50ZXJuZXQg ZGV2ZWxvcG1lbnQuIEkgaGF2ZSBhbHNvIGJlZW4gaW52b2x2ZWQgaW4gaGFyZHdhcmUgZGVzaWdu LiBNeSBzb2Z0d2FyZSBkZXZlbG9wbWVudCBleHBlcmllbmNlIGlzIG1haW5seSBpbiBWaXN1YWwg QmFzaWMsIFZpc3VhbCBDKyssIFZpc3VhbCBKKyssIFZpc3VhbCBJbnRlcg0KRGV2LCBDT00sIERD T00sIE1GQywgU0RLcywgTVMtQWNjZXNzLCBNUy1TUUwsIEZveFBybywgSmF2YSBzY3JpcHQgYW5k IFZCIHNjcmlwLCBIVE1MIGFuZCBESFRNTC4gT3ZlciB0aGUgeWVhcnMgSSBoYXZlIGJlZW4gcmVz cG9uc2libGUgZm9yIHRoZSBEZXZlbG9wbWVudCBvZiBtYW55IGFwcGxpY2F0aW9ucyBmcm9tIGRl c2lnbiB0byBjb21tZXJjaWFsIHJlbGVhc2V9e1xiXGYwXGZzMjQgLg0KXHBhciB9XHBhcmQgXHMx NVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBc aXRhcDAge1xmMFxmczIyIA0KXHBhciB9XHBhcmQgXHMxNVxxYyBcbGkwXHJpMFx3aWRjdGxwYXJc dHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xiXGYwXGZzMjIgRURVQ0FU SU9OOg0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZs b3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xmMFxmczIyIA0KXHBhciB9XHBhcmQgXHMxNVxx bCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXHR4NzgzMFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxs aW4wXGl0YXAwIHtcYlxmMFxmczIyXHVsIFNoYXJpZiBVbml2ZXJzaXR5IE9GIFRlY2hub2xvZ3ks IFRlaHJhbiAoVGhlIGJlc3QgdGVjaG5pY2FsIHNjaG9vbCBpbiBJcmFuKX17XGJcZjBcZnMyMiBc dGFiIH17XGJcZjBcZnMyMlx1bCA5Lzg3LTYvOTINClxwYXIgfVxwYXJkIFxzMTVccWwgXGxpMFxy aTBcd2lkY3RscGFyXHR4MFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIHtcZjBc ZnMyMiBCLlMuIERlZ3JlZTogRWxlY3RyaWNhbCBFbmdpbmVlcmluZyBhbmQgY29tcHV0ZXIgc2Np ZW5jZQ0KXHBhciBXb3JrZWQgb24gTS5TLiBkZWdyZWUgaW4gVGVsZWNvbW11bmljYXRpb24gZW5n aW5lZXJpbmcNClxwYXIgDQpccGFyIH1ccGFyZCBcczE1XHFjIFxsaTBccmktNjMwXHdpZGN0bHBh clx0eDBcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbi02MzBcbGluMFxpdGFwMCB7XGJcZjBcZnMyNCBF WFBFUklFTkNFOg0KXHBhciANClxwYXIgfVxwYXJkIFxzMTVccWwgXGxpMFxyaS02MzBcd2lkY3Rs cGFyXHR4MFx0eDcwMzVcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbi02MzBcbGluMFxpdGFwMCB7XGJc ZjBcZnMyMlx1bCBVbmlzZWFyY2ggQXNzb2NpYXRlcywgQ29uY29yZCwgT250YXJpb317XGJcZjBc ZnMyMiBcdGFiIH17XGJcZjBcZnMyMlx1bCAzLzAxLVByZXNlbnQNClxwYXIgfXtcZjBcZnMyMiAq IERldmVsb3BlZCBhbiBBVEwgRENPTSBiYXNlZCBTZXJ2ZXIgYW5kIE1GQyBjbGllbnQgR1VJIHVz aW5nIFZpc3VhbCBDKys2LjAuDQpccGFyIFRoZSBhcHBsaWNhdGlvbiBjb250cm9scyB0aGUgbGFz ZXIgYmVhbSBpbiB0aGUgVVYgaW5zdHJ1bWVudHMgYW5kIGNvbW11bmljYXRlcyB0byBMYXNJUiB1 c2luZyBUaGUNClxwYXIgUGFyYWxsZWwgcG9ydC4gVGhlIHJlc3VsdCAoTk8vQ08yIGFuZCBUT0wv Q08yIHJhdGlvKSBpcyBvdXRwdXR0ZWQgdG8gdGhlIGNsaWVudFxycXVvdGUgcyBjb21wdXRlciBh cyBhIFJTMjMyIHN0cmluZw0KXHBhciANClxwYXIgKiBEZXZlbG9wZWQgYSBEQ09NIGFwcGxpY2F0 aW9uIHVzaW5nIHZpc3VhbCBDKys2LjAgYW5kIGVtYmVkZGVkICBKYXZhIHNjcmlwdC4NClxwYXIg VGhlIGFwcGxpY2F0aW9uIGlzIGEgZGF0YSBhY3F1aXNpdGlvbiBzb2Z0d2FyZSB3aGljaCBjb21t dW5pY2F0ZXMgd2l0aCBhIHNwZWN0cm9zY29weSBzb2Z0d2FyZSBhbmQNClxwYXIgZ2V0cyB0aGUg RGF0YSBzdWNoIGFzIFRlbXBlcmF0dXJlLCBwcmVzc3VyZSBhbmQgZ2FzIGNvbmNlbnRyYXRpb24g ZnJvbSBhIGxhc2VyIGluc3RydW1lbnQgKEZUSVIpLg0KXHBhciBBbHNvIHRoZSBhcHBsaWNhdGlv biBnZXRzIG90aGVyIGRhdGEgZnJvbSBhIHdoZXRoZXIgc3RhdGlvbiBjb25uZWN0ZWQgdG8gdGhl IHNlcmlhbCBwb3J0IGF0IHJlYWwgdGltZSANClxwYXIgYW5kIHVzaW5nIGFuIEkvTyBwb3J0IGRy YXdzIGRpZmZlcmVudCBjaGFydHMgZHJpdmluZyBhIHBsb3R0ZXIuDQpccGFyIFVzZXIgY2FuIGNv bnRyb2wgdGhlIGRhdGEgYWNxdWlzaXRpb24gcGFyYW1ldGVycyBieSBtb2RpZnlpbmcgdGhlIHNj cmlwdCBmaWxlLg0KXHBhciAqIEhhcmR3YXJlIGFuZCBzb2Z0d2FyZSBkZXNpZ24gZm9yIGEgY3Vy cmVudCBsb29wIHdpdGggNiBjaGFubmVscyB0byBydW4gYSBwbG90dGVyIHVzaW5nIGFuIEkvTyBw b3J0Lg0KXHBhciAqIFRyYW5zZmVyIHRoZSB3aW5kb3dzIGJhc2VkIGFwcGxpY2F0aW9uIHRvIHRo ZSBtaWNybyBjb250cm9sbGVycyB1c2luZyBQSUNNaWNyby4NClxwYXIgDQpccGFyIH1ccGFyZCBc czE1XHFsIFxsaTBccmkwXHdpZGN0bHBhclx0eDBcdHg3MDIwXG5vb3ZlcmZsb3dcZmFyb21hblxy aW4wXGxpbjBcaXRhcDAge1xiXGYwXGZzMjJcdWwgQW1lcmljYW4gU2t5U2F0LCBXYWxudXQgQ3Jl ZWssIENhbGlmb3JuaWF9e1xmMFxmczIyIFx0YWIgfXtcYlxmMFxmczIyXHVsIDYvMDAtMy8wMQ0K XHBhciB9XHBhcmRccGxhaW4gXHMxN1xxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHg3MDMwXG5vb3Zl cmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAgXGZzMjJcbGFuZzEwMzNcbGFuZ2ZlMTAzM1xj Z3JpZFxsYW5nbnAxMDMzXGxhbmdmZW5wMTAzMyB7DQoqIEludm9sdmVkIGluIHRoZSBkZXZlbG9w bWVudCBvZiBhIHdlYiBhcHBsaWNhdGlvbiBpbiBWaXN1YWwgSW50ZXJEZXYgNi4wIHVzaW5nIEFj dGl2ZSBTZXJ2ZXIgUGFnZXMgKEFTUCksIE1pY3Jvc29mdCBFLUNvbW1lcmNlLCBTUUwgNy4wLCBY TUwsIFZpc3VhbCBDKysgNi4wIGFuZCBWaXN1YWwgQmFzaWMgNi4wLCBWaXN1YWwgSisrIDYuMCwg Q09NIChBVEwpLCBEQ09NLCBKYXZhU2NyaXB0IGFuZCBWQiBTY3JpcA0KdC4gVGhlIHdlYiBzZXJ2 ZXIgd2FzIE1pY3Jvc29mdCBJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2ZXIgKElJUyksIE1pY3Jv c29mdCBzaXRlIHNlcnZlciAzLjAsIHdpdGggTWljcm9zb2Z0IEUtQ29tbWVyY2UgZWRpdGlvbiAz LjAgYW5kIEZyb250UGFnZSBleHRlbnNpb24gcnVubmluZyB1bmRlciB0aGUgTlQgU2VydmVyIFRo ZSB3ZWIgYXBwbGljYXRpb24gcHJvdmlkZXMgTlQgcmVsYXRlZCBzZXJ2aWNlcyBvbmxpbmUuIFRo ZSB1c2VyIGNhbiByDQplZ2lzdGVyIGFuZCBidXkgc2VydmljZXMgYW5kIGFsc28gYWxsb3dzIHRo ZSB1c2VyIHRvIHRyb3VibGVzaG9vdCBhbmQgY29uZmlndXJlIGEgc3lzdGVtIGF0IHJlYWwgdGlt ZSBvbmxpbmUuIFRoZSB3ZWIgc2l0ZSBhbHNvIHByb3ZpZGVzIHRoZSBjYXBhYmlsaXR5IG9mIGNo YXR0aW5nIG9ubGluZSwgY3VzdG9tZXIgc3VwcG9ydCBvbmxpbmUsIHN0YXRpc3RpY2FsIGFuYWx5 c2lzIG9ubGluZSBhbmQgdHJhbnNhY3Rpb24gb25saW5lLg0KXHBhciB9XHBhcmRccGxhaW4gXHMx NVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBc aXRhcDAgXGYyXGZzMjBcbGFuZzEwMzNcbGFuZ2ZlMTAzM1xjZ3JpZFxsYW5nbnAxMDMzXGxhbmdm ZW5wMTAzMyB7XGYwXGZzMjIgDQpccGFyICogRGV2ZWxvcGVkIGEgZGF0YWJhc2UgbWFuYWdlbWVu dCBhcHBsaWNhdGlvbiBmb3IgYSBtZWRpY2FsIGhlYWx0aCBjYXJlIGNlbnRlciwgdXNpbmcgVmlz dWFsIEJhc2ljIDYuMCwgU1FMIDcuMCwgQ3J5c3RhbCByZXBvcnQgYW5kIEFjY2VzcyAyMDAwLiAo V2luZG93cyA5OCBhbmQgTlQpDQpccGFyIA0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3 aWRjdGxwYXJcdHgwXHR4NzAyMFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIHtc YlxmMFxmczIyXHVsIEFtZXJpY2FuIENvbXB1dGVjaCwgUGxlYXNhbnRvbiwgQ2FsaWZvcm5pYX17 XGYwXGZzMjIgXHRhYiB9e1xiXGYwXGZzMjJcdWwgMy85OC02LzAwDQpccGFyIH17XGYwXGZzMjIg KkRldmVsb3BlZCBkaWZmZXJlbnQgYXBwbGljYXRpb25zIHVzaW5nIFZpc3VhbCBDKyssIFZpc3Vh bCBKKyssIGFuZCBBY2Nlc3MuDQpccGFyIH1ccGFyZFxwbGFpbiBcczE3XHFsIFxsaTBccmkwXHdp ZGN0bHBhclx0eDcwMzBcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbjBcbGluMFxpdGFwMCBcZnMyMlxs YW5nMTAzM1xsYW5nZmUxMDMzXGNncmlkXGxhbmducDEwMzNcbGFuZ2ZlbnAxMDMzIHsNClxwYXIg fVxwYXJkXHBsYWluIFxzMTVccWwgXGxpMFxyaTBcd2lkY3RscGFyXHR4MFxub292ZXJmbG93XGZh cm9tYW5ccmluMFxsaW4wXGl0YXAwIFxmMlxmczIwXGxhbmcxMDMzXGxhbmdmZTEwMzNcY2dyaWRc bGFuZ25wMTAzM1xsYW5nZmVucDEwMzMge1xmMFxmczIyIA0KKiBJbnZvbHZlZCBpbiB0aGUgZGV2 ZWxvcG1lbnQgb2YgYSBDUk0gKEN1c3RvbWVyIFJlbGF0aW9uIE1hbmFnZW1lbnQpd2ViIGFwcGxp Y2F0aW9uIGluIFZpc3VhbCBJbnRlckRldiA2LjAgdXNpbmcgQWN0aXZlIFNlcnZlciBQYWdlcyAo QVNQKSwgTWljcm9zb2Z0IEUtQ29tbWVyY2UsIFNRTCA3LjAsIFhNTCwgVmlzdWFsIEJhc2ljIDYu MCwgVmlzdWFsIEorKyA2LjAsIENPTSwgRENPTSwgSg0KYXZhU2NyaXB0IGFuZCBWQiBTY3JpcHQu IChXaW5kb3dzIDk4IGFuZCBOVCkNClxwYXIgDQpccGFyIH1ccGFyZFxwbGFpbiBccWwgXGxpMFxy aTBcd2lkY3RscGFyXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAgXGZzMjRcbGFu ZzEwMzNcbGFuZ2ZlMTAzM1xjZ3JpZFxsYW5nbnAxMDMzXGxhbmdmZW5wMTAzMyB7DQoqRGV2ZWxv cGVkIGFuIGFwcGxpY2F0aW9uIGluIFZpc3VhbCBCYXNpYyA1LjAsIEFjY2VzcyA5NyBhbmQgQ3J5 c3RhbCByZXBvcnRzICh1c2luZyBPREJDKSBmb3IgZmluYW5jaWFsIGFuYWx5c2VzIGRlcGFydG1l bnQgb2YgRkhQIChDb25jb3JkLCBDYWxpZm9ybmlhKS4gVGhlIGFwcGxpY2F0aW9uIGlzIGNhcGFi bGUgb2YgaW1wb3J0aW5nIGRhdGEgZnJvbSBvdGhlciANCnN5c3RlbXMsIGFuYWx5emluZyBhbmQg cHJvY2Vzc2luZyB0aGUgZGF0YSBhbmQgZ2VuZXJhdGluZyBodW5kcmVkcyBvZiByZXBvcnRzIGJh c2Ugb24gdGhlIG9yaWdpbmFsIGRhdGEuDQpccGFyIH1ccGFyZFxwbGFpbiBcczE1XHFsIFxsaTBc cmkwXHdpZGN0bHBhclx0eDBcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbjBcbGluMFxpdGFwMCBcZjJc ZnMyMFxsYW5nMTAzM1xsYW5nZmUxMDMzXGNncmlkXGxhbmducDEwMzNcbGFuZ2ZlbnAxMDMzIHtc ZjBcZnMyMiANClxwYXIgKkRldmVsb3BlZCBhbiBNREkgYXBwbGljYXRpb24gaW4gVmlzdWFsIEMr KzUsMCBhbmQgQWNjZXNzIDk3IGZvciB3aW5kb3dzIGNhbGxlZCBJRCBtYWtlci4gVGhlIGFwcGxp Y2F0aW9uIGlzIGRlc2lnbmVkIHRvIGRyaXZlIGEgZGlnaXRhbCBjYW1lcmEsIGNhcHR1cmUgYSBw aWN0dXJlIGFuZCBnZW5lcmF0ZSBkaWZmZXJlbnQgSUQgY2FyZHMgdXNpbmcgT0xFIChtYXJrZXRp bmcgZm9yIHNjaG9vbHMgYW5kIGNsdWJzKS4gVGhlIENhbm5vbiBkaWdpDQp0YWwgY2FtZXJhIGlz IGNvbnRyb2xsZWQgdmlhIERMTCBmdW5jdGlvbnMgY2FsbHMgdG8gdGhlIGNhbWVyYVxycXVvdGUg cyBkcml2ZXIuIFRoZSBjYW1lcmEgaXMgY29ubmVjdGVkIHZpYSBhIHBhcmFsbGVsIHBvcnQuIEkg aGF2ZSBhbHNvIGRldmVsb3BlZCBzZXZlcmFsIE9DWHMgZm9yIHRoaXMgcHJvamVjdC4NClxwYXIg DQpccGFyIH1ccGFyZFxwbGFpbiBccWwgXGxpMFxyaTBcd2lkY3RscGFyXG5vb3ZlcmZsb3dcZmFy b21hblxyaW4wXGxpbjBcaXRhcDAgXGZzMjRcbGFuZzEwMzNcbGFuZ2ZlMTAzM1xjZ3JpZFxsYW5n bnAxMDMzXGxhbmdmZW5wMTAzMyB7KkRldmVsb3BlZCBhbiBhcHBsaWNhdGlvbiBpbiBWaXN1YWwg QmFzaWMgNS4wLCBBY2Nlc3MgOTcgYW5kIENyeXN0YWwgcmVwb3J0cyAodXNpbmcgTw0KREJDKS4g VGhlIGFwcGxpY2F0aW9uIGlzIGEgdmVyeSBsYXJnZSBpbmZvcm1hdGlvbiBtYW5hZ2VtZW50IHN5 c3RlbSBmb3IgQ0JJIChDaXR5IEJ1aWxkaW5nIEluYy4gaW4gU2FuIEZyYW5jaXNjbykuIFRoZSBh cHBsaWNhdGlvbiBjb250YWlucyAyOCByZWxhdGlvbmFsIHRhYmxlcyBsYXJnZSBudW1iZXIgb2Yg cXVlcmllcyBmb3JtcyBhbmQgcmVwb3J0cy4NClxwYXIgfVxwYXJkXHBsYWluIFxzMTVccWwgXGxp MFxyaTBcd2lkY3RscGFyXHR4MFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIFxm MlxmczIwXGxhbmcxMDMzXGxhbmdmZTEwMzNcY2dyaWRcbGFuZ25wMTAzM1xsYW5nZmVucDEwMzMg e1xmMFxmczIyIA0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXHR4 NzAyMFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIHtcYlxmMFxmczIyXHVsIFRh dmFuaXIgQ28uLCBUZWhyYW4sIElyYW59e1xiXGYwXGZzMjIgXHRhYiB9e1xiXGYwXGZzMjJcdWwg OS85NS0zLzk4fXtcYlxmMFxmczIyIA0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRj dGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xmMFxmczIyICpE ZXZlbG9wZWQgYW4gYQ0KcHBsaWNhdGlvbiBpbiBWaXN1YWwgQysrIDUuMCBpbnRlbmRlZCBmb3Ig bmV0d29yayBjb250cm9sIG1hbmFnZW1lbnRzLiBUaGUgYXBwbGljYXRpb24gaXMgYWJsZSB0byBn ZXQgaW5mb3JtYXRpb24gc3VjaCBhcyB2b2x0YWdlLCBhY3RpdmUgYW5kIHJlYWN0aXZlIHBvd2Vy IGZyb20gcG93ZXIgcGxhbnRzIGFuZCB0cmFuc21pc3Npb24gc3RhdGlvbnMgYW5kIHNwZWNpZmll cyB0cmFuc21pc3Npb24gc3RhdGUgdXNpbmcgcG93ZXIgZmxvdyBtZXRoDQpvZCBhZnRlciBhIGZh dWx0IG9jY3VycyBvbiB0aGUgdHJhbnNtaXNzaW9uIGxpbmUuIA0KXHBhciB9XHBhcmQgXHMxNVxx bCBcbGkwXHJpLTYzMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4tNjMwXGxp bjBcaXRhcDAge1xmMFxmczIyIA0KXHBhciAqIERldmVsb3BlZCBhbiBhcHBsaWNhdGlvbiBmb3Ig dm9sdGFnZSBkcm9wIG9uIHRoZSBuZXQuIFRoZSBhcHBsaWNhdGlvbiB3YXMgZGV2ZWxvcGVkIGlu IFZpc3VhbCBCYXNpYyA1LjAgdXNpbmcgZ3JhcGhpY2FsIE9DWHMuDQpccGFyIA0KXHBhciAqIERl dmVsb3BlZCBoYXJkd2FyZSBmb3IgdGhlIGhpZ2ggdm9sdGFnZSBuZXR3b3JrLg0KXHBhciB9XHBh cmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4w XGxpbjBcaXRhcDAge1xmMFxmczIyICpEZXZlbG9wZWQgYW4gYXBwbGljYXRpb24gaW4gVmlzdWFs IEMrKyA0LjAuIFRoZSBhcHBsaWNhdGlvbiBjaGVja3MgdGhlIHRyYW5zbWl0dGluZyBwb3dlciBv biB0aGUgbGluZXMgYW5kIGNvbnRyb2xzIHRoZSBzeXN0ZW0ncyBzdGVhZHkgc3RhdGUgYnkgYWxh cm0gc3lzdGVtLg0KXHBhciANClxwYXIgKkRldmVsb3BlZCBhbiBhcHBsaWNhdGlvbiBpbiBWaXN1 YWwgQysrIDQuMCBzZXQgdGhlIHByb3RlY3Rpb24gcmVsYXlzIGluIHN1YnN0YXRpb25zIHRvIHBy b3RlY3QgdGhlIG5ldHdvcmsncyByZWxpYWJpbGl0eS4NClxwYXIgDQpccGFyIH1ccGFyZCBcczE1 XHFsIFxsaTBccmkwXHdpZGN0bHBhclx0eDBcdHg3MDIwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4w XGxpbjBcaXRhcDAge1xiXGYwXGZzMjJcdWwgUGlzaHJvIENvLiwgVGVocmFuLCBJcmFufXtcZjBc ZnMyMiBcdGFiIH17XGJcZjBcZnMyMlx1bCAxMS85NC02Lzk1DQpccGFyIH1ccGFyZCBcczE1XHFs IFxsaTBccmkwXHdpZGN0bHBhclx0eDBcbm9vdmVyZmxvd1xmYXJvbWFuXHJpbjBcbGluMFxpdGFw MCB7XGYwXGZzMjIgDQpEZXNpZ25lZCwgZGV2ZWxvcGVkIGFuZCBpbXBsZW1lbnRlZCBlbGVjdHJp Y2FsIHN5c3RlbXMgdXNpbmcgY29tcHV0ZXIgYWlkZWQgc29mdHdhcmUuIFRoZSBlbGVjdHJpY2Fs IHN5c3RlbXMgd2VyZSBpbnRlbmRlZCBmb3IgYm90aCBpbmRvb3JzIChCdWlsZGluZ3MpIGFuZCBv dXRkb29ycyAoQWlycG9ydHMgYW5kIFRlcm1pbmFscykuDQpccGFyIFRoZSBzeXN0ZW1zIHdlcmUg ZGVzaWduZWQgYW5kIGJhc2VkIG9uIHRoZSBzdGFuZGFyZCBhbmQgcmVndWxhdGlvbiBvZiBlbGVj dHJpY2FsIHN5c3RlbS4NClxwYXIgDQpccGFyIH1ccGFyZCBcczE1XHFsIFxsaTBccmkwXHdpZGN0 bHBhclx0eDBcdHg3MDIwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xiXGYw XGZzMjJcdWwgUGFyZGlzIFRvd2VyIENvLCBUZWhyYW4sIElyYW59e1xmMFxmczIyIFx0YWIgfXtc YlxmMFxmczIyXHVsIDEvOTMtMTEvOTQNClxwYXIgfVxwYXJkIFxzMTVccWwgXGxpMFxyaTBcd2lk Y3RscGFyXHR4MFxub292ZXJmbG93XGZhcm9tYW5ccmluMFxsaW4wXGl0YXAwIHtcZjBcZnMyMiBE ZXNpZ25lZCBzaW11bGF0b3JzIGZvciB0cmFpbmluZyBwdXJwb3NlLg0KXHBhciB9XHBhcmQgXHMx NVxxbCBcbGkwXHJpLTYzMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4tNjMw XGxpbjBcaXRhcDAge1xmMFxmczIyICpEZXZlbG9wZWQgYW4gYXBwbGljYXRpb24gaW4gIEMrKyBm b3IgIGN5Y2xvY29udmVydG9yIHNpbXVsYXRvci4gVGhlICANClxwYXIgY3ljbG9jb252ZXJ0b3Ig aXMgdXNlZCBpbiB0aGUgc3RhcnRlcnMgb2Ygc3luY2hyb25vdXMgbW90b3JzLg0KXHBhciB9XHBh cmQgXHMxNVxxbCBcbGkwXHJpLTcyMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxy aW4tNzIwXGxpbjBcaXRhcDAge1xmMFxmczIyICpEZXZlbG9wZWQgYXBwbGljYXRpb24gdXNpbmcg QysrICBmb3IgY29udHJvbCBzcGVlZCBvZiAgREMgbW90b3JzLiBUaGUgYXBwbGljYXRpb24NClxw YXIgIGdldHMgaW5wdXQgdm9sdGFnZSB0byB0aGUgbW90b3IsIHNwZWVkIG9mIG1vdG9yIGFuZCBy b3RvcidzIGN1cnJlbnQuIEl0IGNhbiBjb250cm9sDQpccGFyICB0aGUgbW90b3Igc3BlZWQgYmFz ZWQgb24gcmVxdWVzdGVkIHNwZWVkLg0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRj dGxwYXJcdHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xmMFxmczIyIA0K KkRldmVsb3BlZCBhcHBsaWNhdGlvbiB1c2luZyBDKysgZm9yIHN0ZXAgbW90b3IncyBjb250cm9s IHNwZWVkLiBJbiBvcmRlciB0byBjaGFuZ2UgdGhlIGFuZ2xlIG9mIGRpc2ggYW50ZW5uYSwgdGhl IGFwcGxpY2F0aW9uIG9yZGVycyB0byBzdGVwIG1vdG9yIHRvIGNoYW5nZSB0aGUgcm90b3IncyBz aXR1YXRpb24uDQpccGFyIA0KXHBhciB9XHBhcmQgXHMxNVxxYyBcbGkwXHJpMFx3aWRjdGxwYXJc dHgwXG5vb3ZlcmZsb3dcZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xiXGYwXGZzMjIgU0tJTExT Og0KXHBhciB9XHBhcmQgXHMxNVxxbCBcbGkwXHJpMFx3aWRjdGxwYXJcdHgwXG5vb3ZlcmZsb3dc ZmFyb21hblxyaW4wXGxpbjBcaXRhcDAge1xiXGYwXGZzMjJcdWwgU29mdHdhcmUgZGV2ZWxvcG1l bnQNClxwYXIgfXtcZjBcZnMyMiBWaXN1YWwgQysrLCBWaXN1YWwgQmFzaWMsIFZpc3VhbCBJbnRl ckRldiwgVmlzdWFsIEorKywgTUZDLCBTREtzLCBDT00sIERDT00sIEFUTCBBY3RpdmVYcyAsIEMr KywgRm9ydHJhbiwgSW50ZWwgIDgwODUgQXNzZW1ibGVyIEFjY2Vzcy4NClxwYXIgfXtcYlxmMFxm czIyXHVsIEludGVybmV0IGRldmVsb3BtZW50DQpccGFyIH17XGYwXGZzMjIgVmlzdWFsIEludGVy RGV2IDYuMCwgQWN0aXZlIFNlcnZlciBQYWdlcyAoQVNQKSwgU1FMIDcuMCwgQ09NLCBEQ09NLCBK YXZhIHNjcmlwdC4gDQpccGFyIH17XGJcZjBcZnMyMlx1bCBEYXRhYmFzZSBkZXZlbG9wbWVudH17 XGYwXGZzMjIgDQpccGFyIE1TLVNRTCwgQWNjZXNzLCBGb3hQcm8NClxwYXIgfXtcYlxmMFxmczIy XHVsIE9wZXJhdGluZyBTeXN0ZW0gVXNlZA0KXHBhciB9e1xmMFxmczIyIE5ULCBNUy1XaW4sIFVO SVgsIFZBWCwgTVMtRE9TDQpccGFyIH19 --52440554-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 10:21:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from hermes.pressenter.com (hermes.pressenter.com [209.224.20.19]) by hub.freebsd.org (Postfix) with ESMTP id 4FFAA37B401 for ; Wed, 17 Oct 2001 10:21:36 -0700 (PDT) Received: from [209.224.35.36] (helo=daggar) by hermes.pressenter.com with smtp (Exim 3.16 #1) id 15tuNh-0006Kn-00 for freebsd-security@FreeBSD.ORG; Wed, 17 Oct 2001 12:21:26 -0500 From: "Stephen Hilton" To: "FreeBSD Security" Subject: how-to install ipf3.4-current on FreeBSD 4.4-stable Date: Wed, 17 Oct 2001 12:21:51 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What is the correct procedure to update a FreeBSD 4.4-release or 4.4-stable system with the latest ipf3.4-current.tgz build. Something like this procedure ?: Get source file ipf3.4-current.tgz http://coombs.anu.edu.au/~avalon/ipf3.4-current.tgz untar in a new workdir: # tar -xvpzf ipf3.4-current.tgz # chown -R root.wheel ipf3.4-current # mv -i ipf3.4-current /usr/src/contrib/ # cd /usr/src/contrib/ # mv -i ipfilter ipfilter.orig # ln -s ipf3.4-current ipfilter # cd ipfilter # ./FreeBSD-4.0/kinstall (this is the step I am really wondering about) Customize your kernel, make sure it contains: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging And optionally if you desire add: options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding Then run through the build/install kernel/world mergemaster procedures http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html On a related note, is this shell script still correct for updating the userland parts of ipf without a whole buildworld procedure, or have things changed under FreeBSD 4.4 The script worked well for me under FreeBSD release 4.3, and was created, I believe, by Mr. Cy Schubert ---------------snip------------------ #!/bin/sh - # /root/bin/build_ipf_only.sh # (shell script to build and install userland portions of ipf) # (a kernel config and rebuild is also necessary as a separate step) # DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest /sys/modules/ipfilter' DIRS='/usr/src/sbin/ipf /usr/src/sbin/ipfstat /usr/src/sbin/ipmon /usr/src/sbin/ipnat /usr/src/usr.sbin/ipftest /usr/src/usr.sbin/ipresend /usr/src/usr.sbin/ipsend /usr/src/usr.sbin/iptest' error() { echo $@ echo terminating abnormally exit 1 } echo for I in $DIRS; do echo "***** $I *****" echo cd $I || error cannot cd to $I make cleandir || error make clean failed # we do this twice in case there is any cruft in /usr/src itself make cleandir || error make clean failed make obj || error make obj failed make || error make failed make install cleandir || error make install failed echo done echo `basename $0` finished successfully ---------------snip------------------ Thanks for any help, Stephen Hilton nospam@hiltonbsd.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 11:55:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from yorktown.francisscott.net (yorktown.francisscott.net [216.179.185.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D9CF37B407 for ; Wed, 17 Oct 2001 11:55:14 -0700 (PDT) Received: from gatekeeper.heavymetal.org (cy565913-a.rdondo1.ca.home.com [24.177.248.173]) by yorktown.francisscott.net (8.11.6/8.11.6) with ESMTP id f9HIt8809106 for ; Wed, 17 Oct 2001 11:55:08 -0700 Received: from zeppelin (zeppelin.heavymetal.org [192.168.250.7]) by gatekeeper.heavymetal.org (8.11.6/8.11.6) with SMTP id f9HIt8X04674 for ; Wed, 17 Oct 2001 11:55:08 -0700 (PDT) (envelope-from scott@lampert.org) Message-ID: <007c01c1573d$3db777a0$07faa8c0@zeppelin> From: "Scott Lampert" To: References: <000f01c156d9$152988a0$07faa8c0@zeppelin> Subject: Re: Bridging Firewall - 3 interfaces - arp issue Date: Wed, 17 Oct 2001 11:55:08 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I forgot to mention that this box is running 4.4-RELEASE. ----- Original Message ----- From: "Scott Lampert" To: Sent: Tuesday, October 16, 2001 11:58 PM Subject: Bridging Firewall - 3 interfaces - arp issue > I have a box I've setup as a bridging firewall with ipfw. It has 3 > interfaces - two are bridged, without IP addresses, and the third has an IP > address and is connected to the inside network. Basically it looks like > this: > > ************ > * Internet * > **+******** > | 192.168.1.1/24 > | > | > | bridge outside > | > +--+-------+ 192.168.1.2/24 > | Firewall Box +-----+ > +--+-------+ | > | bridge inside | > | | > | +-+-------+ > +-----------| Switch | > +--------- + > > > > I hope the poor ascii art helps rather than hinders. :) In any event, I've > noticed after running the firewall for a few hours that I start getting the > following message in my dmesg output: > > arp: 00:aa:bb:cc:dd:ee is using my IP address 192.168.1.2! > xx ouch, bdg_forward for local pkt > > > The box is complaining about the third interface saying it has the IP its > supposed to have. For some reason the box doesn't realize that its own > interface is answering arps correctly. Is this normal behavior or have I > misconfigured something? Do I need to add the third interface to the bridge > configuration? > > -Scott > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 12:22:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by hub.freebsd.org (Postfix) with ESMTP id 399B737B403 for ; Wed, 17 Oct 2001 12:22:32 -0700 (PDT) Received: from sarenet.es (sollube.sarenet.es [192.148.167.16]) by orhi.sarenet.es (Postfix) with SMTP id 8F0084916 for ; Wed, 17 Oct 2001 21:22:30 +0200 (MET DST) Received: from there ([192.148.167.77]) by sarenet.es ; Wed, 17 Oct 2001 21:22:29 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Borja Marcos To: Kian Haghdad Subject: Re: Software engineer Date: Wed, 17 Oct 2001 21:22:28 +0200 X-Mailer: KMail [version 1.3] References: <20011017165911.IJVS10438.tomts12-srv.bellnexxia.net@cr184391-b> In-Reply-To: <20011017165911.IJVS10438.tomts12-srv.bellnexxia.net@cr184391-b> Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rcpt-To: Message-ID: <100334655001@192.148.167.16> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday 17 October 2001 18:59, you wrote: > I have more than 7+ years of experience in application development, > Database Management, Internet development. I have also been involved in > hardware design. My software development experience is mainly in Visual > Basic, Visual C++, Visual J++, Visual InterDev, COM, DCOM, MFC, SDKs, > MS-Access, MS-SQL, FoxPro, Java script and VB scrip, HTML and DHTML. > Over the years I have been responsible for the Development of many > applications from design to commercial release. =09Great!=20 =09We are looking for a highly innovative top-notch developer to lead an=20 exciting project: getting an "Orange Book" A1 certification for FreeBSD. =09However, I am missing something: Have you experience with the SSADM=20 software design methodology? It would be a plus. Some experience with=20 Cobol (planned to be used in the Mandatory User Misuse Accounting=20 Facility) is also a must.=20 =09We are looking forward for your answer. =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 12:24: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from orhi.sarenet.es (orhi.sarenet.es [192.148.167.5]) by hub.freebsd.org (Postfix) with ESMTP id CD40D37B405 for ; Wed, 17 Oct 2001 12:24:00 -0700 (PDT) Received: from sarenet.es (sollube.sarenet.es [192.148.167.16]) by orhi.sarenet.es (Postfix) with SMTP id 8CD3D4916 for ; Wed, 17 Oct 2001 21:23:59 +0200 (MET DST) Received: from there ([192.148.167.77]) by sarenet.es ; Wed, 17 Oct 2001 21:23:59 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Borja Marcos To: freebsd-security@freebsd.org Subject: Re: Software engineer Date: Wed, 17 Oct 2001 21:23:58 +0200 X-Mailer: KMail [version 1.3] References: <20011017165911.IJVS10438.tomts12-srv.bellnexxia.net@cr184391-b> <100334655001@192.148.167.16> In-Reply-To: <100334655001@192.148.167.16> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rcpt-To: Message-ID: <100334663901@192.148.167.16> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > (JOKING) =09Sorry, just could not resist ;-) =09Borja. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 15:27: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id B336337B40C for ; Wed, 17 Oct 2001 15:26:20 -0700 (PDT) Received: from tagalong (unknown [165.107.42.205]) by blacklamb.mykitchentable.net (Postfix) with SMTP id C6CCBEE650 for ; Wed, 17 Oct 2001 15:12:47 -0700 (PDT) Message-ID: <005d01c15758$da965b70$cd2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Subject: Dynamic IPFW Rules Date: Wed, 17 Oct 2001 15:12:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have created my first firewall and it seems to be handling traffic properly (yayyyy!). However, I have noticed that my dynamic rules don't ever seem to expire. I have read the man pages and learned that sysctl variables control the amount of time the rules should live. I found these variables listed at http://www.iet.unipi.it/~luigi/ip_dummynet/ (isn't google great?): net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 20 net.inet.ip.fw.dyn_rst_lifetime: 5 net.inet.ip.fw.dyn_short_lifetime: 5 Lifetime (in seconds) for various types of dynamic rules. I assume these values are the default and verified that my system is set this way. So unless I'm missing something, no rule should live longer than 5 minutes unless it remains active. But in looking at my rules, it seems that my dynamic rules never expire. Is there a way to show when the last time a dynamic rule was matched? I found ipfw -at list and that will show times for my static rules but not the dynamic ones. If you look at my rules below, you will see dynamic connections from 192.168.1.4 to 64.21.143.23:80. I'm pretty sure this is from a cron job I have run every hour where lynx sends a URL to zoneedit.com to update my dynamic IP but as you can see, I have lots of these rules. Why are they still there? How can I begin to find out what's going on? Thanks for any pointers! Drew -------------------------------------- My network setup: ISP | | IP is DHCP (RFC 1918 & draft-manning nets inbound blocked here) | ADSL Modem/Router (provides DNS & NAT) |192.168.10.1 (RFC 1918 & draft-manning nets outbound blocked here) | |192.168.10.2 (ed1) Firewall | |192.168.1.2 (ed0) | Internal Network 192.168.1.0/24 ------------------------------------- Firewall rules: blacksheep# ipfw show 00100 0 0 allow ip from any to any via lo0 00200 0 0 deny log ip from any to 127.0.0.0/8 00300 0 0 deny log ip from 192.168.1.0/24 to any in recv ed1 00400 0 0 deny log ip from not 192.168.1.0/24 to any in recv ed0 00500 30887 6166212 allow tcp from any to any established 00600 550 25600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143 setup 00700 0 0 allow tcp from any to 192.168.10.2 21,22 setup 00800 0 0 allow icmp from any to any 00900 0 0 allow icmp from any to any icmptype 3,4,11,12 01000 0 0 allow udp from 206.13.19.133 123 to 192.168.1.4 123 01100 0 0 allow udp from 165.227.1.1 123 to 192.168.1.4 123 01200 0 0 allow udp from 63.192.96.2 123 to 192.168.1.4 123 01300 0 0 allow udp from 63.192.96.3 123 to 192.168.1.4 123 01400 0 0 allow udp from 132.239.254.49 123 to 192.168.1.4 123 01500 1086 120543 allow udp from 192.168.10.1 to any 01600 1084 75255 allow udp from any to 192.168.10.1 01700 0 0 allow gre from 165.66.1.20 to any 01800 0 0 allow gre from any to 165.66.1.20 01900 0 0 check-state 02000 2 120 allow ip from 192.168.10.2 to any keep-state out xmit ed1 02100 681 53189 allow ip from 192.168.1.0/24 to any keep-state via ed0 65500 6 288 deny log ip from any to any 65535 0 0 allow ip from any to any ## Dynamic rules: 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 80 02100 1 60 (T 0, # 1) ty 0 tcp, 192.168.1.4 3138 <-> 64.21.143.23 80 02100 1 60 (T 0, # 2) ty 0 tcp, 192.168.1.4 3137 <-> 64.21.143.23 80 02100 1 60 (T 0, # 3) ty 0 tcp, 192.168.1.4 3136 <-> 64.21.143.23 80 02100 1 60 (T 0, # 4) ty 0 tcp, 192.168.1.4 3143 <-> 64.21.143.23 80 02100 1 60 (T 0, # 5) ty 0 tcp, 192.168.1.4 3142 <-> 64.21.143.23 80 02100 1 60 (T 0, # 6) ty 0 tcp, 192.168.1.4 3141 <-> 64.21.143.23 80 02100 1 60 (T 0, # 7) ty 0 tcp, 192.168.1.4 3140 <-> 64.21.143.23 80 02100 1 60 (T 0, # 8) ty 0 tcp, 192.168.1.4 3147 <-> 64.21.143.23 80 02100 1 60 (T 0, # 9) ty 0 tcp, 192.168.1.4 3146 <-> 64.21.143.23 80 02100 1 60 (T 0, # 10) ty 0 tcp, 192.168.1.4 3145 <-> 64.21.143.23 80 02100 1 60 (T 0, # 11) ty 0 tcp, 192.168.1.4 3144 <-> 64.21.143.23 80 02100 1 60 (T 0, # 12) ty 0 tcp, 192.168.1.4 3151 <-> 64.21.143.23 80 02100 1 60 (T 0, # 15) ty 0 tcp, 192.168.1.4 3148 <-> 64.21.143.23 80 02100 1 60 (T 0, # 16) ty 0 tcp, 192.168.1.4 3155 <-> 64.21.143.23 80 02100 1 60 (T 0, # 17) ty 0 tcp, 192.168.1.4 3154 <-> 64.21.143.23 80 02100 1 60 (T 0, # 18) ty 0 tcp, 192.168.1.4 3153 <-> 64.21.143.23 80 02100 1 60 (T 0, # 19) ty 0 tcp, 192.168.1.4 3152 <-> 64.21.143.23 80 02100 1 60 (T 0, # 20) ty 0 tcp, 192.168.1.4 3159 <-> 64.21.143.23 80 02100 1 60 (T 0, # 21) ty 0 tcp, 192.168.1.4 3158 <-> 64.21.143.23 80 02100 1 60 (T 0, # 22) ty 0 tcp, 192.168.1.4 3157 <-> 64.21.143.23 80 02100 1 60 (T 0, # 23) ty 0 tcp, 192.168.1.4 3156 <-> 64.21.143.23 80 02100 1 60 (T 0, # 24) ty 0 tcp, 192.168.1.4 3163 <-> 64.21.143.23 80 02100 1 60 (T 0, # 25) ty 0 tcp, 192.168.1.4 3162 <-> 64.21.143.23 80 02100 1 60 (T 0, # 26) ty 0 tcp, 192.168.1.4 3161 <-> 64.21.143.23 80 02100 1 60 (T 0, # 27) ty 0 tcp, 192.168.1.4 3160 <-> 64.21.143.23 80 02100 1 60 (T 0, # 28) ty 0 tcp, 192.168.1.4 3167 <-> 64.21.143.23 80 02100 1 60 (T 0, # 29) ty 0 tcp, 192.168.1.4 3166 <-> 64.21.143.23 80 02100 1 60 (T 0, # 30) ty 0 tcp, 192.168.1.4 3165 <-> 64.21.143.23 80 02100 1 60 (T 0, # 31) ty 0 tcp, 192.168.1.4 3164 <-> 64.21.143.23 80 02100 1 60 (T 0, # 35) ty 0 tcp, 192.168.1.4 3168 <-> 64.21.143.23 80 02100 1 60 (T 0, # 36) ty 0 tcp, 192.168.1.4 3175 <-> 64.21.143.23 80 02100 1 60 (T 0, # 37) ty 0 tcp, 192.168.1.4 3174 <-> 64.21.143.23 80 02100 1 60 (T 0, # 40) ty 0 tcp, 192.168.1.4 3179 <-> 64.21.143.23 80 02100 1 60 (T 0, # 41) ty 0 tcp, 192.168.1.4 3178 <-> 64.21.143.23 80 02100 1 60 (T 0, # 42) ty 0 tcp, 192.168.1.4 3177 <-> 64.21.143.23 80 02100 1 60 (T 0, # 43) ty 0 tcp, 192.168.1.4 3176 <-> 64.21.143.23 80 02100 1 60 (T 0, # 44) ty 0 tcp, 192.168.1.4 3183 <-> 64.21.143.23 80 02100 1 60 (T 0, # 45) ty 0 tcp, 192.168.1.4 3182 <-> 64.21.143.23 80 02100 1 60 (T 0, # 46) ty 0 tcp, 192.168.1.4 3181 <-> 64.21.143.23 80 02100 1 60 (T 0, # 47) ty 0 tcp, 192.168.1.4 3180 <-> 64.21.143.23 80 02100 1 60 (T 0, # 48) ty 0 tcp, 192.168.1.4 3187 <-> 64.21.143.23 80 02100 1 60 (T 0, # 49) ty 0 tcp, 192.168.1.4 3186 <-> 64.21.143.23 80 02100 1 60 (T 0, # 50) ty 0 tcp, 192.168.1.4 3185 <-> 64.21.143.23 80 02100 1 60 (T 0, # 51) ty 0 tcp, 192.168.1.4 3184 <-> 64.21.143.23 80 02100 1 60 (T 0, # 52) ty 0 tcp, 192.168.1.4 3191 <-> 64.21.143.23 80 02100 1 60 (T 0, # 53) ty 0 tcp, 192.168.1.4 3190 <-> 64.21.143.23 80 02100 1 60 (T 0, # 54) ty 0 tcp, 192.168.1.4 3189 <-> 64.21.143.23 80 02100 1 60 (T 0, # 55) ty 0 tcp, 192.168.1.4 3188 <-> 64.21.143.23 80 02100 1 60 (T 0, # 60) ty 0 tcp, 192.168.1.4 3199 <-> 64.21.143.23 80 02100 1 60 (T 0, # 61) ty 0 tcp, 192.168.1.4 3198 <-> 64.21.143.23 80 02100 1 60 (T 0, # 62) ty 0 tcp, 192.168.1.4 3197 <-> 64.21.143.23 80 02100 1 44 (T 0, # 68) ty 0 tcp, 192.168.1.4 3192 <-> 64.136.17.33 25 02100 1 44 (T 0, # 93) ty 0 tcp, 192.168.1.4 3169 <-> 64.136.17.33 25 02100 1 44 (T 0, # 106) ty 0 tcp, 192.168.1.4 3170 <-> 216.136.204.21 25 02100 1 44 (T 0, # 107) ty 0 tcp, 192.168.1.4 3171 <-> 216.136.204.21 25 02100 1 44 (T 0, # 108) ty 0 tcp, 192.168.1.4 3172 <-> 216.136.204.21 25 02100 1 44 (T 0, # 109) ty 0 tcp, 192.168.1.4 3173 <-> 216.136.204.21 25 02100 1 44 (T 0, # 113) ty 0 tcp, 192.168.1.4 3193 <-> 216.136.204.21 25 02100 1 44 (T 0, # 114) ty 0 tcp, 192.168.1.4 3194 <-> 216.136.204.21 25 02100 1 44 (T 0, # 115) ty 0 tcp, 192.168.1.4 3195 <-> 216.136.204.21 25 02100 1 44 (T 0, # 116) ty 0 tcp, 192.168.1.4 3196 <-> 216.136.204.21 25 02100 1 60 (T 0, # 120) ty 0 tcp, 192.168.1.4 3131 <-> 64.21.143.23 80 02100 1 60 (T 0, # 124) ty 0 tcp, 192.168.1.4 3135 <-> 64.21.143.23 80 02100 1 60 (T 0, # 125) ty 0 tcp, 192.168.1.4 3134 <-> 64.21.143.23 80 02100 1 60 (T 0, # 126) ty 0 tcp, 192.168.1.4 3133 <-> 64.21.143.23 80 02100 1 60 (T 0, # 127) ty 0 tcp, 192.168.1.4 3132 <-> 64.21.143.23 80 02100 1 44 (T 0, # 152) ty 0 tcp, 192.168.1.4 3216 <-> 216.136.204.21 25 02100 1 44 (T 0, # 153) ty 0 tcp, 192.168.1.4 3217 <-> 216.136.204.21 25 02100 1 44 (T 0, # 154) ty 0 tcp, 192.168.1.4 3218 <-> 216.136.204.21 25 02100 1 44 (T 0, # 155) ty 0 tcp, 192.168.1.4 3219 <-> 216.136.204.21 25 02100 1 44 (T 0, # 179) ty 0 tcp, 192.168.1.4 3215 <-> 64.136.17.33 25 02100 1 60 (T 0, # 192) ty 0 tcp, 192.168.1.4 3203 <-> 64.21.143.23 80 02100 1 60 (T 0, # 193) ty 0 tcp, 192.168.1.4 3202 <-> 64.21.143.23 80 02100 1 60 (T 0, # 194) ty 0 tcp, 192.168.1.4 3201 <-> 64.21.143.23 80 02100 1 60 (T 0, # 195) ty 0 tcp, 192.168.1.4 3200 <-> 64.21.143.23 80 02100 1 60 (T 0, # 196) ty 0 tcp, 192.168.1.4 3207 <-> 64.21.143.23 80 02100 1 60 (T 0, # 197) ty 0 tcp, 192.168.1.4 3206 <-> 64.21.143.23 80 02100 1 60 (T 0, # 198) ty 0 tcp, 192.168.1.4 3205 <-> 64.21.143.23 80 02100 1 60 (T 0, # 199) ty 0 tcp, 192.168.1.4 3204 <-> 64.21.143.23 80 02100 1 60 (T 0, # 200) ty 0 tcp, 192.168.1.4 3211 <-> 64.21.143.23 80 02100 1 60 (T 0, # 201) ty 0 tcp, 192.168.1.4 3210 <-> 64.21.143.23 80 02100 1 60 (T 0, # 202) ty 0 tcp, 192.168.1.4 3209 <-> 64.21.143.23 80 02100 1 60 (T 0, # 203) ty 0 tcp, 192.168.1.4 3208 <-> 64.21.143.23 80 02100 1 60 (T 0, # 205) ty 0 tcp, 192.168.1.4 3214 <-> 64.21.143.23 80 02100 1 60 (T 0, # 206) ty 0 tcp, 192.168.1.4 3213 <-> 64.21.143.23 80 02100 1 60 (T 0, # 207) ty 0 tcp, 192.168.1.4 3212 <-> 64.21.143.23 80 02000 0 0 (T 0, # 210) ty 0 tcp, 192.168.10.2 1219 <-> 202.12.29.56 43 02100 1 60 (T 0, # 212) ty 0 tcp, 192.168.1.4 3223 <-> 64.21.143.23 80 02100 1 60 (T 0, # 213) ty 0 tcp, 192.168.1.4 3222 <-> 64.21.143.23 80 02100 1 60 (T 0, # 214) ty 0 tcp, 192.168.1.4 3221 <-> 64.21.143.23 80 02100 1 60 (T 0, # 215) ty 0 tcp, 192.168.1.4 3220 <-> 64.21.143.23 80 02100 1 60 (T 0, # 216) ty 0 tcp, 192.168.1.4 3227 <-> 64.21.143.23 80 02100 1 60 (T 0, # 217) ty 0 tcp, 192.168.1.4 3226 <-> 64.21.143.23 80 02100 1 60 (T 0, # 218) ty 0 tcp, 192.168.1.4 3225 <-> 64.21.143.23 80 02100 1 60 (T 0, # 219) ty 0 tcp, 192.168.1.4 3224 <-> 64.21.143.23 80 02100 1 60 (T 0, # 220) ty 0 tcp, 192.168.1.4 3231 <-> 64.21.143.23 80 02100 1 60 (T 0, # 221) ty 0 tcp, 192.168.1.4 3230 <-> 64.21.143.23 80 02100 1 60 (T 0, # 222) ty 0 tcp, 192.168.1.4 3229 <-> 64.21.143.23 80 02100 1 60 (T 0, # 223) ty 0 tcp, 192.168.1.4 3228 <-> 64.21.143.23 80 02100 1 60 (T 0, # 224) ty 0 tcp, 192.168.1.4 3235 <-> 64.21.143.23 80 02100 1 60 (T 0, # 225) ty 0 tcp, 192.168.1.4 3234 <-> 64.21.143.23 80 02100 1 60 (T 0, # 226) ty 0 tcp, 192.168.1.4 3233 <-> 64.21.143.23 80 02100 1 60 (T 0, # 227) ty 0 tcp, 192.168.1.4 3232 <-> 64.21.143.23 80 02100 1 60 (T 0, # 228) ty 0 tcp, 192.168.1.4 3239 <-> 64.21.143.23 80 02100 1 60 (T 0, # 229) ty 0 tcp, 192.168.1.4 3238 <-> 64.21.143.23 80 02100 1 60 (T 0, # 230) ty 0 tcp, 192.168.1.4 3237 <-> 64.21.143.23 80 02100 1 60 (T 0, # 231) ty 0 tcp, 192.168.1.4 3236 <-> 64.21.143.23 80 02100 1 60 (T 0, # 232) ty 0 tcp, 192.168.1.4 3243 <-> 64.21.143.23 80 02100 1 60 (T 0, # 233) ty 0 tcp, 192.168.1.4 3242 <-> 64.21.143.23 80 02100 1 60 (T 0, # 234) ty 0 tcp, 192.168.1.4 3241 <-> 64.21.143.23 80 02100 1 60 (T 0, # 235) ty 0 tcp, 192.168.1.4 3240 <-> 64.21.143.23 80 02100 1 60 (T 0, # 236) ty 0 tcp, 192.168.1.4 3247 <-> 64.21.143.23 80 02100 1 60 (T 0, # 237) ty 0 tcp, 192.168.1.4 3246 <-> 64.21.143.23 80 02100 1 60 (T 0, # 238) ty 0 tcp, 192.168.1.4 3245 <-> 64.21.143.23 80 02100 1 60 (T 0, # 239) ty 0 tcp, 192.168.1.4 3244 <-> 64.21.143.23 80 02100 1 60 (T 0, # 240) ty 0 tcp, 192.168.1.4 3251 <-> 64.21.143.23 80 02100 1 60 (T 0, # 241) ty 0 tcp, 192.168.1.4 3250 <-> 64.21.143.23 80 02100 1 60 (T 0, # 242) ty 0 tcp, 192.168.1.4 3249 <-> 64.21.143.23 80 02100 1 60 (T 0, # 243) ty 0 tcp, 192.168.1.4 3248 <-> 64.21.143.23 80 02100 1 60 (T 0, # 244) ty 0 tcp, 192.168.1.4 3255 <-> 64.21.143.23 80 02100 1 60 (T 0, # 245) ty 0 tcp, 192.168.1.4 3254 <-> 64.21.143.23 80 02100 1 60 (T 0, # 246) ty 0 tcp, 192.168.1.4 3253 <-> 64.21.143.23 80 02100 1 60 (T 0, # 247) ty 0 tcp, 192.168.1.4 3252 <-> 64.21.143.23 80 02100 1 238 (T 0, # 251) ty 0 udp, 192.168.1.4 138 <-> 192.168.1.255 138 02100 2 156 (T 0, # 252) ty 0 udp, 192.168.1.3 137 <-> 192.168.1.255 137 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 16:53:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id ACB3D37B401 for ; Wed, 17 Oct 2001 16:53:52 -0700 (PDT) Received: from isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.3/8.11.2) with ESMTP id f9HNor915316; Thu, 18 Oct 2001 09:50:54 +1000 (EST) (envelope-from marka@isc.org) Message-Id: <200110172350.f9HNor915316@drugs.dv.isc.org> To: "Drew Tomlinson" Cc: freebsd-security@freebsd.org From: Mark.Andrews@isc.org Subject: Re: Dynamic IPFW Rules In-reply-to: Your message of "Wed, 17 Oct 2001 15:12:47 MST." <005d01c15758$da965b70$cd2a6ba5@lc.ca.gov> Date: Thu, 18 Oct 2001 09:50:53 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I have created my first firewall and it seems to be handling traffic > properly (yayyyy!). However, I have noticed that my dynamic rules don't > ever seem to expire. [snip] > 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 80 This is expired (T 0), just not removed. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 17: 8:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 7495637B403 for ; Wed, 17 Oct 2001 17:08:22 -0700 (PDT) Received: from c4-pta-84.dial-up.net (c4-pta-84.dial-up.net [196.26.210.84]) by mercury.is.co.za (Postfix) with ESMTP id 16D903E52; Thu, 18 Oct 2001 02:08:17 +0200 (SAST) Date: Thu, 18 Oct 2001 02:10:20 +0200 (SAST) From: The Psychotic Viper X-X-Sender: To: Stephen Hilton Cc: FreeBSD Security Subject: Re: how-to install ipf3.4-current on FreeBSD 4.4-stable In-Reply-To: Message-ID: <20011018015714.H5458-100000@lucifer.fuzion.ath.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Stephen, On Wed, 17 Oct 2001, Stephen Hilton wrote: > What is the correct procedure to update a FreeBSD 4.4-release or 4.4-stable > system with the latest ipf3.4-current.tgz build. -STABLE uses 3.4.20 which afaik is the current (stable) version of ipfilter, so normal cvs update and build should pull you into line, but if anyone else knows otherwise tell me.=) > On a related note, is this shell script still correct for updating the > userland parts of ipf without a whole buildworld procedure, or have things > changed under FreeBSD 4.4 Havent used that script before but I am sure that (if your kernel is inline with the src) 'cd /usr/src/sbin/ipf ; make && make install' may work. PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 18:49:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id 66E8237B401 for ; Wed, 17 Oct 2001 18:49:18 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 90993EE623; Wed, 17 Oct 2001 18:49:13 -0700 (PDT) Message-ID: <000d01c15777$1b9a8240$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: Cc: References: <200110172350.f9HNor915316@drugs.dv.isc.org> Subject: Re: Dynamic IPFW Rules Date: Wed, 17 Oct 2001 18:49:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: To: "Drew Tomlinson" Cc: Sent: Wednesday, October 17, 2001 4:50 PM Subject: Re: Dynamic IPFW Rules > > > I have created my first firewall and it seems to be handling traffic > > properly (yayyyy!). However, I have noticed that my dynamic rules don't > > ever seem to expire. > > [snip] > > > 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 80 > > This is expired (T 0), just not removed. OK, thanks. Is there a way to remove those rules that have expired? Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 17 19:54:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from tinny.eis.net.au (tinny.eis.net.au [203.12.171.1]) by hub.freebsd.org (Postfix) with ESMTP id E8B5337B43A for ; Wed, 17 Oct 2001 19:54:28 -0700 (PDT) Received: (from nobody@localhost) by tinny.eis.net.au (8.11.5/8.8.3) id f9I2sU809937; Thu, 18 Oct 2001 12:54:30 +1000 (EST) Date: Thu, 18 Oct 2001 12:54:30 +1000 (EST) Message-Id: <200110180254.f9I2sU809937@tinny.eis.net.au> From: "David Trzcinski" To: freebsd-security@FreeBSD.ORG Reply-To: xlr82xs@sdf.lonestar.org Subject: Re: Using IPFW with dynamic IP X-Mailer: NeoMail 1.25 X-IPAddress: 203.12.171.232 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Personly, i would recomend useing /etc/ppp/ppp.linkup with the MYADDR variable ie: !bg /sbin/ipfw (or wherever your ipfw program resides...) add 20 allow tcp from any to MYADDR in via INTERFACE established though, I have found that SOMETIMES, the ppp script doesn't actually add all of the rules...mine are numbered in incresments of 10, but on the rare occasion, several rules may be left out so i go from say 60 to 110 but that isn't really that big of a deal...also, if you're useing dialup, and dont have any other computers sitting behind your freebsd one, or are useing something like nat, you could simply use "any" as your local host in ipfw ie: ipfw add 20 allow tcp from any to any in via tun0 established or whatver your network interface is either way, when you view the logs generated (/var/log/security or /var/log/all.log (if enabled)) you will see your computers current ip listed in the rule...just not if you ipfw -list -- NeoMail - Webmail that doesn't suck... as much. http://neomail.sourceforge.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 1:39: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.121.12]) by hub.freebsd.org (Postfix) with ESMTP id 47D7F37B408 for ; Thu, 18 Oct 2001 01:39:03 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.247.137.205.Dial1.SanJose1.Level3.net [209.247.137.205]) by harrier.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA10676; Thu, 18 Oct 2001 01:39:00 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9I8cvW03103; Thu, 18 Oct 2001 01:38:57 -0700 (PDT) (envelope-from cjc) Date: Thu, 18 Oct 2001 01:38:56 -0700 From: "Crist J. Clark" To: Drew Tomlinson Cc: Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules Message-ID: <20011018013856.C373@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000d01c15777$1b9a8240$0301a8c0@bigdaddy>; from drew@mykitchentable.net on Wed, Oct 17, 2001 at 06:49:21PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Oct 17, 2001 at 06:49:21PM -0700, Drew Tomlinson wrote: > ----- Original Message ----- > From: > To: "Drew Tomlinson" > Cc: > Sent: Wednesday, October 17, 2001 4:50 PM > Subject: Re: Dynamic IPFW Rules > > > > > > > I have created my first firewall and it seems to be handling > traffic > > > properly (yayyyy!). However, I have noticed that my dynamic rules > don't > > > ever seem to expire. > > > > [snip] > > > > > 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 > 80 > > > > This is expired (T 0), just not removed. > > OK, thanks. Is there a way to remove those rules that have expired? You can remove the parent rule. IIRC, they get removed if they get hit. If you reach the limit, I believe it starts to overwrite expired rules. I would have to look at the code more closely to remember. Another option is to make a shell script or alias that drops expired rules, ipfw show | awk -F'[ ,]' '$5 != 0 { print }' Does it. I have a longer script that does this and also prints rules by interface, #!/bin/sh # # ipfwsh - 2000/10/28, cjc # # Cut down verbosity of 'ipfw show' output if [ $# -gt 1 ]; then # Bad command line echo "ipfwsh: bad args" >&2 echo "Usage: ipfwsh [iface]" >&2 exit 1 elif [ $# -eq 0 ]; then # Print whole list, just cut expired dynamic rules ipfw show | awk -F'[ ,]' '$5 != 0 { print }' else # An interface name was given, note there is no failure if # name is not valid ipfw show | awk -v"iface=$1" '/^## Dynamic rules:/ { exit } $0 ~ iface { print; next } /(via|recv|xmit)/ { next } { print }' fi -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 2: 4:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from mk-smarthost-1.mail.uk.worldonline.com (mk-smarthost-1.mail.uk.worldonline.com [212.74.112.71]) by hub.freebsd.org (Postfix) with ESMTP id 43E0337B407 for ; Thu, 18 Oct 2001 02:04:49 -0700 (PDT) Received: from scooby-s1.lineone.net ([194.75.152.224] helo=lineone.net) by mk-smarthost-1.mail.uk.worldonline.com with smtp (Exim 3.22 #3) id 15u96b-000NMK-00 for freebsd-security@freebsd.org; Thu, 18 Oct 2001 10:04:45 +0100 To: freebsd-security@freebsd.org From: tariq_rashid@lineone.net Subject: MTU and KAME ipsec Message-Id: Date: Thu, 18 Oct 2001 10:04:45 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how does the kame ipsec in freebsd 4.4 handle the network interface MTU? is it automatically set to the correct "discovered value" or must it be statically set? i can find no useful info on news and google. regards tariq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 2:19:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id C69C037B407 for ; Thu, 18 Oct 2001 02:19:41 -0700 (PDT) Received: from localhost ([3ffe:501:4819:cafe:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f9I9TdH00573; Thu, 18 Oct 2001 18:29:39 +0900 (JST) To: tariq_rashid@lineone.net Cc: freebsd-security@freebsd.org Subject: Re: MTU and KAME ipsec In-Reply-To: Your message of "Thu, 18 Oct 2001 10:04:45 +0100" References: X-Mailer: Cue version 0.6 (010810-1737/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011018181931X.sakane@kame.net> Date: Thu, 18 Oct 2001 18:19:31 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 6 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > how does the kame ipsec in freebsd 4.4 handle the network interface MTU? > is it automatically set to the correct "discovered value" or must it be statically set? it doesn't do special things. it's not different from when the kernel sends the normal packet. in ipsec case, it just takes ipsec headers length from interface's mtu. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 2:35:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 5CD9737B408 for ; Thu, 18 Oct 2001 02:35:24 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id B7AD214C40; Thu, 18 Oct 2001 11:35:22 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: cjclark@alum.mit.edu Cc: Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> From: Dag-Erling Smorgrav Date: 18 Oct 2001 11:35:22 +0200 In-Reply-To: <20011018013856.C373@blossom.cjclark.org> Message-ID: Lines: 12 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" writes: > Another option is to make a shell script or alias that drops expired > rules, ...or you could prepare a patch that merges rev. 1.103, 1.105 and 1.108 of src/sbin/ipfw.c into -STABLE (plus any non-MFCed style cleanup commits that you find), and mail it to me. Don't forget the corresponding changes to the documentation. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 2:40:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from mk-smarthost-2.mail.uk.worldonline.com (mk-smarthost-2.mail.uk.worldonline.com [212.74.112.72]) by hub.freebsd.org (Postfix) with ESMTP id 80FCF37B401 for ; Thu, 18 Oct 2001 02:40:11 -0700 (PDT) Received: from scooby-s1.lineone.net ([194.75.152.224] helo=lineone.net) by mk-smarthost-2.mail.uk.worldonline.com with smtp (Exim 3.22 #3) id 15u9eq-0008By-00; Thu, 18 Oct 2001 10:40:08 +0100 To: Shoichi Sakane Cc: freebsd-security@freebsd.org From: tariq_rashid@lineone.net Subject: Re: MTU and KAME ipsec Message-Id: Date: Thu, 18 Oct 2001 10:40:08 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org regarding kame ipsec and MTU ... >From: Shoichi Sakane >it doesn't do special things. it's not different from >when the kernel sends the normal packet. >in ipsec case, it just takes ipsec headers length from interface's mtu. sakane, thanks for your response. the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows i'm new to this so do help me out here! thanks tariq --- 09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] 09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] 09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] 09:31:38.577280 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x8f) 09:31:38.579618 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa0) (frag 9264:1456@0+) [tos 0x8] 09:31:38.579708 192.168.1.2 > 192.168.1.1: (frag 9264:84@1456) [tos 0x8] 09:31:38.580940 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa1) (frag 9266:1456@0+) [tos 0x8] 09:31:38.581037 192.168.1.2 > 192.168.1.1: (frag 9266:84@1456) [tos 0x8] 09:31:38.582266 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa2) (frag 9268:1456@0+) [tos 0x8] 09:31:38.582364 192.168.1.2 > 192.168.1.1: (frag 9268:84@1456) [tos 0x8] 09:31:38.583021 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x90) 09:31:38.583156 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x91) 09:31:38.584578 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x92) 09:31:38.584722 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x93) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 3:14:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123]) by hub.freebsd.org (Postfix) with ESMTP id B167A37B405 for ; Thu, 18 Oct 2001 03:14:38 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.247.137.205.Dial1.SanJose1.Level3.net [209.247.137.205]) by swan.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id DAA25093; Thu, 18 Oct 2001 03:14:34 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f9IAERL04014; Thu, 18 Oct 2001 03:14:27 -0700 (PDT) (envelope-from cjc) Date: Thu, 18 Oct 2001 03:14:27 -0700 From: "Crist J. Clark" To: Dag-Erling Smorgrav Cc: Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules Message-ID: <20011018031427.B3298@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Thu, Oct 18, 2001 at 11:35:22AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 18, 2001 at 11:35:22AM +0200, Dag-Erling Smorgrav wrote: > "Crist J. Clark" writes: > > Another option is to make a shell script or alias that drops expired > > rules, > > ...or you could prepare a patch that merges rev. 1.103, 1.105 and > 1.108 of src/sbin/ipfw.c into -STABLE (plus any non-MFCed style > cleanup commits that you find), and mail it to me. Don't forget the > corresponding changes to the documentation. Yeah. I said I would do that (what was I thinking?), but I was waiting on Luigi to finish his updates in -CURRENT and MFCs. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 3:36:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 11BE337B405 for ; Thu, 18 Oct 2001 03:36:43 -0700 (PDT) Received: from localhost ([3ffe:501:4819:cafe:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f9IAkkH01363; Thu, 18 Oct 2001 19:46:46 +0900 (JST) To: tariq_rashid@lineone.net Cc: freebsd-security@freebsd.org Subject: Re: MTU and KAME ipsec In-Reply-To: Your message of "Thu, 18 Oct 2001 10:40:08 +0100" References: X-Mailer: Cue version 0.6 (010810-1737/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011018193637H.sakane@kame.net> Date: Thu, 18 Oct 2001 19:36:37 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 27 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. > > the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows umm, i have checked esp tunnel mode between two hosts. there is one router between them. it and looks works fine. just make sure, 192.168.1.2 and 192.168.1.1 are freebsd4.4 vpn box ? and which side is there win2k box ? there is no router between two vpn boxes ? > 09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] > 09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] > 09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] > 09:31:38.577280 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x8f) > 09:31:38.579618 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa0) (frag 9264:1456@0+) [tos 0x8] > 09:31:38.579708 192.168.1.2 > 192.168.1.1: (frag 9264:84@1456) [tos 0x8] > 09:31:38.580940 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa1) (frag 9266:1456@0+) [tos 0x8] > 09:31:38.581037 192.168.1.2 > 192.168.1.1: (frag 9266:84@1456) [tos 0x8] > 09:31:38.582266 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0xa2) (frag 9268:1456@0+) [tos 0x8] > 09:31:38.582364 192.168.1.2 > 192.168.1.1: (frag 9268:84@1456) [tos 0x8] > 09:31:38.583021 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x90) > 09:31:38.583156 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x91) > 09:31:38.584578 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x92) > 09:31:38.584722 192.168.1.1 > 192.168.1.2: ESP(spi=0xd4fda2ed,seq=0x93) > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 4:12:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id B49C237B403 for ; Thu, 18 Oct 2001 04:12:48 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 0149F14C2E; Thu, 18 Oct 2001 13:12:46 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: cjclark@alum.mit.edu Cc: Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> <20011018031427.B3298@blossom.cjclark.org> From: Dag-Erling Smorgrav Date: 18 Oct 2001 13:12:46 +0200 In-Reply-To: <20011018031427.B3298@blossom.cjclark.org> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" writes: > Yeah. I said I would do that (what was I thinking?), but I was waiting > on Luigi to finish his updates in -CURRENT and MFCs. You can merge up to rev 1.109 if you also merge the kernel changes that correspond to rev 1.90. They've been in -CURRENT long enough. The only problem is that this will break binary compatibility because struct ipfw has changed, and good luck trying to skip rev 1.90 - you'll get nothing but conflicts. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 4:50:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from tao.org.uk (genius.tao.org.uk [212.135.162.51]) by hub.freebsd.org (Postfix) with ESMTP id E6C5B37B407 for ; Thu, 18 Oct 2001 04:50:26 -0700 (PDT) Received: by tao.org.uk (Postfix, from userid 100) id 801B893; Thu, 18 Oct 2001 12:50:03 +0100 (BST) Date: Thu, 18 Oct 2001 12:50:03 +0100 From: Josef Karthauser To: Dag-Erling Smorgrav Cc: cjclark@alum.mit.edu, Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules Message-ID: <20011018125003.B29670@tao.org.uk> Mail-Followup-To: Josef Karthauser , Dag-Erling Smorgrav , cjclark@alum.mit.edu, Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> <20011018031427.B3298@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="24zk1gE8NUlDmwG9" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Thu, Oct 18, 2001 at 01:12:46PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --24zk1gE8NUlDmwG9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 18, 2001 at 01:12:46PM +0200, Dag-Erling Smorgrav wrote: > "Crist J. Clark" writes: > > Yeah. I said I would do that (what was I thinking?), but I was waiting > > on Luigi to finish his updates in -CURRENT and MFCs. >=20 > You can merge up to rev 1.109 if you also merge the kernel changes > that correspond to rev 1.90. They've been in -CURRENT long enough. > The only problem is that this will break binary compatibility because > struct ipfw has changed, and good luck trying to skip rev 1.90 - > you'll get nothing but conflicts. I'd be interested in taking a look at doing this if no other committers have time. I rely quite heavilily on ipfw on -stable, and have already hacked in the change that supressed the timed out dynamic rules from the 'ipfw show' output. Or is someone else working on this already? I don't want to tread on anyone's toes. Joe --24zk1gE8NUlDmwG9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjvOwesACgkQXVIcjOaxUBYR9gCg7xOP+yCdrmNRGkxD7B/ehDIN 8YAAnjTwzm5UuEcoF3Bpx5J76T5K3891 =BcPx -----END PGP SIGNATURE----- --24zk1gE8NUlDmwG9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 5:27:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 5D04B37B409 for ; Thu, 18 Oct 2001 05:27:15 -0700 (PDT) Received: from localhost ([3ffe:501:4819:cafe:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f9ICbIH02853; Thu, 18 Oct 2001 21:37:18 +0900 (JST) To: tariq_rashid@lineone.net Cc: freebsd-security@freebsd.org Subject: Re: MTU and KAME ipsec In-Reply-To: Your message of "Thu, 18 Oct 2001 19:36:37 +0900" <20011018193637H.sakane@kame.net> References: <20011018193637H.sakane@kame.net> X-Mailer: Cue version 0.6 (010810-1737/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20011018212707A.sakane@kame.net> Date: Thu, 18 Oct 2001 21:27:07 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > the following is an example from tcpdump which suggests that the kame ipsec does not take sufficient header length off? i'm transferring a 50MB binary test file from a freebsd box across a kame vpn net onto a win2k box. > > the tcpdump is similar on both vpn bsd endpoints. the vpn protected ftp server' tcpdump shows > 09:31:38.573809 192.168.1.2 > 192.168.1.1: (frag 9260:84@1456) [tos 0x8] > 09:31:38.575036 192.168.1.2 > 192.168.1.1: ESP(spi=0x47534254,seq=0x9f) (frag 9262:1456@0+) [tos 0x8] > 09:31:38.575133 192.168.1.2 > 192.168.1.1: (frag 9262:84@1456) [tos 0x8] in the case of ip forwarding, the fragment takes place after aplying esp to the packet. so this fragment is correct. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 5:32:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 1B7D337B403 for ; Thu, 18 Oct 2001 05:32:13 -0700 (PDT) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 334DC14C2E; Thu, 18 Oct 2001 14:32:11 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Josef Karthauser Cc: cjclark@alum.mit.edu, Drew Tomlinson , Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> <20011018031427.B3298@blossom.cjclark.org> <20011018125003.B29670@tao.org.uk> From: Dag-Erling Smorgrav Date: 18 Oct 2001 14:32:10 +0200 In-Reply-To: <20011018125003.B29670@tao.org.uk> Message-ID: Lines: 16 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Josef Karthauser writes: > I'd be interested in taking a look at doing this if no other > committers have time. I rely quite heavilily on ipfw on -stable, > and have already hacked in the change that supressed the timed out > dynamic rules from the 'ipfw show' output. Great! > Or is someone else working on this already? I don't want to tread on > anyone's toes. I was going to, but decided I'd rather not. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 9:44:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id 96E2237B403 for ; Thu, 18 Oct 2001 09:44:15 -0700 (PDT) Received: from tagalong (unknown [165.107.42.205]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 7E5EBEE623; Thu, 18 Oct 2001 09:44:09 -0700 (PDT) Message-ID: <008201c157f4$1c0c7620$cd2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Cc: , References: <200110172350.f9HNor915316@drugs.dv.isc.org> <000d01c15777$1b9a8240$0301a8c0@bigdaddy> <20011018013856.C373@blossom.cjclark.org> Subject: Re: Dynamic IPFW Rules Date: Thu, 18 Oct 2001 09:44:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Crist J. Clark" To: "Drew Tomlinson" Cc: ; Sent: Thursday, October 18, 2001 1:38 AM Subject: Re: Dynamic IPFW Rules > On Wed, Oct 17, 2001 at 06:49:21PM -0700, Drew Tomlinson wrote: > > ----- Original Message ----- > > From: > > To: "Drew Tomlinson" > > Cc: > > Sent: Wednesday, October 17, 2001 4:50 PM > > Subject: Re: Dynamic IPFW Rules > > > > > > > > > > > I have created my first firewall and it seems to be handling > > traffic > > > > properly (yayyyy!). However, I have noticed that my dynamic rules > > don't > > > > ever seem to expire. > > > > > > [snip] > > > > > > > 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 > > 80 > > > > > > This is expired (T 0), just not removed. > > > > OK, thanks. Is there a way to remove those rules that have expired? > > You can remove the parent rule. IIRC, they get removed if they get > hit. If you reach the limit, I believe it starts to overwrite expired > rules. I would have to look at the code more closely to remember. > > Another option is to make a shell script or alias that drops expired > rules, > > ipfw show | awk -F'[ ,]' '$5 != 0 { print }' > > Does it. I have a longer script that does this and also prints rules > by interface, OK so if I understand correctly, the rules stay in ipfw show even when expired until net.inet.ip.fw.dyn_max is reached. Then new rules overwrite expired rules, correct? So then my firewall is working correctly based on code for 4.4-RELEASE but there is new code in -CURRENT that will be merged into the -STABLE branch sometime in the future that will remove the expired rules from the output of ipfw show? And one more question: Where would I have found information on the output of the dynamic rules? In other words, how would (should) I have known that (T 0) was an expired rule? Thank you for the explaination. I really enjoy *understanding* why things work the way they do instead of just accepting that they work. Drew [...] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 10:40:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (straylight.ringlet.net [217.75.134.254]) by hub.freebsd.org (Postfix) with SMTP id D5A5037B401 for ; Thu, 18 Oct 2001 10:40:21 -0700 (PDT) Received: (qmail 3111 invoked by uid 1000); 18 Oct 2001 17:40:16 -0000 Date: Thu, 18 Oct 2001 20:40:16 +0300 From: Peter Pentchev To: xlr82xs@sdf.lonestar.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: Using IPFW with dynamic IP Message-ID: <20011018204016.B564@straylight.oblivion.bg> Mail-Followup-To: xlr82xs@sdf.lonestar.org, freebsd-security@FreeBSD.ORG References: <200110180254.f9I2sU809937@tinny.eis.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200110180254.f9I2sU809937@tinny.eis.net.au>; from xlr82xs@eis.net.au on Thu, Oct 18, 2001 at 12:54:30PM +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 18, 2001 at 12:54:30PM +1000, David Trzcinski wrote: > Personly, i would recomend useing /etc/ppp/ppp.linkup with the MYADDR > variable > > ie: !bg /sbin/ipfw (or wherever your ipfw program resides...) add 20 > allow tcp from any to MYADDR in via INTERFACE established > > though, I have found that SOMETIMES, the ppp script doesn't actually > add all of the rules...mine are numbered in incresments of 10, but on > the rare occasion, several rules may be left out so i go from say 60 to > 110 Is there a reason you are using '!bg', and not, say, 'shell'? I personally would be more comfortable with 'shell', knowing that ppp would actually wait for each rule addition to complete, and knowing that all the rules will be added in the correct order. With '!bg', you run the chance that a higher-numbered rule might be added before a lower-numbered one, providing a window during which either a malicious packet could sneak in, or a valid packet could be denied. Actually, I would be most comfortable using 'shell ipfw /path/to/rules', thus saving a shell and ipfw invocation for each single rule. G'luck, Peter -- This sentence no verb. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 11: 9:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id B0B9337B403 for ; Thu, 18 Oct 2001 11:09:08 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id LAA17241; Thu, 18 Oct 2001 11:08:33 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda17239; Thu Oct 18 11:08:21 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f9II8Gc10102; Thu, 18 Oct 2001 11:08:16 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdS10091; Thu Oct 18 11:07:51 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f9II7nu26564; Thu, 18 Oct 2001 11:07:49 -0700 (PDT) Message-Id: <200110181807.f9II7nu26564@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdp26559; Thu Oct 18 11:07:06 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: "Drew Tomlinson" Cc: cjclark@alum.mit.edu, Mark.Andrews@isc.org, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic IPFW Rules In-reply-to: Your message of "Thu, 18 Oct 2001 09:44:09 PDT." <008201c157f4$1c0c7620$cd2a6ba5@lc.ca.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 18 Oct 2001 11:07:06 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <008201c157f4$1c0c7620$cd2a6ba5@lc.ca.gov>, "Drew Tomlinson" writes: > ----- Original Message ----- > From: "Crist J. Clark" > To: "Drew Tomlinson" > Cc: ; > Sent: Thursday, October 18, 2001 1:38 AM > Subject: Re: Dynamic IPFW Rules > > > > On Wed, Oct 17, 2001 at 06:49:21PM -0700, Drew Tomlinson wrote: > > > ----- Original Message ----- > > > From: > > > To: "Drew Tomlinson" > > > Cc: > > > Sent: Wednesday, October 17, 2001 4:50 PM > > > Subject: Re: Dynamic IPFW Rules > > > > > > > > > > > > > > > I have created my first firewall and it seems to be handling > > > traffic > > > > > properly (yayyyy!). However, I have noticed that my dynamic > rules > > > don't > > > > > ever seem to expire. > > > > > > > > [snip] > > > > > > > > > 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> > 64.21.143.23 > > > 80 > > > > > > > > This is expired (T 0), just not removed. > > > > > > OK, thanks. Is there a way to remove those rules that have expired? > > > > You can remove the parent rule. IIRC, they get removed if they get > > hit. If you reach the limit, I believe it starts to overwrite expired > > rules. I would have to look at the code more closely to remember. > > > > Another option is to make a shell script or alias that drops expired > > rules, > > > > ipfw show | awk -F'[ ,]' '$5 != 0 { print }' > > > > Does it. I have a longer script that does this and also prints rules > > by interface, > > OK so if I understand correctly, the rules stay in ipfw show even when > expired until net.inet.ip.fw.dyn_max is reached. Then new rules > overwrite expired rules, correct? So then my firewall is working > correctly based on code for 4.4-RELEASE but there is new code > in -CURRENT that will be merged into the -STABLE branch sometime in the > future that will remove the expired rules from the output of ipfw show? > > And one more question: Where would I have found information on the > output of the dynamic rules? In other words, how would (should) I have > known that (T 0) was an expired rule? > > Thank you for the explaination. I really enjoy *understanding* why > things work the way they do instead of just accepting that they work. As expired dynamic rules are as if they were not there, why even list them in the first place? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 13:30:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from 4evermail.com (equinox.4evermail.com [204.92.209.4]) by hub.freebsd.org (Postfix) with SMTP id 3383837B409 for ; Thu, 18 Oct 2001 13:30:31 -0700 (PDT) Received: (qmail 71464 invoked from network); 18 Oct 2001 20:31:37 -0000 Received: from equinox.4evermail.com (HELO mail.4evermail.com) (nobody@204.92.209.4) by equinox.4evermail.com with SMTP; 18 Oct 2001 20:31:37 -0000 From: jslivko@4evermail.com To: Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: I got hacked, I think Date: Thu, 18 Oct 2001 16:31:37 +0000 X-Mailer: Null Webmail / 0.5.9 Message-Id: <20011018203031.3383837B409@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [CC'd to -security, as this should be discussed there] Did you have any system snoopers around that you installed (tripwire and things of that ilk) that you can refer to for time information? If you can narrow down the time that the files were updated, you might have found out when the intrusion actually occurred and then, by grepping that information from "last", you can find out who he logged in as (assuming he logged in normally the first time). If I can be of any help, feel free to shoot me an e-mail. -- Jonathan --- "Tomek" wrote: > I found out more info. > > -rw-r--r-- 1 Broot wheel 54 Sep 26 10:24 /inetd.conf > -rw-r--r-- 1 Broot wheel 85857 Sep 26 21:38 /sudo- 1.6.3.7_1.tgz > -rw------- 1 Broot wheel 4869 Sep 26 10:25 /etc/inetd.conf > > Checking the bizarre /inetd.conf is shocking: > eklogin stream tcp nowait root /bin/sh sh -i > > I take it that "sh" would not even request a login or anything if called > directly from inetd.conf, would it? I am sitting here, he is STILL > pinging me and watching the system (even tried to ftp again a few > minutes ago), and for the life of me I can't figure out where it all > began... who did he even login in the first time, maybe it was some > buffer overflow or something.... yuck. > > TY for all your help guys, you are all wonderful! I will leave you in > peace now (I hope). I still dont know about Broot though... > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 16:37:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from P7.mpionline.com (dsl-mw-209-115-240-i249-edm.nucleus.com [209.115.240.249]) by hub.freebsd.org (Postfix) with ESMTP id 44F5637B403 for ; Thu, 18 Oct 2001 16:37:49 -0700 (PDT) Received: from P5 (P5.mpionline.com [209.115.240.246]) by P7.mpionline.com (8.11.3/8.11.3) with SMTP id f9INdal01632 for ; Thu, 18 Oct 2001 17:39:36 -0600 (MDT) (envelope-from tomek@mpionline.com) Message-ID: <06cf01c1582d$ff363600$f6f073d1@mpionline.com> From: "Tomek" To: References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net> <018801c157ef$37ec0720$f6f073d1@mpionline.com> <03db01c15812$c4575d40$f6f073d1@mpionline.com> Subject: I got hacked, not login wise, software wise Date: Thu, 18 Oct 2001 17:38:31 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello there, ==QUICK SUMMARY TO NOT WASTE YOUR TIME=== =Without a doubt I have been hacked =Noone should have any accounts or access except me =They managed to create some files in / to unzip and install sudo =They seemed to be running under "Broot" =They tried to make user "l-x" as wheel but failed to login =They repeatedly have tried anonymous ftp and failed Why I think it is NOT a login hack but some kind of buffer or software hack =log files show nothing about logins =doubtful they just covered their tracks because they left files sitting in / as well as left the user "l-x" ===MY SUMMARY=== I think they found a way to get some program (I use a limited and careful selection of them) to create the files as "Broot" and they tried to find a way to login but failed. I am NOT sure about this, maybe they did cover their tracks but were sloppy and left more obvious hints. ===MY QUESTIONS=== =1= I have a user "Broot", I noticed it only a few days after installing FreeBSD 4.3-RELEASE (GENERIC) #0. Is it normal? Many say they do not have it, but on google a search shows many do. =2= Is there ANY way of determining WHICH program/process has allowed commands to be run to create/install "sudo" (which is what the hacker has installed). It is NOT a logged in user that installed it. Maybe there are some logs for what processes were running at the time, what process made a file, or whatever. =3= Any other advice? NOTE: I have not yet notified the hacker I am on to them, I am hoping to catch them doing something so I know what they are after. But they may realize I am on to them by now. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 16:43:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135]) by hub.freebsd.org (Postfix) with SMTP id 2A80137B401 for ; Thu, 18 Oct 2001 16:43:50 -0700 (PDT) Received: (qmail 10626 invoked by uid 1000); 18 Oct 2001 23:43:38 -0000 Date: Thu, 18 Oct 2001 19:43:38 -0400 From: Chris Johnson To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: I got hacked, not login wise, software wise Message-ID: <20011018194338.A10558@palomine.net> References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net> <018801c157ef$37ec0720$f6f073d1@mpionline.com> <03db01c15812$c4575d40$f6f073d1@mpionline.com> <06cf01c1582d$ff363600$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ibTvN161/egqYuK8" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <06cf01c1582d$ff363600$f6f073d1@mpionline.com>; from tomek@mpionline.com on Thu, Oct 18, 2001 at 05:38:31PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Oct 18, 2001 at 05:38:31PM -0600, Tomek wrote: > ==QUICK SUMMARY TO NOT WASTE YOUR TIME=== > =Without a doubt I have been hacked [snip] > =1= I have a user "Broot", I noticed it only a few days after installing > FreeBSD 4.3-RELEASE (GENERIC) #0. Did you have telnetd enabled in inetd.conf? If so, that'd be my bet as to how they got in. Go to http://www.freebsd.org, and look for the big red box that says "IMPORTANT" in it. Chris Johnson --ibTvN161/egqYuK8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7z2kpyeUEMvtGLWERAoaPAKDnHsKLJhkNyerxdCxXpQWz9NKXDACfbeox qyYY32T4l6AyzDVDve3A/N8= =EAVc -----END PGP SIGNATURE----- --ibTvN161/egqYuK8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 18 20:44:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from server1.safepages.com (server1.safepages.com [216.127.146.3]) by hub.freebsd.org (Postfix) with ESMTP id C5CE837B407; Thu, 18 Oct 2001 20:43:54 -0700 (PDT) Received: from localhost (unknown [208.186.187.114]) by server1.safepages.com (Postfix) with ESMTP id 8FFC35E7F; Fri, 19 Oct 2001 03:43:33 +0000 (GMT) X-Sender: peterm@primedial.net From: Peter Matthews To: "Mortgage Rate Info" Date: Thu, 18 Oct 2001 20:53:37 -0700 Subject: Need a Home Loan? Let Us Help! Reply-To: peterm@primedial.net MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001__301324243_75217.49" Message-Id: <20011019034333.8FFC35E7F@server1.safepages.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a Multipart MIME message. ------=_NextPart_000_001__301324243_75217.49 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit ------=_NextPart_000_001__301324243_75217.49 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: base64 DQoNCjxIVE1MPg0KDQo8aGVhZD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIg Q09OVEVOVD0idGV4dC9odG1sO2NoYXJzZXQ9aXNvLTg4NTktMSI+DQo8IURPQ1RZUEUgSFRN TCBQVUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wIFRyYW5zaXRpb25hbC8vRU4iPg0KPFRJ VExFPkZyZWUgUmF0ZSBRdW90ZTwvVElUTEU+DQo8TUVUQSBjb250ZW50PSJ0ZXh0L2h0bWw7 IGNoYXJzZXQ9aXNvLTg4NTktMSIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+PFhNRVRBIA0K Y29udGVudD0iTW96aWxsYS80LjcgW2VuXSAoV2luOTg7IEkpIFtOZXRzY2FwZV0iIG5hbWU9 IkdFTkVSQVRPUiI+DQo8TUVUQSBjb250ZW50PSJNaWNyb3NvZnQgRnJvbnRQYWdlIDQuMCIg bmFtZT1HRU5FUkFUT1I+DQo8U1RZTEU+PC9TVFlMRT4NCjwvSEVBRD4NCjxCT0RZIGJhY2tn cm91bmQ9aHR0cDovLzM2MzExMzIyMTcvbW9uZXlfZ3IuanBnIGJnQ29sb3I9I2ZmZmZmZiBi Z3Byb3BlcnRpZXM9ImZpeGVkIj4NCjxESVYgc3R5bGU9IkZPTlQ6IDEwcHQgYXJpYWwiPg0K PERJVj4mbmJzcDs8L0RJVj48L0RJVj4NCjxESVY+PEJSPjwvRElWPg0KPEJSPg0KPFAgYWxp Z249Y2VudGVyPjxiPjxpPjxmb250IGNvbG9yPSIjMDAwMGZmIiBmYWNlPSJCcnVzaCBTY3Jp cHQgTVQiIHNpemU9IjUiPiZxdW90O0FsbCBvdXIgdGhvdWdodHMsIHByYXllcnMgYW5kIGxv dmUgZ28gb3V0IHRvIHRoZSBmYW1pbGllcyBhbmQgZnJpZW5kcyBvZiB0aGUgdmljdGltcyBv ZiB0aGUgV29ybGQgVHJhZGUgQ2VudGVyIHRyYWdlZHkuJnF1b3Q7PC9mb250PjwvaT48L2I+ PC9QPg0KDQo8UCBhbGlnbj1jZW50ZXI+PGVtPjxiPjxmb250IGNvbG9yPSIjZmYwMDAwIiBz aXplPSI2IiBmYWNlPSJhcmlhbCI+JnF1b3Q7UmVmaW5hbmNlIFlvdXINCkN1cnJlbnQgTW9y dGdhZ2UgV2hpbGUgUmF0ZXMgQXJlIExPVyEhJnF1b3Q7PC9mb250PjwvYj48L2VtPjwvUD4N CjxNQVJRVUVFPjxpPjxiPjxGT05UIHNpemU9NCBjb2xvcj0jMDAwMGZmPkhPTUUgRVFVSVRZ IExPQU5TICoqKiBKVU1CTyBMT0FOUyAqKiogSE9NRSBJTVBST1ZFTUVOVCBMT0FOUyAqKiog DQogICAgICBERUJUIENPTlNPTElEQVRJT04gTE9BTlMgKioqIFJFRklOQU5DRSBMT0FOUyAq KiogQUxMIEFSRSBBVkFJTEFCTEUgVE8gWU9VICoqKiBSQVRFUyBBUyBMT1cgQVMgDQogICAg ICAzLjk1JTwvZm9udD48L2I+PC9pPjwvbWFycXVlZT4NCjxCUj48QlI+DQo8cCBhbGlnbj0i Y2VudGVyIj48Yj48Zm9udCBzaXplPSI0Ij5Nb3J0Z2FnZSBSYXRlcyBBcmUgU28gTG93ISZu YnNwOzwvZm9udD48L2I+PC9wPg0KPHAgYWxpZ249ImNlbnRlciI+PGI+PGZvbnQgc2l6ZT0i NCI+WW91IENhbiBTYXZlIFRob3VzYW5kcyBPZiBEb2xsYXJzIEJ5IFRha2luZw0KQWR2YW50 YWdlIE5vdyE8L2ZvbnQ+PC9iPjwvcD4NCjxQIGFsaWduPWNlbnRlcj48RU0+PEI+PEZPTlQg Y29sb3I9I2ZmMDAwMCBzaXplPTU+JnF1b3Q7V0UgQVJFIEFOIEFTU09DSUFUSU9OIE9GDQpN T1JUR0FHRSBCUk9LRVJTIEFORCBMRU5ERVJTIDwvRk9OVD48L0I+PC9FTT48L1A+DQo8UCBh bGlnbj1jZW50ZXI+PEVNPjxCPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PldJVEggVEhF IEJFU1QgUkFURVMgQU5EIFRIRSBMT1dFU1QNCkNPU1RTISZxdW90PC9GT05UPjwvQj48L0VN PjwvUD4NCjxwIGFsaWduPSJjZW50ZXIiPiZuYnNwOzwvcD4NCjxQIGFsaWduPWNlbnRlcj48 Rk9OVCBjb2xvcj0jMDAwMGZmIHNpemU9ND48Qj5XZSZuYnNwO2hhdmUgdGhvdXNhbmRzIG9m IGxvYW4gDQpwcm9ncmFtcyB0aHJvdWdoIGh1bmRyZWRzIG9mIGxlbmRlcnMhPEJSPjwvQj48 L0ZPTlQ+PEZPTlQgc2l6ZT0zPjwvRk9OVD48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9O Rz48Rk9OVCBzaXplPTU+WW91IGNhbiBjaG9vc2UgZnJvbSZuYnNwOyJBZGp1c3RhYmxlIFJh dGUNCk1vcnRnYWdlcyANCmFzIGxvdyBhcyAzLjk1JSZxdW90OzwvRk9OVD48L1NUUk9ORz48 L1A+DQo8UCBhbGlnbj1jZW50ZXI+PFNUUk9ORz48Rk9OVCBzaXplPTU+YW5kJm5ic3A7IkZp eGVkIFJhdGUgTW9ydGdhZ2VzIGFzIGxvdyBhcw0KNi41MCUmbmJzcDs8L0ZPTlQ+PC9TVFJP Tkc+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxTVFJPTkc+PEZPTlQgc2l6ZT01PmFsbCB3aXRo IHRoZSBsb3dlc3QgY29zdHMgaW4gdGhlDQpOYXRpb24hJnF1b3Q7PC9GT05UPjwvU1RST05H PjxCSUc+PEJJRz48Rk9OVCBjb2xvcj0jZmYwMDAwPio8L0ZPTlQ+PC9CSUc+PC9CSUc+PC9Q Pg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIA0Kc2l6ZT01Pjxmb250IGNvbG9yPSIjRkYwMDAw Ij4mcXVvdDs8Yj48aT5ZT1UgQ0FOIDx1PkJVWSBET1dOIFlPVVIgSU5URVJFU1QgUkFURTwv dT4NClRPPC9pPjwvYj48L2ZvbnQ+PC9GT05UPjwvUD4NCjxQIGFsaWduPWNlbnRlcj48Zm9u dCBjb2xvcj0iI0ZGMDAwMCIgc2l6ZT0iNSI+PGI+PGk+QVMgTE9XIEFTIFlPVSBDQU4NCkFG Rk9SRCEmcXVvdDs8L2k+PC9iPjwvZm9udD48Rk9OVCANCnNpemU9NT48QlI+PC9GT05UPjxG T05UIHNpemU9Mz48L0ZPTlQ+PC9QPg0KPFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+ PEZPTlQgY29sb3I9IzAwMDBmZiBzaXplPTI+PEJJRz48QklHPjxGT05UIA0KY29sb3I9I2Zm MDAwMCBzaXplPTU+KjwvRk9OVD48L0JJRz48U1RST05HPkFsbCByYXRlcyBhcmUgYmFzZWQg b24gDQpxdWFsaWZpY2F0aW9uPC9TVFJPTkc+ITwvQklHPjwvRk9OVD48L0ZPTlQ+PC9QPg0K PFAgYWxpZ249Y2VudGVyPjxGT05UIHNpemU9KzA+PEZPTlQgc2l6ZT0yPjxCSUc+PC9CSUc+ PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDBmZj48Rk9OVCBmYWNlPUFyaWFsPjxGT05UIHNp emU9Mj48QSBocmVmPSJodHRwOi8vMzYzMTEzMjIxNyIgDQp0YXJnZXQ9X2JsYW5rPjxGT05U IHNpemU9NT48U1RST05HPjxGT05UIGZhY2U9IlRpbWVzIE5ldyBSb21hbiI+Q2xpY2sgaGVy ZSBmb3IgDQp5b3VyIDwvRk9OVD48Rk9OVCBzaXplPTY+PEZPTlQgZmFjZT0iVGltZXMgTmV3 IFJvbWFuIj48RU0+IkZSRUUgUkFURSANClFVT1RFIiE8L0VNPjwvRk9OVD48L0ZPTlQ+PC9T VFJPTkc+PC9GT05UPjwvQT48L0ZPTlQ+PC9GT05UPjwvRk9OVD48L0ZPTlQ+PC9QPg0KPFAg YWxpZ249bGVmdD4mbmJzcDs8L1A+DQo8UCBhbGlnbj1sZWZ0PjxpPjxiPjxmb250IGZhY2U9 IkFyaWFsIiBzaXplPSIrMCI+Q0xJQ0sgT04gTE9BTlMgQkVMT1cgRk9SIFlPVVINCkZSRUUg QVBQTElDQVRJT04hPC9mb250PjwvYj48L2k+PEZPTlQgZmFjZT1BcmlhbD48QlI+PC9GT05U PjwvUD4NCjxQIGFsaWduPWxlZnQ+PFNUUk9ORz48RU0+PEEgaHJlZj0iaHR0cDovLzM2MzEx MzIyMTciIA0KdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UHVyY2hhc2UgTG9hbnM8L2ZvbnQ+PC9BPiA8Rk9OVCBzaXplPTU+DQo8L0ZPTlQ+IDwvRU0+ PEZPTlQgDQpzaXplPTQ+LSA8RU0+VGhvdXNhbmRzIG9mIHByb2dyYW1zIA0KZm9yIEZpcnN0 IE1vcnRnYWdlcyE8L0VNPjwvRk9OVD48ST48L0k+PC9TVFJPTkc+PEk+PEZPTlQgDQpjb2xv cj0jMDAwMDAwPjxCUj48QlI+PC9GT05UPjwvST48QSBocmVmPSJodHRwOi8vMzYzMTEzMjIx NyIgX2JsYW5rPz48RU0+PFNUUk9ORz48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+ UmVmaW5hbmNlIExvYW5zPC9mb250PjwvU1RST05HPjwvRU0+PEk+PEZPTlQgDQpjb2xvcj0j MDAwMDAwIHNpemU9Mj4gPC9GT05UPjwvST48L0E+PEk+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+LSA8Qj5SZWR1Y2UgeW91ciANCm1vbnRobHkgcGF5bWVudHMgYW5kPC9GT05UPjxG T05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0yPiA8L0ZPTlQ+PEZPTlQgDQpjb2xvcj0jZmYwMDAw IHNpemU9NT5HZXQgQ2FzaCBCYWNrITwvRk9OVD48L0I+PEZPTlQgY29sb3I9IzAwMDAwMCBz aXplPTQ+IA0KPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT0zPjxCUj48QlI+PC9G T05UPjwvST48QSANCmhyZWY9Imh0dHA6Ly8zNjMxMTMyMjE3IiB0YXJnZXQ9X2JsYW5rPjxm b250IGNvbG9yPSIjODAwMDgwIj48RU0+PEI+PEZPTlQgc2l6ZT01PlNlY29uZCANCk1vcnRn YWdlczwvRk9OVD48L0I+PC9FTT48ST48Rk9OVCBzaXplPTM+IDwvRk9OVD48L0k+DQo8L2Zv bnQ+IDwvQT48ST48Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9Mz4gLSA8L0ZPTlQ+PEI+PEZP TlQgDQpjb2xvcj0jMDAwMDAwIHNpemU9ND5XZSBjYW4gaGVscCB5b3UgZ2V0IGZyb20gPC9G T05UPjxGT05UIGNvbG9yPSNmZjAwMDAgDQpzaXplPTU+OTAlPC9GT05UPjxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00PiB1cCB0byA8L0ZPTlQ+PEZPTlQgY29sb3I9I2ZmMDAwMCANCnNp emU9NT4xMjUlPC9GT05UPjxGT05UIGNvbG9yPSMwMDAwMDAgc2l6ZT00PiBvZiB5b3VyIGhv bWVzIHZhbHVlISAocmF0aW9zIHZhcnkgDQpieSBzdGF0ZSk8L0ZPTlQ+PC9CPjwvUD4NCjxQ IGFsaWduPWxlZnQ+PEEgaHJlZj0iaHR0cDovLzM2MzExMzIyMTciIA0KdGFyZ2V0PV9ibGFu az48Qj48Zm9udCBzaXplPSI1IiBjb2xvcj0iIzgwMDA4MCI+RGVidCBDb25zb2xpZGF0aW9u PC9mb250PjwvQj48L0E+PEZPTlQgY29sb3I9IzAwMDAwMCBzaXplPTM+IDxGT05UIGNvbG9y PSMwMDAwMDAgc2l6ZT00Pi0gDQo8Qj5Db21iaW5lIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYw MDAwIHNpemU9NT5hbGw8L0ZPTlQ+PEZPTlQgY29sb3I9IzAwMDAwMCANCnNpemU9ND4geW91 ciBiaWxscyBpbnRvIDwvRk9OVD48Rk9OVCBjb2xvcj0jZmYwMDAwIHNpemU9NT5PbmUgTG93 IE1vbnRobHkgDQpQYXltZW50ITwvRk9OVD48L0I+PEJSPjxCUj48L0ZPTlQ+PEI+PEEgDQpo cmVmPSJodHRwOi8vMzYzMTEzMjIxNyIgdGFyZ2V0PV9ibGFuaz48Zm9udCBzaXplPSI1IiBj b2xvcj0iIzgwMDA4MCI+Rmlyc3QgVGltZSBIb21lIEJ1eWVyczwvZm9udD48L0E+PEZPTlQg Y29sb3I9IzAwMDAwMCBzaXplPTM+IC0gDQo8Rk9OVCBjb2xvcj0jMDAwMDAwIHNpemU9ND5X ZSBjYW4gaGVscCB5b3UgYnV5IHdpdGggPEZPTlQgY29sb3I9I2ZmMDAwMCANCnNpemU9NT5M b3c8L0ZPTlQ+PC9GT05UPjxGT05UIGNvbG9yPSNmZjAwMDAgc2l6ZT01PiBNb25leSBEb3du PC9GT05UPjxGT05UIA0KY29sb3I9IzAwMDAwMCBzaXplPTQ+LCBhbmQgZXZlbiA8L0ZPTlQ+ PEZPTlQgY29sb3I9I2ZmMDAwMCBzaXplPTU+R2V0IENhc2ggDQpCYWNrITwvRk9OVD48L0ZP TlQ+PC9CPjwvUD48L0k+DQo8UCBhbGlnbj1jZW50ZXI+PEJJRz48QklHPjxGT05UIGNvbG9y PSNmZjAwMDA+KjwvRk9OVD48L0JJRz5BbGwgcmF0ZXMgYXJlIGJhc2VkIA0Kb24gcXVhbGlm aWNhdGlvbiE8L0JJRz48L1A+DQo8UCBhbGlnbj1jZW50ZXI+PEI+PEk+PEZPTlQgY29sb3I9 IzAwMDAwMCBzaXplPTY+V2UgaGF2ZSBwcm9ncmFtcyBmb3IgDQo8L0ZPTlQ+PEZPTlQgY29s b3I9I2ZmMDAwMCBzaXplPTY+PFU+RVZFUlk8L1U+PC9GT05UPjxGT05UIGNvbG9yPSMwMDAw MDAgc2l6ZT02PiANCmNyZWRpdCBzaXR1YXRpb24hPC9GT05UPjxCUj48QlI+PEEgaHJlZj0i aHR0cDovLzM2MzExMzIyMTciIHRhcmdldD1fYmxhbms+PEZPTlQgDQpjb2xvcj0jMDAwMGZm IHNpemU9NT5DbGljayBoZXJlIGZvciB5b3VyIEZSRUUgUkFURSBRVU9URSE8L0ZPTlQ+PC9B PjwvST48L0I+PC9QPg0KPFAgYWxpZ249bGVmdD48Rk9OVCBjb2xvcj0jMDA4MDAwPjxTVFJP Tkc+JnF1b3Q7VGhpcyBtZXNzYWdlIGlzIGJlaW5nIHNlbnQgdG8NCnlvdSBpbiBjb21wbGlh bmNlIHdpdGgmbmJzcDtCaWxsIFMuIDE2MTggVGl0bGUgSUlJIHBhc3NlZCBieSB0aGUgMTA1 dGggVVMNCkNvbmdyZXNzLCB3aGljaCBzdGF0ZXMgdGhhdCB0aGlzIGxldHRlciBjYW4gbm90 IGJlIGNvbnNpZGVyZWQgc3BhbSBhcyBsb25nIGFzIHdlDQppbmNsdWRlICgxKSBWYWxpZCBD b250YWN0IEluZm9ybWF0aW9uIGFuZCAoMikmbmJzcDthIHdheSB0byBiZSByZW1vdmVkIGZy b20gYW55DQpmdXJ0aGVyIHRyYW5zbWlzc2lvbnMgYXQgbm8gY29zdCB0byB5b3UgYnkgc3Vi bWl0dGluZyBhIHJlcXVlc3QgdG8gYmUNCnJlbW92ZWQuJnF1b3Q7IC4gPGEgaHJlZj0iaHR0 cDovLzM2MzExMzIyMTcvcmVtb3ZlLmh0bSI+Q2xpY2sgSGVyZSB0byBTZW5kIGEgUmVtb3Zl IFJlcXVlc3Q8L2E+Lg0KJnF1b3Q7V2UgaG9ub3IgYWxsIHJlbW92ZSBlbWFpbCBhZGRyZXNz IHJlcXVlc3RzJm5ic3A7aW1tZWRpYXRlbHkuJnF1b3Q7PC9TVFJPTkc+PC9GT05UPjwvUD48 L0JPRFk+PC9IVE1MPg== ------=_NextPart_000_001__301324243_75217.49-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 1:36:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from mta06ps.bigpond.com (mta06ps.bigpond.com [144.135.25.138]) by hub.freebsd.org (Postfix) with ESMTP id AA68E37B405 for ; Fri, 19 Oct 2001 01:36:42 -0700 (PDT) Received: from andrew ([144.135.25.84]) by mta06ps.bigpond.com (Netscape Messaging Server 4.15) with SMTP id GLBQYX00.81S for ; Wed, 17 Oct 2001 10:35:21 +1000 Received: from CPE-61-9-164-179.vic.bigpond.net.au ([61.9.164.179]) by psmam06.mailsvc.email.bigpond.com(MailRouter V2.9k 8419/5982298); 17 Oct 2001 10:35:20 Message-ID: <005c01c156a2$855622f0$240aa8c0@ltpr.local> Reply-To: "Andrew Dean" From: "Andrew Dean" To: Subject: Files downloaded logging? Date: Wed, 17 Oct 2001 10:27:35 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there a way to log files that are downloaded through a freeBSD firewall ... i'm using ppp -nat to connect and ipf rules... Thanks Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 4:47: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from am.famrc.org (mail.famrc.org [206.63.210.32]) by hub.freebsd.org (Postfix) with ESMTP id 63CAA37B401 for ; Fri, 19 Oct 2001 04:47:00 -0700 (PDT) Received: from unknown (da001d0174.atl-ga.osd.concentric.net [64.3.192.175]) by am.famrc.org (8.11.0/8.9.3) with SMTP id f9JBpQ624290 for ; Fri, 19 Oct 2001 04:51:35 -0700 From: To: security@freebsd.org Subject: toner cartridges Date: Sat, 27 Oct 2001 07:50:46 Message-Id: <669.646523.168956@unknown> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org **** VORTEX SUPPLIES **** YOUR LASER PRINTER TONER CARTRIDGE, COPIER AND FAX CARTRIDGE CONNECTION SAVE UP TO 30% FROM RETAIL ORDER BY PHONE:1-888-288-9043 ORDER BY FAX: 1-888-977-1577 E-MAIL REMOVAL LINE: 1-888-494-8597 UNIVERSITY AND/OR SCHOOL PURCHASE ORDERS WELCOME. (NO CREDIT APPROVAL REQUIRED) ALL OTHER PURCHASE ORDER REQUESTS REQUIRE CREDIT APPROVAL. PAY BY CHECK (C.O.D), CREDIT CARD OR PURCHASE ORDER (NET 30 DAYS). IF YOUR ORDER IS BY CREDIT CARD PLEASE LEAVE YOUR CREDIT CARD # PLUS EXPIRATION DATE. IF YOUR ORDER IS BY PURCHASE ORDER LEAVE YOUR SHIPPING/BILLING ADDRESSES AND YOUR P.O. NUMBER NOTE: WE DO NOT CARRY 1) XEROX, BROTHER, PANASONIC, FUJITSU PRODUCTS 2) HP DESKJETJET/INK JET OR BUBBLE JET CARTRIDGES 3) CANON BUBBLE JET CARTRIDGES 4) ANY OFFBRANDS BESIDES THE ONES LISTED BELOW. OUR NEW , LASER PRINTER TONER CARTRIDGE, PRICES ARE AS FOLLOWS: (PLEASE ORDER BY PAGE NUMBER AND/OR ITEM NUMBER) HEWLETT PACKARD: (ON PAGE 2) ITEM #1 LASERJET SERIES 4L,4P (74A)------------------------$44 ITEM #2 LASERJET SERIES 1100 (92A)-------------------------$44 ITEM #3 LASERJET SERIES 2 (95A)----------------------------$39 ITEM #4 LASERJET SERIES 2P (75A)---------------------------$54 ITEM #5 LASERJET SERIES 5P,6P,5MP, 6MP (3903A)---------- -$44 ITEM #6 LASERJET SERIES 5SI, 8000 (09A)--------------------$95 ITEM #7 LASERJET SERIES 2100, 2200 (96A)-------------------$74 ITEM #8 LASERJET SERIES 8100 (82X)-------------------------$115 ITEM #9 LASERJET SERIES 5L/6L (3906A)----------------------$39 ITEM #10 LASERJET SERIES 4V---------------------------------$95 ITEM #11 LASERJET SERIES 4000 (27X)--------------------------$79 ITEM #12 LASERJET SERIES 3SI/4SI (91A)-----------------------$54 ITEM #13 LASERJET SERIES 4, 4M, 5,5M-------------------------$49 ITEM #13A LASERJET SERIES 5000 (29X)-------------------------$125 ITEM #13B LASERJET SERIES 1200-------------------------------$59 ITEM #13C LASERJET SERIES 4100-------------------------------$99 ITEM #18 LASERJET SERIES 3100------------------------------$39 ITEM #19 LASERJET SERIES 4500 BLACK--------------------------$79 ITEM #20 LASERJET SERIES 4500 COLORS ------------------------$125 HEWLETT PACKARD FAX (ON PAGE 2) ITEM #14 LASERFAX 500, 700 (FX1)----------$49 ITEM #15 LASERFAX 5000,7000 (FX2)--------$64 ITEM #16 LASERFAX (FX3)------------------$59 ITEM #17 LASERFAX (FX4)------------------$54 LEXMARK/IBM (ON PAGE 3) OPTRA 4019, 4029 HIGH YIELD---------------$89 OPTRA R, 4039, 4049 HIGH YIELD-----------$105 OPTRA E310.312 HIGH YIELD----------------$79 OPTRA E-----------------------------------$59 OPTRA N----------------------------------$115 OPTRA S----------------------------------$165 OPTRA T----------------------------------$195 OPTRA E310/312---------------------------$79 EPSON (ON PAGE 4) ACTION LASER 7000,7500,8000,9000----------$105 ACTION LASER 1000,1500--------------------$105 CANON PRINTERS (ON PAGE 5) PLEASE CALL FOR MODELS AND UPDATED PRICES FOR CANON PRINTER CARTRIDGES PANASONIC (0N PAGE 7) NEC SERIES 2 MODELS 90 AND 95----------$105 APPLE (0N PAGE 8) LASER WRITER PRO 600 or 16/600------------------$49 LASER WRITER SELECT 300,320,360-----------------$74 LASER WRITER 300 AND 320------------------------$54 LASER WRITER NT, 2NT----------------------------$54 LASER WRITER 12/640-----------------------------$79 CANON FAX (ON PAGE 9) LASERCLASS 4000 (FX3)---------------------------$59 LASERCLASS 5000,6000,7000 (FX2)-----------------$54 LASERFAX 5000,7000 (FX2)------------------------$54 LASERFAX 8500,9000 (FX4)------------------------$54 CANON COPIERS (PAGE 10) PC 3, 6RE, 7 AND 11 (A30)---------------------$69 PC 300,320,700,720,760,900,910,920(E-40)------$89 90 DAY UNLIMITED WARRANTY INCLUDED ON ALL PRODUCTS. ALL TRADEMARKS AND BRAND NAMES LISTED ABOVE ARE PROPERTY OF THE RESPECTIVE HOLDERS AND USED FOR DESCRIPTIVE PURPOSES ONLY. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 6:19:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id 1F18D37B401 for ; Fri, 19 Oct 2001 06:19:39 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id E2E4BEE623 for ; Fri, 19 Oct 2001 06:00:04 -0700 (PDT) Message-ID: <003101c1589e$061ceac0$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: Subject: OT: Data Packet Filters? Date: Fri, 19 Oct 2001 06:00:27 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm hoping someone on this list will share his/her knowledge with me even though this is somewhat off-topic. :) I am trying to deny ICMP echo reply packets on my 3Com 812 ADSL modem/router. It appears that the only way to do this is to write a data filter. The fields I need to determine are offset (bytes - which I thought was 36 for ICMP code), length (bytes - I thought 1), Masked (hex - appears that FF is to match data exactly), and data (hex - I thought 0x0 echo reply). Can anyone get me pointed in the right direction? Any help or URLs will be most appreciated. Thanks! Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 6:26:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from P7.mpionline.com (dsl-mw-209-115-240-i249-edm.nucleus.com [209.115.240.249]) by hub.freebsd.org (Postfix) with ESMTP id 6E82537B401 for ; Fri, 19 Oct 2001 06:26:53 -0700 (PDT) Received: from P5 (P5.mpionline.com [209.115.240.246]) by P7.mpionline.com (8.11.3/8.11.3) with SMTP id f9JDSeP12052 for ; Fri, 19 Oct 2001 07:28:40 -0600 (MDT) (envelope-from tomek@mpionline.com) Message-ID: <001101c158a1$d12ab320$f6f073d1@mpionline.com> From: "Tomek" To: Subject: Whats to stop one user from being root? Date: Fri, 19 Oct 2001 07:27:36 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey there, I have 2 questions really, maybe they are obvious, maybe not. 1. What is to stop a user program from calling half way in the middle of "chmod" for example and bypassing any security checking code? I know this would be highly depending on kernal version, but is there protection against this? 2. In reference to the telnet buffer overflow security problem, how is it that something as simple as fetching data for login name and data for password was not protected? If anyone has any links to detailed information about WHY the buffer overrun works (in great detail), please let me know. Its currently beyond me why the incoming data wasn't limited in size before any processing at all. Thanks, Tomek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 6:33:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (straylight.ringlet.net [217.75.134.254]) by hub.freebsd.org (Postfix) with SMTP id 9EC6A37B401 for ; Fri, 19 Oct 2001 06:33:10 -0700 (PDT) Received: (qmail 10355 invoked by uid 1000); 19 Oct 2001 13:32:49 -0000 Date: Fri, 19 Oct 2001 16:32:49 +0300 From: Peter Pentchev To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: Whats to stop one user from being root? Message-ID: <20011019163248.C1416@straylight.oblivion.bg> Mail-Followup-To: Tomek , freebsd-security@FreeBSD.ORG References: <001101c158a1$d12ab320$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001101c158a1$d12ab320$f6f073d1@mpionline.com>; from tomek@mpionline.com on Fri, Oct 19, 2001 at 07:27:36AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 19, 2001 at 07:27:36AM -0600, Tomek wrote: > Hey there, > I have 2 questions really, maybe they are obvious, maybe not. > > 1. What is to stop a user program from calling half way in the middle of > "chmod" for example and bypassing any security checking code? I know > this would be highly depending on kernal version, but is there > protection against this? System calls are not done as calls directly into the kernel, by address. It's more like you execute a specified system call by number (a small integer, usually less than 512), then the address is looked up in a kernel array. The userland program has no control over this kernel array, so it does not really have any way to specify the exact address in kernel code to jump to. G'luck, Peter -- I am not the subject of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 7:29:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.neophile.net (neophile.net [195.224.237.7]) by hub.freebsd.org (Postfix) with ESMTP id 0A05B37B403 for ; Fri, 19 Oct 2001 07:29:20 -0700 (PDT) Received: from host213-121-119-83.in-addr.btopenworld.com ([213.121.119.83] helo=celly.neophile.net ident=slamdunk) by mail.neophile.net with esmtp (Exim 3.15 #1) id 15uac7-0000lC-00 for security@freebsd.org; Fri, 19 Oct 2001 15:27:08 +0100 Message-Id: <5.1.0.14.2.20011019152713.00a937f8@pop3.neophile.net> X-Sender: slamdunk@pop3.neophile.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 19 Oct 2001 15:29:19 +0100 To: security@freebsd.org From: slamdunk Subject: Re: OT: Data Packet Filters? In-Reply-To: <003101c1589e$061ceac0$0301a8c0@bigdaddy> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is from another list, maybe it will work on BSD echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all To make it permanent, bung it in /etc/rc.d/rc.network, with other similar commands. Lets us know how you get on. Slammer At 06:00 19/10/2001 -0700, you wrote: >I'm hoping someone on this list will share his/her knowledge with me >even though this is somewhat off-topic. :) > >I am trying to deny ICMP echo reply packets on my 3Com 812 ADSL >modem/router. It appears that the only way to do this is to write a >data filter. The fields I need to determine are offset (bytes - which >I thought was 36 for ICMP code), length (bytes - I thought 1), Masked >(hex - appears that FF is to match data exactly), and data (hex - I >thought 0x0 echo reply). > >Can anyone get me pointed in the right direction? Any help or URLs >will be most appreciated. > >Thanks! > >Drew > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 7:41:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id 4612837B405 for ; Fri, 19 Oct 2001 07:41:31 -0700 (PDT) Received: from tagalong (unknown [165.107.42.205]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 1461DEE623; Fri, 19 Oct 2001 07:41:30 -0700 (PDT) Message-ID: <002d01c158ac$23f34810$cd2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: "Jamie Norwood" , "Colin Percival" Cc: References: <003101c1589e$061ceac0$0301a8c0@bigdaddy> <20011019091840.A15330@mushhaven.net> Subject: Re: OT: Data Packet Filters? Date: Fri, 19 Oct 2001 07:41:29 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Jamie Norwood" To: "Drew Tomlinson" Sent: Friday, October 19, 2001 6:18 AM Subject: Re: OT: Data Packet Filters? > On Fri, Oct 19, 2001 at 06:00:27AM -0700, Drew Tomlinson wrote: > > I'm hoping someone on this list will share his/her knowledge with me > > even though this is somewhat off-topic. :) > > > > I am trying to deny ICMP echo reply packets on my 3Com 812 ADSL > > modem/router. It appears that the only way to do this is to write a > > data filter. The fields I need to determine are offset (bytes - which > > I thought was 36 for ICMP code), length (bytes - I thought 1), Masked > > (hex - appears that FF is to match data exactly), and data (hex - I > > thought 0x0 echo reply). > > > > Can anyone get me pointed in the right direction? Any help or URLs > > will be most appreciated. > > Why not set up a firewall with NAT? My network setup is like this: ISP | | IP is DHCP (RFC 1918 & draft-manning nets | inbound blocked here) | ADSL Modem/Router (provides DNS & NAT) |192.168.10.1 RFC 1918 & draft-manning nets | outbound blocked here) | |192.168.10.2 (ed1) Firewall | |192.168.1.2 (ed0) | Internal Network 192.168.1.0/24 The modem/router forwards all traffic to the firewall but will respond to ICMP messages on its own. Thus I need to stop unwanted ICMP traffic at the modem/router. The modem/router will allow me to easily block *all* ICMP traffic but from what I've read, this is not a good thing. So the only way I can accomplish this (AFAIK) is to create a data packet filter on the modem/router to allow packets with ICMP type (what I want) rule first and then reject the rest. Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 8:12:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id 4FD5C37B410 for ; Fri, 19 Oct 2001 08:12:28 -0700 (PDT) Received: (qmail 22032 invoked by uid 1002); 19 Oct 2001 15:12:20 -0000 Date: Fri, 19 Oct 2001 17:12:20 +0200 From: Alson van der Meulen To: security@freebsd.org Subject: Re: Files downloaded logging? Message-ID: <20011019171220.H7347@md2.mediadesign.nl> Mail-Followup-To: security@freebsd.org References: <005c01c156a2$855622f0$240aa8c0@ltpr.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005c01c156a2$855622f0$240aa8c0@ltpr.local> User-Agent: Mutt/1.3.22i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Oct 17, 2001 at 10:27:35AM +1000, Andrew Dean wrote: > Is there a way to log files that are downloaded through a freeBSD firewall > ... i'm using ppp -nat to connect and ipf rules... Use a HTTP and FTP proxy server (squid, oops, tinyproxy), block outgoing HTTP/FTP connections from all hosts except the proxy server, and modify the proxy settings in the browsers/ftp programs accordingly. You could also transproxy (read squid FAQ for more info) -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' Terminated??! --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 8:18:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id 9351E37B405 for ; Fri, 19 Oct 2001 08:18:42 -0700 (PDT) Received: (qmail 23173 invoked by uid 1002); 19 Oct 2001 15:18:39 -0000 Date: Fri, 19 Oct 2001 17:18:39 +0200 From: Alson van der Meulen To: freebsd-security@FreeBSD.ORG Subject: Re: I got hacked, not login wise, software wise Message-ID: <20011019171839.I7347@md2.mediadesign.nl> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net> <018801c157ef$37ec0720$f6f073d1@mpionline.com> <03db01c15812$c4575d40$f6f073d1@mpionline.com> <06cf01c1582d$ff363600$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <06cf01c1582d$ff363600$f6f073d1@mpionline.com> User-Agent: Mutt/1.3.22i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 18, 2001 at 05:38:31PM -0600, Tomek wrote: > Hello there, > > ==QUICK SUMMARY TO NOT WASTE YOUR TIME=== > =Without a doubt I have been hacked > =Noone should have any accounts or access except me > =They managed to create some files in / to unzip and install sudo > =They seemed to be running under "Broot" > =They tried to make user "l-x" as wheel but failed to login > =They repeatedly have tried anonymous ftp and failed > > Why I think it is NOT a login hack but some kind of buffer or software > hack > =log files show nothing about logins > =doubtful they just covered their tracks because they left files sitting > in / as well as left the user "l-x" > > ===MY SUMMARY=== > I think they found a way to get some program (I use a limited and > careful selection of them) to create the files as "Broot" and they tried > to find a way to login but failed. I am NOT sure about this, maybe they > did cover their tracks but were sloppy and left more obvious hints. > > ===MY QUESTIONS=== > =1= I have a user "Broot", I noticed it only a few days after installing > FreeBSD 4.3-RELEASE (GENERIC) #0. Is it normal? Many say they do not > have it, but on google a search shows many do. > > =2= Is there ANY way of determining WHICH program/process has allowed > commands to be run to create/install "sudo" (which is what the hacker > has installed). It is NOT a logged in user that installed it. Maybe > there are some logs for what processes were running at the time, what > process made a file, or whatever. If you enabled accounting before the hack, you could use sa/lastcomm/friends to determine what was run. If they used bash as shell, there might been some .bash_history left. > > =3= Any other advice? > > NOTE: I have not yet notified the hacker I am on to them, I am hoping to > catch them doing something so I know what they are after. But they may > realize I am on to them by now. Enable accounting in rc.conf, and reboot (or look in /etc/rc and execute the commands manually). Beware that if they're smart, they can disable all kind of security measures if they've root access (f.e. turn accounting off). Check how they came in (guess it's indeed telnetd), patch it or disable telnetd, and find out if they've left any backdoors (if the box is only a few days old, a reinstall might be the easiest solution to be sure, you should wipe and reinstall after a succesful breakin anyway). -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' Terminated??! --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10: 8: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12]) by hub.freebsd.org (Postfix) with ESMTP id 5C4A037B401; Fri, 19 Oct 2001 10:07:58 -0700 (PDT) Received: by squall.waterspout.com (Postfix, from userid 1050) id 9A34F9B19; Fri, 19 Oct 2001 12:07:06 -0500 (EST) Date: Fri, 19 Oct 2001 12:07:06 -0500 From: Will Andrews To: security@FreeBSD.org, ports@FreeBSD.org Cc: kde@FreeBSD.org Message-ID: <20011019120706.T25747@squall.waterspout.com> Reply-To: Will Andrews Mail-Followup-To: security@FreeBSD.org, ports@FreeBSD.org, kde@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OK, so I keep getting mail every now and then from people who can't figure out why kcheckpass / kscreensaver won't authenticate their password(s). It's because I decided to play it safe and made kcheckpass non setuid root, which it needs in order to call getpwnam(). But now I'm tired of getting these emails from people who don't notice the message that kdebase spouts about it. I want to know if people think it's a safe "risk" to give kcheckpass setuid root privileges so it Just Works(tm) when people try KDE. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10: 8:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12]) by hub.freebsd.org (Postfix) with ESMTP id 4EAFD37B40A; Fri, 19 Oct 2001 10:08:33 -0700 (PDT) Received: by squall.waterspout.com (Postfix, from userid 1050) id 9D7039B75; Fri, 19 Oct 2001 12:07:41 -0500 (EST) Date: Fri, 19 Oct 2001 12:07:41 -0500 From: Will Andrews To: security@FreeBSD.org, ports@FreeBSD.org, kde@FreeBSD.org Subject: KCheckPass -- make it setuid root or not? Message-ID: <20011019120741.U25747@squall.waterspout.com> Reply-To: Will Andrews Mail-Followup-To: security@FreeBSD.org, ports@FreeBSD.org, kde@FreeBSD.org References: <20011019120706.T25747@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011019120706.T25747@squall.waterspout.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote: > OK, so I keep getting mail every now and then from people who > can't figure out why kcheckpass / kscreensaver won't authenticate > their password(s). It's because I decided to play it safe and > made kcheckpass non setuid root, which it needs in order to call > getpwnam(). > > But now I'm tired of getting these emails from people who don't > notice the message that kdebase spouts about it. I want to know > if people think it's a safe "risk" to give kcheckpass setuid root > privileges so it Just Works(tm) when people try KDE. Erm, sorry about the lack of a subject... -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:15:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [64.0.106.45]) by hub.freebsd.org (Postfix) with ESMTP id D866637B403; Fri, 19 Oct 2001 10:15:37 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id NAA85461; Fri, 19 Oct 2001 13:15:31 -0400 (EDT) Date: Fri, 19 Oct 2001 13:15:31 -0400 (EDT) From: To: Will Andrews Cc: security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: your mail In-Reply-To: <20011019120706.T25747@squall.waterspout.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 19 Oct 2001, Will Andrews wrote: > But now I'm tired of getting these emails from people who don't > notice the message that kdebase spouts about it. I want to know > if people think it's a safe "risk" to give kcheckpass setuid root > privileges so it Just Works(tm) when people try KDE. Will, I think the actual problem isn't so much the message per se, its the fact its placed in the wrong place. It should be shown at the *end* of the build instead of during the building of kdebase. When you go to build the metaport of KDE2 no one wants to sit there watching the output for 12 hours while it builds. They want to come back and see the familiar "everything built ok" and then install it. If you place it as the message at the end of the build *alot* more people would see the message. Otherwise no one is going to catch it. Just my $.02. ============================================================================= -Chris Watson (816) 464-7780 | Sr. Unix Administrator Work: chris.watson@twa.com | Trans World Airlines, Kansas City, MO Home: scanner@jurai.net | http://www.twa.com ============================================================================= WINDOWS: All our IP belongs to us. GNU/LINUX: Touch our IP, and your IP belongs to us. BSD: Here's our IP, just use it. ============================================================================= irc.openprojects.net #FreeBSD -Join the revolution! ICQ: 20016186 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:16:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12]) by hub.freebsd.org (Postfix) with ESMTP id F2AD037B401; Fri, 19 Oct 2001 10:16:46 -0700 (PDT) Received: by squall.waterspout.com (Postfix, from userid 1050) id 49EE69B08; Fri, 19 Oct 2001 12:15:55 -0500 (EST) Date: Fri, 19 Oct 2001 12:15:55 -0500 From: Will Andrews To: scanner@jurai.net Cc: security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: your mail Message-ID: <20011019121555.V25747@squall.waterspout.com> Reply-To: Will Andrews Mail-Followup-To: scanner@jurai.net, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG References: <20011019120706.T25747@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 19, 2001 at 01:15:31PM -0400, scanner@jurai.net wrote: > I think the actual problem isn't so much the message per se, its the fact > its placed in the wrong place. It should be shown at the *end* of the > build instead of during the building of kdebase. When you go to build the > metaport of KDE2 no one wants to sit there watching the output for 12 > hours while it builds. They want to come back and see the familiar > "everything built ok" and then install it. If you place it as the message > at the end of the build *alot* more people would see the > message. Otherwise no one is going to catch it. Just my $.02. Yeah, I'm aware of that. Unfortunately, there is nothing I can do about that, because people might be invoking the kdebase port from anywhere. So it's a general ports problem. :\ -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:32:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by hub.freebsd.org (Postfix) with ESMTP id 7D1FC37B407; Fri, 19 Oct 2001 10:32:37 -0700 (PDT) Received: from mira (mira.palisadesys.com [192.188.162.116]) (authenticated (0 bits)) by magellan.palisadesys.com (8.11.6/8.11.6) with ESMTP id f9JHWXN18345 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO); Fri, 19 Oct 2001 12:32:34 -0500 From: "Guy Helmer" To: "Will Andrews" , Cc: , , Subject: RE: your mail Date: Fri, 19 Oct 2001 12:36:15 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <20011019121555.V25747@squall.waterspout.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Friday, October 19, 2001 12:16 PM, Will Andrews wrote: > On Fri, Oct 19, 2001 at 01:15:31PM -0400, scanner@jurai.net wrote: > > I think the actual problem isn't so much the message per se, > its the fact > > its placed in the wrong place. It should be shown at the *end* of the > > build instead of during the building of kdebase. When you go to > build the > > metaport of KDE2 no one wants to sit there watching the output for 12 > > hours while it builds. They want to come back and see the familiar > > "everything built ok" and then install it. If you place it as > the message > > at the end of the build *alot* more people would see the > > message. Otherwise no one is going to catch it. Just my $.02. > > Yeah, I'm aware of that. Unfortunately, there is nothing I can > do about that, because people might be invoking the kdebase port > from anywhere. So it's a general ports problem. :\ How about sending an email message to "root" with this message? It solves the problem of the message scrolling by during the installation... Guy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:41:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from palanthas.neverending.org (dhcp-167-206-208-144.netmonger.net [167.206.208.144]) by hub.freebsd.org (Postfix) with ESMTP id 8C0C437B401 for ; Fri, 19 Oct 2001 10:41:34 -0700 (PDT) Received: by palanthas.neverending.org (Postfix, from userid 1000) id 35EE226C01; Fri, 19 Oct 2001 13:41:34 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by palanthas.neverending.org (Postfix) with ESMTP id 2FE0122E02; Fri, 19 Oct 2001 13:41:34 -0400 (EDT) Date: Fri, 19 Oct 2001 13:41:34 -0400 (EDT) From: Frank Tobin To: Will Andrews Cc: security@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? In-Reply-To: <20011019120706.T25747@squall.waterspout.com> Message-ID: <20011019133826.O4565-100000@palanthas.neverending.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Will Andrews, at 12:07 -0500 on 2001-10-19, wrote: OK, so I keep getting mail every now and then from people who can't figure out why kcheckpass / kscreensaver won't authenticate their password(s). It's because I decided to play it safe and made kcheckpass non setuid root, which it needs in order to call getpwnam(). Why would you choose to make it non setuid root? Isn't the warning that is associated with all setuid-installed programs enough? Not installing it setuid-root would be like installing sudo without setuid; it's pointless without the bit set. You can't count on the warning messages to get to the user; if someone goes to ports/x11/kde2, and does "make install", the message is going to be buried in the middle of compiling kdelibs, kdebase, kdemultimedia, kdenetwork, etc. -- Frank Tobin http://www.neverending.org/~ftobin/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:48:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from mmu.edu.my (ext-dns.mmu.edu.my [203.106.62.11]) by hub.freebsd.org (Postfix) with ESMTP id CC6C237B403; Fri, 19 Oct 2001 10:48:04 -0700 (PDT) Received: from venus.cyber.mmu.edu.my (venus.cyber.mmu.edu.my [203.106.62.12]) by mmu.edu.my (8.9.1b+Sun/8.9.1) with ESMTP id BAA28894; Sat, 20 Oct 2001 01:43:57 +0800 (MYT) Received: from there (hb2c-20.cyber.mmu.edu.my [10.100.99.40]) by venus.cyber.mmu.edu.my (8.8.8+Sun/8.8.8) with SMTP id BAA06128; Sat, 20 Oct 2001 01:43:51 +0800 (SGT) Message-Id: <200110191743.BAA06128@venus.cyber.mmu.edu.my> Content-Type: text/plain; charset="iso-8859-1" From: nuzrin yaapar Reply-To: nuzrin@yahoo.com Organization: multimedia university To: Will Andrews , security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? Date: Sat, 20 Oct 2001 01:58:52 +0800 X-Mailer: KMail [version 1.3.1] References: <20011019120706.T25747@squall.waterspout.com> <20011019120741.U25747@squall.waterspout.com> In-Reply-To: <20011019120741.U25747@squall.waterspout.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Saturday 20 October 2001 1:07 am, Will Andrews wrote: > On Fri, Oct 19, 2001 at 12:07:06PM -0500, Will Andrews wrote: > > OK, so I keep getting mail every now and then from people who > > can't figure out why kcheckpass / kscreensaver won't authenticate > > their password(s). It's because I decided to play it safe and > > made kcheckpass non setuid root, which it needs in order to call > > getpwnam(). > > > > But now I'm tired of getting these emails from people who don't > > notice the message that kdebase spouts about it. I want to know > > if people think it's a safe "risk" to give kcheckpass setuid root > > privileges so it Just Works(tm) when people try KDE. > So, I think it's better to have setuid root for kcheckpass. Most people won't notice the message, unless they have nothing to do and decided to watch the whole compilation/installation process. Most of us just 'cd /usr/ports/x11/kde2 && make install clean' and leave it overnight to finish. Next morning when kde2 installation have finished...the message has long scroll past the screen and lost.... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:48:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from sudz.ns3g.com (196.40.220-216.q9.net [216.220.40.196]) by hub.freebsd.org (Postfix) with ESMTP id 4958237B40D for ; Fri, 19 Oct 2001 10:48:10 -0700 (PDT) Received: from cooler (cr768924-a.etob1.on.wave.home.com [24.42.29.172]) by sudz.ns3g.com (8.11.6/8.11.6) with SMTP id f9JHmji47808; Fri, 19 Oct 2001 13:48:45 -0400 (EDT) (envelope-from sudz@ns3g.com) Reply-To: From: "Colin Legendre" To: , Subject: RE: Racoon IPSEC issues Date: Fri, 19 Oct 2001 13:49:20 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3B978211.EB11940E@centtech.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I started having this problem with a win2k-freebsd4.4 setup. It was working fine until I upgraded racoon from 20010831a to 20011016a then this problem started. BTW any idea how to roll back to racoon 20010831a? Colin Legendre CCNA, MCP sudz@ns3g.com http://www.ns3g.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Eric Anderson Sent: Thursday, September 06, 2001 10:03 AM To: freebsd-security@FreeBSD.ORG Subject: Racoon IPSEC issues Ok, I have been setting up VPN's using IPSEC tunnel mode (ESP) with Racoon on FreeBSD 4.2 for some time now. I have 4 currently running just fine, and the 3 newest VPN don't work. It appears as though the Racoon's aren't talking to each other correctly. I have 1 VPN "server" that all the clients connect to, and the clients are small machines running from compact flash cards (a stripped down 30Mb freebsd 4.2 setup). I use the GIF interfaces to connect the vpn's together. I have gif0,1,3,4 are connected to VPN's that are up and running. Not that the gif's have anything to do with it, just extra info. Is there something I'm missing? I have tried configuring the non-working boxes just like the working ones, etc. I'm out of ideas! Here are some blurps from my logs on the vpn "server" box: 2001-09-06 08:51:55: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] 2001-09-06 08:51:55: ERROR: proposal.c:951:set_proposal_from_policy(): not supported nested SA. Ignore. 2001-09-06 08:51:55: ERROR: proposal.c:999:set_proposal_from_policy(): There is a difference between the in/out bound policies. 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed to create saprop. 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed to get proposal for responder. 2001-09-06 08:51:55: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to pre-process packet. 2001-09-06 08:52:00: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-09-06 08:52:19: INFO: isakmp.c:854:isakmp_ph1begin_r(): responde new phase 1 negotiation: xx.yy.zz.60[500]<=>xx.yy.zz.128[500] 2001-09-06 08:52:19: INFO: isakmp.c:859:isakmp_ph1begin_r(): begin Aggressive mode. 2001-09-06 08:52:20: INFO: isakmp.c:2313:log_ph1established(): ISAKMP-SA established xx.yy.zz.60[500]-xx.yy.zz.128[500] spi:9c0e0730a89724fc:3 4e869a34c12cf49 2001-09-06 08:52:21: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] 2001-09-06 08:52:21: ERROR: proposal.c:951:set_proposal_from_policy(): not supported nested SA. Ignore. 2001-09-06 08:52:21: ERROR: proposal.c:999:set_proposal_from_policy(): There is a difference between the in/out bound policies. 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed to create saprop. 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed to get proposal for responder. 2001-09-06 08:52:21: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to pre-process packet. 2001-09-06 08:52:32: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-09-06 08:52:32: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 negotiation failed due to time up. 2001-09-06 08:52:32: INFO: isakmp.c:1678:isakmp_chkph1there(): delete phase 2 handler. Help please! -- ---------------------------------------------------------------------------- --- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ---------------------------------------------------------------------------- --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:50:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12]) by hub.freebsd.org (Postfix) with ESMTP id D3DB537B407; Fri, 19 Oct 2001 10:50:35 -0700 (PDT) Received: by squall.waterspout.com (Postfix, from userid 1050) id 2A11B9B19; Fri, 19 Oct 2001 12:49:44 -0500 (EST) Date: Fri, 19 Oct 2001 12:49:44 -0500 From: Will Andrews To: Guy Helmer Cc: Will Andrews , scanner@jurai.net, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: your mail Message-ID: <20011019124944.X25747@squall.waterspout.com> Reply-To: Will Andrews Mail-Followup-To: Guy Helmer , Will Andrews , scanner@jurai.net, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG References: <20011019121555.V25747@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 19, 2001 at 12:36:15PM -0500, Guy Helmer wrote: > How about sending an email message to "root" with this message? It solves > the problem of the message scrolling by during the installation... There is no precedent for this in ports. And I'm not sure that some people want to see this sort of thing... -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 10:53:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by hub.freebsd.org (Postfix) with ESMTP id BD27537B40C for ; Fri, 19 Oct 2001 10:53:31 -0700 (PDT) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id KAA40563 for ; Fri, 19 Oct 2001 10:53:24 -0700 (PDT) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id f9JHoFt07041 for ; Fri, 19 Oct 2001 10:50:17 -0700 (PDT) (envelope-from greg@thistle.bogs.org) Message-Id: <200110191750.f9JHoFt07041@thistle.bogs.org> To: security@FreeBSD.ORG X-To: "Tomek" X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: Whats to stop one user from being root? In-reply-to: Your message of "Fri, 19 Oct 2001 07:27:36 MDT." <001101c158a1$d12ab320$f6f073d1@mpionline.com> Reply-To: gkshenaut@ucdavis.edu Date: Fri, 19 Oct 2001 10:50:15 -0700 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <001101c158a1$d12ab320$f6f073d1@mpionline.com>, "Tomek" cleopede: >Hey there, >I have 2 questions really, maybe they are obvious, maybe not. > >1. What is to stop a user program from calling half way in the middle of >"chmod" for example and bypassing any security checking code? I know >this would be highly depending on kernal version, but is there >protection against this? > >2. In reference to the telnet buffer overflow security problem, how is >it that something as simple as fetching data for login name and data for >password was not protected? If anyone has any links to detailed >information about WHY the buffer overrun works (in great detail), please >let me know. Its currently beyond me why the incoming data wasn't >limited in size before any processing at all. The telnetd exploit allows someone to run an interactive root shell without logging in. The telnetd program starts up as root; the exploit manages to overflow memory by performing thousands of setenv requests, and causes an "exec /bin/sh" to take place. This happens before any authentication takes place. Telnetd limited the size, but not the number or contents of setenv requests; this, plus the availability of the program source, allowed someone to create this exploit. I found out a little about how it worked when someone used it to hack into my system, and then was (apparently) using my system as a base to hack into other systems. He left a copy of the "bsdtelnet" program and its source code on my system. I tried running the program ("bsdtelnet localhost") and within ten minutes or less I was looking at a root shell prompt. Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 11:14:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from sudz.ns3g.com (196.40.220-216.q9.net [216.220.40.196]) by hub.freebsd.org (Postfix) with ESMTP id 6397637B401 for ; Fri, 19 Oct 2001 11:14:15 -0700 (PDT) Received: from cooler (cr768924-a.etob1.on.wave.home.com [24.42.29.172]) by sudz.ns3g.com (8.11.6/8.11.6) with SMTP id f9JIF5i82842; Fri, 19 Oct 2001 14:15:06 -0400 (EDT) (envelope-from sudz@ns3g.com) Reply-To: From: "Colin Legendre" To: , , Subject: RE: Racoon IPSEC issues Date: Fri, 19 Oct 2001 14:15:40 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What version of racoon you running? Colin Legendre CCNA, MCP sudz@ns3g.com http://www.ns3g.com -----Original Message----- From: Colin Legendre [mailto:sudz@ns3g.com] Sent: Friday, October 19, 2001 1:49 PM To: anderson@centtech.com; freebsd-security@FreeBSD.ORG Subject: RE: Racoon IPSEC issues I started having this problem with a win2k-freebsd4.4 setup. It was working fine until I upgraded racoon from 20010831a to 20011016a then this problem started. BTW any idea how to roll back to racoon 20010831a? Colin Legendre CCNA, MCP sudz@ns3g.com http://www.ns3g.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Eric Anderson Sent: Thursday, September 06, 2001 10:03 AM To: freebsd-security@FreeBSD.ORG Subject: Racoon IPSEC issues Ok, I have been setting up VPN's using IPSEC tunnel mode (ESP) with Racoon on FreeBSD 4.2 for some time now. I have 4 currently running just fine, and the 3 newest VPN don't work. It appears as though the Racoon's aren't talking to each other correctly. I have 1 VPN "server" that all the clients connect to, and the clients are small machines running from compact flash cards (a stripped down 30Mb freebsd 4.2 setup). I use the GIF interfaces to connect the vpn's together. I have gif0,1,3,4 are connected to VPN's that are up and running. Not that the gif's have anything to do with it, just extra info. Is there something I'm missing? I have tried configuring the non-working boxes just like the working ones, etc. I'm out of ideas! Here are some blurps from my logs on the vpn "server" box: 2001-09-06 08:51:55: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] 2001-09-06 08:51:55: ERROR: proposal.c:951:set_proposal_from_policy(): not supported nested SA. Ignore. 2001-09-06 08:51:55: ERROR: proposal.c:999:set_proposal_from_policy(): There is a difference between the in/out bound policies. 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed to create saprop. 2001-09-06 08:51:55: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed to get proposal for responder. 2001-09-06 08:51:55: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to pre-process packet. 2001-09-06 08:52:00: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-09-06 08:52:19: INFO: isakmp.c:854:isakmp_ph1begin_r(): responde new phase 1 negotiation: xx.yy.zz.60[500]<=>xx.yy.zz.128[500] 2001-09-06 08:52:19: INFO: isakmp.c:859:isakmp_ph1begin_r(): begin Aggressive mode. 2001-09-06 08:52:20: INFO: isakmp.c:2313:log_ph1established(): ISAKMP-SA established xx.yy.zz.60[500]-xx.yy.zz.128[500] spi:9c0e0730a89724fc:3 4e869a34c12cf49 2001-09-06 08:52:21: INFO: isakmp.c:965:isakmp_ph2begin_r(): responde new phase 2 negotiation: xx.yy.zz.60[0]<=>xx.yy.zz.128[0] 2001-09-06 08:52:21: ERROR: proposal.c:951:set_proposal_from_policy(): not supported nested SA. Ignore. 2001-09-06 08:52:21: ERROR: proposal.c:999:set_proposal_from_policy(): There is a difference between the in/out bound policies. 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1901:get_proposal_r(): failed to create saprop. 2001-09-06 08:52:21: ERROR: isakmp_quick.c:1025:quick_r1recv(): failed to get proposal for responder. 2001-09-06 08:52:21: ERROR: isakmp.c:975:isakmp_ph2begin_r(): failed to pre-process packet. 2001-09-06 08:52:32: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-09-06 08:52:32: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 negotiation failed due to time up. 2001-09-06 08:52:32: INFO: isakmp.c:1678:isakmp_chkph1there(): delete phase 2 handler. Help please! -- ---------------------------------------------------------------------------- --- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ---------------------------------------------------------------------------- --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 12:16:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from angryfist.fasttrackmonkey.com (dsl081-195-105.nyc2.dsl.speakeasy.net [64.81.195.105]) by hub.freebsd.org (Postfix) with ESMTP id 42BEF37B405 for ; Fri, 19 Oct 2001 12:16:14 -0700 (PDT) Received: (qmail 56226 invoked by uid 1001); 19 Oct 2001 19:06:36 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Oct 2001 19:06:36 -0000 Date: Fri, 19 Oct 2001 15:06:36 -0400 (EDT) From: CS X-X-Sender: To: Subject: KLD detectors Message-ID: <20011019150517.E56217-100000@bigpoop.foo.foo> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Does anyone know of a program for FreeBSD to look for "hidden" KLDs? I found this for linux: http://www.hsc.fr/ressources/breves/LKMrootkits.html But so far, nothing for FreeBSD. Thanks, CS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 12:27:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from r220-1.rz.RWTH-Aachen.DE (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by hub.freebsd.org (Postfix) with ESMTP id 4685F37B407; Fri, 19 Oct 2001 12:27:51 -0700 (PDT) Received: from r220-1.rz.RWTH-Aachen.DE (relay2.RWTH-Aachen.DE [134.130.3.1]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3-2) with ESMTP id f9JJRmj11768; Fri, 19 Oct 2001 21:27:48 +0200 (MEST) Received: from kawoserv.kawo2.rwth-aachen.de (root@kawoserv.kawo2.RWTH-Aachen.DE [134.130.180.1]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3/6) with ESMTP id f9JJRlo11764; Fri, 19 Oct 2001 21:27:47 +0200 (MEST) Received: from fump.kawo2.rwth-aachen.de (root@fump.kawo2.rwth-aachen.de [134.130.181.148]) by kawoserv.kawo2.rwth-aachen.de (8.9.3/8.9.3) with ESMTP id VAA28381; Fri, 19 Oct 2001 21:27:48 +0200 Received: (from alex@localhost) by fump.kawo2.rwth-aachen.de (8.11.3/8.11.3) id f9JJSZ203762; Fri, 19 Oct 2001 21:28:36 +0200 (CEST) (envelope-from alex) Date: Fri, 19 Oct 2001 21:28:35 +0200 From: Alexander Langer To: Will Andrews Cc: Guy Helmer , scanner@jurai.net, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG Subject: Re: your mail Message-ID: <20011019212835.A3717@fump.kawo2.rwth-aachen.de> Mail-Followup-To: Alexander Langer , Will Andrews , Guy Helmer , scanner@jurai.net, security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG References: <20011019121555.V25747@squall.waterspout.com> <20011019124944.X25747@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011019124944.X25747@squall.waterspout.com>; from will@physics.purdue.edu on Fri, Oct 19, 2001 at 12:49:44PM -0500 X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-PGP-at: finger alex@big.endian.de X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake Will Andrews (will@physics.purdue.edu): > > How about sending an email message to "root" with this message? It solves > > the problem of the message scrolling by during the installation... > There is no precedent for this in ports. And I'm not sure that > some people want to see this sort of thing... Make a precedent then :) It's a special case, I think it's good. However, you should send mail to the installing user (`id`). Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 12:32:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from cinote.computrition.com (cinote.computrition.com [207.217.23.19]) by hub.freebsd.org (Postfix) with SMTP id 11EB537B403; Fri, 19 Oct 2001 12:32:44 -0700 (PDT) Received: by cinote.computrition.com(Lotus SMTP MTA SMTP v4.6 (462.2 9-3-1997)) id 88256AEA.006B3589 ; Fri, 19 Oct 2001 12:31:00 -0700 X-Lotus-FromDomain: COMPUTRITION From: Al_Caro@computrition.com To: Alexander Langer Cc: Guy Helmer , kde@FreeBSD.ORG, ports@FreeBSD.ORG, scanner@jurai.net, security@FreeBSD.ORG, Will Andrews Message-ID: <88256AEA.006B1287.00@cinote.computrition.com> Date: Fri, 19 Oct 2001 12:30:55 -0700 Subject: Re: your mail Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I agree. personally, I much prefer this Idea over setuid to root. |--------+-----------------------> | | Alexander | | | Langer | | | | | | | | | 10/19/2001 | | | 12:28 PM | | | | |--------+-----------------------> >-----------------------------------------------------------------------| | | | To: Will Andrews | | cc: Guy Helmer , scanner@jurai.net,| | security@FreeBSD.ORG, ports@FreeBSD.ORG, kde@FreeBSD.ORG, (bcc: | | Al Caro/Computrition) | | Subject: Re: your mail | >-----------------------------------------------------------------------| Thus spake Will Andrews (will@physics.purdue.edu): > > How about sending an email message to "root" with this message? It solves > > the problem of the message scrolling by during the installation... > There is no precedent for this in ports. And I'm not sure that > some people want to see this sort of thing... Make a precedent then :) It's a special case, I think it's good. However, you should send mail to the installing user (`id`). Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 12:35:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id 5282F37B407 for ; Fri, 19 Oct 2001 12:35:11 -0700 (PDT) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id f9JJY3q22851 for ; Fri, 19 Oct 2001 15:34:03 -0400 (EDT) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id f9JJZAZ03065 for security@FreeBSD.ORG; Fri, 19 Oct 2001 15:35:10 -0400 Date: Fri, 19 Oct 2001 15:35:10 -0400 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: KCheckPass -- make it setuid root or not? Message-ID: <20011019153510.A3031@corona.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20011019120706.T25747@squall.waterspout.com> <20011019133826.O4565-100000@palanthas.neverending.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011019133826.O4565-100000@palanthas.neverending.org>; from ftobin@neverending.org on Fri, Oct 19, 2001 at 01:41:34PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Oct 19, 2001 at 01:41:34PM -0400, Frank Tobin wrote: > Will Andrews, at 12:07 -0500 on 2001-10-19, wrote: > > OK, so I keep getting mail every now and then from people who can't > figure out why kcheckpass / kscreensaver won't authenticate their > password(s). It's because I decided to play it safe and made > kcheckpass non setuid root, which it needs in order to call > getpwnam(). > > Why would you choose to make it non setuid root? Isn't the warning that > is associated with all setuid-installed programs enough? Not installing > it setuid-root would be like installing sudo without setuid; it's > pointless without the bit set. > Or a similar reasoning: Is it any safer to have xterm or rxvt run as suid than kcheckpass? -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 14:16:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.finexcor.com.ar (mail.finexcor.com.ar [200.49.208.115]) by hub.freebsd.org (Postfix) with ESMTP id DBF7E37B401 for ; Fri, 19 Oct 2001 14:16:21 -0700 (PDT) Received: (from root@localhost) by mail.finexcor.com.ar (8.11.6/8.11.1) id f9JLKWE97271 for security@freebsd.org; Fri, 19 Oct 2001 18:20:32 -0300 (ART) (envelope-from dsosa@finexcor.com.ar) Received: from finexcor.com.ar (finexcor.com.ar [200.9.219.161]) by mail.finexcor.com.ar (8.11.6/8.11.1) with SMTP id f9JLKSH97261 for ; Fri, 19 Oct 2001 18:20:29 -0300 (ART) (envelope-from dsosa@finexcor.com.ar) Received: from finex#u#bernal-Message_Server by finexcor.com.ar with Novell_GroupWise; Fri, 19 Oct 2001 18:07:43 -0300 Message-Id: X-Mailer: Novell GroupWise 5.2 Date: Fri, 19 Oct 2001 18:07:09 -0300 From: "Diego SOSA" To: security@freebsd.org X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 15:36:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id CA0FC37B407 for ; Fri, 19 Oct 2001 15:36:45 -0700 (PDT) Received: from hades.hell.gr (patr530-a161.otenet.gr [212.205.215.161]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f9JMafO16924; Sat, 20 Oct 2001 01:36:41 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f9JI2oj21883; Fri, 19 Oct 2001 21:02:50 +0300 (EEST) (envelope-from charon@labs.gr) Date: Fri, 19 Oct 2001 21:02:49 +0300 From: Giorgos Keramidas To: Andrew Dean Cc: security@freebsd.org Subject: Re: Files downloaded logging? Message-ID: <20011019210249.B21519@hades.hell.gr> Reply-To: freebsd-questions@freebsd.org References: <005c01c156a2$855622f0$240aa8c0@ltpr.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005c01c156a2$855622f0$240aa8c0@ltpr.local> User-Agent: Mutt/1.3.22.1i X-GPG-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-URL: http://labs.gr/~charon/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Andrew Dean wrote: > Is there a way to log files that are downloaded through a freeBSD firewall > ... i'm using ppp -nat to connect and ipf rules... Not by looking at the packets that pass through the firewall, if that's what you're asking. You can set up a web/ftp proxy in the internal network, and only NAT packets from that machine at the firewall, with everyone using that proxy to download files. This way anyone not using the proxy will not have any way to download files, and the logs of the proxy will tell you what you want to know. But this creates one more single-point of failure, since if the proxy fails, down goes your Internet connectivity through the firewall too, so you might not like this `solution'. -giorgos BTW, this is only marginally related to FreeBSD security, and you should really post such questions to freebsd-questions. (The Reply-To header has been set appropriately.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 16:49:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from max.ineocom.com (max.ineocom.com [205.150.136.3]) by hub.freebsd.org (Postfix) with ESMTP id 0ADAB37B403; Fri, 19 Oct 2001 16:49:52 -0700 (PDT) Received: by max.ineocom.com (Postfix, from userid 1001) id E1584283A0; Fri, 19 Oct 2001 13:26:54 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by max.ineocom.com (Postfix) with ESMTP id C3B47244F7; Fri, 19 Oct 2001 13:26:54 -0400 (EDT) Date: Fri, 19 Oct 2001 13:26:54 -0400 (EDT) From: User SCARR To: Will Andrews Cc: , , , Subject: Re: your mail In-Reply-To: <20011019121555.V25747@squall.waterspout.com> Message-ID: <20011019132322.Q85173-100000@max.ineocom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 19 Oct 2001, Will Andrews wrote: > On Fri, Oct 19, 2001 at 01:15:31PM -0400, scanner@jurai.net wrote: > > I think the actual problem isn't so much the message per se, its the fact > > its placed in the wrong place. It should be shown at the *end* of the > > build instead of during the building of kdebase. When you go to build the > > metaport of KDE2 no one wants to sit there watching the output for 12 > > hours while it builds. They want to come back and see the familiar > > "everything built ok" and then install it. If you place it as the message > > at the end of the build *alot* more people would see the > > message. Otherwise no one is going to catch it. Just my $.02. > Yeah, I'm aware of that. Unfortunately, there is nothing I can > do about that, because people might be invoking the kdebase port > from anywhere. So it's a general ports problem. :\ Maybe people could set an enviornment variable to make it setuid during the build? So they'd have to explicitly read the notes in the ports collection and say "Yeah I want that" before it's done... Just a thought. I don't know how this would work for packages though. -- Simon Carr Ineocom - http://www.ineocom.com Tel: 416.831.7876 - Fax: 416.831.7875 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 22: 9: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from student.te.ugm.ac.id (student.te.ugm.ac.id [202.46.249.19]) by hub.freebsd.org (Postfix) with ESMTP id 986E237B401 for ; Fri, 19 Oct 2001 22:09:04 -0700 (PDT) Received: from student.te.ugm.ac.id (student.te.ugm.ac.id [202.46.249.19]) by student.te.ugm.ac.id (Postfix) with ESMTP id B81CD1773C for ; Sat, 20 Oct 2001 12:11:20 +0700 (JAVT) Date: Sat, 20 Oct 2001 12:11:20 +0700 (JAVT) From: To: Subject: subscribe Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thank you for your kindness To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 19 22:22:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from student.te.ugm.ac.id (student.te.ugm.ac.id [202.46.249.19]) by hub.freebsd.org (Postfix) with ESMTP id B500437B401 for ; Fri, 19 Oct 2001 22:22:21 -0700 (PDT) Received: from student.te.ugm.ac.id (student.te.ugm.ac.id [202.46.249.19]) by student.te.ugm.ac.id (Postfix) with ESMTP id 7B2C21773A for ; Sat, 20 Oct 2001 12:24:20 +0700 (JAVT) Date: Sat, 20 Oct 2001 12:24:20 +0700 (JAVT) From: To: Subject: subscribe Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 4:52: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from flock1.newmail.ru (flock1.newmail.ru [212.48.140.157]) by hub.freebsd.org (Postfix) with SMTP id 70A6937B407 for ; Sat, 20 Oct 2001 04:51:58 -0700 (PDT) Received: (qmail 25969 invoked from network); 20 Oct 2001 11:45:14 -0000 Received: from unknown (HELO kssi) (194.183.178.1) by hawk.newmail.ru with SMTP; 20 Oct 2001 11:45:14 -0000 Date: Sat, 20 Oct 2001 14:46:10 +0300 From: Anton X-Mailer: The Bat! (v1.53d) Personal Reply-To: Anton Organization: xxx X-Priority: 3 (Normal) Message-ID: <3013532678.20011020144610@nm.ru> To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How to run programs for Linux under FreeBSD? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 5:44: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from P7.mpionline.com (dsl-mw-209-115-240-i249-edm.nucleus.com [209.115.240.249]) by hub.freebsd.org (Postfix) with ESMTP id 623E137B403 for ; Sat, 20 Oct 2001 05:43:57 -0700 (PDT) Received: from P5 (P5.mpionline.com [209.115.240.246]) by P7.mpionline.com (8.11.3/8.11.3) with SMTP id f9KCjeH44654 for ; Sat, 20 Oct 2001 06:45:40 -0600 (MDT) (envelope-from tomek@mpionline.com) Message-ID: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com> From: "Tomek" To: Subject: Making almost everything non-root Date: Sat, 20 Oct 2001 06:44:42 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.3018.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello there, I am attempting to make everything I possibly can non-root. I have a few questions to that regard. 1. Is there a way to make ports <1024 accessable to non-root programs (preferably on a per-user basis)? Some programs are set to root JUST to access a port, which is a lame reason in my opinion to give such access. 2. I am planning on recompiling several "login" style programs to use limited user-ids instead of root, INCLUDING telnet, and just have a centralized tiny program "makemeroot" called sometime between obtaining login info and actually running shells. Is there a way to on-the-fly make a running PID a different user given the proper login information? NOTE: I do not understand why programs have not been designed this way. I know it may be a slight inconvenience for login programs, but until the user enters root login information, I do not see a strong argument for giving the program root privileges in the first place. Thank you, Tomek To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 6: 6:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from flock1.newmail.ru (flock1.newmail.ru [212.48.140.157]) by hub.freebsd.org (Postfix) with SMTP id 5716137B403 for ; Sat, 20 Oct 2001 06:06:41 -0700 (PDT) Received: (qmail 5089 invoked from network); 20 Oct 2001 13:06:37 -0000 Received: from unknown (HELO kssi) (194.183.178.1) by hawk.newmail.ru with SMTP; 20 Oct 2001 13:06:37 -0000 Date: Sat, 20 Oct 2001 16:07:58 +0300 From: Anton X-Mailer: The Bat! (v1.53d) Personal Reply-To: Anton Organization: xxx X-Priority: 3 (Normal) Message-ID: <13718440155.20011020160758@nm.ru> To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, How I can run StarOffice under FreeBSD? -- Thanks. 16:06 Anton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 6:31:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134]) by hub.freebsd.org (Postfix) with SMTP id F1C0C37B409 for ; Sat, 20 Oct 2001 06:31:37 -0700 (PDT) Received: (qmail 37154 invoked from network); 20 Oct 2001 13:31:35 -0000 Received: from unknown (HELO mail.gattaca.yadt.co.uk) (qmailr@10.0.0.2) by yadt.demon.co.uk with SMTP; 20 Oct 2001 13:31:35 -0000 Received: (qmail 52449 invoked by uid 1000); 20 Oct 2001 13:31:34 -0000 Date: Sat, 20 Oct 2001 14:31:34 +0100 From: David Taylor To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: Making almost everything non-root Message-ID: <20011020143134.B41471@gattaca.yadt.co.uk> Mail-Followup-To: Tomek , freebsd-security@FreeBSD.ORG References: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com>; from tomek@mpionline.com on Sat, Oct 20, 2001 at 06:44:42 -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Tomek wrote: > login info and actually running shells. Is there a way to on-the-fly > make a running PID a different user given the proper login information? Yes. It involves running as root and calling set*id()... > NOTE: I do not understand why programs have not been designed this way. > I know it may be a slight inconvenience for login programs, but until > the user enters root login information, I do not see a strong argument > for giving the program root privileges in the first place. > Because they need root privileges to change the UID of a process... -- David Taylor davidt@yadt.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 6:47:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 00C6137B403 for ; Sat, 20 Oct 2001 06:47:30 -0700 (PDT) Received: from localhost (rik@localhost) by pkl.net (8.9.3/8.9.3) with ESMTP id OAA21993; Sat, 20 Oct 2001 14:47:20 +0100 Date: Sat, 20 Oct 2001 14:47:20 +0100 (BST) From: freebsd-security@rikrose.net X-Sender: rik@pkl.net To: Tomek Cc: freebsd-security@FreeBSD.ORG Subject: Re: Making almost everything non-root In-Reply-To: <0e3a01c15964$fd88fee0$f6f073d1@mpionline.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Tomek wrote: > 1. Is there a way to make ports <1024 accessable to non-root programs > (preferably on a per-user basis)? Some programs are set to root JUST to > access a port, which is a lame reason in my opinion to give such access. In your opinion, it is a lame reason. In my opinion, the best way of doing this, is to run the service as a non-root user, bound to a high port on the loopback interface, and use NAT to forward connections from the "usual" port on the external interface(s) to the real listening connection. One problem you'll encounter with that is that with sucky protocols like FTP, you'll need to inspect all the packets as they go, which involves a higher overhead that just rewriting the headers. For WWW, finger, ssh, etc, this is not a problem. > 2. I am planning on recompiling several "login" style programs to use > .. > login info and actually running shells. Is there a way to on-the-fly > make a running PID a different user given the proper login information? Yes, you need to have privildges that will allow you to switch to another user. This means you must be running as root. Only root can switch to another user. > NOTE: I do not understand why programs have not been designed this way. They have not been designed this way, because one program can not affect what user, priviledge level or the data and code, another program is running under. This is a basic premise of multitasking Operating Systems. > I know it may be a slight inconvenience for login programs, but until > the user enters root login information, I do not see a strong argument > for giving the program root privileges in the first place. The argument is that it would be unable to switch to the correct user and priviledges otherwise. rik -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 6:50: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from sanyu1.sanyutel.com (sanyu1.sanyutel.com [216.250.215.14]) by hub.freebsd.org (Postfix) with ESMTP id EE1E537B407 for ; Sat, 20 Oct 2001 06:50:02 -0700 (PDT) Received: from localhost (ksemat@localhost) by sanyu1.sanyutel.com (8.11.3/) with ESMTP id f9KDm7l01016; Sat, 20 Oct 2001 16:48:07 +0300 X-Authentication-Warning: sanyu1.sanyutel.com: ksemat owned process doing -bs Date: Sat, 20 Oct 2001 16:48:07 +0300 (EAT) From: X-X-Sender: To: Anton Cc: Subject: Re: your mail In-Reply-To: <13718440155.20011020160758@nm.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Look for it in the ports section. /usr/ports On Sat, 20 Oct 2001, Anton wrote: > Hello, > > How I can run StarOffice under FreeBSD? > > -- > Thanks. > > 16:06 > Anton > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 7:48:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id 9466837B405 for ; Sat, 20 Oct 2001 07:48:36 -0700 (PDT) Received: (qmail 17719 invoked by uid 1002); 20 Oct 2001 14:48:30 -0000 Date: Sat, 20 Oct 2001 16:48:30 +0200 From: Alson van der Meulen To: freebsd-security@freebsd.org Subject: Re: your mail Message-ID: <20011020164830.B29781@md2.mediadesign.nl> Reply-To: freebsd-questions@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <3013532678.20011020144610@nm.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3013532678.20011020144610@nm.ru> User-Agent: Mutt/1.3.22i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Oct 20, 2001 at 02:46:10PM +0300, Anton wrote: > How to run programs for Linux under FreeBSD? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/linuxemu.html BTW: send questions to freebsd-questions@freebsd.org instead, reply-to is set to that -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' Say, What does "Superblock Error" mean, anyhow? --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 8:12:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from router.darlow.co.uk (pc2-bigg2-0-cust101.lut.cable.ntl.com [213.107.35.101]) by hub.freebsd.org (Postfix) with ESMTP id 5386837B401 for ; Sat, 20 Oct 2001 08:12:29 -0700 (PDT) Received: from ideal.darlow.co.uk (IDENT:1000@ideal.darlow.co.uk [192.168.0.3]) by router.darlow.co.uk (8.11.6/8.11.6) with SMTP id f9KFCR453400 for ; Sat, 20 Oct 2001 16:12:27 +0100 (BST) (envelope-from neil@darlow.co.uk) From: Neil Darlow Date: Sat, 20 Oct 2001 15:12:27 GMT Message-ID: <20011020.15122700@ideal.darlow.co.uk> Subject: Internal auth defaults To: freebsd-security@freebsd.org X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've noticed that the internal auth service provided by inetd.conf announces the OS as UNKNOWN. In the interests of additional information hiding, wouldn't it be wise to also add the -i switch so that uids are returned instead of names? I'm thinking of the casual user who uncomments the inetd.conf entry without being aware that his username will be sent to anyone who asks via the auth service. Regards, Neil Darlow M.Sc. -- 1024D/531F9048 1999-09-11 Neil Darlow GPG fingerprint =3D 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 10:12:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 21E2D37B40C for ; Sat, 20 Oct 2001 10:12:45 -0700 (PDT) Received: (qmail 42231 invoked from network); 20 Oct 2001 17:12:10 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 20 Oct 2001 17:12:10 -0000 Message-ID: <003201c1598a$78487d20$0100a8c0@alexus> From: "alexus" To: "Anton" , References: <3013532678.20011020144610@nm.ru> Subject: Re: Date: Sat, 20 Oct 2001 13:12:59 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ./program ----- Original Message ----- From: "Anton" To: Sent: Saturday, October 20, 2001 7:46 AM > How to run programs for Linux under FreeBSD? > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 10:13:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 98AA637B405 for ; Sat, 20 Oct 2001 10:13:11 -0700 (PDT) Received: (qmail 42249 invoked from network); 20 Oct 2001 17:12:37 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 20 Oct 2001 17:12:37 -0000 Message-ID: <003801c1598a$8847a480$0100a8c0@alexus> From: "alexus" To: "Anton" , References: <13718440155.20011020160758@nm.ru> Subject: Re: Date: Sat, 20 Oct 2001 13:13:26 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org how is it "security" related topic? ----- Original Message ----- From: "Anton" To: Sent: Saturday, October 20, 2001 9:07 AM > Hello, > > How I can run StarOffice under FreeBSD? > > -- > Thanks. > > 16:06 > Anton > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 11:44: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10]) by hub.freebsd.org (Postfix) with ESMTP id D2F0437B401 for ; Sat, 20 Oct 2001 11:44:02 -0700 (PDT) Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1]) by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id A01D33B394 for ; Sat, 20 Oct 2001 11:44:02 -0700 (PDT) Received: by mail.hq.newdream.net (Postfix, from userid 1012) id 691173B379; Sat, 20 Oct 2001 11:44:02 -0700 (PDT) Date: Sat, 20 Oct 2001 11:44:02 -0700 From: Will Yardley To: freebsd-security@freebsd.org Subject: Re: your mail Message-ID: <20011020114402.E13594@hq.newdream.net> References: <13718440155.20011020160758@nm.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <13718440155.20011020160758@nm.ru> User-Agent: Mutt/1.3.23i Organization: New Dream Network Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anton wrote: > How I can run StarOffice under FreeBSD? this is not security related. questions like this (and your previous one) should be addressed in freebsd-questions (and will be more likely to elicit a positive response there). su - cd /usr/ports/editors/staroffice52 make install should do what you're asking. w -- GPG Public Key: http://infinitejazz.net/will/pgp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 12: 5:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from db-cvad-1-tmp.yahoo.com (db-cvad-1-tmp.yahoo.com [216.145.48.242]) by hub.freebsd.org (Postfix) with ESMTP id 56AF537B403 for ; Sat, 20 Oct 2001 12:05:35 -0700 (PDT) Received: from localhost (doug@localhost) by db-cvad-1-tmp.yahoo.com (8.11.6/8.11.6) with ESMTP id f9KJ5V749167; Sat, 20 Oct 2001 12:05:31 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Date: Sat, 20 Oct 2001 12:05:31 -0700 (PDT) From: Doug Barton X-X-Sender: doug@db-cvad-1-tmp.yahoo.com To: Neil Darlow Cc: freebsd-security@FreeBSD.org Subject: Re: Internal auth defaults In-Reply-To: <20011020.15122700@ideal.darlow.co.uk> Message-ID: <20011020120418.Q49052-100000@db-cvad-1-tmp.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 20 Oct 2001, Neil Darlow wrote: > Hi, > > I've noticed that the internal auth service provided by inetd.conf > announces the OS as UNKNOWN. > > In the interests of additional information hiding, wouldn't it be wise > to also add the -i switch so that uids are returned instead of names? The fakeid option already exists, and is commented in inetd.conf right next to the real one. If that's not enough, you might want to submit a patch with better comments. Doug -- "We will not tire, we will not falter, and we will not fail." - George W. Bush, President of the United States September 20, 2001 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 20 21:19:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from cs.earlham.edu (cs.earlham.edu [159.28.230.3]) by hub.freebsd.org (Postfix) with ESMTP id A3BB937B401 for ; Sat, 20 Oct 2001 21:19:56 -0700 (PDT) Received: from quark.cs.earlham.edu (quark.cs.earlham.edu [159.28.230.3]) by cs.earlham.edu (8.11.3/8.11.1) with ESMTP id f9L4JQm77441 for ; Sat, 20 Oct 2001 23:19:26 -0500 (EST) (envelope-from hassan@cs.earlham.edu) Date: Sat, 20 Oct 2001 23:19:26 -0500 (EST) From: Hassan Halta To: Subject: using dump for backups. Message-ID: <20011020231659.H77421-100000@quark.cs.earlham.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I was thinking of using dump/restore way to backup files on the system. I heard sometime ago that FreeBSD dump was insecure. So, I am wondering if this is still the case, and how insecure it is, or what the fixes for it? I would like to know more about it if possible, Thanks a lot, Hassan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message