From owner-freebsd-isp Sun Dec 14 04:11:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA01817 for isp-outgoing; Sun, 14 Dec 1997 04:11:03 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from random.tpgi.com.au (random.tpgi.com.au [203.12.160.7]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA01811 for ; Sun, 14 Dec 1997 04:10:58 -0800 (PST) (envelope-from eirvine@tpgi.com.au) Received: (from smtpd@localhost) by random.tpgi.com.au (8.8.4/8.8.6) id XAA14294; Sun, 14 Dec 1997 23:10:30 +1100 (EST) Received: from tar-ppp-170.tpgi.com.au(203.26.26.170), claiming to be "gretchen" via SMTP by random.tpgi.com.au, id smtpdCAAa003Uv; Sun Dec 14 23:10:22 1997 From: "Eddie Irvine" To: "Eddie Fry" , Subject: Re: rc.conf Date: Sun, 14 Dec 1997 23:07:29 +1100 Message-ID: <01bd0888$d983a620$aa1a1acb@gretchen> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >I'm running 2.2.2 and have a problem with the rc.conf file. /stand/sysinstall is broken in 2.2.2. :( From owner-freebsd-isp Sun Dec 14 11:49:20 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA04274 for isp-outgoing; Sun, 14 Dec 1997 11:49:20 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from sundial.sundial.net (root@sundial.sundial.net [204.181.150.2]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA04265 for ; Sun, 14 Dec 1997 11:49:14 -0800 (PST) (envelope-from gme@sundial.net) Received: from caffeine (caffeine.inspace.net [207.204.40.248]) by sundial.sundial.net (8.8.5/8.8.5) with SMTP id OAA09004 for ; Sun, 14 Dec 1997 14:49:10 -0500 (EST) Message-Id: <3.0.5.32.19971214144719.009403c0@sundial.net> X-Sender: gme@sundial.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sun, 14 Dec 1997 14:47:19 -0500 To: isp@freebsd.org From: "George M. Ellenburg" Subject: Subnetting, Firewalls, Class C's Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Suffering from a cold, and heavy medication, I wish to run the following by some of you to confirm or deny that this subnetting example will work; everything tells me yes, but I would appreciate a second opinion: ip ranges netmask 204.181.150.1 - 204.181.150.14 255.255.255.240 204.181.150.17 - 204.181.150.30 255.255.255.240 204.181.150.33 - 204.181.150.46 255.255.255.240 204.181.150.49 - 204.181.150.54 255.255.255.248 204.181.150.57 - 204.181.150.254 255.255.255.56 Regards, George -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5 iQA/AwUBNJQ3xtorHPLZtoZoEQIHPgCgrWGBueRvuLjD4ikeHGRXoUchaw8AoI4r LferH+1wVhLJll0kf7s+zXHO =JxBp -----END PGP SIGNATURE----- From owner-freebsd-isp Sun Dec 14 13:40:29 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA13277 for isp-outgoing; Sun, 14 Dec 1997 13:40:29 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from support.euronet.nl (support.euronet.nl [194.134.32.134]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA13264 for ; Sun, 14 Dec 1997 13:40:25 -0800 (PST) (envelope-from sake@euronet.nl) Received: (from sake@localhost) by support.euronet.nl (8.8.5/8.6.12) id WAA06757; Sun, 14 Dec 1997 22:39:14 +0100 (CET) From: Sake Blok Message-Id: <199712142139.WAA06757@support.euronet.nl> Subject: Re: Subnetting, Firewalls, Class C's In-Reply-To: <3.0.5.32.19971214144719.009403c0@sundial.net> from "George M. Ellenburg" at "Dec 14, 97 02:47:19 pm" To: gme@sundial.net (George M. Ellenburg) Date: Sun, 14 Dec 1997 22:39:14 +0100 (CET) Cc: isp@freebsd.org Reply-To: sake@nl.euro.net X-URL: http://www.euronet.nl/~sake/ X-quote: Anything you say in your sleep, X-quote: can and WILL be used against you in a court of love. X-Mailer: ELM [version 2.4ME+ PL31H (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Suffering from a cold, and heavy medication, I wish to run the > following by some of you to confirm or deny that this subnetting > example will work; everything tells me yes, but I would appreciate a > second opinion: > > ip ranges netmask > 204.181.150.1 - > 204.181.150.14 255.255.255.240 > > 204.181.150.17 - > 204.181.150.30 255.255.255.240 > > 204.181.150.33 - > 204.181.150.46 255.255.255.240 > > 204.181.150.49 - > 204.181.150.54 255.255.255.248 > > 204.181.150.57 - > 204.181.150.254 255.255.255.56 A subnet must always be a power of 2 big or else the subnetmasking will not work. You have to split the last entry up into 3 sections: 204.181.150.57 - 204.181.150.62 255.255.255.248 204.181.150.65 - 204.181.150.126 255.255.255.192 and 204.181.150.129 - 204.181.150.254 255.255.255.128 At least, that is what you have to do if you don't want to change the first 4 subnets. Sake -- Sake Blok * * EuroNet Internet Client Services Team * * Herengracht 208 - 214 * 1016 BS Amsterdam E-mail: sake@nl.euro.net * Tel: +31 20 535 55 55 From owner-freebsd-isp Sun Dec 14 14:01:36 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA14644 for isp-outgoing; Sun, 14 Dec 1997 14:01:36 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA14636 for ; Sun, 14 Dec 1997 14:01:31 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id JAA16520; Mon, 15 Dec 1997 09:01:12 +1100 (EST) Date: Mon, 15 Dec 1997 09:01:11 +1100 (EST) From: "Daniel O'Callaghan" To: "George M. Ellenburg" cc: isp@FreeBSD.ORG Subject: Re: Subnetting, Firewalls, Class C's In-Reply-To: <3.0.5.32.19971214144719.009403c0@sundial.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 14 Dec 1997, George M. Ellenburg wrote: > > Suffering from a cold, and heavy medication, I wish to run the > following by some of you to confirm or deny that this subnetting > example will work; everything tells me yes, but I would appreciate a > second opinion: > > ip ranges netmask > 204.181.150.1 - > 204.181.150.14 255.255.255.240 Yes > 204.181.150.17 - > 204.181.150.30 255.255.255.240 YEs > 204.181.150.33 - > 204.181.150.46 255.255.255.240 Yes > 204.181.150.49 - > 204.181.150.54 255.255.255.248 Yes > 204.181.150.57 - > 204.181.150.254 255.255.255.56 No. If you want a huge subnet, the best you can do is 204.181.150.128:255.255.255.128 which gives you hosts .129-254. Danny From owner-freebsd-isp Sun Dec 14 14:27:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA16105 for isp-outgoing; Sun, 14 Dec 1997 14:27:16 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from nash.pr.mcs.net (nash.pr.mcs.net [204.95.47.72]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA16086 for ; Sun, 14 Dec 1997 14:27:12 -0800 (PST) (envelope-from alex@nash.pr.mcs.net) Received: (from alex@localhost) by nash.pr.mcs.net (8.8.7/8.8.7) id QAA11530; Sun, 14 Dec 1997 16:24:58 -0600 (CST) (envelope-from alex) Message-Id: <199712142224.QAA11530@nash.pr.mcs.net> Date: Sun, 14 Dec 1997 16:24:58 -0600 (CST) From: Alex Nash Reply-To: nash@mcs.com Subject: Re: ipfw info please. To: bminazzi@denverweb.net cc: isp@freebsd.org In-Reply-To: <348F416E.11F5202@denverweb.net> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On 10 Dec, Blaine Minazzi wrote: > Does anyone know how much overhead ipfw uses? ( Broad question I know, > but some idea would be helpful. ) Since this question has come up a few times before I've decided to add this to the FAQ. Until it becomes available at www.freebsd.org/FAQ, you can view the answer here: http://www.freebsd.org/~alex/FAQ153.html Alex From owner-freebsd-isp Sun Dec 14 16:07:52 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA24586 for isp-outgoing; Sun, 14 Dec 1997 16:07:52 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from ns2.harborcom.net (ns2.harborcom.net [206.158.4.4]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA24575 for ; Sun, 14 Dec 1997 16:07:46 -0800 (PST) (envelope-from mfisher@harborcom.net) Received: from d117-h041.rh.rit.edu (mfisher@d117-h041.rh.rit.edu [129.21.117.169]) by ns2.harborcom.net (8.8.7/8.8.5) with SMTP id TAA05387; Sun, 14 Dec 1997 19:07:25 -0500 (EST) Date: Sun, 14 Dec 1997 19:07:25 -0500 (EST) From: Mike Fisher X-Sender: mfisher@d117-h041.rh.rit.edu To: Eddie Irvine cc: Eddie Fry , isp@freebsd.org Subject: Re: rc.conf In-Reply-To: <01bd0888$d983a620$aa1a1acb@gretchen> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 14 Dec 1997, Eddie Irvine wrote: > >I'm running 2.2.2 and have a problem with the rc.conf file. > > /stand/sysinstall is broken in 2.2.2. :( This was noted in the ERRATA.TXT and furthermore should be discussed on freebsd-questions. -- Mike "Thanks for playing along at home." -- P. Bradley Dunn From owner-freebsd-isp Sun Dec 14 21:26:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA20897 for isp-outgoing; Sun, 14 Dec 1997 21:26:53 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from gwis.com (droberts@darcy.gwis.com [209.57.72.3]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA20886 for ; Sun, 14 Dec 1997 21:26:48 -0800 (PST) (envelope-from droberts@gwis.com) Received: from localhost (droberts@localhost) by gwis.com (8.8.5/8.6.12) with SMTP id AAA11007 for ; Mon, 15 Dec 1997 00:26:39 -0500 (EST) Date: Mon, 15 Dec 1997 00:26:38 -0500 (EST) From: Dan Roberts To: freebsd-isp@freebsd.org Subject: rover Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Simple question: has anyone had any luck getting the Rover network monitoring software working under FreeBSD, or have any information on how to make it compile clean? -- Dan Roberts, http://gwis.com/~droberts Gateway to Internet Services sysadmin/ircadmin, barovia.oh.us.dal.net for Internet access in NE Ohio http://barovia.dal.net - Strahd on DALnet http://www.gwis.com From owner-freebsd-isp Mon Dec 15 07:22:40 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA05203 for isp-outgoing; Mon, 15 Dec 1997 07:22:40 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from www.stv.ee (www.stv.ee [195.50.193.34]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA05174 for ; Mon, 15 Dec 1997 07:22:34 -0800 (PST) (envelope-from dima@stv.ee) Received: from stv.ee (dima2 [192.168.193.38]) by www.stv.ee (8.8.5/8.8.5) with ESMTP id RAA01715 for ; Mon, 15 Dec 1997 17:21:55 +0200 (EET) Message-ID: <34954A79.E9E1B78A@stv.ee> Date: Mon, 15 Dec 1997 17:19:21 +0200 From: Dmitry Baranov X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Radius log analysis scrips Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello. Does anybody have some scripts to anlyse RADIUS logs ? I have only standard raquick but need more detailed information. Help please ! Dmitry From owner-freebsd-isp Mon Dec 15 14:15:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA20652 for isp-outgoing; Mon, 15 Dec 1997 14:15:02 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from max.unitedaccess.com (max.unitedaccess.com [151.198.231.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA20638 for ; Mon, 15 Dec 1997 14:15:00 -0800 (PST) (envelope-from pedro@max.unitedaccess.com) Received: from localhost (pedro@localhost) by max.unitedaccess.com (8.8.7/8.8.7) with SMTP id RAA19654; Mon, 15 Dec 1997 17:18:50 GMT (envelope-from pedro@max.unitedaccess.com) Date: Mon, 15 Dec 1997 17:18:50 +0000 (GMT) From: pedro To: Dmitry Baranov cc: freebsd-isp@FreeBSD.ORG Subject: Re: Radius log analysis scrips In-Reply-To: <34954A79.E9E1B78A@stv.ee> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I use radiusreport you can find it at http://www.tibus.net/pgregg/projects/radiusreport/ On Mon, 15 Dec 1997, Dmitry Baranov wrote: > Hello. > Does anybody have some scripts to anlyse RADIUS logs ? > I have only standard raquick but need more detailed information. > Help please ! > > Dmitry > > > From owner-freebsd-isp Mon Dec 15 18:20:59 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA11289 for isp-outgoing; Mon, 15 Dec 1997 18:20:59 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from grunt.vl.net.ua (grunt.vl.net.ua [193.124.76.209]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id SAA10893 for ; Mon, 15 Dec 1997 18:16:27 -0800 (PST) (envelope-from news@grunt.vl.net.ua) Received: from news by grunt.vl.net.ua with local (Exim 1.73 #4) id 0xhmXj-0002h1-00; Tue, 16 Dec 1997 04:15:31 +0200 To: freebsd-isp@freebsd.org Subject: Yet another killall ;) Date: 16 Dec 1997 04:15:29 +0200 Message-ID: <674o81$a3e$1@grunt.vl.net.ua> X-Newsreader: TIN [UNIX 1.3 unoff BETA 970930; i386 FreeBSD 2.2.5-RELEASE] X-Via: News-To-Mail v1.0 From: Vladimir Litovka Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi! There is another killall I wrote. This is oftenly used utility, and killall in standart distribution doesn't give me, what I need. Usage: killall [-SIG] process1 [process2 ... processN] it kills processes either if process started with full path (i.e. /path/to/program) or via shell (for example: /bin/sh /etc/ppp/PPP) It doesn't kills shells - this is feature, inherited from previous feature ;) As usualy - comments and questions ;) ======================================================= #!/usr/local/bin/bash # # (c) 1997, Vladimir Litovka # v1.1b+, 12/12/1997 # Check, if first argument is signal number (-xx) # If no, set to default -15 if [ -n "$1" ]; then if [ `echo $1 | cut -c 1-1` = "-" ]; then S=$1; shift else S="-15"; fi fi # Insert between all process names '|' for egrep while [ -n "$1" ]; do if [ -n "$P" ]; then fP=$fP"|"$1\$; P=$P"|"$1 else fP="^[0-9]+ $1\$"; P=$1; fi shift done if [ ! -n "$P" ]; then echo Usage: $0 [-SIG] process1 [process2 ... processN] exit fi ids=`ps axo"pid,command" 2>/dev/null |egrep $P | awk '{if ($2 ~ /\/sh$|\/bash$|\/csh$|\/tcsh$|\/ksh$/) print $1,$3; else print $1,$2}' | egrep $P | awk 'BEGIN {FS="[ /]"} {print $1, $NF}' |egrep "$fP" | awk '{print $1}'` # For debugging purposes echo Killing \($ids\) by $S signal if [ -n "$ids" ]; then kill $S $ids 2>/dev/null >/dev/null nokilled=$? else nokilled=1 fi if [ $nokilled -eq 1 ]; then echo No processes killed fi ===================================================== -- Vladimir Litovka , hostmaster of vl.net.ua ---------------- Don't trouble trouble until trouble troubles you From owner-freebsd-isp Tue Dec 16 18:06:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA24264 for isp-outgoing; Tue, 16 Dec 1997 18:06:19 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id SAA24198; Tue, 16 Dec 1997 18:05:25 -0800 (PST) (envelope-from softweyr@xmission.com) Received: from xmission.com [199.104.124.49] by mail.xmission.com with esmtp (Exim 1.73 #4) id 0xi8rR-0003B7-00; Tue, 16 Dec 1997 19:05:21 -0700 Message-ID: <34973506.B112548D@xmission.com> Date: Tue, 16 Dec 1997 19:12:22 -0700 From: Wes Peters Reply-To: chat@FreeBSD.ORG, softweyr@xmission.com Organization: Softweyr LLC X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: chat@FreeBSD.ORG CC: questions@freesbd.org, hackers@FreeBSD.ORG, isp@FreeBSD.ORG Subject: Support for secure http protocols Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk FreeBies and Gentlehackers, I've been working on a project to provide an essential service for FreeBSD users via a web/http interface. (No, I'm not ready to discuss it yet, I don't have time to answer 5,000 questions about "why don't you do it this ways"). Suffice it to say that several of you will be interested in it. Now, for the meat of the question. This service will need secure communications with the http server in question. I've looked and looked, and haven't found anything approaching a W3C or IETF decision on secure communications for http. The IETF is apparently waiting for the W3C to make up its collective mind, and W3C has done so much waffling on this issue they've hired Aunt Jemima as their hacker relations expert. So, my question is: if I have the capability (time, interest, etc) to implement only ONE secure http transport, which one should it be? There is a draft ieft standard for S-HTTP, but Netscape et al HTTP-SSL seems to have garnered more support in the real world. I've cc'd the questions, hackers, and isp mail lists because they represent, collectively, the FreeBSD user base, core development team, and the people most familiar with web servers. Please note that I've directed followups to me, and to the chat list. I'm mostly looking for a poll of what others have implemented, and why, as opposed to a philosophical discussion of the merits of each; I've read too much of this in the flame wars being traded between Netscape and Terisa. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com From owner-freebsd-isp Tue Dec 16 19:07:40 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA29143 for isp-outgoing; Tue, 16 Dec 1997 19:07:40 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from anlsun.ebr.anlw.anl.gov (anlsun.ebr.anlw.anl.gov [141.221.1.2]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id TAA29137; Tue, 16 Dec 1997 19:07:37 -0800 (PST) (envelope-from cmott@srv.net) Received: from darkstar.home (ras519.srv.net [205.180.127.19]) by anlsun.ebr.anlw.anl.gov (8.6.11/8.6.11) with SMTP id UAA03188; Tue, 16 Dec 1997 20:07:31 -0700 Date: Tue, 16 Dec 1997 20:06:58 -0700 (MST) From: Charles Mott X-Sender: cmott@darkstar.home To: chat@freebsd.org, softweyr@xmission.com cc: questions@freesbd.org, hackers@freebsd.org, isp@freebsd.org Subject: Re: Support for secure http protocols In-Reply-To: <34973506.B112548D@xmission.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 16 Dec 1997, Wes Peters wrote: > So, my question is: if I have the capability (time, interest, etc) to > implement only ONE secure http transport, which one should it be? There > is a draft ieft standard for S-HTTP, but Netscape et al HTTP-SSL seems to > have garnered more support in the real world. I've said this once before, but I think the way to go is to operate an "anonymous" ssh server on the web server, and then have the client application set up a secure proxy connection to the host via existing the existing port remapping (-L option) in ssh. I think anonymous ssh could have a similar impact to anonymous ftp. Ssh based clients would use the anonymous user name the same way web browsers do for ftp right now. Ssh and sshd are already universal in the unix world, and the Wintel variant (F-Secure) is reasonably priced. Why not encapsulate security as much as possible in an ssh framework? Then developers could stop thinking about the subtleties and cross-national implications of licensing. Charles Mott From owner-freebsd-isp Tue Dec 16 21:20:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id VAA10216 for isp-outgoing; Tue, 16 Dec 1997 21:20:23 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from misery.sdf.com (misery.sdf.com [204.244.210.193]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id VAA10138; Tue, 16 Dec 1997 21:20:05 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom by misery.sdf.com with smtp (Exim 1.73 #1) id 0xiBia-0001Pr-00; Tue, 16 Dec 1997 21:08:24 -0800 Date: Tue, 16 Dec 1997 21:08:24 -0800 (PST) From: Tom To: Charles Mott cc: chat@freebsd.org, softweyr@xmission.com, hackers@freebsd.org, isp@freebsd.org Subject: Re: Support for secure http protocols In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 16 Dec 1997, Charles Mott wrote: > "anonymous" ssh server on the web server, and then have the client Except that this does not deal with authentication. This is what the SSL certificate system does for you. Suggestion? Go SSL. It is standard now. It can be used for many protocols, as it can encapsulate nearly socket type date (stands for "secure sockets layer"). You can get apache-ssl from ports. Get a certificate from a certificate granting authority (ex. Verisign), and your done. Works with all standard browser now. Tom From owner-freebsd-isp Wed Dec 17 03:36:51 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA02427 for isp-outgoing; Wed, 17 Dec 1997 03:36:51 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from grunt.vl.net.ua (daemon@grunt.vl.net.ua [193.124.76.209]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id DAA02042 for ; Wed, 17 Dec 1997 03:33:05 -0800 (PST) (envelope-from news@grunt.vl.net.ua) Received: from news by grunt.vl.net.ua with local (Exim 1.73 #4) id 0xiHgr-0004B5-00; Wed, 17 Dec 1997 13:31:01 +0200 To: freebsd-isp@freebsd.org Subject: Re: Radius log analysis scrips Date: 17 Dec 1997 13:30:58 +0200 Message-ID: <678d5i$flq$1@grunt.vl.net.ua> X-Newsreader: TIN [UNIX 1.3 unoff BETA 970930; i386 FreeBSD 2.2.5-RELEASE] X-Via: News-To-Mail v1.0 From: Vladimir Litovka Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dmitry Baranov wrote: > Hello. > Does anybody have some scripts to anlyse RADIUS logs ? > I have only standard raquick but need more detailed information. > Help please ! > > Dmitry > > > -- Vladimir Litovka , hostmaster of vl.net.ua ---------------- Don't trouble trouble until trouble troubles you From owner-freebsd-isp Wed Dec 17 11:08:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA02919 for isp-outgoing; Wed, 17 Dec 1997 11:08:19 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA02801; Wed, 17 Dec 1997 11:07:54 -0800 (PST) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id LAA09301; Wed, 17 Dec 1997 11:07:21 -0800 (PST) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma009293; Wed Dec 17 11:07:15 1997 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id LAA26924; Wed, 17 Dec 1997 11:07:15 -0800 (PST) From: Archie Cobbs Message-Id: <199712171907.LAA26924@bubba.whistle.com> Subject: Re: Support for secure http protocols In-Reply-To: <34973506.B112548D@xmission.com> from Wes Peters at "Dec 16, 97 07:12:22 pm" To: chat@freebsd.org, softweyr@xmission.com Date: Wed, 17 Dec 1997 11:07:15 -0800 (PST) Cc: chat@freebsd.org, questions@freesbd.org, hackers@freebsd.org, isp@freebsd.org X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Wes Peters writes: > So, my question is: if I have the capability (time, interest, etc) to > implement only ONE secure http transport, which one should it be? There > is a draft ieft standard for S-HTTP, but Netscape et al HTTP-SSL seems to > have garnered more support in the real world. I think SSL is more prevalent than SHTTP. Also, there already exists a version of Apache (called Stronghold I think) that includes SSL. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com From owner-freebsd-isp Wed Dec 17 13:56:36 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA17628 for isp-outgoing; Wed, 17 Dec 1997 13:56:36 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from host.berk.com (berk.com [207.16.104.250]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id NAA17622 for ; Wed, 17 Dec 1997 13:56:34 -0800 (PST) (envelope-from rip@berk.com) Received: from [207.16.107.34] by host.berk.com; (5.65v3.0/1.1.8.2/16Aug95-0520PM) id AA03705; Wed, 17 Dec 1997 16:55:03 -0500 Date: Wed, 17 Dec 1997 16:55:03 -0500 Message-Id: <9712172155.AA03705@host.berk.com> X-Sender: ber00021@berk.com X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Archie Cobbs From: Jim Subject: Re: Support for secure http protocols Cc: isp@FreeBSD.ORG Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Yeah, Stronghold is a modified version of Apache1.2.4 It costs a pretty penny for commercial use. edu is free... I think they have a 30day evaluation. It takes alot of the frills out of Apache as well as providing SSL support. -Jim Palmer At 11:07 AM 12/17/97 -0800, you wrote: >Wes Peters writes: >> So, my question is: if I have the capability (time, interest, etc) to >> implement only ONE secure http transport, which one should it be? There >> is a draft ieft standard for S-HTTP, but Netscape et al HTTP-SSL seems to >> have garnered more support in the real world. > >I think SSL is more prevalent than SHTTP. Also, there already exists >a version of Apache (called Stronghold I think) that includes SSL. > >-Archie > >___________________________________________________________________________ >Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com From owner-freebsd-isp Wed Dec 17 14:54:06 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA23378 for isp-outgoing; Wed, 17 Dec 1997 14:54:06 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA23371 for ; Wed, 17 Dec 1997 14:53:58 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id JAA05095; Thu, 18 Dec 1997 09:52:23 +1100 (EST) Date: Thu, 18 Dec 1997 09:52:22 +1100 (EST) From: "Daniel O'Callaghan" To: Jim cc: Archie Cobbs , isp@FreeBSD.ORG Subject: Re: Support for secure http protocols In-Reply-To: <9712172155.AA03705@host.berk.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 17 Dec 1997, Jim wrote: > Yeah, Stronghold is a modified version of Apache1.2.4 > It costs a pretty penny for commercial use. > edu is free... I think they have a 30day evaluation. > It takes alot of the frills out of Apache as well as providing SSL support. But apache-ssl in the ports collection is completely free. And Eric Young's ssl-eay provides a library for ssl work, and includes telnet/telnetd and ftp/ftpd samples. Danny From owner-freebsd-isp Wed Dec 17 15:50:36 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA27841 for isp-outgoing; Wed, 17 Dec 1997 15:50:36 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from mars.abcinternet.net (drow@mars.abcinternet.net [205.216.244.14]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA27822 for ; Wed, 17 Dec 1997 15:50:25 -0800 (PST) (envelope-from drow@drow.net) Received: from localhost (drow@localhost) by mars.abcinternet.net (8.8.8/8.8.5) with SMTP id SAA04980; Wed, 17 Dec 1997 18:48:06 -0500 (EST) Date: Wed, 17 Dec 1997 18:48:05 -0500 (EST) From: Dan Jacobowitz X-Sender: drow@mars.abcinternet.net To: "Daniel O'Callaghan" cc: Jim , Archie Cobbs , isp@freebsd.org Subject: Re: Support for secure http protocols In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk But, in the US at least (Canada?) one must pay a license fee to RSA. Not too steep, I think. Plus the cost of a certificate...how much does that run? Any ideas? On Thu, 18 Dec 1997, Daniel O'Callaghan wrote: > > On Wed, 17 Dec 1997, Jim wrote: > > > Yeah, Stronghold is a modified version of Apache1.2.4 > > It costs a pretty penny for commercial use. > > edu is free... I think they have a 30day evaluation. > > It takes alot of the frills out of Apache as well as providing SSL support. > > But apache-ssl in the ports collection is completely free. And Eric > Young's ssl-eay provides a library for ssl work, and includes > telnet/telnetd and ftp/ftpd samples. > > Danny > From owner-freebsd-isp Wed Dec 17 17:37:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA04894 for isp-outgoing; Wed, 17 Dec 1997 17:37:21 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA04889 for ; Wed, 17 Dec 1997 17:37:16 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id MAA05483; Thu, 18 Dec 1997 12:36:53 +1100 (EST) Date: Thu, 18 Dec 1997 12:36:53 +1100 (EST) From: "Daniel O'Callaghan" To: Dan Jacobowitz cc: Jim , Archie Cobbs , isp@freebsd.org Subject: Re: Support for secure http protocols In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 17 Dec 1997, Dan Jacobowitz wrote: > But, in the US at least (Canada?) one must pay a license fee to RSA. Not > too steep, I think. > > Plus the cost of a certificate...how much does that run? Any ideas? Certificates can be obtained from Thawte.com for US$100. Verisign does not like apache, I've heard. However, the original poster never said that he needed signed certificates. Also, with ssl-eay, you get certificate authority tools which you can use to operate an in-house certificate authority, if you don't need to prove your identity outside the corporate walls. Danny From owner-freebsd-isp Wed Dec 17 19:06:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA10830 for isp-outgoing; Wed, 17 Dec 1997 19:06:32 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA10825 for ; Wed, 17 Dec 1997 19:06:21 -0800 (PST) (envelope-from marcs@znep.com) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id UAA23580; Wed, 17 Dec 1997 20:05:46 -0700 (MST) Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id UAA28959; Wed, 17 Dec 1997 20:06:34 -0700 (MST) Date: Wed, 17 Dec 1997 20:06:34 -0700 (MST) From: Marc Slemko Reply-To: Marc Slemko To: Dan Jacobowitz , "Daniel O'Callaghan" cc: isp@freebsd.org Subject: Re: Support for secure http protocols In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 17 Dec 1997, Dan Jacobowitz wrote: > But, in the US at least (Canada?) one must pay a license fee to RSA. Not > too steep, I think. The license fee isn't too steep except for the small detail that they are only available in quantity, with minimum pricing starting at $25k or something. There used to be a third party reselling them in small quantities, but AFAIK no one does that any more. > > Plus the cost of a certificate...how much does that run? Any ideas? You can sign your own if you have some control over the clients. Verisign does not offer certificates for the free version of Apache-SSL. Thawte (http://www.thawte.com/) does. > > > > On Thu, 18 Dec 1997, Daniel O'Callaghan wrote: > > > > > On Wed, 17 Dec 1997, Jim wrote: > > > > > Yeah, Stronghold is a modified version of Apache1.2.4 > > > It costs a pretty penny for commercial use. > > > edu is free... I think they have a 30day evaluation. > > > It takes alot of the frills out of Apache as well as providing SSL support. > > > > But apache-ssl in the ports collection is completely free. And Eric > > Young's ssl-eay provides a library for ssl work, and includes > > telnet/telnetd and ftp/ftpd samples. The code is free, the right to use it in fascist countries like the US isn't. For non-commercial use, you can use RSA's RSAREF library free of charge. From owner-freebsd-isp Thu Dec 18 13:53:29 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA25641 for isp-outgoing; Thu, 18 Dec 1997 13:53:29 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from modem3739496.cavtech.com ([208.155.166.124]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA25608 for ; Thu, 18 Dec 1997 13:53:07 -0800 (PST) (envelope-from root@bmccane.uit.net) Received: from bmccane.uit.net (localhost.mccane.com [127.0.0.1]) by modem3739496.cavtech.com (8.8.7/8.8.7) with ESMTP id PAA02846 for ; Thu, 18 Dec 1997 15:52:07 -0600 (CST) (envelope-from root@bmccane.uit.net) Message-Id: <199712182152.PAA02846@modem3739496.cavtech.com> X-Mailer: exmh version 2.0gamma 1/27/96 To: freebsd-isp@FreeBSD.ORG Subject: Reverse name problem Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 18 Dec 1997 15:52:07 -0600 From: Wm Brian McCane Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Greetings, I am finally back on all the lists (and a new ISP to boot 8). Anyway, I am having a problem with my DNS. I have setup both the primary and secondary DNS to be machines on my internal network. One of my partners wanted to put the primary on an NT box, so I let him. Anyway, when I do a `host 208.155.166.2' on a machine that is not attached to my network,I get: `Host not found'. Looking in my O'Reilly (TCP/IP Network Administration) everything looks correct. The Unix machine which is my secondary has what looks like a good backup file to me for our domain (NT just looks wrong, the addresses are not even listed in reverse order there). If I use our nameserver from the unconnected machine to do the Reverse DNS, it works fine. I get the impression from what I have read in my book that I need to have someone upstream delegate the Reverse DNS for 166.155.208.IN-ADDR.ARPA to me. Is this correct? If so, who would I have to bother to get this done? brian From owner-freebsd-isp Thu Dec 18 15:16:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA01691 for isp-outgoing; Thu, 18 Dec 1997 15:16:16 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from cedb.dpcsys.com (cedb.dpcsys.com [206.16.184.4]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA01686 for ; Thu, 18 Dec 1997 15:16:11 -0800 (PST) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by cedb.dpcsys.com (8.8.5/8.8.2) with SMTP id XAA10796; Thu, 18 Dec 1997 23:15:09 GMT Date: Thu, 18 Dec 1997 15:15:08 -0800 (PST) From: Dan Busarow To: Wm Brian McCane cc: freebsd-isp@freebsd.org Subject: Re: Reverse name problem In-Reply-To: <199712182152.PAA02846@modem3739496.cavtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 18 Dec 1997, Wm Brian McCane wrote: > I get the impression from what I have read in my book that I need to have > someone upstream delegate the Reverse DNS for 166.155.208.IN-ADDR.ARPA to me. That's what it looks like from here. MCI is answering the query for 208.155.166.2 with NXDOMAIN. They should delegate 166.155.208.in-addr.arpa to you. Dan -- Dan Busarow 714 443 4172 DPC Systems / Beach.Net dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 From owner-freebsd-isp Thu Dec 18 16:54:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA07611 for isp-outgoing; Thu, 18 Dec 1997 16:54:22 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA07605 for ; Thu, 18 Dec 1997 16:54:14 -0800 (PST) (envelope-from danny@panda.hilink.com.au) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id LAA07628; Fri, 19 Dec 1997 11:52:49 +1100 (EST) Date: Fri, 19 Dec 1997 11:52:49 +1100 (EST) From: "Daniel O'Callaghan" To: Wm Brian McCane cc: freebsd-isp@FreeBSD.ORG Subject: Re: Reverse name problem In-Reply-To: <199712182152.PAA02846@modem3739496.cavtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 18 Dec 1997, Wm Brian McCane wrote: > I am having a problem with my DNS. I have setup both the primary and > secondary DNS to be machines on my internal network. One of my partners You need to tidy up a few things. In your zone file for uit.net, you list only dns.uit.net. InterNIC has dns.uit.net and mail.uit.net listed. You should make this consistent. Also, you should ask someone on the freebsd-isp list if they would be kind enough to secondary you. You really should have a remote secondary. The philosophy is: "Even if you are not reachable, you should be resolvable." Otherwise, if you have a problem, people won't even be able to find out your IP addresses, or MX records (ask your upstream provider to act as a mail relay and list a backup MX record). You really don't want people to see "Host not found" messages when you are down - much better to have a "host not responding". When you get a new secondary (or two) list them in your zone file and register the new data for uit.net with InterNIC. The same goes for 205.83.209 and any other domains you are hosting. Danny From owner-freebsd-isp Fri Dec 19 04:47:06 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id EAA15128 for isp-outgoing; Fri, 19 Dec 1997 04:47:06 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from relay1.mail.uk.psi.net (relay1.mail.uk.psi.net [154.32.105.6]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id EAA15123 for ; Fri, 19 Dec 1997 04:47:01 -0800 (PST) (envelope-from robmel@nadt.org.uk) Received: from sys4.cambridge.uk.psi.net (sys4.cambridge.uk.psi.net [154.32.106.14]) by relay1.mail.uk.psi.net (8.8.5/) with ESMTP id MAA28086 for ; Fri, 19 Dec 1997 12:46:59 GMT Received: by sys4.cambridge.uk.psi.net (8.8.5/SMI-5.5-UKPSINet) id MAA19964; Fri, 19 Dec 1997 12:14:01 GMT Received: from infodev.nadt.org.uk (infodev.nadt.org.uk [172.16.99.205]) by charlie.nadt.org.uk (8.8.8/8.6.12) with SMTP id KAA12744 for ; Fri, 19 Dec 1997 10:34:17 GMT Message-Id: <3.0.5.32.19971219103416.007e8b10@wrcmail> X-Sender: robmel@wrcmail X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Fri, 19 Dec 1997 10:34:16 +0000 To: isp@freebsd.org From: Robin Melville Subject: Spoofing attack? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk One of our FBSD router hosts has begun to report what looks like some kind of spoof attack. I wonder whether anyone has seen anything like this or can offer a (hopefully benign) explanation. Notice that these rapid arp changes all take place within 1 second. This is one example of a number over the last 48 hours. TIA for any help. -------------------------------------------------- Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:60:b0:64:c6:5c to 00:00:f4:ea:0c:34 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:ea:0c:34 to 00:00:f4:ec:24:04 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:ec:24:04 to 00:00:f4:e4:6e:28 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:6e:28 to 00:00:f4:e4:5c:f8 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:5c:f8 to 00:00:f4:ec:0d:82 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:ec:0d:82 to 00:00:f4:e4:36:7f Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:36:7f to 00:00:f4:e4:59:fb Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:59:fb to 00:00:f4:e4:70:05 Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:70:05 to 00:00:f4:e4:5a:57 Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:5a:57 to 00:00:f4:e4:5b:0b Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:5b:0b to 00:00:f4:e4:5d:26 Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from 00:00:f4:e4:5d:26 to 00:60:b0:64:c6:5c ----------------------------------------------- -------------------------------------------------------- Robin Melville, Addiction & Forensic Information Service Nottingham Alcohol & Drug Team (Extn. 49178) Vox: +44 (0)115 952 9478 Fax: +44 (0)115 952 9421 Email: robmel@nadt.org.uk WWW: http://www.innotts.co.uk/nadt/ --------------------------------------------------------- From owner-freebsd-isp Fri Dec 19 06:06:11 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA18777 for isp-outgoing; Fri, 19 Dec 1997 06:06:11 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA18767 for ; Fri, 19 Dec 1997 06:06:05 -0800 (PST) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id QAA11374; Fri, 19 Dec 1997 16:43:38 +0100 Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id PAA04781; Fri, 19 Dec 1997 15:31:23 +0100 (CET) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id PAA09795; Fri, 19 Dec 1997 15:03:22 +0100 (CET) Message-ID: <19971219150322.10165@deepo.prosa.dk> Date: Fri, 19 Dec 1997 15:03:22 +0100 From: Philippe Regnauld To: Robin Melville Cc: isp@FreeBSD.ORG Subject: Re: Spoofing attack? References: <3.0.5.32.19971219103416.007e8b10@wrcmail> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: <3.0.5.32.19971219103416.007e8b10@wrcmail>; from Robin Melville on Fri, Dec 19, 1997 at 10:34:16AM +0000 X-Operating-System: FreeBSD 2.2.5-RELEASE i386 Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Robin Melville writes: > One of our FBSD router hosts has begun to report what looks like some kind > of spoof attack. I wonder whether anyone has seen anything like this or can > offer a (hopefully benign) explanation. Notice that these rapid arp changes > all take place within 1 second. > This is one example of a number over the last 48 hours. Well, are any of those MAC addresses on your wire ? If they are, do any of them have bogus ARP entries, or proxyarp for other hosts ? > Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:70:05 to 00:00:f4:e4:5a:57 > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5a:57 to 00:00:f4:e4:5b:0b > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5b:0b to 00:00:f4:e4:5d:26 > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5d:26 to 00:60:b0:64:c6:5c -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- "Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?" - S. Kelly Bootle, about Cerberus ["MYTHOLOGY", in Marutukku distrib] - From owner-freebsd-isp Fri Dec 19 08:59:41 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA29420 for isp-outgoing; Fri, 19 Dec 1997 08:59:41 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from dilbert.cyberus.ca (dilbert.cyberus.ca [207.216.2.7]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA29391; Fri, 19 Dec 1997 08:59:29 -0800 (PST) (envelope-from waynem@cyberus.ca) Received: from arrega.cyberus.ca (arrega.cyberus.ca [207.216.2.250]) by dilbert.cyberus.ca (8.8.7/8.8.7) with SMTP id LAA27704; Fri, 19 Dec 1997 11:59:22 -0500 (EST) Reply-To: "Wayne MacLaurin" From: "Wayne MacLaurin" To: , Subject: IPXIP Date: Fri, 19 Dec 1997 12:00:22 -0500 Message-ID: <01bd0c9f$97d51720$fa02d8cf@arrega.cyberus.ca> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Has anybody figured out how to configure an interface using IPXIP ? The kernel compiles fine with the option turned on but I can't find any documentation on setting up an IPX over IP link. _______________ Wayne MacLaurin Cyberus Online Inc. waynem@cyberus.ca From owner-freebsd-isp Fri Dec 19 10:53:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA07779 for isp-outgoing; Fri, 19 Dec 1997 10:53:03 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from ponyexpress.gwc.cccd.edu (ponyexpress.gwc.cccd.edu [159.115.129.50]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA07757 for ; Fri, 19 Dec 1997 10:52:51 -0800 (PST) (envelope-from mpeer@ponyexpress.gwc.cccd.edu) Received: from mpeer (mpeer.csc.gwc.cccd.edu [159.115.129.100]) by ponyexpress.gwc.cccd.edu (8.8.7/8.8.7) with SMTP id KAA00578; Fri, 19 Dec 1997 10:52:33 -0800 (PST) (envelope-from mpeer@ponyexpress.gwc.cccd.edu) Message-Id: <3.0.1.32.19971219105738.00ca2dc0@rustler.gwc.cccd.edu> X-Sender: mpeer@rustler.gwc.cccd.edu X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Fri, 19 Dec 1997 10:57:38 -0800 To: Philippe Regnauld , Robin Melville From: Michael Peer Subject: Re: Spoofing attack? Cc: isp@FreeBSD.ORG In-Reply-To: <19971219150322.10165@deepo.prosa.dk> References: <3.0.5.32.19971219103416.007e8b10@wrcmail> <3.0.5.32.19971219103416.007e8b10@wrcmail> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I have seen this with duplicate IP addresses on same subnet. One guy on my network was using his laptop that he brought in, and just used the IP address from his desktop, and ignored all the messages about duplicate IP address on network. At 03:03 PM 12/19/97 +0100, Philippe Regnauld wrote: >Robin Melville writes: >> One of our FBSD router hosts has begun to report what looks like some kind >> of spoof attack. I wonder whether anyone has seen anything like this or can >> offer a (hopefully benign) explanation. Notice that these rapid arp changes >> all take place within 1 second. >> This is one example of a number over the last 48 hours. > > Well, are any of those MAC addresses on your wire ? > If they are, do any of them have bogus ARP entries, or > proxyarp for other hosts ? > >> Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from >> 00:00:f4:e4:70:05 to 00:00:f4:e4:5a:57 >> Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from >> 00:00:f4:e4:5a:57 to 00:00:f4:e4:5b:0b >> Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from >> 00:00:f4:e4:5b:0b to 00:00:f4:e4:5d:26 >> Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from >> 00:00:f4:e4:5d:26 to 00:60:b0:64:c6:5c > >-- > -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- > "Pluto placed his bad dog at the entrance of Hades to keep the dead IN and > the living OUT! The archetypical corporate firewall?" > - S. Kelly Bootle, about Cerberus ["MYTHOLOGY", in Marutukku distrib] - > ---------------------------------------------------------------------- Michael Peer Data Electronics Technician I Golden West College Computer Services Center 15744 Goldenwest St. Huntington Beach, CA 92647 e-mail: mpeer@gwc.cccd.edu Voice: (714)892-7711 ext 55067 WWW: http://pioneer.gwc.cccd.edu FAX: (714)895-8980 From owner-freebsd-isp Fri Dec 19 12:50:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA17182 for isp-outgoing; Fri, 19 Dec 1997 12:50:37 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from bmccane.uit.net ([208.155.166.124]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA17165 for ; Fri, 19 Dec 1997 12:50:09 -0800 (PST) (envelope-from root@bmccane.uit.net) Received: (from root@localhost) by bmccane.uit.net (8.8.7/8.8.7) id OAA00604; Fri, 19 Dec 1997 14:35:29 -0600 (CST) (envelope-from root) Date: Fri, 19 Dec 1997 14:35:24 -0600 (CST) From: Wm Brian McCane To: "Daniel O'Callaghan" cc: freebsd-isp@FreeBSD.ORG Subject: Re: Reverse name problem In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 19 Dec 1997, Daniel O'Callaghan wrote: > On Thu, 18 Dec 1997, Wm Brian McCane wrote: > > > I am having a problem with my DNS. I have setup both the primary and > > secondary DNS to be machines on my internal network. One of my partners > > You need to tidy up a few things. > > In your zone file for uit.net, you list only dns.uit.net. > InterNIC has dns.uit.net and mail.uit.net listed. You should make this > consistent. Also, you should ask someone on the freebsd-isp list if they > would be kind enough to secondary you. You really should have a remote > secondary. The philosophy is: "Even if you are not reachable, you should > be resolvable." Actually, this is my old ISP, which I had hoped to put out of business because of their extremely poor service. Their main guy went to work at another ISP in the area. And the owner does not go in to the office. There is a sign posted by the door that says they will only be there by appointment. They don't respond to email, and their answering machine is saying that there is no room for more messages, so how can I make an appointment? > Otherwise, if you have a problem, people won't even be able to find out > your IP addresses, or MX records (ask your upstream provider to act as a > mail relay and list a backup MX record). You really don't want people to > see "Host not found" messages when you are down - much better to have a > "host not responding". I will talk to my upstream about the backup MX, but actually he told me he has a consultant that he brings in when necessary to do this sort of thing. So I might be partially on my own. > When you get a new secondary (or two) list them in your zone file and > register the new data for uit.net with InterNIC. In about 2 weeks, I will have an alternate connection from my second location, to a different upstream feed. After that I will be my own secondary and MX backup (at least that is the plan). > > The same goes for 205.83.209 and any other domains you are hosting. I am hosting 208.155.166, and am trying get a second "C" at the time that I start the other connection. > Danny brian +-------------------------------------+----------------------------------------+ He rides a cycle of mighty days, and \ Wm Brian and Lori McCane he represents the last great schizm \ McCane Consulting among the gods. Evil though he obviously \ root@bmccane.cavtech.com is, he is a mighty figure, this father of \ http://bmccane.cavtech.com/ my spirit, and I respect him as the sons \ http://bmccane.cavtech.com/~pictures/ of old did the fathers of their bodies. \ http://bmccane.cavtech.com/~bmccane/ Roger Zelazny - "Lord of Light" \ +---------------------------------------------+--------------------------------+ From owner-freebsd-isp Fri Dec 19 14:24:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA25559 for isp-outgoing; Fri, 19 Dec 1997 14:24:25 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from thecore.com (sfinn@guardian.thecore.com [206.136.149.11]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA25531 for ; Fri, 19 Dec 1997 14:24:18 -0800 (PST) (envelope-from sfinn@thecore.com) Received: from localhost (sfinn@localhost) by thecore.com (8.8.8/8.8.8) with SMTP id RAA23936; Fri, 19 Dec 1997 17:22:41 -0500 (EST) Date: Fri, 19 Dec 1997 17:22:40 -0500 (EST) From: Shaun To: Michael Peer cc: Philippe Regnauld , Robin Melville , isp@FreeBSD.ORG Subject: Re: Spoofing attack? In-Reply-To: <3.0.1.32.19971219105738.00ca2dc0@rustler.gwc.cccd.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I see this all the time when a dial-in user with a static IP address disconnects from one terminal server and quickly reconnects to another. > One of our FBSD router hosts has begun to report what looks like some kind > of spoof attack. I wonder whether anyone has seen anything like this or can > offer a (hopefully benign) explanation. Notice that these rapid arp changes > all take place within 1 second. > This is one example of a number over the last 48 hours. > > Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:70:05 to 00:00:f4:e4:5a:57 > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5a:57 to 00:00:f4:e4:5b:0b > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5b:0b to 00:00:f4:e4:5d:26 > Dec 18 09:53:19 charlie /kernel: arp: 194.155.224.118 moved from > 00:00:f4:e4:5d:26 to 00:60:b0:64:c6:5c +------------------- http://www.download.net ----------------------+ | Shaun M. Finn TechnoCore Communications, Inc. | | sfinn@thecore.com Internet Web Services & Access | | VOICE: (732)928-7400 P.O. Box 106 | | FAX: (732)928-7402 Jackson, NJ 08527-0106 | +------------------- http://www.thecore.com/ ----------------------+ From owner-freebsd-isp Fri Dec 19 16:40:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA06541 for isp-outgoing; Fri, 19 Dec 1997 16:40:45 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from coal.sentex.ca (coal.sentex.ca [209.112.4.16]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA06527 for ; Fri, 19 Dec 1997 16:40:39 -0800 (PST) (envelope-from mike@sentex.net) Received: from p7a.neon.sentex.ca (p7a.neon.sentex.ca [207.245.212.200]) by coal.sentex.ca (8.8.8/8.8.7) with SMTP id TAA27913; Fri, 19 Dec 1997 19:55:26 -0500 (EST) (envelope-from mike@sentex.net) From: mike@sentex.net (Mike Tancsa) To: robmel@nadt.org.uk (Robin Melville) Cc: freebsd-isp@freebsd.org Subject: Re: Spoofing attack? Date: Sat, 20 Dec 1997 00:32:18 GMT Message-ID: <349b11cc.328590748@coal.sentex.net> References: <3.0.5.32.19971219103416.007e8b10@wrcmail> In-Reply-To: <3.0.5.32.19971219103416.007e8b10@wrcmail> X-Mailer: Forte Agent .99e/32.227 Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 19 Dec 1997 10:34:16 +0000, in sentex.lists.freebsd.misc you wrote: >One of our FBSD router hosts has begun to report what looks like some kind >of spoof attack. I wonder whether anyone has seen anything like this or can >offer a (hopefully benign) explanation. Notice that these rapid arp changes >all take place within 1 second. >This is one example of a number over the last 48 hours. > >TIA for any help. > >-------------------------------------------------- >Dec 18 09:53:18 charlie /kernel: arp: 194.155.224.118 moved from >00:60:b0:64:c6:5c to 00:00:f4:ea:0c:34 If this is the MAC address of a real device that should not be changing, look into doing an arp -s to make the arp entry permanent perhaps. ---Mike