From owner-freebsd-security Sun Jul 21 2: 8:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 336D437B400; Sun, 21 Jul 2002 02:08:47 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E880C2.dip0.t-ipconnect.de [217.232.128.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F22643E75; Sun, 21 Jul 2002 02:08:43 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 1997174C; Sun, 21 Jul 2002 11:08:40 +0200 (CEST) Date: Sun, 21 Jul 2002 11:08:40 +0200 To: chris scott Cc: admin@gbinetwork.com, freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721090840.GA461@lupe-christoph.de> References: <008501c2304c$59fbd800$a4102c0a@viper> <1048.68.49.119.89.1027211092.squirrel@webmail.xinu.com> <00a401c2304e$7762c820$a4102c0a@viper> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00a401c2304e$7762c820$a4102c0a@viper> User-Agent: Mutt/1.3.28i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, 2002-07-21 at 01:35:08 +0100, chris scott wrote: > yes it does I believe. I have not looked into this ye thought, does this > mean I have to have a proper one from an authority that will cost me and arm > and a leg? You can create your own CA. I can send you a few shell scripts that make the creation of certificates etc. easy, but you will still have to create your CA. There was a good German article on this, aimed at FreeS/WAN at the server. But the OpenSSL stuff still apllies, of course. http://www.heise.de/ct/02/05/220/default.shtml Just copy/paste the openssl calls. Email me if you want the (trivial) scripts. HTH, Lupe Christoph > ----- Original Message ----- > From: "James Bristle" > To: > Sent: Sunday, July 21, 2002 1:24 AM > Subject: Re: roaming ipsec policies and racoon > > does windows support certs ? Strange, this mail hasn't made it to me (yet?). Yes, Windows 2000 and XP can use Certs. As can third-party IPSec implementations for Windows. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 6:27:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A802A37B400; Sun, 21 Jul 2002 06:27:37 -0700 (PDT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98BD643E4A; Sun, 21 Jul 2002 06:27:36 -0700 (PDT) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) by srv1.cosmo-project.de (8.12.3/8.12.3) with ESMTP id g6LDRV0i041873 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sun, 21 Jul 2002 15:27:34 +0200 (CEST) (envelope-from ticso@cicely5.cicely.de) Received: from cicely5.cicely.de (localhost [IPv6:::1]) by cicely5.cicely.de (8.12.1/8.12.1) with ESMTP id g6LDRWFJ086561 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 21 Jul 2002 15:27:32 +0200 (CEST)?g (envelope-from ticso@cicely5.cicely.de) Received: (from ticso@localhost) by cicely5.cicely.de (8.12.1/8.12.1/Submit) id g6LDRVN0086560; Sun, 21 Jul 2002 15:27:31 +0200 (CEST)?g (envelope-from ticso) Date: Sun, 21 Jul 2002 15:27:31 +0200 From: Bernd Walter To: chris scott Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721132730.GB83916@cicely5.cicely.de> Reply-To: ticso@cicely.de References: <008501c2304c$59fbd800$a4102c0a@viper> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <008501c2304c$59fbd800$a4102c0a@viper> X-Operating-System: FreeBSD cicely5.cicely.de 5.0-CURRENT i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jul 21, 2002 at 01:16:18AM +0100, chris scott wrote: > Hi, > > I am currently trying playing with IPSEC and racoon to provide a secure services for my users. They all use either freebsd or windows 2k/XP clients. They unfortunately all have dynamic ips 8(. I have successfully configured the ipsec policies and have got round the dynamic IP problem with the freebsd clients by using racoons peer and my identifier features to initiate the shared key communication. This all works fine. However I don't know how to do the same thing with windows 2000/XP. I can setup the ipsec policies on the clients easily enough, as I can the preshared key. I have no idea how to set the identifiers though. Without this racoon doesn't match a key on the psk.txt file as it uses the hosts ip rather than whatever@this.com and hence fails the key exchange. Has anyone got any clues to point me in the correct direction? With Windows you have to either use PPTP or L2TP/IPSec-tranport mode. Windows native implementation of IPSec-tunnel mode only works with fixed IPs. You still have the option to use a different implementation than that of Microsoft. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 7:41: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73E5E37B400; Sun, 21 Jul 2002 07:41:04 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E887AE.dip0.t-ipconnect.de [217.232.135.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4279043E3B; Sun, 21 Jul 2002 07:41:03 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 3741C74C; Sun, 21 Jul 2002 16:41:00 +0200 (CEST) Date: Sun, 21 Jul 2002 16:41:00 +0200 To: ticso@cicely.de Cc: chris scott , freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721144100.GD461@lupe-christoph.de> References: <008501c2304c$59fbd800$a4102c0a@viper> <20020721132730.GB83916@cicely5.cicely.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020721132730.GB83916@cicely5.cicely.de> User-Agent: Mutt/1.3.28i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, 2002-07-21 at 15:27:31 +0200, Bernd Walter wrote: > On Sun, Jul 21, 2002 at 01:16:18AM +0100, chris scott wrote: > > I am currently trying playing with IPSEC and racoon to provide a secure services for my users. They all use either freebsd or windows 2k/XP clients. They unfortunately all have dynamic ips 8(. I have successfully configured the ipsec policies and have got round the dynamic IP problem with the freebsd clients by using racoons peer and my identifier features to initiate the shared key communication. This all works fine. However I don't know how to do the same thing with windows 2000/XP. I can setup the ipsec policies on the clients easily enough, as I can the preshared key. I have no idea how to set the identifiers though. Without this racoon doesn't match a key on the psk.txt file as it uses the hosts ip rather than whatever@this.com and hence fails the key exchange. Has anyone got any clues to point me in the correct direction? > With Windows you have to either use PPTP or L2TP/IPSec-tranport mode. > Windows native implementation of IPSec-tunnel mode only works with > fixed IPs. > You still have the option to use a different implementation than that > of Microsoft. You will have to refresh the security policy every time you dial up. Look here (the VPN tool will help you, having to use the "assistant" is painful): http://vpn.ebootis.de/ AFAIR W2k SP2 is required. HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 11:26:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BAA837B40F for ; Sun, 21 Jul 2002 11:26:10 -0700 (PDT) Received: from mail5.ksc.th.com (mail5.ksc.th.com [203.155.0.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7FE2843E64 for ; Sun, 21 Jul 2002 11:26:09 -0700 (PDT) (envelope-from easytoberich01@yahoo.com) Received: from ksc.th.com ([203.107.241.168]) by mail5.ksc.th.com (8.12.1/8.12.0) with SMTP id g6LILZWd010927 for ; Mon, 22 Jul 2002 01:26:07 +0700 Message-Id: <200207211826.g6LILZWd010927@mail5.ksc.th.com> Date: Mon, 22 Jul 2002 01:28:09 To: FreeBSD-security@FreeBSD.org From: easytoberich01@yahoo.com (chancetoberich) Subject: สำหรับผู้ที่ต้องการโอกาสในการเปลี่ยนแปลงชีวิต Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org !!!!! Part-Time Job!! สำหรับนักเรียน นักศึกษา และผู้ทำงานประจำ คุณต้องการงานแบบนี้บ้างไหม…?? -งาน parttime ทำงานที่บ้านได้ ถ้าคุณใช้ Internet เป็น -ทำงานเพียงวันละ 2-3 ชม. -รายได้ 5,000 – 15,000 บาท ถ้าคุณเป็นคนหนึ่งที่ทำงานประจำหรือยังไม่มีงานทำ นักศึกษาที่กำลังศึกษาอยู่ ผู้ว่างงาน หรือผู้ที่ยังพอมีเวลาว่างจากงานประจำ มีคุณสมบัติเบื้องต้นดังนี้ 1. มีทัศนคติที่ดี 2. พร้อมที่จะเรียนรู้ เนื่องจากเป็นระบบใหม่จึงต้องให้มีการอบรมให้ตามความเหมาะสม 3. ต้องการที่จะทำงานอย่างจริงจัง อยากที่จะเปลี่ยนฐานะทางการเงินของตนเอง และอยากมีรายได้จากการทำงานตรงนี้จริงๆ ทุกอย่างเป็นไปได้ ใน http://www.geocities.com/getchances2000/ อย่า !…………….. เป็นแค่เพียงคนที่นั่งรอโอกาส To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 11:49: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A95137B412; Sun, 21 Jul 2002 11:48:43 -0700 (PDT) Received: from internal.mail.telinco.net (internal.mail.telinco.net [212.1.128.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6377143E3B; Sun, 21 Jul 2002 11:48:42 -0700 (PDT) (envelope-from chris.scott@uk.tiscali.com) Received: from mk-fw-1.router.uk.worldonline.com ([212.74.112.53] helo=viper) by internal.mail.telinco.net with smtp (Exim 3.22 #1) id 17WLl3-000Ori-00; Sun, 21 Jul 2002 19:48:41 +0100 Message-ID: <001001c230e7$3f22f770$a4102c0a@viper> From: "chris scott" To: "John Howie" , , , References: Subject: Re: roaming ipsec policies and racoon Date: Sun, 21 Jul 2002 19:48:47 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org thanks for all the advice, looks like a much bigger job than I inteneded 8( If only MS gave us the openness of bsd, the whole thing would be so much simpler ----- Original Message ----- From: "John Howie" To: "'chris scott'" ; Sent: Sunday, July 21, 2002 6:44 PM Subject: RE: roaming ipsec policies and racoon > Folks, > > Windows 2000 Server & Advanced Server come with Certificate Services. > You can create either an Enterprise CA (integrated with AD) or a > Standalone CA. When using a Standalone CA you can create your own Root > CA self-signed certificate during the installation process (the > Enterprise CA always issues itself a Root CA self-signed certificate). > > John > > P.S. I didn't post this back to the list - you may want to, though. > > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of chris scott > Sent: Saturday, July 20, 2002 5:35 PM > To: admin@gbinetwork.com > Cc: freebsd-security@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG > Subject: Re: roaming ipsec policies and racoon > > yes it does I believe. I have not looked into this ye thought, does this > mean I have to have a proper one from an authority that will cost me and > arm > and a leg? > > ----- Original Message ----- > From: "James Bristle" > To: > Sent: Sunday, July 21, 2002 1:24 AM > Subject: Re: roaming ipsec policies and racoon > > > > does windows support certs ? > > > > > > > Hi, > > > > > > I am currently trying playing with IPSEC and racoon to provide a > secure > > > services for my users. They all use either freebsd or windows 2k/XP > > > clients. They unfortunately all have dynamic ips 8(. I have > > > successfully configured the ipsec policies and have got round the > > > dynamic IP problem with the freebsd clients by using racoons peer > and > > > my identifier features to initiate the shared key communication. > This > > > all works fine. However I don't know how to do the same thing with > > > windows 2000/XP. I can setup the ipsec policies on the clients > easily > > > enough, as I can the preshared key. I have no idea how to set the > > > identifiers though. Without this racoon doesn't match a key on the > > > psk.txt file as it uses the hosts ip rather than whatever@this.com > and > > > hence fails the key exchange. Has anyone got any clues to point me > in > > > the correct direction? > > > > > > sample og the severs racoon conf > > > > > > remote anonymous > > > { > > > #exchange_mode main,aggressive; > > > exchange_mode aggressive,main; > > > doi ipsec_doi; > > > situation identity_only; > > > > > > #my_identifier address; > > > my_identifier user_fqdn "random@wirdo.com"; > > > peers_identifier user_fqdn "grebbit@wolly.com"; > > > #certificate_type x509 "mycert" "mypriv"; > > > > > > nonce_size 16; > > > lifetime time 1 hour; # sec,min,hour > > > initial_contact on; > > > support_mip6 on; > > > proposal_check obey; # obey, strict or claim > > > > > > proposal { > > > encryption_algorithm 3des; > > > hash_algorithm sha1; > > > authentication_method pre_shared_key ; > > > dh_group 2 ; > > > } > > > } > > > > > > corresponding psk entry > > > grebbit@wolly.com myrandomkey > > > > > > > > > sample of freebsd clients racoon config > > > > > > remote anonymous > > > { > > > #exchange_mode main,aggressive; > > > exchange_mode aggressive,main; > > > doi ipsec_doi; > > > situation identity_only; > > > > > > #my_identifier address; > > > my_identifier user_fqdn grebbit@wolly.com; > > > peers_identifier user_fqdn "random@wirdo.com"; > > > #certificate_type x509 "mycert" "mypriv"; > > > > > > nonce_size 16; > > > lifetime time 1 hour; # sec,min,hour > > > initial_contact on; > > > support_mip6 on; > > > proposal_check obey; # obey, strict or claim > > > > > > proposal { > > > encryption_algorithm 3des; > > > hash_algorithm sha1; > > > authentication_method pre_shared_key ; > > > dh_group 2 ; > > > } > > > } > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > regards > > > > > > > > > Chris Scott > > > > > > > > > IMPORTANT NOTICE: > > > This email may be confidential, may be legally privileged, and is > for > > > the intended recipient only. Access, disclosure, copying, > > > distribution, or reliance on any of it by anyone else is prohibited > and > > > may be a criminal offence. Please delete if obtained in error and > > > email confirmation to the sender. > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 14:37:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EDD437B400; Sun, 21 Jul 2002 14:37:10 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E880CB.dip0.t-ipconnect.de [217.232.128.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB4E843E67; Sun, 21 Jul 2002 14:37:08 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 7E37474C; Sun, 21 Jul 2002 23:37:06 +0200 (CEST) Date: Sun, 21 Jul 2002 23:37:06 +0200 To: chris scott Cc: John Howie , admin@gbinetwork.com, freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: roaming ipsec policies and racoon Message-ID: <20020721213706.GE461@lupe-christoph.de> References: <001001c230e7$3f22f770$a4102c0a@viper> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001001c230e7$3f22f770$a4102c0a@viper> User-Agent: Mutt/1.3.28i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sunday, 2002-07-21 at 19:48:47 +0100, chris scott wrote: > thanks for all the advice, looks like a much bigger job than I inteneded 8( I found it a little more complicated than IP-based IPSec, but it gives you more flexibility. The biggest problem was when I screwed up with the srever DN. It took a while to find how you can get the Windows XP client to tell you what it dowsn't like. Typically Micro$oft. "Something went wrong, and as a Windows user we assume you're too stupid to understand what." Grrrr.... Racoon is quite decent, but badly documented. And when I last looked, it lacked CRL (Certificate Revocation List) support. And I needed that for my client, so I had to use FreeS/WAN. Rechecking CRL support, I found this URL: http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html It doesn't say if CRLs work, but it looks helpful for people wanting to do certificates. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 15: 7:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B148F37B400; Sun, 21 Jul 2002 15:07:14 -0700 (PDT) Received: from hotmail.com (f29.pav0.hotmail.com [64.4.32.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 540C343E5E; Sun, 21 Jul 2002 15:07:14 -0700 (PDT) (envelope-from cdgaming@msn.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 21 Jul 2002 15:07:14 -0700 Received: from 24.207.179.139 by pv0fd.pav0.hotmail.msn.com with HTTP; Sun, 21 Jul 2002 22:07:13 GMT X-Originating-IP: [24.207.179.139] From: "Chest Rockwell" To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org Subject: Need help. Date: Sun, 21 Jul 2002 17:07:13 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 21 Jul 2002 22:07:14.0171 (UTC) FILETIME=[F8166CB0:01C23102] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Can someone help me. I need to make an account and keep the user in the directory that they sign into only. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 16:10: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBA6137B406; Sun, 21 Jul 2002 16:09:45 -0700 (PDT) Received: from internal.mail.telinco.net (internal.mail.telinco.net [212.1.128.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 061E043E3B; Sun, 21 Jul 2002 16:09:45 -0700 (PDT) (envelope-from chris.scott@uk.tiscali.com) Received: from mk-fw-1.router.uk.worldonline.com ([212.74.112.53] helo=viper) by internal.mail.telinco.net with smtp (Exim 3.22 #1) id 17WPpf-0005ne-00; Mon, 22 Jul 2002 00:09:43 +0100 Message-ID: <002901c2310b$b2111360$a4102c0a@viper> From: "chris scott" To: "Lupe Christoph" Cc: "John Howie" , , , References: <001001c230e7$3f22f770$a4102c0a@viper> <20020721213706.GE461@lupe-christoph.de> Subject: Re: roaming ipsec policies and racoon Date: Mon, 22 Jul 2002 00:09:41 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Racoon certainly aunt well documented, the man page is all you get. Having said that I have figured out most stuff I need to now. If only winkblows would do user based preshared key lake racoon can. It would all be so easy. Interestingly how do most ppl configure their vpn ipsec policies. I found all the example ones out there would encrypt the inside of the gif,gre, whatever tunnel. This didn't make sense to me as if you added another network to one of the lans you would have to update your polices to cope with the new traffic. I just setup a tunnel, and zebra running ripd on both hosts then encrypted all tunnel traffic between both the hosts, in my case ip protocol 4 ( gif tunnel ). Works fine for me all I have to do now is configure a new interface for the new network and bang it sorts out the rest. ----- Original Message ----- From: "Lupe Christoph" To: "chris scott" Cc: "John Howie" ; ; ; Sent: Sunday, July 21, 2002 10:37 PM Subject: Re: roaming ipsec policies and racoon > On Sunday, 2002-07-21 at 19:48:47 +0100, chris scott wrote: > > thanks for all the advice, looks like a much bigger job than I inteneded 8( > > I found it a little more complicated than IP-based IPSec, but it > gives you more flexibility. The biggest problem was when I screwed > up with the srever DN. It took a while to find how you can get the > Windows XP client to tell you what it dowsn't like. Typically > Micro$oft. "Something went wrong, and as a Windows user we assume > you're too stupid to understand what." Grrrr.... > > Racoon is quite decent, but badly documented. And when I last looked, > it lacked CRL (Certificate Revocation List) support. And I needed > that for my client, so I had to use FreeS/WAN. > > Rechecking CRL support, I found this URL: > http://www.sigsegv.cx/FreeBSD-WIN2K-IPSEC-HOWTO.html > It doesn't say if CRLs work, but it looks helpful for people > wanting to do certificates. > > Lupe Christoph > -- > | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | > | I have challenged the entire ISO-9000 quality assurance team to a | > | Bat-Leth contest on the holodeck. They will not concern us again. | > | http://public.logica.com/~stepneys/joke/klingon.htm | > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 18: 6:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0679937B400; Sun, 21 Jul 2002 18:06:28 -0700 (PDT) Received: from hackmania.ath.cx (hssxsk206-163-232-166.sasknet.sk.ca [206.163.232.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0174943E5E; Sun, 21 Jul 2002 18:06:27 -0700 (PDT) (envelope-from normal@hackmania.ath.cx) Received: from effortnix (hssxsk206-163-232-165.sasknet.sk.ca [206.163.232.165]) by hackmania.ath.cx (8.12.5/8.12.5) with SMTP id g6M0h3oA012852; Sun, 21 Jul 2002 18:43:03 -0600 (CST) Message-ID: <000a01c2311b$f70bf830$a5e8a3ce@effortnix> From: "normal" To: "Chest Rockwell" , Cc: References: Subject: Re: Need help. Date: Sun, 21 Jul 2002 19:06:08 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alright, look up chroot and look up adduser :-) - ----- Original Message ----- From: "Chest Rockwell" To: Cc: Sent: Sunday, July 21, 2002 4:07 PM Subject: Need help. > > > Can someone help me. I need to make an account and keep the user > in the directory that they sign into only. > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use Comment: https://www.hackmania.ath.cx iQA/AwUBPTtafWuqlDKIknpUEQJPkQCfdRMbGo2bJPCIyyUpNpmQeN0PMrAAn321 4MsLrY9bAApnCvuzT8DfOneL =G8Mu -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jul 21 22: 9:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FE9C37B400 for ; Sun, 21 Jul 2002 22:09:19 -0700 (PDT) Received: from up.rsm.ru (up.rsm.ru [217.23.86.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93BEA43E42 for ; Sun, 21 Jul 2002 22:09:17 -0700 (PDT) (envelope-from aga@up.rsm.ru) Received: (from aga@localhost) by up.rsm.ru (8.11.6/8.11.6) id g6M59Dq33177 for freebsd-security@freebsd.org; Mon, 22 Jul 2002 09:09:13 +0400 (MSD) (envelope-from aga) Message-Id: <200207220509.g6M59Dq33177@up.rsm.ru> Subject: Re: Need help. (fwd) To: freebsd-security@freebsd.org Date: Mon, 22 Jul 2002 09:09:13 +0400 (MSD) From: Dmitry Agafonov Reply-To: aga@rsm.ru Organization: Radioservice Mobile Ltd, Saratov X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! This is not so easy question (for me)... Is there a good way to make chroot automatically at login? Not in .profile or any other shell rc's. login.conf or such? I just never heard about this. > Alright, look up chroot and look up adduser :-) > > > > Can someone help me. I need to make an account and keep the user > > in the directory that they sign into only. > > ----- Dmitry Agafonov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 1:29:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 412D837B400 for ; Mon, 22 Jul 2002 01:29:21 -0700 (PDT) Received: from tokyo.ccrle.nec.de (tokyo.ccrle.nec.de [195.37.70.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FDC043E58 for ; Mon, 22 Jul 2002 01:29:16 -0700 (PDT) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from wallace.heidelberg.ccrle.nec.de (root@wallace [192.168.102.1]) by tokyo.ccrle.nec.de (8.11.6/8.11.6) with ESMTP id g6M8T9U30394 for ; Mon, 22 Jul 2002 10:29:10 +0200 (CEST) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from [192.168.102.190] (enrico.heidelberg.ccrle.nec.de [192.168.102.190]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id KAA28587 for ; Mon, 22 Jul 2002 10:29:09 +0200 Date: Mon, 22 Jul 2002 10:29:09 +0200 From: Enrico Giakas To: freebsd-security@FreeBSD.ORG Subject: Re: Need help. (fwd) Message-ID: <319590336.1027333749@[192.168.102.190]> In-Reply-To: <200207220509.g6M59Dq33177@up.rsm.ru> References: <200207220509.g6M59Dq33177@up.rsm.ru> X-Mailer: Mulberry/2.2.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, whats about the "JAIL" function ? Honestly I have'nt used it jet, but I can imagine that this would solve your request... E. Giakas --On Montag, 22. Juli 2002 09:09 +0400 Dmitry Agafonov wrote: > Hi! > > This is not so easy question (for me)... > Is there a good way to make chroot automatically at login? > Not in .profile or any other shell rc's. > login.conf or such? I just never heard about this. > >> Alright, look up chroot and look up adduser :-) >> > >> > Can someone help me. I need to make an account and keep the user >> > in the directory that they sign into only. >> > > ----- > Dmitry Agafonov > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message _____________________________________________________ Enrico Giakas Network Laboratories Heidelberg NEC Europe Ltd. Adenauerplatz 6 D-69115 Heidelberg, Germany Tel.:+49/(0) 62 21/905 11- 12 Fax :+49/(0) 62 21/905 11- 55 email: Enrico.Giakas@ccrle.nec.de _____________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 1:33:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4870C37B400 for ; Mon, 22 Jul 2002 01:33:52 -0700 (PDT) Received: from tokyo.ccrle.nec.de (tokyo.ccrle.nec.de [195.37.70.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2523043E6A for ; Mon, 22 Jul 2002 01:33:51 -0700 (PDT) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from wallace.heidelberg.ccrle.nec.de (root@wallace [192.168.102.1]) by tokyo.ccrle.nec.de (8.11.6/8.11.6) with ESMTP id g6M8XoU30701 for ; Mon, 22 Jul 2002 10:33:50 +0200 (CEST) (envelope-from Enrico.Giakas@ccrle.nec.de) Received: from [192.168.102.190] (enrico.heidelberg.ccrle.nec.de [192.168.102.190]) by wallace.heidelberg.ccrle.nec.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id KAA28674 for ; Mon, 22 Jul 2002 10:33:50 +0200 Date: Mon, 22 Jul 2002 10:33:50 +0200 From: Enrico Giakas To: freebsd-security Subject: Re: wierdness in my security report Message-ID: <319871370.1027334030@[192.168.102.190]> In-Reply-To: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> References: <006301c22e83$2b3d5b30$fe01a8c0@Desktop> X-Mailer: Mulberry/2.2.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A very helpful message of the kernel, indicating that someone has changed his IP Address in your network... --Enrico > Anyone have any ideas as to what might be causing the following to appear > in my security report? > arp: 12.236.220.1 moved from 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on > dc0 >> Jul 17 05:47:56 server /kernel: arp: 12.236.220.1 moved from >> 00:b0:64:b7:6f:54 to 00:b0:64:b7:6f:a8 on dc0 arp: 12.236.220.1 moved >> from 00:b0:64:b7:6f:a8 to 00:b0:64:b7:6f:54 on dc0 Jul 17 05:47:57 >> server /kernel: arp: 12.236.220.1 moved from 00:b0:64:b7:6f:a8 to >> 00:b0:64:b7:6f:54 on dc0 > > I thought those : delimited fields would be MAC addresses, but they don't > match the MAC addresses of either of the two cards in my free-bsd box. I > have not checked the MAC addresses of the other network cards on my > network. > Also, where does the "server /kernel" name come from. "kernel" is not > the name I gave my kernel, so I am suspicious. > Thanks, > > --Craig > _____________________________________________________ Enrico Giakas Network Laboratories Heidelberg NEC Europe Ltd. Adenauerplatz 6 D-69115 Heidelberg, Germany Tel.:+49/(0) 62 21/905 11- 12 Fax :+49/(0) 62 21/905 11- 55 email: Enrico.Giakas@ccrle.nec.de _____________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 5:26:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B0AF37B400 for ; Mon, 22 Jul 2002 05:26:49 -0700 (PDT) Received: from deevil.homeunix.org (adsl-17-208-7.mia.bellsouth.net [68.17.208.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 7CEA243E5E for ; Mon, 22 Jul 2002 05:26:48 -0700 (PDT) (envelope-from deevil@deevil.homeunix.org) Received: (qmail 24565 invoked from network); 22 Jul 2002 12:26:47 -0000 Received: from unknown (HELO Ken) (192.168.1.2) by 192.168.1.1 with SMTP; 22 Jul 2002 12:26:47 -0000 Message-ID: <002601c2317b$2199c820$0201a8c0@Ken> From: "Ken Ebling" To: Subject: Re: Need help. Date: Mon, 22 Jul 2002 08:27:23 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0023_01C23159.9A7144C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0023_01C23159.9A7144C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable > Can someone help me. I need to make an account and keep the user > in the directory that they sign into only.=20 Check out this tutorial: http://www.aarongifford.com/computers/chrsh.html I've used this on my ISP's shell server. Email me if you have any more = questions.. Ken Ebling ------=_NextPart_000_0023_01C23159.9A7144C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
> Can someone help me.  I need to make an account and keep = the=20 user
> in the  directory that they sign into=20 only. 
 
Check out this tutorial:
http://www.aaro= ngifford.com/computers/chrsh.html

I've=20 used this on my ISP's shell server.  Email me if you have any more=20 questions..

Ken Ebling
 
------=_NextPart_000_0023_01C23159.9A7144C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 6:44:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8BA237B41F for ; Mon, 22 Jul 2002 06:44:32 -0700 (PDT) Received: from top.plusline.de (top.plusline.de [212.19.59.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CC8443E3B for ; Mon, 22 Jul 2002 06:44:32 -0700 (PDT) (envelope-from mk@top.plusline.de) Received: from mk by top.plusline.de with local (Exim 3.35 #1) id 17WdUF-000PAA-00 for freebsd-security@freebsd.org; Mon, 22 Jul 2002 15:44:31 +0200 Date: Mon, 22 Jul 2002 15:44:31 +0200 From: Martin Kaiser To: freebsd-security@freebsd.org Subject: Re: RELENG_4_6 and openssh-3.4p1 depend failure Message-ID: <20020722134431.GA96717@top.plusline.de> Mail-Followup-To: freebsd-security@freebsd.org References: <20020719131058.A29282@cygnus.wks.Gallup.cia-g.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Thus wrote Dag-Erling Smorgrav (des@ofug.org): > David Wilk writes: > > I had just finished a successful make world from the 7/12/2002 > > RELENG_4_6 and decided to CVSup today. Here's what I get when I go > > to /usr/src/secure and do a make depend (after make cleandir and > > make obj of course): > That is not a supported upgrade path. Please use 'make world'. Where could I find information about which paths are supported for a non-complete upgrade? A google search yielded no usable results. Thanks for your hints, Martin (possibly off-topic) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 7: 9:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D42F37B407 for ; Mon, 22 Jul 2002 07:09:25 -0700 (PDT) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49BED43E65 for ; Mon, 22 Jul 2002 07:09:18 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g6ME8dm76391; Mon, 22 Jul 2002 17:08:39 +0300 (EEST) (envelope-from ru) Date: Mon, 22 Jul 2002 17:08:39 +0300 From: Ruslan Ermilov To: Martin Kaiser Cc: freebsd-security@FreeBSD.ORG Subject: Re: RELENG_4_6 and openssh-3.4p1 depend failure Message-ID: <20020722140839.GB74750@sunbay.com> References: <20020719131058.A29282@cygnus.wks.Gallup.cia-g.com> <20020722134431.GA96717@top.plusline.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NDin8bjvE/0mNLFQ" Content-Disposition: inline In-Reply-To: <20020722134431.GA96717@top.plusline.de> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --NDin8bjvE/0mNLFQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 22, 2002 at 03:44:31PM +0200, Martin Kaiser wrote: > Hi, >=20 > Thus wrote Dag-Erling Smorgrav (des@ofug.org): >=20 > > David Wilk writes: >=20 > > > I had just finished a successful make world from the 7/12/2002 > > > RELENG_4_6 and decided to CVSup today. Here's what I get when I go > > > to /usr/src/secure and do a make depend (after make cleandir and > > > make obj of course): >=20 > > That is not a supported upgrade path. Please use 'make world'. >=20 > Where could I find information about which paths are supported for a > non-complete upgrade? A google search yielded no usable results. >=20 Well, an unnamed non-complete upgrade should follow the same procedure as the complete upgrade, and you should know enough details about the particular bit you're upgrading. Note that some changes may depend on new libc functions, headers, etc., so a non-complete upgrade is not even guaranteed to work. Sometimes, it's just a matter of doing the make obj; make all; make install in sequence. Sometimes, you first need to update some headers in /usr/include. Sometimes, you need to remove the old object directory. Sometimes, you'll have to update the libc first. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --NDin8bjvE/0mNLFQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9PBHnUkv4P6juNwoRAoVoAJ4swJ6HrBIrvjLCSA9usMVcxQgnVQCdFtr1 g8opLFxAcGjIwvuKglV2Hzw= =ngi3 -----END PGP SIGNATURE----- --NDin8bjvE/0mNLFQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 7:55:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FEBF37B400 for ; Mon, 22 Jul 2002 07:55:50 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F29643E4A for ; Mon, 22 Jul 2002 07:55:50 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id B9F3B535C; Mon, 22 Jul 2002 16:55:48 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Martin Kaiser Cc: freebsd-security@freebsd.org Subject: Re: RELENG_4_6 and openssh-3.4p1 depend failure References: <20020719131058.A29282@cygnus.wks.Gallup.cia-g.com> <20020722134431.GA96717@top.plusline.de> From: Dag-Erling Smorgrav Date: 22 Jul 2002 16:55:47 +0200 In-Reply-To: <20020722134431.GA96717@top.plusline.de> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Martin Kaiser writes: > Thus wrote Dag-Erling Smorgrav (des@ofug.org): > > That is not a supported upgrade path. Please use 'make world'. > Where could I find information about which paths are supported for a > non-complete upgrade? There are none. Please use 'make world'. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 11: 3: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA1AA37B401 for ; Mon, 22 Jul 2002 11:02:58 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E8A043E42 for ; Mon, 22 Jul 2002 11:02:58 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6MI2wJU060265 for ; Mon, 22 Jul 2002 11:02:58 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6MI2vIT060257 for security@freebsd.org; Mon, 22 Jul 2002 11:02:57 -0700 (PDT) Date: Mon, 22 Jul 2002 11:02:57 -0700 (PDT) Message-Id: <200207221802.g6MI2vIT060257@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 12: 8:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AABA37B400 for ; Mon, 22 Jul 2002 12:08:38 -0700 (PDT) Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AFF243E65 for ; Mon, 22 Jul 2002 12:08:38 -0700 (PDT) (envelope-from silaron@lumiere.net) Received: by leaf.lumiere.net (Postfix, from userid 1082) id 6FCA1CE93; Mon, 22 Jul 2002 12:08:37 -0700 (PDT) Date: Mon, 22 Jul 2002 12:08:37 -0700 From: Derrick John Klise To: freebsd-security@FreeBSD.ORG Subject: Re: Need help. (fwd) Message-ID: <20020722120837.A78991@leaf.lumiere.net> References: <200207220509.g6M59Dq33177@up.rsm.ru> <319590336.1027333749@[192.168.102.190]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <319590336.1027333749@[192.168.102.190]>; from Enrico.Giakas@ccrle.nec.de on Mon, Jul 22, 2002 at 10:29:09AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org `man 8 jail` is a nice little howto regarding jail. On Mon, Jul 22, 2002 at 10:29:09AM +0200, Enrico Giakas wrote: > Hi, > > whats about the "JAIL" function ? Honestly I have'nt used it jet, but I can > imagine > that this would solve your request... > > E. Giakas > > --On Montag, 22. Juli 2002 09:09 +0400 Dmitry Agafonov wrote: > > > Hi! > > > > This is not so easy question (for me)... > > Is there a good way to make chroot automatically at login? > > Not in .profile or any other shell rc's. > > login.conf or such? I just never heard about this. > > > >> Alright, look up chroot and look up adduser :-) > >> > > >> > Can someone help me. I need to make an account and keep the user > >> > in the directory that they sign into only. > >> > > > ----- > > Dmitry Agafonov > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > _____________________________________________________ > Enrico Giakas > Network Laboratories Heidelberg NEC Europe Ltd. > Adenauerplatz 6 > D-69115 Heidelberg, Germany > > Tel.:+49/(0) 62 21/905 11- 12 > Fax :+49/(0) 62 21/905 11- 55 > email: Enrico.Giakas@ccrle.nec.de > _____________________________________________________ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 13:27:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A19DC37B400 for ; Mon, 22 Jul 2002 13:27:34 -0700 (PDT) Received: from crimelords.org (crimelords.org [199.233.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3693343E65 for ; Mon, 22 Jul 2002 13:27:32 -0700 (PDT) (envelope-from admin@crimelords.org) Received: from crimelords.org (admin@localhost [127.0.0.1]) by crimelords.org (8.12.5/8.12.5) with ESMTP id g6MKRKwm042023 for ; Mon, 22 Jul 2002 15:27:20 -0500 (CDT) (envelope-from admin@crimelords.org) Received: from localhost (admin@localhost) by crimelords.org (8.12.5/8.12.5/Submit) with ESMTP id g6MKRIQs042020 for ; Mon, 22 Jul 2002 15:27:20 -0500 (CDT) Date: Mon, 22 Jul 2002 15:27:18 -0500 (CDT) From: Emacs To: freebsd-security@FreeBSD.ORG Subject: php4 vuln update Message-ID: <20020722152513.B42015-100000@crimelords.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Anyone seen the release on php4 this afternoon. I noticed our ports are still 4.2.1...Please go to http://www.php.net/ for php info if you run this on your apache site!! emacs ps thanks again ISS X-Force! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 13:39:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88A2D37B400 for ; Mon, 22 Jul 2002 13:39:34 -0700 (PDT) Received: from thedarkside.nl (cc31301-a.assen1.dr.nl.home.com [217.120.247.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CE1243E3B for ; Mon, 22 Jul 2002 13:39:32 -0700 (PDT) (envelope-from serkoon@nospam.thedarkside.nl) Received: from kilmarnock.nospam.thedarkside.nl (kilmarnock [10.0.0.2]) by thedarkside.nl (8.12.3/8.12.3) with ESMTP id g6MKdQp6059644 for ; Mon, 22 Jul 2002 22:39:26 +0200 (CEST) (envelope-from serkoon@nospam.thedarkside.nl) Message-Id: <5.1.0.14.0.20020722223939.00b0ee40@10.0.0.1> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Jul 2002 22:40:51 +0200 To: freebsd-security@FreeBSD.ORG From: serkoon@nospam.thedarkside.nl Subject: Re: php4 vuln update In-Reply-To: <20020722152513.B42015-100000@crimelords.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 22:27 22-7-2002, Emacs wrote: >Anyone seen the release on php4 this afternoon. I noticed our ports are >still 4.2.1...Please go to http://www.php.net/ for php info if you run >this on your apache site!! The port is at 4.2.2. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 13:41:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4A4F37B400 for ; Mon, 22 Jul 2002 13:41:47 -0700 (PDT) Received: from anchor-post-31.mail.demon.net (anchor-post-31.mail.demon.net [194.217.242.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id 487AC43E5E for ; Mon, 22 Jul 2002 13:41:47 -0700 (PDT) (envelope-from kevin@caomhin.demon.co.uk) Received: from caomhin.demon.co.uk ([62.49.21.186]) by anchor-post-31.mail.demon.net with esmtp (Exim 3.35 #1) id 17Wk02-000NmF-0V; Mon, 22 Jul 2002 21:41:46 +0100 Message-ID: <06BJ9FB62GP9EwRs@caomhin.demon.co.uk> Date: Mon, 22 Jul 2002 21:40:26 +0100 To: Emacs Cc: freebsd-security@FreeBSD.ORG From: Kevin Golding Subject: Re: php4 vuln update References: <20020722152513.B42015-100000@crimelords.org> In-Reply-To: <20020722152513.B42015-100000@crimelords.org> MIME-Version: 1.0 X-Mailer: Turnpike Integrated Version 5.01 U Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Someone, quite probably Emacs, once wrote: >Anyone seen the release on php4 this afternoon. I noticed our ports are >still 4.2.1...Please go to http://www.php.net/ for php info if you run >this on your apache site!! My ports are 4.2.2 Guess you beat the maintainer by a few minutes. Kevin -- kevin@caomhin.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 13:47: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66F6A37B400 for ; Mon, 22 Jul 2002 13:47:03 -0700 (PDT) Received: from giganda.komkon.org (giganda.komkon.org [63.167.241.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id B64D143E5E for ; Mon, 22 Jul 2002 13:47:02 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id g6MKkZb89609; Mon, 22 Jul 2002 16:46:35 -0400 (EDT) (envelope-from str) Date: Mon, 22 Jul 2002 16:46:35 -0400 (EDT) From: Igor Roshchin Message-Id: <200207222046.g6MKkZb89609@giganda.komkon.org> To: admin@crimelords.org, kevin@caomhin.demon.co.uk Subject: Re: php4 vuln update Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <06BJ9FB62GP9EwRs@caomhin.demon.co.uk> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > From: Kevin Golding > Subject: Re: php4 vuln update > > Someone, quite probably Emacs, once wrote: > >Anyone seen the release on php4 this afternoon. I noticed our ports are > >still 4.2.1...Please go to http://www.php.net/ for php info if you run > >this on your apache site!! > > My ports are 4.2.2 > > Guess you beat the maintainer by a few minutes. > > From: serkoon@nospam.thedarkside.nl > Subject: Re: php4 vuln update > <..> > > The port is at 4.2.2. > Maybe in the cvs tree, but not on the ftp sites :-( At least, not at ftp2.freebsd.org and ftp.freebsd.org as I checked just a minute ago again. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 13:59: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6079437B400 for ; Mon, 22 Jul 2002 13:58:58 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 900F443E42 for ; Mon, 22 Jul 2002 13:58:57 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 088BD535C; Mon, 22 Jul 2002 22:58:53 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Igor Roshchin Cc: admin@crimelords.org, kevin@caomhin.demon.co.uk, freebsd-security@FreeBSD.ORG Subject: Re: php4 vuln update References: <200207222046.g6MKkZb89609@giganda.komkon.org> From: Dag-Erling Smorgrav Date: 22 Jul 2002 22:58:52 +0200 In-Reply-To: <200207222046.g6MKkZb89609@giganda.komkon.org> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Igor Roshchin writes: > Maybe in the cvs tree, but not on the ftp sites :-( > At least, not at ftp2.freebsd.org and ftp.freebsd.org > as I checked just a minute ago again. It takes about a week for updates to the ports tree to trickle through to the ftp package archives. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 16:35:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3B3F37B400 for ; Mon, 22 Jul 2002 16:35:33 -0700 (PDT) Received: from m-net.arbornet.org (m-net.arbornet.org [209.142.209.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 587D143E31 for ; Mon, 22 Jul 2002 16:35:33 -0700 (PDT) (envelope-from polytarp@m-net.arbornet.org) Received: from m-net.arbornet.org (localhost [127.0.0.1]) by m-net.arbornet.org (8.12.3/8.11.2) with ESMTP id g6MNaQcD043257; Mon, 22 Jul 2002 19:36:26 -0400 (EDT) (envelope-from polytarp@m-net.arbornet.org) Received: from localhost (polytarp@localhost) by m-net.arbornet.org (8.12.3/8.12.3/Submit) with ESMTP id g6MNaPo9043254; Mon, 22 Jul 2002 19:36:26 -0400 (EDT) Date: Mon, 22 Jul 2002 19:36:25 -0400 (EDT) From: pgreen To: Emacs Cc: freebsd-security@FreeBSD.ORG Subject: Re: php4 vuln update In-Reply-To: <20020722152513.B42015-100000@crimelords.org> Message-ID: <20020722193529.M43215-100000@m-net.arbornet.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What kind of ninny would name himself 'Emacs'? Clearly, he is a trouble maker, and an enemy of the people. Phil Green, Accounting. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 17:11:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B61D37B400 for ; Mon, 22 Jul 2002 17:11:52 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0C8B43E5E for ; Mon, 22 Jul 2002 17:11:50 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6MNsKW36684; Mon, 22 Jul 2002 17:54:21 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: pgreen , Emacs Cc: freebsd-security@FreeBSD.ORG Subject: Re: php4 vuln update Date: Mon, 22 Jul 2002 17:54:20 -0600 Message-Id: <20020722235420.M64002@babayaga.neotext.ca> In-Reply-To: <20020722193529.M43215-100000@m-net.arbornet.org> References: <20020722152513.B42015-100000@crimelords.org> <20020722193529.M43215-100000@m-net.arbornet.org> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Heheheh ;-) Duncan Patton a Campbell is Duibh ;-) ---------- Original Message ----------- From: pgreen To: Emacs Sent: Mon, 22 Jul 2002 19:36:25 -0400 (EDT) Subject: Re: php4 vuln update > What kind of ninny would name himself 'Emacs'? > > Clearly, he is a trouble maker, and an enemy of the people. > > Phil Green, > Accounting. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the > message ------- End of Original Message ------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 23:28:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2C2D37B400 for ; Mon, 22 Jul 2002 23:28:13 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 342D943E3B for ; Mon, 22 Jul 2002 23:28:13 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id AAA29019 for ; Tue, 23 Jul 2002 00:28:04 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020723002551.02245100@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 23 Jul 2002 00:27:58 -0600 To: security@FreeBSD.ORG From: Brett Glass Subject: "Text file busy" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A FreeBSD server belonging to a client of mine has begun to report "Text file busy" in response to common commands. I can't see anything unusual on the surface, but am concerned that the server may have been compromised anyway (a rootkit could have been installed) and that this is a symptom. What mechanism generates this message? And does it suggest that the machine may have been rooted? --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 23:55:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93D5F37B400 for ; Mon, 22 Jul 2002 23:55:10 -0700 (PDT) Received: from thought.holo.org (w120.z064002057.sjc-ca.dsl.cnc.net [64.2.57.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27F5843E3B for ; Mon, 22 Jul 2002 23:55:10 -0700 (PDT) (envelope-from brian@CSUA.Berkeley.EDU) Received: from localhost (localhost [127.0.0.1]) by thought.int.holo.org (8.12.5/8.12.5) with ESMTP id g6N6t1jV065076; Mon, 22 Jul 2002 23:55:01 -0700 (PDT) (envelope-from brian@CSUA.Berkeley.EDU) Date: Mon, 22 Jul 2002 23:55:01 -0700 (PDT) From: "Brian W. Buchanan" X-X-Sender: brian@thought.int.holo.org To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: "Text file busy" In-Reply-To: <4.3.2.7.2.20020723002551.02245100@localhost> Message-ID: <20020722234752.E63571-100000@thought.int.holo.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It's possible that a rootkit is trying to write to a file when someone runs a command, but this file happens to actually be the text of a running process. Or maybe the shell's history file has somehow become the text of a running process. The only other thing I can find that would cause the error is that execve will return ETXTBSY if someone has the file open for writing. I advise investigating the output of ps and fstat, or better yet, ktraceing the shell. - Brian On Tue, 23 Jul 2002, Brett Glass wrote: > A FreeBSD server belonging to a client of mine has begun to report "Text > file busy" in response to common commands. I can't see anything unusual > on the surface, but am concerned that the server may have been > compromised anyway (a rootkit could have been installed) and that this is > a symptom. What mechanism generates this message? And does it suggest > that the machine may have been rooted? > > --Brett Glass > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jul 22 23:56:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56E9E37B400 for ; Mon, 22 Jul 2002 23:56:30 -0700 (PDT) Received: from gil.axelero.hu (mail01.axelero.hu [195.228.240.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63FE443E42 for ; Mon, 22 Jul 2002 23:56:28 -0700 (PDT) (envelope-from Gabor@Zahemszky.HU) Received: from Picasso.Zahemszky.HU (adsl-161-72.adsl-pool.axelero.hu [62.201.72.161]) by mail01.axelero.hu (iPlanet Messaging Server 5.1 HotFix 0.9 (built May 30 2002)) with ESMTP id <0GZO000PPWM1VR@mail01.axelero.hu> for freebsd-security@freebsd.org; Tue, 23 Jul 2002 08:56:26 +0200 (MEST) Received: from Picasso.Zahemszky.HU (localhost.Zahemszky.HU [127.0.0.1]) by Picasso.Zahemszky.HU (8.12.3/8.12.3) with ESMTP id g6N6xhET000290 for ; Tue, 23 Jul 2002 08:59:43 +0200 Received: (from zgabor@localhost) by Picasso.Zahemszky.HU (8.12.3/8.12.3/Submit) id g6N6xheT000289 for freebsd-security@freebsd.org; Tue, 23 Jul 2002 08:59:43 +0200 (CEST) Date: Tue, 23 Jul 2002 08:59:43 +0200 From: Zahemszky =?iso-8859-2?Q?G=E1bor?= Subject: Re: "Text file busy" In-reply-to: <4.3.2.7.2.20020723002551.02245100@localhost> To: freebsd-security@freebsd.org Reply-To: Gabor@Zahemszky.HU Mail-Followup-To: Zahemszky =?iso-8859-2?Q?G=E1bor?= , freebsd-security@freebsd.org Message-id: <20020723065943.GA239@Picasso.Zahemszky.HU> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.5.1i X-Operating-System: FreeBSD 4.6-RELEASE References: <4.3.2.7.2.20020723002551.02245100@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 23, 2002 at 12:27:58AM -0600, Brett Glass wrote: > a symptom. What mechanism generates this message? And does it suggest Hi! It means: somebody/sonething wants to write to an executable file, which is actually running. Bye, ZGabor ZGabor < Gabor at Zahemszky dot HU > -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;j="$j $i";typeset +l i;};print "$j" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 0: 4:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B91E37B400 for ; Tue, 23 Jul 2002 00:04:30 -0700 (PDT) Received: from ns2.austclear.com.au (ns2.austclear.com.au [192.43.185.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34D0E43E5E for ; Tue, 23 Jul 2002 00:04:28 -0700 (PDT) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.166.65]) by ns2.austclear.com.au (8.11.2/8.11.3) with ESMTP id g6N74Pt23851; Tue, 23 Jul 2002 17:04:26 +1000 (EST) (envelope-from ahl@austclear.com.au) Received: from tungsten (tungsten [192.168.166.65]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id RAA19147; Tue, 23 Jul 2002 17:04:24 +1000 (EST) Message-Id: <200207230704.RAA19147@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: "Text file busy" In-Reply-To: Message from Brett Glass of "Tue, 23 Jul 2002 00:27:58 CST." <4.3.2.7.2.20020723002551.02245100@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 23 Jul 2002 17:04:24 +1000 From: Tony Landells Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org brett@lariat.org said: > A FreeBSD server belonging to a client of mine has begun to report > "Text file busy" in response to common commands. I can't see anything > unusual on the surface, but am concerned that the server may have > been compromised anyway (a rootkit could have been installed) and > that this is a symptom. What mechanism generates this message? And > does it suggest that the machine may have been rooted? The most likely source of this is attempting to change an executable while it's running: # cp /bin/sleep /tmp # /tmp/sleep 60 & [1] 34527 # cp /dev/null /tmp/sleep cp: /tmp/sleep: Text file busy # kill -ALRM 34527 [1] Alarm clock /tmp/sleep 60 # cp /dev/null /tmp/sleep # I'm sure there are probably other occasions where this comes up, but that's the one I've seen... Just doing a quick search through section 2 of the manual: access(2) [ETXTBSY] Write access is requested for a pure procedure (shared text) file presently being executed. execve(2) [ETXTBSY] The new process file is a pure procedure (shared text) that is currently open for writing or reading by some process. open(2) [ETXTBSY] The file is a pure procedure (shared text) file that is being executed and the open() call requests write access. truncate(2) [ETXTBSY] The file is a pure procedure (shared text) file that is being executed. Which all say pretty much the same thing--you can't write something being executed, and you can't execute something that's open (assuming in both cases that it's a shared text file). Without knowing what's running on the system it's difficult to say whether it's an attack, but I've certainly never seen it coming up often. Probably ps and fstat (or doing some tracing with ktrace) are your best bets for working out what's going on. Tony -- Tony Landells Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 0:33: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EAB737B400 for ; Tue, 23 Jul 2002 00:33:04 -0700 (PDT) Received: from finland.ispro.net.tr (finland.ispro.net.tr [217.21.68.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06ECE43E67 for ; Tue, 23 Jul 2002 00:33:03 -0700 (PDT) (envelope-from yurtesen@ispro.net.tr) Received: (from root@localhost) by finland.ispro.net.tr (8.12.5/8.12.5) id g6N7XFkg086368; Tue, 23 Jul 2002 10:33:15 +0300 (EEST) (envelope-from yurtesen@ispro.net.tr) Received: from finland.ispro.net.tr (localhost [127.0.0.1]) by finland.ispro.net.tr (8.12.5/8.12.5) with ESMTP id g6N7XEcP086360; Tue, 23 Jul 2002 10:33:14 +0300 (EEST) (envelope-from yurtesen@ispro.net.tr) Received: from localhost (yurtesen@localhost) by finland.ispro.net.tr (8.12.5/8.12.5/Submit) with ESMTP id g6N7XDeK086357; Tue, 23 Jul 2002 10:33:13 +0300 (EEST) X-Authentication-Warning: finland.ispro.net.tr: yurtesen owned process doing -bs Date: Tue, 23 Jul 2002 10:33:13 +0300 (EEST) From: Evren Yurtesen To: Brett Glass Cc: security@freebsd.org Subject: Re: "Text file busy" In-Reply-To: <4.3.2.7.2.20020723002551.02245100@localhost> Message-ID: <20020723103201.M86108-100000@finland.ispro.net.tr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by IsproNET +90-232-2463992 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org if a program is running and locked the file. I believe you can see which file is open by which process with fstat command On Tue, 23 Jul 2002, Brett Glass wrote: > A FreeBSD server belonging to a client of mine has begun to report "Text > file busy" in response to common commands. I can't see anything unusual > on the surface, but am concerned that the server may have been > compromised anyway (a rootkit could have been installed) and that this is > a symptom. What mechanism generates this message? And does it suggest > that the machine may have been rooted? > > --Brett Glass > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 1: 5: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B5CC37B400 for ; Tue, 23 Jul 2002 01:05:04 -0700 (PDT) Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 648C843E4A for ; Tue, 23 Jul 2002 01:05:03 -0700 (PDT) (envelope-from cfaber@fpsn.net) Received: from fpsn.net (unixgr.com [63.224.69.60]) (authenticated) by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id g6N84di61709; Tue, 23 Jul 2002 02:04:40 -0600 (MDT) Message-ID: <3D3D0E05.B966A72D@fpsn.net> Date: Tue, 23 Jul 2002 02:04:21 -0600 From: Colin Faber Organization: fpsn.net, Inc. (http://www.fpsn.net) X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Evren Yurtesen Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: "Text file busy" References: <20020723103201.M86108-100000@finland.ispro.net.tr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Common cause: Samba Normally you'll see this when you've got someone hacking up a file with something like wordpad etc. Which may set the lock but fails to remove it, thus samba keeps the lock in tact and you receive that error. Evren Yurtesen wrote: > > if a program is running and locked the file. > I believe you can see which file is open by which process > with fstat command > > On Tue, 23 Jul 2002, Brett Glass wrote: > > > A FreeBSD server belonging to a client of mine has begun to report "Text > > file busy" in response to common commands. I can't see anything unusual > > on the surface, but am concerned that the server may have been > > compromised anyway (a rootkit could have been installed) and that this is > > a symptom. What mechanism generates this message? And does it suggest > > that the machine may have been rooted? > > > > --Brett Glass > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Colin Faber (303) 736-5160 fpsn.net, Inc. * Black holes are where God divided by zero. * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 10:26:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5361337B400 for ; Tue, 23 Jul 2002 10:26:47 -0700 (PDT) Received: from crimelords.org (crimelords.org [199.233.213.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id A707543E31 for ; Tue, 23 Jul 2002 10:26:46 -0700 (PDT) (envelope-from admin@crimelords.org) Received: from crimelords.org (admin@localhost [127.0.0.1]) by crimelords.org (8.12.5/8.12.5) with ESMTP id g6NHQewm050674; Tue, 23 Jul 2002 12:26:40 -0500 (CDT) (envelope-from admin@crimelords.org) Received: from localhost (admin@localhost) by crimelords.org (8.12.5/8.12.5/Submit) with ESMTP id g6NHQdAk050671; Tue, 23 Jul 2002 12:26:39 -0500 (CDT) Date: Tue, 23 Jul 2002 12:26:39 -0500 (CDT) From: Emacs To: pgreen Cc: freebsd-security@FreeBSD.ORG Subject: Re: php4 vuln update In-Reply-To: <20020722193529.M43215-100000@m-net.arbornet.org> Message-ID: <20020723122442.D50667-100000@crimelords.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Actually it's a family name...I am Erin Maclellan, I go by emac, my dad is big mac and my brother is just mac....But thanks for reference, it had alot to do with the php post! -e On Mon, 22 Jul 2002, pgreen wrote: > What kind of ninny would name himself 'Emacs'? > > Clearly, he is a trouble maker, and an enemy of the people. > > Phil Green, > Accounting. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 10:48:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 98F7D37B401 for ; Tue, 23 Jul 2002 10:48:35 -0700 (PDT) Received: from lockbox.entermark.com (lockbox.entermark.com [130.94.122.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4579A43E31 for ; Tue, 23 Jul 2002 10:48:35 -0700 (PDT) (envelope-from jhitt@entermark.com) Received: from wanderer (localhost [127.0.0.1]) by lockbox.entermark.com (8.12.5/8.12.4) with SMTP id g6NHmXYU072154 for ; Tue, 23 Jul 2002 10:48:33 -0700 (PDT) (envelope-from jhitt@entermark.com) From: "Joshua Hitt" To: Subject: Duplicates? Date: Tue, 23 Jul 2002 10:48:21 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <20020723122442.D50667-100000@crimelords.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is it just me or is anyone else getting duplicates in this chanel? jhitt -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Emacs Sent: Tuesday, July 23, 2002 10:27 AM To: pgreen Cc: freebsd-security@FreeBSD.ORG Subject: Re: php4 vuln update Actually it's a family name...I am Erin Maclellan, I go by emac, my dad = is big mac and my brother is just mac....But thanks for reference, it had alot to do with the php post! -e On Mon, 22 Jul 2002, pgreen wrote: > What kind of ninny would name himself 'Emacs'? > > Clearly, he is a trouble maker, and an enemy of the people. > > Phil Green, > Accounting. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 20:47:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81A7B37B400 for ; Tue, 23 Jul 2002 20:47:37 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2048D43E3B for ; Tue, 23 Jul 2002 20:47:35 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: by probsd.ws (Postfix, from userid 80) id EF15C10AF2; Tue, 23 Jul 2002 23:50:03 -0400 (EDT) Message-ID: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> Date: Tue, 23 Jul 2002 23:50:03 -0400 (EDT) Subject: SSDP? From: "Michael Sharp" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was doing a security audit last night and running ethereal. Immediately after starting it, I was seeing SSDP from MY router ( 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). Since I'm not sure what SSDP is besides that it is Simple Services Discovery Protocol, I did: /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole ipfw add 98 deny all from 239.255.255.250 to me in via xl0 ipfw add 99 deny all from me to 239.255.255.250 out via xl0 In hopes that it would stop the packets, but it didnt and the activity continued on ethereal. Could someone please shed some light on why I might be sending SSDP to this particular IP address every 10 seconds? I can supply ethereal logs if needed. michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 21:12:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 989C837B400 for ; Tue, 23 Jul 2002 21:12:45 -0700 (PDT) Received: from bastet.rfc822.net (bastet.rfc822.net [64.81.113.233]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3830243E4A for ; Tue, 23 Jul 2002 21:12:45 -0700 (PDT) (envelope-from pde@bastet.rfc822.net) Received: by bastet.rfc822.net (Postfix, from userid 1001) id 9978F9FD3B; Tue, 23 Jul 2002 23:13:12 -0500 (CDT) Date: Tue, 23 Jul 2002 23:13:12 -0500 From: Pete Ehlke To: freebsd-security@FreeBSD.org Subject: Re: SSDP? Message-ID: <20020724041312.GA17809@rfc822.net> References: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Jul 23, 2002 at 11:50:03PM -0400, Michael Sharp wrote: > I was doing a security audit last night and running ethereal. > Immediately after starting it, I was seeing SSDP from MY router ( > 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). Since I'm > not sure what SSDP is besides that it is Simple Services Discovery > Protocol, I did: > > /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole > ipfw add 98 deny all from 239.255.255.250 to me in via xl0 > ipfw add 99 deny all from me to 239.255.255.250 out via xl0 > > In hopes that it would stop the packets, but it didnt and the activity > continued on ethereal. Could someone please shed some light on why I > might be sending SSDP to this particular IP address every 10 seconds? > You probably have windows machines behind your router trying to do UPlug-N-Pray operations or printer discovery. The address you are seeing is supposed to be a multicast address for this purpose, but windows sends it out the default route. Your next hop router should drop it. -pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 21:27: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 817EB37B400 for ; Tue, 23 Jul 2002 21:26:57 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2224C43E5E for ; Tue, 23 Jul 2002 21:26:57 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: by probsd.ws (Postfix, from userid 80) id B7ABA10754; Wed, 24 Jul 2002 00:29:29 -0400 (EDT) Message-ID: <1066.192.168.1.1.1027484969.squirrel@webmail.probsd.ws> Date: Wed, 24 Jul 2002 00:29:29 -0400 (EDT) Subject: Re: SSDP? From: "Michael Sharp" To: In-Reply-To: <20020724041312.GA17809@rfc822.net> References: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> <20020724041312.GA17809@rfc822.net> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org No, only boxes I have behind the router is 2 fbsd boxes. I sent a email to the ep.net admin earlier, as this is continuing, and this was his reply: You've got a multicast application using an unregistered multicast address <239.255.255.250> talking to a private network address <192,168.1.x> You are asking me this question because we run the DNS servers for the multicast address space. Check with your software vendors and ask them to register the application that uses a unique multicast address with the IANA and we'll note in in the zone files so others can track this information. The only services I have running are SMTP, BIND, and httpd, and the only application I had running was ethereal. So, I'm at a lost. michael Pete Ehlke said: > On Tue, Jul 23, 2002 at 11:50:03PM -0400, Michael Sharp wrote: >> I was doing a security audit last night and running ethereal. >> Immediately after starting it, I was seeing SSDP from MY router ( >> 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). Since >> I'm not sure what SSDP is besides that it is Simple Services >> Discovery Protocol, I did: >> >> /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole >> ipfw add 98 deny all from 239.255.255.250 to me in via xl0 >> ipfw add 99 deny all from me to 239.255.255.250 out via xl0 >> >> In hopes that it would stop the packets, but it didnt and the >> activity continued on ethereal. Could someone please shed some >> light on why I might be sending SSDP to this particular IP address >> every 10 seconds? >> > You probably have windows machines behind your router trying to do > UPlug-N-Pray operations or printer discovery. The address you are > seeing is supposed to be a multicast address for this purpose, but > windows sends it out the default route. Your next hop router should > drop it. > > -pete > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 22:18:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B575537B400 for ; Tue, 23 Jul 2002 22:18:14 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id A744143E31 for ; Tue, 23 Jul 2002 22:18:13 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: by probsd.ws (Postfix, from userid 80) id F352E10AF5; Wed, 24 Jul 2002 01:20:45 -0400 (EDT) Message-ID: <1042.192.168.1.1.1027488045.squirrel@webmail.probsd.ws> Date: Wed, 24 Jul 2002 01:20:45 -0400 (EDT) Subject: SSDP From: "Michael Sharp" To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 1. I have no windows machines on the LAN 2. I shutoff all my services So, I can only gather from the ethereal logs ( http://probsd.ws/ssdp.txt ) that LinkSys has abopted PnP into their routers. * shrug * michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 22:20:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC1B437B401 for ; Tue, 23 Jul 2002 22:20:11 -0700 (PDT) Received: from host185.dolanmedia.com (host185.dolanmedia.com [209.98.197.185]) by mx1.FreeBSD.org (Postfix) with SMTP id 6BBDB43E31 for ; Tue, 23 Jul 2002 22:20:10 -0700 (PDT) (envelope-from greg.panula@dolaninformation.com) Received: (qmail 33884 invoked by uid 0); 24 Jul 2002 05:20:10 -0000 Received: from greg.panula@dolaninformation.com by proxy with qmail-scanner-0.96 (. Clean. Processed in 0.331479 secs); 24 Jul 2002 05:20:10 -0000 X-Qmail-Scanner-Mail-From: greg.panula@dolaninformation.com via proxy X-Qmail-Scanner-Rcpt-To: freebsd@ec.rr.com,freebsd-security@FreeBSD.ORG X-Qmail-Scanner: 0.96 (No viruses found. Processed in 0.331479 secs) Received: from unknown (HELO mail.dolanmedia.com) (10.1.1.23) by host185.dolanmedia.com with SMTP; 24 Jul 2002 05:20:09 -0000 Received: from dolaninformation.com (10.1.1.135) by mail.dolanmedia.com (Worldmail 1.3.167); 24 Jul 2002 00:20:09 -0500 Message-ID: <3D3E3909.3C1A0C6B@dolaninformation.com> Date: Wed, 24 Jul 2002 00:20:09 -0500 From: Greg Panula Reply-To: greg.panula@dolaninformation.com Organization: Dolan Information Center Inc X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Michael Sharp Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSDP? References: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> <20020724041312.GA17809@rfc822.net> <1066.192.168.1.1.1027484969.squirrel@webmail.probsd.ws> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Michael Sharp wrote: > > No, only boxes I have behind the router is 2 fbsd boxes. I sent a email > to the ep.net admin earlier, as this is continuing, and this was his > reply: > > You've got a multicast application using an unregistered > multicast address <239.255.255.250> talking to a private > network address <192,168.1.x> You are asking me this question because > we run the DNS servers for the multicast address space. > > Check with your software vendors and ask them to register > the application that uses a unique multicast address with > the IANA and we'll note in in the zone files so others can > track this information. > > The only services I have running are SMTP, BIND, and httpd, and the > only application I had running was ethereal. So, I'm at a lost. > > michael > > Pete Ehlke said: > > On Tue, Jul 23, 2002 at 11:50:03PM -0400, Michael Sharp wrote: > >> I was doing a security audit last night and running ethereal. > >> Immediately after starting it, I was seeing SSDP from MY router ( > >> 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). Since > >> I'm not sure what SSDP is besides that it is Simple Services > >> Discovery Protocol, I did: > >> > >> /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole > >> ipfw add 98 deny all from 239.255.255.250 to me in via xl0 > >> ipfw add 99 deny all from me to 239.255.255.250 out via xl0 > >> > >> In hopes that it would stop the packets, but it didnt and the > >> activity continued on ethereal. Could someone please shed some > >> light on why I might be sending SSDP to this particular IP address > >> every 10 seconds? > >> > > You probably have windows machines behind your router trying to do > > UPlug-N-Pray operations or printer discovery. The address you are > > seeing is supposed to be a multicast address for this purpose, but > > windows sends it out the default route. Your next hop router should > > drop it. > > > > -pete > > Information about SSDP can be found at: http://support.microsoft.com/default.aspx?scid=kb;[LN];Q323713 From the link above it looks like you should be able to determine if the SSDP broadcast is discovery messages and/or service advertisments(URL contained in the payload, I'm guessing). This will help determine the reason of what the traffic is doing... maybe you have a UPNP device on your network? (I'll guess a printer) Instead of just trying to firewall the packets, you should try to determine the source of the packets. You could start by turning off devices one by one until the SSDP traffic stops and then determine why that device is generating SSDP traffic. If it is indeed your freebsd router, check to make sure it isn't relaying the traffic from the outside world and then audit and/or reconfigure the router. See http://www.google.com/search?q=auditing+unix+box for some reference material on auditing unix boxes. But since you said there aren't any windows boxes on the network, I'll guess it is probably a network applicance that is generating the traffic. Good Luck, Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 22:29:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38E7F37B400 for ; Tue, 23 Jul 2002 22:29:08 -0700 (PDT) Received: from probsd.ws (ilm26-7-034.ec.rr.com [66.26.7.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8239443E31 for ; Tue, 23 Jul 2002 22:29:07 -0700 (PDT) (envelope-from freebsd@ec.rr.com) Received: by probsd.ws (Postfix, from userid 80) id 4460110AFC; Wed, 24 Jul 2002 01:31:40 -0400 (EDT) Message-ID: <1095.192.168.1.1.1027488700.squirrel@webmail.probsd.ws> Date: Wed, 24 Jul 2002 01:31:40 -0400 (EDT) Subject: Re: SSDP? this thread is done From: "Michael Sharp" To: In-Reply-To: <3D3E3909.3C1A0C6B@dolaninformation.com> References: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws> <20020724041312.GA17809@rfc822.net> <1066.192.168.1.1.1027484969.squirrel@webmail.probsd.ws> <3D3E3909.3C1A0C6B@dolaninformation.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I found the culprit. In the logs, I saw a refrence to: http://192.168.1.1/rootDesc.xml and I loaded it in a web browser, and the router is doing upnp BEFSR41/BEFSR11/BEFSRU31 uuid:upnp-InternetGatewayDevice-1_0-0090a2777777 I disabled multicast pass through on the router, but that didnt work. I play with it somemore later. Thanks to all who responded. michael Greg Panula said: > Michael Sharp wrote: >> >> No, only boxes I have behind the router is 2 fbsd boxes. I sent a >> email to the ep.net admin earlier, as this is continuing, and this >> was his reply: >> >> You've got a multicast application using an unregistered >> multicast address <239.255.255.250> talking to a private >> network address <192,168.1.x> You are asking me this question >> because we run the DNS servers for the multicast address space. >> >> Check with your software vendors and ask them to register >> the application that uses a unique multicast address with >> the IANA and we'll note in in the zone files so others can >> track this information. >> >> The only services I have running are SMTP, BIND, and httpd, and the >> only application I had running was ethereal. So, I'm at a lost. >> >> michael >> >> Pete Ehlke said: >> > On Tue, Jul 23, 2002 at 11:50:03PM -0400, Michael Sharp wrote: >> >> I was doing a security audit last night and running ethereal. >> Immediately after starting it, I was seeing SSDP from MY router >> ( 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). >> Since I'm not sure what SSDP is besides that it is Simple >> Services >> >> Discovery Protocol, I did: >> >> >> >> /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole >> ipfw add 98 deny all from 239.255.255.250 to me in via xl0 >> >> ipfw add 99 deny all from me to 239.255.255.250 out via xl0 >> >> >> >> In hopes that it would stop the packets, but it didnt and the >> activity continued on ethereal. Could someone please shed some >> light on why I might be sending SSDP to this particular IP >> address every 10 seconds? >> >> >> > You probably have windows machines behind your router trying to >> do UPlug-N-Pray operations or printer discovery. The address you >> are seeing is supposed to be a multicast address for this >> purpose, but windows sends it out the default route. Your next >> hop router should drop it. >> > >> > -pete >> > > > Information about SSDP can be found at: > http://support.microsoft.com/default.aspx?scid=kb;[LN];Q323713 > >>From the link above it looks like you should be able to determine if >> the > SSDP broadcast is discovery messages and/or service advertisments(URL > contained in the payload, I'm guessing). This will help determine > the reason of what the traffic is doing... maybe you have a UPNP > device on your network? (I'll guess a printer) > > Instead of just trying to firewall the packets, you should try to > determine the source of the packets. You could start by turning off > devices one by one until the SSDP traffic stops and then determine > why that device is generating SSDP traffic. > > If it is indeed your freebsd router, check to make sure it isn't > relaying the traffic from the outside world and then audit and/or > reconfigure the router. See > http://www.google.com/search?q=auditing+unix+box for some reference > material on auditing unix boxes. > > But since you said there aren't any windows boxes on the network, > I'll guess it is probably a network applicance that is generating the > traffic. > > Good Luck, > Greg > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jul 23 22:31: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C2E537B400; Tue, 23 Jul 2002 22:30:59 -0700 (PDT) Received: from addr-mx01.addr.com (addr-mx01.addr.com [209.249.147.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 237AF43E3B; Tue, 23 Jul 2002 22:30:59 -0700 (PDT) (envelope-from torvalds@addr.com) Received: from proxy1.addr.com (proxy1.addr.com [209.249.147.28]) by addr-mx01.addr.com (8.12.2/8.12.2) with ESMTP id g6O5UwNB018221; Tue, 23 Jul 2002 22:30:58 -0700 (PDT) Received: from TS22 ([202.71.153.170]) by proxy1.addr.com (8.11.6/8.9.1) with ESMTP id g6O5UuO53985; Tue, 23 Jul 2002 22:30:57 -0700 (PDT) (envelope-from torvalds@addr.com)(envelope-to ) Message-ID: <004d01c232d3$352683c0$9600a8c0@blraddrcom> From: "Naga Suresh B" To: Cc: Subject: problem with portforwarding Date: Wed, 24 Jul 2002 11:00:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Scanned-By: MIMEDefang 2.15 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hai, We are facing a problem in configuring the portforwarding on our gateway. We are having a gateway with two network cards one with external ip(xxx.xxx.xxx.170) and another one with internal ip(192.168.0.200). We Created an alias ip for another external ip(xxx.xxx.xxx.172) and we had done portforwarding 443 to another internal ip (192.168.0.203) on another fbsd machine. We added the following line in the natd.conf on 192.168.0.200 redirect_port tcp 192.168.0.203:443 xxx.xxx.xxx.172:443 redirect_port tcp 192.168.0.203:22 xxx.xxx.xxx.172:22 We are running ipfw on the 192.168.0.200. We are running httpd on both the machines. After doing portforwarding when we are trying to access the application from outside xxx.xxx.xxx.172 is working fine. But we are not able to access the application on 172 from inside with public ip and we are able to access the application with 192.168.0.203. Also the name does not resolve for the IP xxx.xxx.xxx.172 from the internal network where as the same thing happens from outside. How do we solve this? Please Give the solution as early as possible and plz help us. Regards, Naga Suresh B To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 1:51:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2423F37B400 for ; Wed, 24 Jul 2002 01:51:52 -0700 (PDT) Received: from accms33.physik.rwth-aachen.de (accms33.physik.RWTH-Aachen.DE [137.226.46.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59A9743E3B for ; Wed, 24 Jul 2002 01:51:50 -0700 (PDT) (envelope-from kuku@accms33.physik.rwth-aachen.de) Received: (from kuku@localhost) by accms33.physik.rwth-aachen.de (8.9.3/8.9.3) id KAA14874 for freebsd-security@freebsd.org; Wed, 24 Jul 2002 10:51:47 +0200 Date: Wed, 24 Jul 2002 10:51:47 +0200 From: Christoph Kukulies Message-Id: <200207240851.KAA14874@accms33.physik.rwth-aachen.de> To: freebsd-security@freebsd.org Subject: port 587 - submission service open, why? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I installed 4.6 on my mobile computer gladly noting that when testing it using nmap ( http://www.insecure.org/) only ssh, smtp aand another service which was unknown to me until now was open. I'm just wondering why on the one hand care is taken to close as much as possible then on the other hand a comparably unknown and maybe untested service is opened to the outside. -- Chris Christoph P. U. Kukulies kukulies@rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 2:10:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13C6C37B401 for ; Wed, 24 Jul 2002 02:10:39 -0700 (PDT) Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8402F43E42 for ; Wed, 24 Jul 2002 02:10:38 -0700 (PDT) (envelope-from d.m.pick@qmul.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.32 #1) id 17XI6q-0002JO-00; Wed, 24 Jul 2002 10:07:04 +0100 Received: from localhost ([127.0.0.1] helo=xi.css.qmw.ac.uk) by xi.css.qmw.ac.uk with esmtp (Exim 3.34 #1) id 17XI6M-000Cwh-00; Wed, 24 Jul 2002 10:06:34 +0100 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Christoph Kukulies Cc: freebsd-security@freebsd.org Subject: Re: port 587 - submission service open, why? In-reply-to: Your message of "Wed, 24 Jul 2002 10:51:47 +0200." <200207240851.KAA14874@accms33.physik.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 24 Jul 2002 10:06:34 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I installed 4.6 on my mobile computer gladly noting that > when testing it using nmap ( http://www.insecure.org/) > only ssh, smtp aand another service which was unknown to me until now > was open. It's a variant of SMTP tuned/tunable for accepting messages from MUAs on *initial* submission from a MUA to a MTA. Later versions of "sendmail" automatically listen for this port as well as port 25. > I'm just wondering why on the one hand care is taken to close as much > as possible then on the other hand a comparably unknown and maybe untested > service is opened to the outside. Not unknown, not untested, no extra risk compared with port 25 anyway. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 8:34:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C38BC37B400; Wed, 24 Jul 2002 08:34:52 -0700 (PDT) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.135.138.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id A70E143E42; Wed, 24 Jul 2002 08:34:50 -0700 (PDT) (envelope-from fanf@chiark.greenend.org.uk) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 17XOA3-0007tG-00 (Debian); Wed, 24 Jul 2002 16:34:47 +0100 Date: Wed, 24 Jul 2002 16:34:47 +0100 From: Tony Finch To: des@freebsd.org, dinoex@freebsd.org Cc: dot@dotat.at, freebsd-security@freebsd.org Subject: sshd privsep dns lookup bug Message-ID: <20020724163447.B8886@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The call to get_canonical_hostname() at line 145 of the FreeBSD version of openssh-portable causes problems with privilege separation. It happens to be the first call to the resolver, but because the code is running chrooted at that point, it cannot read /etc/resolv.conf so fails to initialize itself correctly. This causes the DNS lookup to fail, and in some configurations to hang for half a minute. Tony. -- f.a.n.finch http://dotat.at/ BISCAY: WESTERLY 3 OR 4. DRIZZLE AT FIRST, AND AGAIN LATER. MODERATE OR GOOD, BUT POOR IN DRIZZLE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 9:38:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68F4737B400 for ; Wed, 24 Jul 2002 09:38:10 -0700 (PDT) Received: from leu.braila.astral.ro (LEU.braila.astral.Ro [194.105.27.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2846743E3B for ; Wed, 24 Jul 2002 09:38:09 -0700 (PDT) (envelope-from ionut.serbanica@braila.astral.ro) Received: from shreck (Just.For.Fun.On.Amnesiac.ro [194.105.27.165] (may be forged)) by leu.braila.astral.ro (8.11.6/pre1.0-MySQL/8.11.0(mysql/milter/ssl)) with SMTP id g6OGgrS27252; Wed, 24 Jul 2002 19:42:53 +0300 Message-ID: <009601c23330$83317ae0$a51b69c2@amnesiac.ro> From: "Serbanica Ionut" To: "Christoph Kukulies" Cc: References: Subject: Re: port 587 - submission service open, why? Date: Wed, 24 Jul 2002 19:38:16 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-RAVMilter-Version: 8.3.3(snapshot 20020312) (leu.braila.astral.ro) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "David Pick" To: "Christoph Kukulies" Cc: Sent: Wednesday, July 24, 2002 12:06 PM Subject: Re: port 587 - submission service open, why? > > > I installed 4.6 on my mobile computer gladly noting that > > when testing it using nmap ( http://www.insecure.org/) > > only ssh, smtp aand another service which was unknown to me until now > > was open. > > It's a variant of SMTP tuned/tunable for accepting messages > from MUAs on *initial* submission from a MUA to a MTA. Later > versions of "sendmail" automatically listen for this port as > well as port 25. > Jeap. Is true. Sendmail.cf: # SMTP daemon options O DaemonPortOptions=Name=MTA O DaemonPortOptions=Port=587, Name=MSA, M=E If you don't want him on, just coment the line and restart sendmail. > > I'm just wondering why on the one hand care is taken to close as much > > as possible then on the other hand a comparably unknown and maybe untested > > service is opened to the outside. > > Not unknown, not untested, no extra risk compared with port 25 anyway. > > -- > David Pick > > Cheers, > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 11: 2:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7E4337B400 for ; Wed, 24 Jul 2002 11:02:09 -0700 (PDT) Received: from web10102.mail.yahoo.com (web10102.mail.yahoo.com [216.136.130.52]) by mx1.FreeBSD.org (Postfix) with SMTP id 83E6543E3B for ; Wed, 24 Jul 2002 11:02:09 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020724180209.30857.qmail@web10102.mail.yahoo.com> Received: from [68.5.49.41] by web10102.mail.yahoo.com via HTTP; Wed, 24 Jul 2002 11:02:09 PDT Date: Wed, 24 Jul 2002 11:02:09 -0700 (PDT) From: twig les Subject: ssh cipher To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org All, I have a POS box running an old version of openssh (not allowed to upgrade it, sigh). Right now our jumpoff point is running ssh.com software and gets the following error immediately: ssh 1.1.1.1 warning: Authentication failed. Disconnected; connection lost (Connection closed.). I've tried specifying the user and even the port but I think the problem may be that the openssh (2.5 i think) may not be using the correct cipher. How do I check what cipher this guy is using? Also, this box has got to be logging the connections attempts somewhere, but I haven't seen it. ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 11:18:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4453037B400 for ; Wed, 24 Jul 2002 11:18:29 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 5427F43E65 for ; Wed, 24 Jul 2002 11:18:27 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 63420 invoked by uid 85); 24 Jul 2002 18:32:46 -0000 Received: from sbnd.online.bg (HELO straylight.ringlet.net) (217.75.129.196) by south.nanolink.com with SMTP; 24 Jul 2002 18:32:44 -0000 Received: (qmail 33554 invoked by uid 1000); 24 Jul 2002 18:18:01 -0000 Date: Wed, 24 Jul 2002 21:18:01 +0300 From: Peter Pentchev To: Tony Finch Cc: des@freebsd.org, dinoex@freebsd.org, freebsd-security@freebsd.org Subject: Re: sshd privsep dns lookup bug Message-ID: <20020724181801.GB31448@straylight.oblivion.bg> Mail-Followup-To: Tony Finch , des@freebsd.org, dinoex@freebsd.org, freebsd-security@freebsd.org References: <20020724163447.B8886@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline In-Reply-To: <20020724163447.B8886@chiark.greenend.org.uk> User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 24, 2002 at 04:34:47PM +0100, Tony Finch wrote: > The call to get_canonical_hostname() at line 145 of the FreeBSD version > of openssh-portable causes problems with privilege separation. It happens > to be the first call to the resolver, but because the code is running > chrooted at that point, it cannot read /etc/resolv.conf so fails to > initialize itself correctly. This causes the DNS lookup to fail, and > in some configurations to hang for half a minute. I believe this has been pointed out several times, including on this list, and there is nothing stopping you from installing the system's resolv.conf into the /var/empty/etc/ directory, right? :) Okay, so maybe it should be documented somewhere.. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If there were no counterfactuals, this sentence would not have been paradox= ical. --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9Pu9Z7Ri2jRYZRVMRAlzNAKCTpfJnrvwrLLiUOei70xKnWnC/zwCgkonv 0iYbMQ9O5+X1+Wc6xG0xEJk= =vHqx -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 11:26:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1D4F37B400 for ; Wed, 24 Jul 2002 11:26:34 -0700 (PDT) Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 82C0B43E3B for ; Wed, 24 Jul 2002 11:26:33 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 63477 invoked by uid 85); 24 Jul 2002 18:40:57 -0000 Received: from sbnd.online.bg (HELO straylight.ringlet.net) (217.75.129.196) by south.nanolink.com with SMTP; 24 Jul 2002 18:40:55 -0000 Received: (qmail 33630 invoked by uid 1000); 24 Jul 2002 18:26:12 -0000 Date: Wed, 24 Jul 2002 21:26:12 +0300 From: Peter Pentchev To: twig les Cc: freebsd-security@freebsd.org Subject: Re: ssh cipher Message-ID: <20020724182612.GC31448@straylight.oblivion.bg> Mail-Followup-To: twig les , freebsd-security@freebsd.org References: <20020724180209.30857.qmail@web10102.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="H+4ONPRPur6+Ovig" Content-Disposition: inline In-Reply-To: <20020724180209.30857.qmail@web10102.mail.yahoo.com> User-Agent: Mutt/1.5.1i X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d ) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --H+4ONPRPur6+Ovig Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 24, 2002 at 11:02:09AM -0700, twig les wrote: > All, I have a POS box running an old version of > openssh (not allowed to upgrade it, sigh). Right now > our jumpoff point is running ssh.com software and gets > the following error immediately: >=20 > ssh 1.1.1.1 > warning: Authentication failed. > Disconnected; connection lost (Connection closed.). >=20 > I've tried specifying the user and even the port but I > think the problem may be that the openssh (2.5 i > think) may not be using the correct cipher. How do I > check what cipher this guy is using? Also, this box > has got to be logging the connections attempts > somewhere, but I haven't seen it. Does the ssh.com SSH client have something resembling the OpenSSH client's "-v" command-line option, and especially its "-v -v -v" functionality? :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 No language can express every thought unambiguously, least of all this one. --H+4ONPRPur6+Ovig Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9PvFE7Ri2jRYZRVMRAmwaAKCJchksy7TtlxC0g6/L9Rb91QzXOQCdGgIh JJqikOBLfMu+Yi/fdjh3lek= =dOem -----END PGP SIGNATURE----- --H+4ONPRPur6+Ovig-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 11:31:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB39D37B400; Wed, 24 Jul 2002 11:31:11 -0700 (PDT) Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E7CA43EA3; Wed, 24 Jul 2002 11:31:10 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.10) id 17XQvr-0000d7-00; Wed, 24 Jul 2002 20:32:19 +0200 Date: Wed, 24 Jul 2002 20:32:19 +0200 From: Sheldon Hearn To: Peter Pentchev Cc: Tony Finch , des@freebsd.org, dinoex@freebsd.org, freebsd-security@freebsd.org Subject: Re: sshd privsep dns lookup bug Message-ID: <20020724183219.GA2395@starjuice.net> Mail-Followup-To: Peter Pentchev , Tony Finch , des@freebsd.org, dinoex@freebsd.org, freebsd-security@freebsd.org References: <20020724163447.B8886@chiark.greenend.org.uk> <20020724181801.GB31448@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020724181801.GB31448@straylight.oblivion.bg> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On (2002/07/24 21:18), Peter Pentchev wrote: > I believe this has been pointed out several times, including on this list, > and there is nothing stopping you from installing the system's resolv.conf > into the /var/empty/etc/ directory, right? :) > > Okay, so maybe it should be documented somewhere.. We set the system immutable flag on /var/empty because it's supposed to be empty, as documented in sshd(8): /var/empty chroot(2) directory used by sshd during privilege separation in the pre-authentication phase. The directory should not contain any files and must be owned by root and not group or world- writable. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 12:33:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC98E37B400 for ; Wed, 24 Jul 2002 12:33:26 -0700 (PDT) Received: from web10107.mail.yahoo.com (web10107.mail.yahoo.com [216.136.130.57]) by mx1.FreeBSD.org (Postfix) with SMTP id 7BCFC43E6A for ; Wed, 24 Jul 2002 12:33:26 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020724193325.92208.qmail@web10107.mail.yahoo.com> Received: from [68.5.49.41] by web10107.mail.yahoo.com via HTTP; Wed, 24 Jul 2002 12:33:25 PDT Date: Wed, 24 Jul 2002 12:33:25 -0700 (PDT) From: twig les Subject: SSH problem (was ssh cipher) To: Peter Pentchev Cc: freebsd-security@freebsd.org In-Reply-To: <20020724182612.GC31448@straylight.oblivion.bg> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well the problem isn't ssh.com vs openssh. I sshed from the pos box to my sniffer and got in, but couldn't ssh back again. This is the verbose output from the session from the pos to the sniffer: # ssh -v -v -v -l snort 10.x.x.x OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f Contains Cisco Secure Intrusion Detection System modifications. Domestic strength encryption. (k9). debug: Reading configuration data /etc/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to 10.20.0.124 [10.20.0.124] port 922. debug: Allocated local port 1023. debug: Connection established. debug: identity file /root/.ssh/identity type 3 debug: identity file /root/.ssh/id_dsa type 3 debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0 FreeBSD localisations 20010713 debug: match: OpenSSH_2.3.0 FreeBSD localisations 20010713 pat ^OpenSSH_2\.3\.0 debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. snort@10.x.x.x's password: But when sshing back, I got the following: %ssh -c 3des-cbc -v -v -v 10.20.0.90 SSH Version OpenSSH_2.3.0 FreeBSD localisations 20010713, protocol versions 1.5/2.0. Compiled with SSL (0x0090601f). debug: Reading configuration data /etc/ssh/ssh_config debug: ssh_connect: getuid 1001 geteuid 1001 anon 1 debug: Connecting to (null) [10.20.0.90] port 22. debug: Connection established. ssh_exchange_identification: Connection closed by remote host debug: Calling cleanup 0x8058204(0x0) Things I've ruled out: Incompatibility with ssh.com and openssh (can ssh from sniffer to ssh.com boxes). Wrong user Wrong listening port Unallowed source IP (I can telnet in, but not SSH) Wrong cipher - it's using 3des Am I destined to bang my head on the desk and load Warcraft 3? --- Peter Pentchev wrote: > On Wed, Jul 24, 2002 at 11:02:09AM -0700, twig les > wrote: > > All, I have a POS box running an old version of > > openssh (not allowed to upgrade it, sigh). Right > now > > our jumpoff point is running ssh.com software and > gets > > the following error immediately: > > > > ssh 1.1.1.1 > > warning: Authentication failed. > > Disconnected; connection lost (Connection > closed.). > > > > I've tried specifying the user and even the port > but I > > think the problem may be that the openssh (2.5 i > > think) may not be using the correct cipher. How > do I > > check what cipher this guy is using? Also, this > box > > has got to be logging the connections attempts > > somewhere, but I haven't seen it. > > Does the ssh.com SSH client have something > resembling > the OpenSSH client's "-v" command-line option, and > especially its "-v -v -v" functionality? :) > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > PGP key: > http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 > B68D 1619 4553 > No language can express every thought unambiguously, > least of all this one. > > ATTACHMENT part 2 application/pgp-signature ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 13: 1:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B44B737B400 for ; Wed, 24 Jul 2002 13:01:21 -0700 (PDT) Received: from deevil.homeunix.org (adsl-17-208-7.mia.bellsouth.net [68.17.208.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 1801A43E6E for ; Wed, 24 Jul 2002 13:01:21 -0700 (PDT) (envelope-from deevil@deevil.homeunix.org) Received: (qmail 43249 invoked by uid 1001); 24 Jul 2002 20:01:19 -0000 Date: Wed, 24 Jul 2002 16:01:19 -0400 From: Ken Ebling To: freebsd-security@freebsd.org Subject: Re: Duplicates? Message-ID: <20020724200119.GA43237@deevil.homeunix.org> References: <20020723122442.D50667-100000@crimelords.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nope, no duplicates. Ken Ebling On Tue, Jul 23, 2002 at 10:48:21AM -0700, Joshua Hitt wrote: > is it just me or is anyone else getting duplicates in this chanel? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 13:15:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3342837B400 for ; Wed, 24 Jul 2002 13:15:18 -0700 (PDT) Received: from osi-east2.nersc.gov (osi-east2.nersc.gov [128.55.6.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 735DF43E5E for ; Wed, 24 Jul 2002 13:15:17 -0700 (PDT) (envelope-from dart@nersc.gov) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by osi-east2.nersc.gov (8.9.2/8.9.2) with ESMTP id NAA03891; Wed, 24 Jul 2002 13:14:46 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 8DAD63B1AD; Wed, 24 Jul 2002 13:14:49 -0700 (PDT) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: twig les Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH problem (was ssh cipher) In-Reply-To: Message from twig les of "Wed, 24 Jul 2002 12:33:25 PDT." <20020724193325.92208.qmail@web10107.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-800317256P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 24 Jul 2002 13:14:49 -0700 From: Eli Dart Message-Id: <20020724201450.8DAD63B1AD@gemini.nersc.gov> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-800317256P Content-Type: text/plain; charset=us-ascii I seem to remember encountering something like this some time ago. Do you have tcp wrappers configured to display a banner? I think this was what caused the problem for me -- the banner that tcp wrappers injected fouled up the ssh protocol negotiations. I could be wrong about this....memory is fuzzy today... --eli In reply to twig les : > Well the problem isn't ssh.com vs openssh. I sshed > from the pos box to my sniffer and got in, but > couldn't ssh back again. This is the verbose output > from the session from the pos to the sniffer: > > > # ssh -v -v -v -l snort 10.x.x.x > OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL > 0x0090600f > Contains Cisco Secure Intrusion Detection System > modifications. > Domestic strength encryption. (k9). > debug: Reading configuration data /etc/ssh_config > debug: ssh_connect: getuid 0 geteuid 0 anon 0 > debug: Connecting to 10.20.0.124 [10.20.0.124] port > 922. > debug: Allocated local port 1023. > debug: Connection established. > debug: identity file /root/.ssh/identity type 3 > debug: identity file /root/.ssh/id_dsa type 3 > debug: Remote protocol version 1.99, remote software > version OpenSSH_2.3.0 FreeBSD localisations 20010713 > debug: match: OpenSSH_2.3.0 FreeBSD localisations > 20010713 pat ^OpenSSH_2\.3\.0 > debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 > debug: Waiting for server public key. > debug: Received server public key (768 bits) and host > key (1024 bits). > > debug: Encryption type: 3des > debug: Sent encrypted session key. > debug: Installing crc compensation attack detector. > debug: Received encrypted confirmation. > debug: Doing password authentication. > snort@10.x.x.x's password: > > > > But when sshing back, I got the following: > > > %ssh -c 3des-cbc -v -v -v 10.20.0.90 > SSH Version OpenSSH_2.3.0 FreeBSD localisations > 20010713, protocol versions 1.5/2.0. > Compiled with SSL (0x0090601f). > debug: Reading configuration data /etc/ssh/ssh_config > debug: ssh_connect: getuid 1001 geteuid 1001 anon 1 > debug: Connecting to (null) [10.20.0.90] port 22. > debug: Connection established. > ssh_exchange_identification: Connection closed by > remote host > debug: Calling cleanup 0x8058204(0x0) > > > Things I've ruled out: > Incompatibility with ssh.com and openssh (can ssh from > sniffer to ssh.com boxes). > Wrong user > Wrong listening port > Unallowed source IP (I can telnet in, but not SSH) > Wrong cipher - it's using 3des > > Am I destined to bang my head on the desk and load > Warcraft 3? > > > --- Peter Pentchev wrote: > > On Wed, Jul 24, 2002 at 11:02:09AM -0700, twig les > > wrote: > > > All, I have a POS box running an old version of > > > openssh (not allowed to upgrade it, sigh). Right > > now > > > our jumpoff point is running ssh.com software and > > gets > > > the following error immediately: > > > > > > ssh 1.1.1.1 > > > warning: Authentication failed. > > > Disconnected; connection lost (Connection > > closed.). > > > > > > I've tried specifying the user and even the port > > but I > > > think the problem may be that the openssh (2.5 i > > > think) may not be using the correct cipher. How > > do I > > > check what cipher this guy is using? Also, this > > box > > > has got to be logging the connections attempts > > > somewhere, but I haven't seen it. > > > > Does the ssh.com SSH client have something > > resembling > > the OpenSSH client's "-v" command-line option, and > > especially its "-v -v -v" functionality? :) > > > > G'luck, > > Peter > > > > -- > > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > > PGP key: > > http://people.FreeBSD.org/~roam/roam.key.asc > > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 > > B68D 1619 4553 > > No language can express every thought unambiguously, > > least of all this one. > > > > > ATTACHMENT part 2 application/pgp-signature > > > > ===== > ----------------------------------------------------------- > All warfare is based on deception. > ----------------------------------------------------------- > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --==_Exmh_-800317256P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE9Pwq3LTFEeF+CsrMRAimHAKDgpt5wNBepezusHSebo4Pn4i0EwwCfUcyf Ddy7ofeE6sYrnLqEc8mgKEI= =Juq1 -----END PGP SIGNATURE----- --==_Exmh_-800317256P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 13:23:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D02737B400 for ; Wed, 24 Jul 2002 13:23:11 -0700 (PDT) Received: from crazytrain.camattin.com (dsl-64-192-134-253.telocity.com [64.192.134.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9B7D43E3B for ; Wed, 24 Jul 2002 13:23:09 -0700 (PDT) (envelope-from camattin@camattin.com) Received: from crazytrain.camattin.com (localhost [127.0.0.1]) by crazytrain.camattin.com (8.12.5/8.12.5) with ESMTP id g6OJq3bq065363; Wed, 24 Jul 2002 15:52:03 -0400 (EDT) (envelope-from camattin@camattin.com) Received: from localhost (camattin@localhost) by crazytrain.camattin.com (8.12.5/8.12.5/Submit) with ESMTP id g6OJpwEl065360; Wed, 24 Jul 2002 15:51:58 -0400 (EDT) X-Authentication-Warning: crazytrain.camattin.com: camattin owned process doing -bs Date: Wed, 24 Jul 2002 15:51:58 -0400 (EDT) From: "Chris A. Mattingly" To: twig les Cc: Peter Pentchev , Subject: Re: SSH problem (was ssh cipher) In-Reply-To: <20020724193325.92208.qmail@web10107.mail.yahoo.com> Message-ID: <20020724155021.A65279-100000@crazytrain.camattin.com> X-Message-Flag: You really should not be able to see this message. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 24 Jul 2002, twig les wrote: > SSH Version OpenSSH_2.3.0 FreeBSD localisations > 20010713, protocol versions 1.5/2.0. > Compiled with SSL (0x0090601f). > debug: Reading configuration data /etc/ssh/ssh_config > debug: ssh_connect: getuid 1001 geteuid 1001 anon 1 > debug: Connecting to (null) [10.20.0.90] port 22. > debug: Connection established. > ssh_exchange_identification: Connection closed by > remote host > debug: Calling cleanup 0x8058204(0x0) > > > Things I've ruled out: > Incompatibility with ssh.com and openssh (can ssh from > sniffer to ssh.com boxes). > Wrong user > Wrong listening port > Unallowed source IP (I can telnet in, but not SSH) > Wrong cipher - it's using 3des > > Am I destined to bang my head on the desk and load > Warcraft 3? This sounds like /etc/hosts.deny and/or /etc/hosts.allow dropping the connection. When I add 127.0.0.1 into a deny statement, I get the same scenario: (Just one -v used for brevity) % ssh -v localhost OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f debug1: Reading configuration data /etc/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /local/users/cmatting/.ssh/identity type 0 debug1: identity file /local/users/cmatting/.ssh/id_rsa type 1 debug1: identity file /local/users/cmatting/.ssh/id_dsa type 2 ssh_exchange_identification: Connection closed by remote host debug1: Calling cleanup 0x3ef20(0x0) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 16:39:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A99337B400 for ; Wed, 24 Jul 2002 16:39:23 -0700 (PDT) Received: from web10101.mail.yahoo.com (web10101.mail.yahoo.com [216.136.130.51]) by mx1.FreeBSD.org (Postfix) with SMTP id C739243E5E for ; Wed, 24 Jul 2002 16:39:22 -0700 (PDT) (envelope-from twigles@yahoo.com) Message-ID: <20020724233922.16648.qmail@web10101.mail.yahoo.com> Received: from [68.5.49.41] by web10101.mail.yahoo.com via HTTP; Wed, 24 Jul 2002 16:39:22 PDT Date: Wed, 24 Jul 2002 16:39:22 -0700 (PDT) From: twig les Subject: Re: SSH problem (was ssh cipher) - solved To: Eli Dart Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020724201450.8DAD63B1AD@gemini.nersc.gov> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org K, the problem turned out to be a hosts.allow dirty syntax problem (since it's sooooo complex) AND a cipher one (we use aes, this old thing can't). ack, someone magiced away the sftp-server too. grrrr, I hate hand-me-downs. Anyhoo thanx for the pointers. --- Eli Dart wrote: > I seem to remember encountering something like this > some time ago. > > Do you have tcp wrappers configured to display a > banner? I think > this was what caused the problem for me -- the > banner that tcp > wrappers injected fouled up the ssh protocol > negotiations. > > I could be wrong about this....memory is fuzzy > today... > > --eli > > > In reply to twig les : > > > Well the problem isn't ssh.com vs openssh. I > sshed > > from the pos box to my sniffer and got in, but > > couldn't ssh back again. This is the verbose > output > > from the session from the pos to the sniffer: > > > > > > # ssh -v -v -v -l snort 10.x.x.x > > OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL > > 0x0090600f > > Contains Cisco Secure Intrusion Detection System > > modifications. > > Domestic strength encryption. (k9). > > debug: Reading configuration data /etc/ssh_config > > debug: ssh_connect: getuid 0 geteuid 0 anon 0 > > debug: Connecting to 10.20.0.124 [10.20.0.124] > port > > 922. > > debug: Allocated local port 1023. > > debug: Connection established. > > debug: identity file /root/.ssh/identity type 3 > > debug: identity file /root/.ssh/id_dsa type 3 > > debug: Remote protocol version 1.99, remote > software > > version OpenSSH_2.3.0 FreeBSD localisations > 20010713 > > debug: match: OpenSSH_2.3.0 FreeBSD localisations > > 20010713 pat ^OpenSSH_2\.3\.0 > > debug: Local version string > SSH-1.5-OpenSSH_2.5.1p2 > > debug: Waiting for server public key. > > debug: Received server public key (768 bits) and > host > > key (1024 bits). > > > > debug: Encryption type: 3des > > debug: Sent encrypted session key. > > debug: Installing crc compensation attack > detector. > > debug: Received encrypted confirmation. > > debug: Doing password authentication. > > snort@10.x.x.x's password: > > > > > > > > But when sshing back, I got the following: > > > > > > %ssh -c 3des-cbc -v -v -v 10.20.0.90 > > SSH Version OpenSSH_2.3.0 FreeBSD localisations > > 20010713, protocol versions 1.5/2.0. > > Compiled with SSL (0x0090601f). > > debug: Reading configuration data > /etc/ssh/ssh_config > > debug: ssh_connect: getuid 1001 geteuid 1001 anon > 1 > > debug: Connecting to (null) [10.20.0.90] port 22. > > debug: Connection established. > > ssh_exchange_identification: Connection closed by > > remote host > > debug: Calling cleanup 0x8058204(0x0) > > > > > > Things I've ruled out: > > Incompatibility with ssh.com and openssh (can ssh > from > > sniffer to ssh.com boxes). > > Wrong user > > Wrong listening port > > Unallowed source IP (I can telnet in, but not SSH) > > Wrong cipher - it's using 3des > > > > Am I destined to bang my head on the desk and load > > Warcraft 3? > > > > > > --- Peter Pentchev wrote: > > > On Wed, Jul 24, 2002 at 11:02:09AM -0700, twig > les > > > wrote: > > > > All, I have a POS box running an old version > of > > > > openssh (not allowed to upgrade it, sigh). > Right > > > now > > > > our jumpoff point is running ssh.com software > and > > > gets > > > > the following error immediately: > > > > > > > > ssh 1.1.1.1 > > > > warning: Authentication failed. > > > > Disconnected; connection lost (Connection > > > closed.). > > > > > > > > I've tried specifying the user and even the > port > > > but I > > > > think the problem may be that the openssh (2.5 > i > > > > think) may not be using the correct cipher. > How > > > do I > > > > check what cipher this guy is using? Also, > this > > > box > > > > has got to be logging the connections attempts > > > > somewhere, but I haven't seen it. > > > > > > Does the ssh.com SSH client have something > > > resembling > > > the OpenSSH client's "-v" command-line option, > and > > > especially its "-v -v -v" functionality? :) > > > > > > G'luck, > > > Peter > > > > > > -- > > > Peter Pentchev roam@ringlet.net roam@FreeBSD.org > > > PGP key: > > > http://people.FreeBSD.org/~roam/roam.key.asc > > > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E > ED18 > > > B68D 1619 4553 > > > No language can express every thought > unambiguously, > > > least of all this one. > > > > > > > > ATTACHMENT part 2 application/pgp-signature > > > > > > > > ===== > > > ----------------------------------------------------------- > > All warfare is based on deception. > > > ----------------------------------------------------------- > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Health - Feel better, live better > > http://health.yahoo.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of > the message > > > > ATTACHMENT part 2 application/pgp-signature ===== ----------------------------------------------------------- All warfare is based on deception. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 18:55:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F318637B420 for ; Wed, 24 Jul 2002 18:55:24 -0700 (PDT) Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7611643E67 for ; Wed, 24 Jul 2002 18:55:24 -0700 (PDT) (envelope-from scott@gerhardt-it.com) Received: from [192.168.100.110] (gw.gerhardt-it.com [204.83.38.103]) by blue.gerhardt-it.com (Postfix) with ESMTP id 92DEC10024 for ; Wed, 24 Jul 2002 19:55:23 -0600 (CST) User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Wed, 24 Jul 2002 19:55:17 -0600 Subject: Openssh-portable From: Scott Gerhardt To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box and now ssh is very slow to login (60 seconds or more). Other than the delay, everything else works fine. I couldn't find any answers in the archives. Seems like DNS lookup issue. Is this a known problem and what is the suggested fix? Thanks. -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 19: 8:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7558537B400 for ; Wed, 24 Jul 2002 19:08:47 -0700 (PDT) Received: from shire.group6.net (adsl-66-124-82-253.dsl.snfc21.pacbell.net [66.124.82.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0693943E7B for ; Wed, 24 Jul 2002 19:08:47 -0700 (PDT) (envelope-from jedi@group6.net) Received: from localhost (jedi@localhost) by shire.group6.net (8.11.6/8.11.6) with ESMTP id g6P28F780576; Wed, 24 Jul 2002 19:08:15 -0700 (PDT) (envelope-from jedi@group6.net) Date: Wed, 24 Jul 2002 19:08:11 -0700 (PDT) From: j3di To: Scott Gerhardt Cc: freebsd-security@FreeBSD.ORG Subject: Re: Openssh-portable In-Reply-To: Message-ID: <20020724190502.G77740-100000@shire.group6.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org try checking your sshd_config for ReverseMappingCheck. from the man page for sshd: ReverseMappingCheck Specifies whether sshd should try to verify the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``no''. On Wed, 24 Jul 2002, Scott Gerhardt wrote: > > I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box > and now ssh is very slow to login (60 seconds or more). Other than the > delay, everything else works fine. I couldn't find any answers in the > archives. > > Seems like DNS lookup issue. > > Is this a known problem and what is the suggested fix? > > Thanks. > > -- > Scott Gerhardt, P.Geo. > Gerhardt Information Technologies [G-IT] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --j3di "Hello. My name is Boba Fett. You killed my father. Prepare to die." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 19:25:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 310E037B400 for ; Wed, 24 Jul 2002 19:25:52 -0700 (PDT) Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id C789D43E4A for ; Wed, 24 Jul 2002 19:25:51 -0700 (PDT) (envelope-from scott@gerhardt-it.com) Received: from [192.168.100.110] (gw.gerhardt-it.com [204.83.38.103]) by blue.gerhardt-it.com (Postfix) with ESMTP id BBA3210024; Wed, 24 Jul 2002 20:25:50 -0600 (CST) User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Wed, 24 Jul 2002 20:25:44 -0600 Subject: Re: Openssh-portable From: Scott Gerhardt To: j3di Cc: Message-ID: In-Reply-To: <20020724190502.G77740-100000@shire.group6.net> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That doesn't seem to be the problem. My sshd_config reads has the following: "#VerifyReverseMapping no" The "ReverseMappingCheck" as indicated by man sshd does not exist in the sshd_config. -- Scott On 7/24/02 8:08 PM, "j3di" wrote: > try checking your sshd_config for ReverseMappingCheck. from the man page > for sshd: > > ReverseMappingCheck > Specifies whether sshd should try to verify the remote host name and check > that the resolved host name for the remote IP address maps back to the > very same IP address. The default is ``no''. > > > > On Wed, 24 Jul 2002, Scott Gerhardt wrote: > >> >> I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box >> and now ssh is very slow to login (60 seconds or more). Other than the >> delay, everything else works fine. I couldn't find any answers in the >> archives. >> >> Seems like DNS lookup issue. >> >> Is this a known problem and what is the suggested fix? >> >> Thanks. >> >> -- >> Scott Gerhardt, P.Geo. >> Gerhardt Information Technologies [G-IT] >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > --j3di > > "Hello. My name is Boba Fett. You killed my father. Prepare to die." > -- Scott Gerhardt, P.Geo. Gerhardt Information Technologies [G-IT] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 21:55:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCE2C37B400; Wed, 24 Jul 2002 21:55:52 -0700 (PDT) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id C956343E91; Wed, 24 Jul 2002 21:55:50 -0700 (PDT) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.sub.org [127.0.0.1]) by net2.dinoex.sub.org (8.12.5/8.12.5) with ESMTP id g6P4oFmE005572; Thu, 25 Jul 2002 06:50:17 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.5/8.12.5/Submit) with BSMTP id g6P4oAmU005397; Thu, 25 Jul 2002 06:50:10 +0200 (CEST) (envelope-from dirk.meyer@dinoex.sub.org) To: FreeBSD-gnats-submit@FreeBSD.ORG, jestrix@jestrix.net, freebsd-security@FreeBSD.ORG, des@FreeBSD.ORG, dot@dotat.at, sheldonh@starjuice.net Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: ports/39953: Resolve failure in OpenSSH 3.4p1 when using PrivilegeSeperation Date: Thu, 25 Jul 2002 06:41:45 +0200 X-Mailer: Dinoex 1.79 X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-ZC-TELEFON: V+49-5606-6512Q F+49-5606-55023 X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-ZC-POST: Im Grund 4;34317 Habichtswald;Germany X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-ZC-VIA: 20020725000000S+2@dinoex.sub.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I still can't repoduce the problem as described, but this patch should fix it. Please check if this solves the problem. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] --- sshd.c.orig Wed Jun 26 01:24:19 2002 +++ sshd.c Thu Jul 25 06:32:37 2002 @@ -53,6 +53,10 @@ #include #endif +#ifdef __FreeBSD__ +#include +#endif + #include "ssh.h" #include "ssh1.h" #include "ssh2.h" @@ -1409,6 +1413,17 @@ setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); + +#ifdef __FreeBSD__ + /* + * Initialize the resolver. This may not happen automatically + * before privsep chroot(). + */ + if ((_res.options & RES_INIT) == 0) { + debug("res_init()"); + res_init(); + } +#endif /* * Register our connection. This turns encryption off because we do To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jul 24 21:58:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6DDD37B406; Wed, 24 Jul 2002 21:58:21 -0700 (PDT) Received: from mauibuilt.com (mauibuilt.com [205.166.249.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B00443EAA; Wed, 24 Jul 2002 21:58:19 -0700 (PDT) (envelope-from freebsd@mauibuilt.com) Received: from mauibuilt.com (localhost.mauibuilt.com [127.0.0.1]) by mauibuilt.com (8.12.3/8.12.3) with ESMTP id g6P4w2qL048483; Wed, 24 Jul 2002 18:58:02 -1000 (HST) (envelope-from freebsd@mauibuilt.com) Received: (from freebsd@localhost) by mauibuilt.com (8.12.3/8.12.3/Submit) id g6P4w2Yd048482; Wed, 24 Jul 2002 18:58:02 -1000 (HST) From: FreeBSD MAIL Message-Id: <200207250458.g6P4w2Yd048482@mauibuilt.com> Subject: Vlan filtering. To: freebsd-networking@freebsd.org, freebsd-security@freebsd.org Date: Wed, 24 Jul 2002 18:58:02 -1000 (HST) X-Mailer: ELM [version 2.4ME+ PL77 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I was wondering what it would take to get IPFW and BRIDGING to be able to filter 802.1q tagged vlan pakets? I know you can bridge Vlan interfcaces but ipfw dosnt seem to pick up tagged packets. Is there anyone working on this or has gotten this working? Thanks in advance. Richard Puga puga@mauibuilt.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 0:48:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A19F37B400 for ; Thu, 25 Jul 2002 00:48:25 -0700 (PDT) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFA4443E72 for ; Thu, 25 Jul 2002 00:48:23 -0700 (PDT) (envelope-from rehsack@liwing.de) Received: (qmail 62511 invoked from network); 25 Jul 2002 07:58:40 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 25 Jul 2002 07:58:40 -0000 Message-ID: <3D3FAC90.6A33532D@liwing.de> Date: Thu, 25 Jul 2002 09:45:20 +0200 From: Jens Rehsack Organization: LiWing IT-Services X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Joshua Hitt Cc: freebsd-security@FreeBSD.ORG Subject: Re: Duplicates? References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Joshua Hitt wrote: > > is it just me or is anyone else getting duplicates in this chanel? That's mostly a problem with your mail system. In my case it's sometimes netscape - it didn't delete mails on pop3-server cleanly. Jens > jhitt > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Emacs > Sent: Tuesday, July 23, 2002 10:27 AM > To: pgreen > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: php4 vuln update > > Actually it's a family name...I am Erin Maclellan, I go by emac, my dad is > big mac and my brother is just mac....But thanks for reference, it had > alot to do with the php post! > > -e > > On Mon, 22 Jul 2002, pgreen wrote: > > > What kind of ninny would name himself 'Emacs'? > > > > Clearly, he is a trouble maker, and an enemy of the people. > > > > Phil Green, > > Accounting. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- L i W W W i Jens Rehsack L W W W L i W W W W i nnn gggg LiWing IT-Services L i W W W W i n n g g LLLL i W W i n n g g Friesenstra฿e 2 gggg 06112 Halle g g g Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 1:19:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D68C37B400 for ; Thu, 25 Jul 2002 01:19:40 -0700 (PDT) Received: from mailrelay.netcologne.de (mailrelay.netcologne.de [194.8.194.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDE7143E6E for ; Thu, 25 Jul 2002 01:19:37 -0700 (PDT) (envelope-from djanssen@netcologne.de) Received: from sys-194 (sys-194.netcologne.de [194.8.193.194]) by mailrelay.netcologne.de (8.11.6+Sun/8.11.6) with SMTP id g6P8JZ204289 for ; Thu, 25 Jul 2002 10:19:35 +0200 (MEST) Message-Id: <200207250819.g6P8JZ204289@mailrelay.netcologne.de> From: Dirk Janssen To: X-Mailer: PocoMail 2.6 (1006) - Licensed Version Date: Thu, 25 Jul 2002 10:19:35 +0200 In-Reply-To: Subject: Re: Openssh-portable Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Scott Gerhardt schrieb: > >I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE >box and now ssh is very slow to login (60 seconds or more). Other than >the delay, everything else works fine. I couldn't find any answers in >the archives. > >Seems like DNS lookup issue. > >Is this a known problem and what is the suggested fix? I had this problem too on one machine (others worked fine, all 4.6-Stable), it had nothing to do with my settings in sshd_config (ReverseMappingCheck no). It helped (I don't exactly know why) to copy my resolv.conf to the directory /usr/local/empty/etc/ an chmod /usr/local/empty to 755. If /usr/local/empty doesn't exist, try /var/empty, this depends on how you compiled openssh. If somebody knows why exactly this solution works it would be kind to let me know. Regards, Dirk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 2:21:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F76037B400 for ; Thu, 25 Jul 2002 02:21:42 -0700 (PDT) Received: from au-ml2.teamlog.fr (smtp-paris1.teamlog.com [213.41.116.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0555543E86 for ; Thu, 25 Jul 2002 02:21:41 -0700 (PDT) (envelope-from pof@teamlog.com) Received: from teamlog.com (proxy-paris1.teamlog.fr [213.41.116.89]) by au-ml2.teamlog.fr (8.12.4/8.12.4) with ESMTP id g6P9J6VV028031 for ; Thu, 25 Jul 2002 11:19:07 +0200 Message-ID: <3D3FE049.1000302@teamlog.com> Date: Thu, 25 Jul 2002 11:26:01 +0000 From: Pierre-Olivier Fur User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0.0) Gecko/20020702 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: Openssh-portable Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dirk Janssen wrote: >Scott Gerhardt schrieb: > > >>I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE >>box and now ssh is very slow to login (60 seconds or more). Other than >>the delay, everything else works fine. I couldn't find any answers in >>the archives. >> >>Seems like DNS lookup issue. >> >>Is this a known problem and what is the suggested fix? >> >> > >I had this problem too on one machine (others worked fine, all >4.6-Stable), it had nothing to do with my settings in sshd_config >(ReverseMappingCheck no). >It helped (I don't exactly know why) to copy my resolv.conf to the >directory /usr/local/empty/etc/ an chmod /usr/local/empty to 755. >If /usr/local/empty doesn't exist, try /var/empty, this depends on how >you compiled openssh. >If somebody knows why exactly this solution works it would be kind to let >me know. > >Regards, > >Dirk > I and some friends had this problem too on 4.5 and 4.4, I resolve it by setting up a local DNS server, so Scott you had a part of the answer. Anyway I'm gonna try Dirk's solution cause I'd like to understand why it works too. Cordialy Piero To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 5: 2:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BF0137B400; Thu, 25 Jul 2002 05:02:07 -0700 (PDT) Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58E9043E31; Thu, 25 Jul 2002 05:02:06 -0700 (PDT) (envelope-from mike@sentex.net) Received: from house.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.12.5/8.12.3) with ESMTP id g6PC1wrw044522; Thu, 25 Jul 2002 08:01:59 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020725075401.07beb2b8@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 25 Jul 2002 08:00:01 -0400 To: FreeBSD MAIL From: Mike Tancsa Subject: Re: Vlan filtering. Cc: freebsd-networking@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <200207250458.g6P4w2Yd048482@mauibuilt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: amavis-20020220 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why not just filter by interface that you have associated with the vlan ? e.g. you want to block all packets from vlan 123 and your next free vlan interface is vlan12 ifconfig vlan12 vlan 123 vlandev fxp0 ipfw add 12 deny log all from any to any via vlan12 This would effectively block all VLAN packets that are part of the 802.1q vlan 123. ---Mike At 06:58 PM 7/24/2002 -1000, FreeBSD MAIL wrote: >I was wondering what it would take to get IPFW and BRIDGING to be able >to filter 802.1q tagged vlan pakets? > >I know you can bridge Vlan interfcaces but ipfw dosnt seem to pick up tagged >packets. > >Is there anyone working on this or has gotten this working? > >Thanks in advance. > >Richard Puga >puga@mauibuilt.com > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 5:53:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B90FD37B400 for ; Thu, 25 Jul 2002 05:53:30 -0700 (PDT) Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0658443E4A for ; Thu, 25 Jul 2002 05:53:30 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id 4F2222C3D6; Thu, 25 Jul 2002 14:53:27 +0200 (CEST) Date: Thu, 25 Jul 2002 14:53:27 +0200 From: Thomas Quinot To: Scott Gerhardt Cc: freebsd-security@freebsd.org Subject: Re: Openssh-portable Message-ID: <20020725145327.A404@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from scott@gerhardt-it.com on Wed, Jul 24, 2002 at 07:55:17PM -0600 X-message-flag: WARNING! Using Outlook can damage your computer. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le 2002-07-25, Scott Gerhardt ้crivait : > I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box > and now ssh is very slow to login (60 seconds or more). Other than the > delay, everything else works fine. I couldn't find any answers in the > archives. OpenSSH runs various commands to gather entropy for random number generation; some of these might hang, eg due to NFS servers being slow or unavailable. Check whether the ssh_prng_commands config file contains anything that could hang for a while. Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 5:58:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A19337B400 for ; Thu, 25 Jul 2002 05:58:33 -0700 (PDT) Received: from qmail.broadbandip.net (s01.wave-speed.net [204.1.106.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 8E27843E8A for ; Thu, 25 Jul 2002 05:58:32 -0700 (PDT) (envelope-from travis@bbipmail.com) Received: (qmail 51725 invoked from network); 25 Jul 2002 12:58:32 -0000 Received: from nat-gw.gecinc.com (HELO travisl) (204.27.124.229) by s01.wave-speed.net with SMTP; 25 Jul 2002 12:58:32 -0000 From: "Travis L. Leuthauser" To: Subject: RE: Openssh-portable Date: Thu, 25 Jul 2002 07:58:31 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020725145327.A404@melusine.cuivre.fr.eu.org> Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As I understand, this is a known problem with openssh-portable when using privsep. Apparently after initiating privsep, sshd attempts to read /etc/resolv.conf, which it can't since chrooted to /var/empty. A workaround is to copy resolv.conf into /var/empty/etc. The only problem w/ this is that /var/empty is intented to be empty. -Travis -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Thomas Quinot Sent: Thursday, July 25, 2002 7:53 AM To: Scott Gerhardt Cc: freebsd-security@freebsd.org Subject: Re: Openssh-portable Le 2002-07-25, Scott Gerhardt ้crivait : > I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box > and now ssh is very slow to login (60 seconds or more). Other than the > delay, everything else works fine. I couldn't find any answers in the > archives. OpenSSH runs various commands to gather entropy for random number generation; some of these might hang, eg due to NFS servers being slow or unavailable. Check whether the ssh_prng_commands config file contains anything that could hang for a while. Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 6: 0:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FB7C37B400; Thu, 25 Jul 2002 06:00:20 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 691BE43E81; Thu, 25 Jul 2002 06:00:19 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 26AEC535C; Thu, 25 Jul 2002 15:00:17 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Tony Finch Cc: dinoex@freebsd.org, freebsd-security@freebsd.org Subject: Re: sshd privsep dns lookup bug References: <20020724163447.B8886@chiark.greenend.org.uk> From: Dag-Erling Smorgrav Date: 25 Jul 2002 15:00:16 +0200 In-Reply-To: <20020724163447.B8886@chiark.greenend.org.uk> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tony Finch writes: > The call to get_canonical_hostname() at line 145 of the FreeBSD version > of openssh-portable causes problems with privilege separation. It happens > to be the first call to the resolver, but because the code is running > chrooted at that point, it cannot read /etc/resolv.conf so fails to > initialize itself correctly. This causes the DNS lookup to fail, and > in some configurations to hang for half a minute. Thank you. I will look into it ASAP. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 6: 3: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3916F37B400; Thu, 25 Jul 2002 06:03:03 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7F2D43E86; Thu, 25 Jul 2002 06:03:02 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 2CC31535C; Thu, 25 Jul 2002 15:02:59 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: dirk.meyer@dinoex.sub.org (Dirk Meyer) Cc: FreeBSD-gnats-submit@FreeBSD.ORG, jestrix@jestrix.net, freebsd-security@FreeBSD.ORG, dot@dotat.at, sheldonh@starjuice.net Subject: Re: ports/39953: Resolve failure in OpenSSH 3.4p1 when using PrivilegeSeperation References: From: Dag-Erling Smorgrav Date: 25 Jul 2002 15:02:59 +0200 In-Reply-To: Message-ID: Lines: 10 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org dirk.meyer@dinoex.sub.org (Dirk Meyer) writes: > I still can't repoduce the problem as described, > but this patch should fix it. It looks good, though a simple (void)gethostbyname("localhost") should be just as effective. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 6:16:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0080537B400 for ; Thu, 25 Jul 2002 06:16:36 -0700 (PDT) Received: from changeofhabit.mr.itd.umich.edu (changeofhabit.mr.itd.umich.edu [141.211.144.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E78C43E4A for ; Thu, 25 Jul 2002 06:16:35 -0700 (PDT) (envelope-from johnec@umich.edu) Received: from mycpu.umich.edu ([141.211.178.69]) by changeofhabit.mr.itd.umich.edu (8.9.3/3.2r) with ESMTP id JAA20877 for ; Thu, 25 Jul 2002 09:16:33 -0400 (EDT) Message-Id: <4.3.2.7.2.20020725091013.0283f8a0@j.imap.itd.umich.edu> X-Sender: johnec@j.imap.itd.umich.edu X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 25 Jul 2002 09:16:33 -0400 To: freebsd-security@FreeBSD.ORG From: John Chang Subject: Web server/ A/V streaming Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I hope I'm e-mailing the right place. I am looking for a step by step on how to close all ports except for web traffic and the A/V stream from Microsoft media server. I plan on using FreeBSD/Apache as the web server, microsoft media server to send the stream to the webpage that has the embeded MS media applet. Does anyone have experience with doing this? I want to lock it down as much as possible. Thank you. P.S. if I should direct this somewhere else please let me know. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 6:57:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 342C137B400 for ; Thu, 25 Jul 2002 06:57:20 -0700 (PDT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 3CD2E43E4A for ; Thu, 25 Jul 2002 06:57:19 -0700 (PDT) (envelope-from sruml@gmx.de) Received: (qmail 8411 invoked by uid 0); 25 Jul 2002 13:57:18 -0000 Received: from du-014-181.access.de.clara.net (HELO trunks) (212.82.249.181) by mail.gmx.net (mp020-rz3) with SMTP; 25 Jul 2002 13:57:18 -0000 Message-ID: <005801c233e3$87b9f8e0$01000001@trunks> From: "sebastian ruml" To: Subject: Date: Thu, 25 Jul 2002 15:59:44 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org auth 6efaff40 subscribe freebsd-security sruml@gmx.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 7:50:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FC5D37B400 for ; Thu, 25 Jul 2002 07:50:42 -0700 (PDT) Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEC5243E5E for ; Thu, 25 Jul 2002 07:50:41 -0700 (PDT) (envelope-from scott@gerhardt-it.com) Received: from [24.71.178.119] (h24-71-178-119.ss.shawcable.net [24.71.178.119]) by blue.gerhardt-it.com (Postfix) with ESMTP id 4BE021004E; Thu, 25 Jul 2002 08:50:40 -0600 (CST) User-Agent: Microsoft-Entourage/10.1.0.2006 Date: Thu, 25 Jul 2002 08:50:34 -0600 Subject: Re: Openssh-portable From: Scott Gerhardt To: Dirk Janssen , Message-ID: In-Reply-To: <200207250819.g6P8JZ204289@mailrelay.netcologne.de> Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >> >> I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE >> box and now ssh is very slow to login (60 seconds or more). Other than >> the delay, everything else works fine. I couldn't find any answers in >> the archives. >> >> Seems like DNS lookup issue. >> >> Is this a known problem and what is the suggested fix? > > I had this problem too on one machine (others worked fine, all > 4.6-Stable), it had nothing to do with my settings in sshd_config > (ReverseMappingCheck no). > It helped (I don't exactly know why) to copy my resolv.conf to the > directory /usr/local/empty/etc/ an chmod /usr/local/empty to 755. > If /usr/local/empty doesn't exist, try /var/empty, this depends on how > you compiled openssh. > If somebody knows why exactly this solution works it would be kind to let > me know. FYI: I did a standard "make install" of openssh-portable from ports. In order fix the DNS delays when priviledge separation is ON you must copy /etc/resolv.conf to /var/empty/etc/resolv.conf and /var/empty must be set to 755. Everything works fine now. Thanks for all your help everone! -- Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 10:58:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB59E37B400 for ; Thu, 25 Jul 2002 10:58:37 -0700 (PDT) Received: from up.rsm.ru (up.rsm.ru [217.23.86.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id D421B43E3B for ; Thu, 25 Jul 2002 10:58:35 -0700 (PDT) (envelope-from aga@up.rsm.ru) Received: (from aga@localhost) by up.rsm.ru (8.11.6/8.11.6) id g6PHwWZ16108 for freebsd-security@freebsd.org; Thu, 25 Jul 2002 21:58:32 +0400 (MSD) (envelope-from aga) Message-Id: <200207251758.g6PHwWZ16108@up.rsm.ru> Subject: openssh-portable again To: freebsd-security@freebsd.org Date: Thu, 25 Jul 2002 21:58:32 +0400 (MSD) From: Dmitry Agafonov Reply-To: aga@rsm.ru Organization: Radioservice Mobile Ltd, Saratov X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, After installing openssh 3.4p1 my /var/log/messages is full of these: Jul 25 21:48:30 up sshd[16019]: error: Compression disabled Jul 25 21:48:33 up sshd[16021]: error: This platform does not support both privilege separation and compression Forget this and disable compression in my client/server configs? And why it happens on FreeBSD? Thanks, Dmitry Agafonov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 13:58: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A35D37B400 for ; Thu, 25 Jul 2002 13:57:58 -0700 (PDT) Received: from inigo.digitaldeck.com (twindolphin.digitaldeck.com [66.124.240.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D04743E4A for ; Thu, 25 Jul 2002 13:57:47 -0700 (PDT) (envelope-from questions@digitaldeck.com) Received: from IVANOVA2K (ivanova-2k.office-ca1.digitaldeck.com [192.168.1.133]) by inigo.digitaldeck.com (8.12.3/8.12.3) with SMTP id g6PKvOLG072697 for ; Thu, 25 Jul 2002 13:57:31 -0700 (PDT) (envelope-from questions@digitaldeck.com) From: "Chris McCluskey" To: Subject: Static built files and resolv issue Date: Thu, 25 Jul 2002 13:57:53 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <200207251758.g6PHwWZ16108@up.rsm.ru> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just checking to see if the binaries in /stand are safe from FreeBSD-SA-02:28.resolv (from an install CD of a 3.x, 4.3, 4.4, 4.5 system)? Is it ok to get rid of these files? Or better yet, is there a way to build new set of these files from a new world? On a couple of the systems I take care of these files are quite old. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 14:10:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF30137B400 for ; Thu, 25 Jul 2002 14:10:33 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E8887A.dip0.t-ipconnect.de [217.232.136.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBE6643E31 for ; Thu, 25 Jul 2002 14:10:32 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id B775381B; Thu, 25 Jul 2002 23:10:29 +0200 (CEST) Date: Thu, 25 Jul 2002 23:10:29 +0200 To: "Travis L. Leuthauser" Cc: freebsd-security@freebsd.org Subject: Re: Openssh-portable Message-ID: <20020725211029.GB18063@lupe-christoph.de> References: <20020725145327.A404@melusine.cuivre.fr.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday, 2002-07-25 at 07:58:31 -0500, Travis L. Leuthauser wrote: > As I understand, this is a known problem with openssh-portable when using > privsep. Apparently after initiating privsep, sshd attempts to read > /etc/resolv.conf, which it can't since chrooted to /var/empty. A workaround > is to copy resolv.conf into /var/empty/etc. The only problem w/ this is > that /var/empty is intented to be empty. If there is no (chroot)/etc/resolv.conf, the resolver will try 127.0.0.1. So if you run a local named, this will work. HTH, Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 16: 8:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 107F537B400 for ; Thu, 25 Jul 2002 16:08:22 -0700 (PDT) Received: from server1.wojo.com (server1.wojo.com [66.36.30.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89C5A43E9C for ; Thu, 25 Jul 2002 16:08:21 -0700 (PDT) (envelope-from robertw@wojo.com) Received: by server1.wojo.com (Postfix, from userid 502) id D47E63B2D; Thu, 25 Jul 2002 19:08:20 -0400 (EDT) Received: from moe.wojo.net (localhost [127.0.0.1]) by server1.wojo.com (Postfix) with ESMTP id 5857E3A82 for ; Thu, 25 Jul 2002 19:08:16 -0400 (EDT) Subject: RE: Openssh-portable MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 25 Jul 2002 19:08:13 -0400 Message-ID: X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 X-MS-Has-Attach: content-class: urn:content-classes:message X-MS-TNEF-Correlator: Thread-Topic: Openssh-portable Thread-Index: AcIzfp5kjzchheQCSVCW/Nih2DMH6wAsOWuQ From: "Robert S. Wojciechowski Jr." To: X-Spam-Status: No, hits=-1.4 required=7.0 tests=USER_IN_WHITELIST_TO,AWL version=2.40 X-Spam-Level: X-Sanitizer: Anomy Sanitizer Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Take a look at: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D39953 There is now a patch to fix this without the resolv.conf workaround. - Robert > I just set up openssh-portable-3.4p1_5 from the ports on a 4.5-RELEASE box > and now ssh is very slow to login (60 seconds or more). Other than the > delay, everything else works fine. I couldn't find any answers in the > archives. >=20 > Seems like DNS lookup issue. >=20 > Is this a known problem and what is the suggested fix? >=20 > Thanks. >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 16:24:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD39737B488 for ; Thu, 25 Jul 2002 16:24:42 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B46D43E88 for ; Thu, 25 Jul 2002 16:24:42 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 5B164535C; Fri, 26 Jul 2002 01:24:40 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: aga@rsm.ru Cc: freebsd-security@freebsd.org Subject: Re: openssh-portable again References: <200207251758.g6PHwWZ16108@up.rsm.ru> From: Dag-Erling Smorgrav Date: 26 Jul 2002 01:24:39 +0200 In-Reply-To: <200207251758.g6PHwWZ16108@up.rsm.ru> Message-ID: Lines: 12 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dmitry Agafonov writes: > After installing openssh 3.4p1 my /var/log/messages is full of these: > > Jul 25 21:48:30 up sshd[16019]: error: Compression disabled > Jul 25 21:48:33 up sshd[16021]: error: This platform does not support both privilege separation and compression How did you install OpenSSH? If you installed it from ports, exactly what version of the port was installed? DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 17:23:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0497A37B400 for ; Thu, 25 Jul 2002 17:23:10 -0700 (PDT) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F1AD43E5E for ; Thu, 25 Jul 2002 17:23:09 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from sparx.pantherdragon.org (evrtwa1-ar10-4-61-236-062.evrtwa1.dsl-verizon.net [4.61.236.62]) by spork.pantherdragon.org (Postfix) with ESMTP id 3F0F5471D8; Thu, 25 Jul 2002 17:02:49 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.pantherdragon.org (Postfix) with ESMTP id 88D80FDA0; Thu, 25 Jul 2002 17:02:46 -0700 (PDT) Message-ID: <3D4091A6.285C3072@pantherdragon.org> Date: Thu, 25 Jul 2002 17:02:46 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Travis L. Leuthauser" Cc: freebsd-security@freebsd.org Subject: Re: Openssh-portable References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Travis L. Leuthauser" wrote: > > As I understand, this is a known problem with openssh-portable when using > privsep. Apparently after initiating privsep, sshd attempts to read > /etc/resolv.conf, which it can't since chrooted to /var/empty. A workaround > is to copy resolv.conf into /var/empty/etc. The only problem w/ this is > that /var/empty is intented to be empty. Or you can just put "VerifyReverseMapping no" in your sshd_config. Relying on DNS consistency for any sort of client verification has never seemed all that great of an idea to me. There are far too many third parties, far too many poorly-managed zonefiles, and it is far too easy to spoof, poison, and trash the DNS for it to be useful for this purpose. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jul 25 17:34:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF64137B400 for ; Thu, 25 Jul 2002 17:34:43 -0700 (PDT) Received: from texas.pobox.com (texas.pobox.com [64.49.223.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7102E43E42 for ; Thu, 25 Jul 2002 17:34:38 -0700 (PDT) (envelope-from kevin@atomicgears.com) Received: from scott.crlsca.adelphia.net (ca-crlsca-cuda1-c5a-a-55.crlsca.adelphia.net [68.70.214.55]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by texas.pobox.com (Postfix) with ESMTP id BE53B455ED; Thu, 25 Jul 2002 20:34:21 -0400 (EDT) Received: by scott.crlsca.adelphia.net (Postfix, from userid 100) id BB4BD2133A; Thu, 25 Jul 2002 17:34:12 -0700 (PDT) Date: Thu, 25 Jul 2002 17:34:12 -0700 From: Kevin Steves To: Darren Pilgrim Cc: "Travis L. Leuthauser" , freebsd-security@freebsd.org, stevesk@pobox.com Subject: Re: Openssh-portable Message-ID: <20020726003412.GL16664@scott.crlsca.adelphia.net> References: <3D4091A6.285C3072@pantherdragon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D4091A6.285C3072@pantherdragon.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jul 25, 2002 at 05:02:46PM -0700, Darren Pilgrim wrote: > Or you can just put "VerifyReverseMapping no" in your sshd_config. That is the default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 5:58:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73A1737B400; Fri, 26 Jul 2002 05:58:44 -0700 (PDT) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.135.138.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 882F443E6A; Fri, 26 Jul 2002 05:58:42 -0700 (PDT) (envelope-from fanf@chiark.greenend.org.uk) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 17Y4g1-00049b-00 (Debian); Fri, 26 Jul 2002 13:58:37 +0100 Date: Fri, 26 Jul 2002 13:58:37 +0100 From: Tony Finch To: des@freebsd.org, freebsd-security@freebsd.org Cc: dot@dotat.at Subject: ssh host key inconsistency Message-ID: <20020726135837.A7551@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I note that rc.network is now creating ssh host keys in both DSA and RSA forms, but our sshd is only using the DSA key. Shall I commit this patch which reverts one of our local changes? Tony. -- f.a.n.finch http://dotat.at/ NORTH BAILEY: SOUTHWESTERLY 5 TO 7. SQUALLY SHOWERS. GOOD. --- servconf.c 3 Jul 2002 22:11:43 -0000 1.3.2.14 +++ servconf.c 26 Jul 2002 12:52:41 -0000 @@ -145,6 +145,8 @@ _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = + _PATH_HOST_RSA_KEY_FILE; + options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 6: 1:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F40E337B400 for ; Fri, 26 Jul 2002 06:01:11 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64E5743E42 for ; Fri, 26 Jul 2002 06:01:11 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id A3D73535C; Fri, 26 Jul 2002 15:01:08 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Tony Finch Cc: freebsd-security@freebsd.org Subject: Re: ssh host key inconsistency References: <20020726135837.A7551@chiark.greenend.org.uk> From: Dag-Erling Smorgrav Date: 26 Jul 2002 15:01:08 +0200 In-Reply-To: <20020726135837.A7551@chiark.greenend.org.uk> Message-ID: Lines: 10 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tony Finch writes: > I note that rc.network is now creating ssh host keys in both DSA and > RSA forms, but our sshd is only using the DSA key. Shall I commit this > patch which reverts one of our local changes? No, we intentionally do not use the RSA host key by default. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 6:52:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C0B337B400 for ; Fri, 26 Jul 2002 06:52:51 -0700 (PDT) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.135.138.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21D4D43E31 for ; Fri, 26 Jul 2002 06:52:50 -0700 (PDT) (envelope-from fanf@chiark.greenend.org.uk) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 17Y5WT-0008G6-00 (Debian); Fri, 26 Jul 2002 14:52:49 +0100 Date: Fri, 26 Jul 2002 14:52:49 +0100 From: Tony Finch To: Dag-Erling Smorgrav Cc: Tony Finch , freebsd-security@freebsd.org Subject: Re: ssh host key inconsistency Message-ID: <20020726145249.B7551@chiark.greenend.org.uk> References: <20020726135837.A7551@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Fri, Jul 26, 2002 at 03:01:08PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jul 26, 2002 at 03:01:08PM +0200, Dag-Erling Smorgrav wrote: > Tony Finch writes: > > I note that rc.network is now creating ssh host keys in both DSA and > > RSA forms, but our sshd is only using the DSA key. Shall I commit this > > patch which reverts one of our local changes? > > No, we intentionally do not use the RSA host key by default. In that case, how about this? (And what is the reasoning for not using both the RSA and DSA keys?) Tony. -- f.a.n.finch http://dotat.at/ ROCKALL: WEST OR SOUTHWEST BECOMING CYCLONIC 3 OR 4, OCCASIONALLY 5 IN SOUTHEAST LATER. RAIN OR DRIZZLE. MODERATE WITH FOG PATCHES. --- sshd.8 3 Jul 2002 22:11:44 -0000 1.5.2.8 +++ sshd.8 26 Jul 2002 13:29:37 -0000 @@ -217,8 +217,6 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key -and .Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. It is possible to have multiple host key files for @@ -562,14 +560,14 @@ .Nm sshd . The file format and configuration options are described in .Xr sshd_config 5 . -.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key +.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that .Nm does not start if this file is group/world-accessible. -.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub +.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. --- sshd_config 3 Jul 2002 22:11:44 -0000 1.4.2.9 +++ sshd_config 26 Jul 2002 13:30:05 -0000 @@ -24,7 +24,6 @@ # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key --- sshd_config.5 4 Jul 2002 19:07:11 -0000 1.5.2.2 +++ sshd_config.5 26 Jul 2002 13:29:55 -0000 @@ -240,8 +240,6 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key -and .Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. Note that To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 7:41:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06A5737B400; Fri, 26 Jul 2002 07:41:11 -0700 (PDT) Received: from mail.seton.org (mail.seton.org [207.193.126.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8310043E31; Fri, 26 Jul 2002 07:41:10 -0700 (PDT) (envelope-from mgrooms@seton.org) Received: from aus-gwia.aus.dcnhs.org (aus-gwia.aus.dcnhs.org [10.20.10.211]) by mail.seton.org (Postfix) with ESMTP id 17DDAD017B; Fri, 26 Jul 2002 09:41:10 -0500 (CDT) Received: from AUS_SETON-MTA by aus-gwia.aus.dcnhs.org with Novell_GroupWise; Fri, 26 Jul 2002 09:41:09 -0500 Message-Id: X-Mailer: Novell GroupWise Internet Agent 6.0.1 Date: Fri, 26 Jul 2002 09:40:59 -0500 From: "Matthew Grooms" To: , Subject: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I have a freebsd related ipsec question. I have set up a checkpoint vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the hospital I work for. Most of the guys on my team run linux/bsd at thier house so I have set up encrypt rules in vpn1 to allow us connect to the checkpoint box and tunnel into our network from home. In any case, one of my coworkers has had pretty good success with the freeswan ( can connect and route traffic ) but I am getting some weird behavior using racoon/kame ipsec. I was hoping somone could help me out with this. I have attached most configuration info in this email and am more than willing to try just about anything to get this up and running. I could even go so far as to set up a temporary profile in a sandbox if somone who knows what they are doing would like take a stab at it. I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The VPN1 side is set up to reflect my freebsd configuration. I am using preshared keys for authentication 3des/md5 & pfs. ( although I have tried a myriad of permutations ) The freebsd side is version 4.4 with the following kernel options. options IPFIREWALL # FW Support options IPFIREWALL_VERBOSE # FW Logging options IPFIREWALL_VERBOSE_LIMIT=100 # FW Logging limits options IPFIREWALL_FORWARD # FW Transparent Proxy options IPDIVERT # IP Socket Diversion options IPFILTER # IP Filter options IPFILTER_LOG # IP Filter Logging options IPSEC # Secure IP options IPSEC_ESP # Secure IP ( crypto ) racoon version is racoon-20020507a racoon configuration parameters are set to 3des,md5,w/pfs Here is my security policy script run before vpn connect ... # create tunnel device ifconfig gif0 create # public addresses ( external ) gifconfig gif0 66.90.146.202 65.118.63.252 # private addresses ( internal ) ifconfig gif0 inet 10.22.200.1 10.21.2.253 netmask 255.255.0.0 # delete all existing SPD and SAD entries setkey -FP setkey -F setkey -c << EOF spdadd 10.22.200.0/24 10.20.0.0/16 any -P out ipsec esp/tunnel/10.22.200.1-10.21.2.253/require; spdadd 10.22.200.0/24 10.21.0.0/16 any -P out ipsec esp/tunnel/10.22.200.1-10.21.2.253/require; #spdadd 10.22.200.0/24 10.23.0.0/16 any -P out ipsec esp/tunnel/10.22.200.1-10.21.2.253/require; spdadd 10.20.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/10.21.2.253-10.22.200.1/require; spdadd 10.21.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/10.21.2.253-10.22.200.1/require; #spdadd 10.23.0.0/16 10.22.200.0/24 any -P in ipsec esp/tunnel/10.21.2.253-10.22.200.1/require; EOF killall racoon sleep 1 /usr/local/sbin/racoon -l /var/log/racoon.log -v VPN1 Log Output ... key install IKE: Main Mode completion. key install IKE: Informational Exchange Received Notification from Peer: Initial Contact (phase1) drop ecryption failure: Packet is dropped as there is no valid SA drop ecrtption failure: no response from peer. Racoon Log Output ... 2002-07-23 17:19:25: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected. 2002-07-23 17:19:25: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous 2002-07-23 17:19:25: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src address from ID payload 10.20.0.0[0] prefixlen=16 ul_proto=255 2002-07-23 17:19:25: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst address from ID payload 10.22.200.0[0] prefixlen=24 ul_proto=255 2002-07-23 17:19:25: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff780: 10.20.0.0/16[0] 10.22.200.0/24[0] proto=any dir=in 2002-07-23 17:19:25: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 10.20.0.0/16[0] 10.22.200.0/24[0] proto=any dir=in 2002-07-23 17:19:25: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff780 masked with /16: 10.20.0.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3c08 masked with /16: 10.20.0.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff780 masked with /24: 10.22.200.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:262:cmpspidxwild(): 0x80a3c08 masked with /24: 10.22.200.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff780: 10.22.200.0/24[0] 10.20.0.0/16[0] proto=any dir=out 2002-07-23 17:19:25: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 10.20.0.0/16[0] 10.22.200.0/24[0] proto=any dir=in 2002-07-23 17:19:25: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff780: 10.22.200.0/24[0] 10.20.0.0/16[0] proto=any dir=out 2002-07-23 17:19:25: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b2008: 10.21.0.0/16[0] 10.22.200.0/24[0] proto=any dir=in 2002-07-23 17:19:25: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff780: 10.22.200.0/24[0] 10.20.0.0/16[0] proto=any dir=out 2002-07-23 17:19:25: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b2408: 10.22.200.0/24[0] 10.20.0.0/16[0] proto=any dir=out 2002-07-23 17:19:25: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff780 masked with /24: 10.22.200.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:246:cmpspidxwild(): 0x80b2408 masked with /24: 10.22.200.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff780 masked with /16: 10.20.0.0[0] 2002-07-23 17:19:25: DEBUG: policy.c:262:cmpspidxwild(): 0x80b2408 masked with /16: 10.20.0.0[0] 2002-07-23 17:19:25: DEBUG: isakmp_quick.c:2054:get_proposal_r(): suitable SP found:10.22.200.0/24[0] 10.20.0.0/16[0] proto=any dir=out 2002-07-23 17:19:25: ERROR: proposal.c:965:set_proposal_from_policy(): not supported nested SA.2002-07-23 17:19:25: ERROR: isakmp_quick.c:2070:get_proposal_r(): failed to create saprop. 2002-07-23 17:19:25: ERROR: isakmp_quick.c:1069:quick_r1recv(): failed to get proposal for responder. 2002-07-23 17:19:25: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. This last error 'not supported nested SA.' repeats until the vpn1 side gives up. I am not sure what cuses this error ( not very clear ) but I am guessing this is where the problem is. Help!!! Matthew Grooms Seton Healthcare Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 7:50: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 242E437B400 for ; Fri, 26 Jul 2002 07:50:01 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id A326743E5E for ; Fri, 26 Jul 2002 07:50:00 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 82DC2535C; Fri, 26 Jul 2002 16:49:54 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Tony Finch Cc: freebsd-security@freebsd.org Subject: Re: ssh host key inconsistency References: <20020726135837.A7551@chiark.greenend.org.uk> <20020726145249.B7551@chiark.greenend.org.uk> From: Dag-Erling Smorgrav Date: 26 Jul 2002 16:49:53 +0200 In-Reply-To: <20020726145249.B7551@chiark.greenend.org.uk> Message-ID: Lines: 15 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tony Finch writes: > In that case, how about this? (And what is the reasoning for not using > both the RSA and DSA keys?) According to the draft standard, RSA is deprecated and DSA is the preferred cipher. There's also a POLA issue; previous FreeBSD releases have used only DSA, and enabling RSA would cause spurious "unknown host key" warnings (OpenSSH prefers RSA to DSA when both are available, so the DSA key would be ignored) The patch looks good. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 10: 7:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2BE737B400 for ; Fri, 26 Jul 2002 10:07:39 -0700 (PDT) Received: from smtp2.enst.fr (matrix2.enst.fr [137.194.2.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31E7743E4A for ; Fri, 26 Jul 2002 10:07:39 -0700 (PDT) (envelope-from cedric.ware@enst.fr) Received: from olympe.enst.fr (olympe.enst.fr [137.194.64.54]) by smtp2.enst.fr (Postfix) with ESMTP id AA0371EF04; Fri, 26 Jul 2002 19:07:34 +0200 (MEST) Received: by olympe.enst.fr (Postfix, from userid 14110) id 90830110CF; Fri, 26 Jul 2002 19:07:36 +0200 (CEST) Date: Fri, 26 Jul 2002 19:07:36 +0200 From: Cedric Ware To: Dag-Erling Smorgrav Cc: freebsd-security@freebsd.org Subject: Re: ssh host key inconsistency Message-ID: <20020726170736.GA16312@enst.fr> References: <20020726135837.A7551@chiark.greenend.org.uk> <20020726145249.B7551@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > According to the draft standard, RSA is deprecated and DSA is the > preferred cipher. Do you have any references for this? I have looked through http://www.ietf.org/html.charters/secsh-charter.html, but I must have missed it. > There's also a POLA issue; previous FreeBSD > releases have used only DSA, and enabling RSA would cause spurious > "unknown host key" warnings Indeed. (Although I am somewhat in the reverse situation, not being a FreeBSD-only user...) Thank you, Cedric Ware. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jul 26 16:46:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 638C137B400 for ; Fri, 26 Jul 2002 16:46:22 -0700 (PDT) Received: from inord.no (oluf.et-n.no [213.161.160.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F55643E3B for ; Fri, 26 Jul 2002 16:46:15 -0700 (PDT) (envelope-from erik@pentadon.com) Received: from erikpc [213.161.168.206] by inord.no (SMTPD32-7.06) id AE4E54F9014E; Sat, 27 Jul 2002 01:42:06 +0200 Message-ID: <001001c234fe$c06c5d60$0200000a@erikpc> From: =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= To: Subject: Problems with reaching a ftpd behind two DMZ clouds Date: Sat, 27 Jul 2002 01:47:06 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello. I have the following setup: FreeBSD(fxp0) --[LAN1]-- (fxp0) Windows XP with ICS enabled (wi0) ~~[LAN2]~~ (wi0) Wireless FreeBSD laptop LAN1 uses the 10.0.0.0/24 subnet LAN2 uses the 192.168.0.0/24 subnet If I try to reach the ftpd running on the FreeBSD on LAN1 from my wireless laptop on LAN2, I get the following error: Connected to 10.0.0.1. 421 Service not available, remote server has closed connection. If I try to reach the ftpd from my Windows XP computer, the ftp-session works just fine. I can imagine that this has something to do with the freebsd-laptop coming from a private netblock, but hosts.allow is set to ALL : ALL, so I really don't know where to fix this. Erik. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jul 27 5:34:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B64E37B400; Sat, 27 Jul 2002 05:34:38 -0700 (PDT) Received: from fep1.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9723F43E4A; Sat, 27 Jul 2002 05:34:37 -0700 (PDT) (envelope-from dlavigne6@cogeco.ca) Received: from d226-33-213.home.cgocable.net (d226-33-213.home.cgocable.net [24.226.33.213]) by fep1.cogeco.net (Postfix) with ESMTP id 507753B61; Sat, 27 Jul 2002 08:34:34 -0400 (EDT) Date: Sat, 27 Jul 2002 08:39:46 -0400 (EDT) From: Dru X-X-Sender: dlavigne6@x1-6-00-80-c8-3a-b8-46.kico2.on.cogeco.ca To: Matthew Grooms Cc: freebsd-questions@FreeBSD.ORG, Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... In-Reply-To: Message-ID: <20020727083722.A86804-100000@x1-6-00-80-c8-3a-b8-46.kico2.on.cogeco.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Jul 2002, Matthew Grooms wrote: > Hello, > > I have a freebsd related ipsec question. I have set up a checkpoint > vpn1/fw1 NG ( feature pack 2 )gateway for vpn connectivity to the > hospital I work for. Most of the guys on my team run linux/bsd at thier > house so I have set up encrypt rules in vpn1 to allow us connect to the > checkpoint box and tunnel into our network from home. In any case, one > of my coworkers has had pretty good success with the freeswan ( can > connect and route traffic ) but I am getting some weird behavior using > racoon/kame ipsec. I was hoping somone could help me out with this. I > have attached most configuration info in this email and am more than > willing to try just about anything to get this up and running. I could > even go so far as to set up a temporary profile in a sandbox if somone > who knows what they are doing would like take a stab at it. > > I am running Checkpoint VPN1/FW1 with Feature pack 2 installed. The > VPN1 side is set up to reflect my freebsd configuration. I am using > preshared keys for authentication 3des/md5 & pfs. ( although I have > tried a myriad of permutations ) The freebsd side is version 4.4 with > the following kernel options. Have you tried a "tcpdump port 500" during Phase 1 negotiations? This will show the proposal exchange so you can see which parts aren't matching up. If that doesn't do it, send that output along with your racoon.conf file. Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message