From owner-freebsd-security Sun Jan 26 14:42:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA29389 for security-outgoing; Sun, 26 Jan 1997 14:42:49 -0800 (PST) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA29379 for ; Sun, 26 Jan 1997 14:42:43 -0800 (PST) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA20529; Sun, 26 Jan 1997 17:45:28 -0500 (EST) Date: Sun, 26 Jan 1997 17:45:28 -0500 (EST) From: Dev Chanchani To: Stephen Fisher cc: "Sean J. Schluntz" , freebsd-security@freebsd.org, Ollivier Robert Subject: Re: sendmail running non-root SUCCESS! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 18 Jan 1997, Stephen Fisher wrote: > > I would like to use a mailer which I feel is better designed and > programmed (security wise) but.... Since everyone uses Sendmail and > everyone is hacking away at it I feel I'm pretty safe. Security problems > are fixed quickly and without problems. And it's assumed you're using > sendmail: when people work on "anti-spam" things they have sendmail > rulesets to do it. > > Write a new mailer that has the power and functionality of Sendmail > without the problems and uses sendmail.cf's format and I'll use it. A powerful and functional, yet secure mailer seem to be way too much of an oxymoron these days. Until programmers learn the intricacies of unix multi-user program (a la stack overflows, race condtions, unvalidated user input, etc.) there will be security holes in complex programs like sendmail. In the meantime, you need to evaluate your security needs. Do you wish to prioritize security and run something like qmail or smap, smapd and sendmail not running as root.. Or is your priority functionality, in which case you may have to run sendmail. BTW: Does anyone know if you can use sendmail-like rewriting rules that allow you to accept mail for various virtual domains with qmail? --Dev From owner-freebsd-security Mon Jan 27 03:10:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA01149 for security-outgoing; Mon, 27 Jan 1997 03:10:37 -0800 (PST) Received: from smtp.connectnet.com (smtp.connectnet.com [207.110.0.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA01127; Mon, 27 Jan 1997 03:10:30 -0800 (PST) Received: from wink.connectnet.com (Studded@wink.connectnet.com [206.251.156.23]) by smtp.connectnet.com (8.8.4/Connectnet-2.2) with SMTP id DAA17834; Mon, 27 Jan 1997 03:11:19 -0800 (PST) Message-Id: <199701271111.DAA17834@smtp.connectnet.com> From: "That Doug Guy" To: "FreeBSD Security" , "FreeBSD Questions" Date: Mon, 27 Jan 97 03:08:39 -0800 Reply-To: "That Doug Guy" Priority: Normal X-Mailer: That Doug Guy's Registered PMMail 1.53 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: 2.2+ and sequence number guessing Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [Cross-posted to security and questions. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. Thank you, Doug From owner-freebsd-security Mon Jan 27 04:29:53 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA04126 for security-outgoing; Mon, 27 Jan 1997 04:29:53 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id EAA04110 for ; Mon, 27 Jan 1997 04:29:50 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id HAA24267; Mon, 27 Jan 1997 07:25:14 -0500 From: Adam Shostack Message-Id: <199701271225.HAA24267@homeport.org> Subject: Re: sendmail running non-root SUCCESS! In-Reply-To: from Dev Chanchani at "Jan 26, 97 05:45:28 pm" To: dev@trifecta.com (Dev Chanchani) Date: Mon, 27 Jan 1997 07:25:13 -0500 (EST) Cc: lithium@cia-g.com, schluntz@pinpt.com, freebsd-security@FreeBSD.ORG, roberto@keltia.freenix.fr X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Dev Chanchani wrote: | BTW: Does anyone know if you can use sendmail-like rewriting rules that | allow you to accept mail for various virtual domains with qmail? You can not. Handling virtual domains with qmail requires no sendmail like rewriting rules--its much simpler. ;) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-freebsd-security Wed Jan 29 12:10:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA18468 for security-outgoing; Wed, 29 Jan 1997 12:10:55 -0800 (PST) Received: from smtp.connectnet.com (smtp.connectnet.com [207.110.0.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA18463; Wed, 29 Jan 1997 12:10:50 -0800 (PST) Received: from wink.connectnet.com (Studded@wink.connectnet.com [206.251.156.23]) by smtp.connectnet.com (8.8.4/Connectnet-2.2) with SMTP id MAA10942; Wed, 29 Jan 1997 12:11:35 -0800 (PST) Message-Id: <199701292011.MAA10942@smtp.connectnet.com> From: "That Doug Guy" To: "FreeBSD Questions" Cc: "FreeBSD Security" Date: Wed, 29 Jan 97 12:10:45 -0800 Reply-To: "That Doug Guy" Priority: Normal X-Mailer: That Doug Guy's Registered PMMail 1.53 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: 2.2+ and sequence number guessing Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [Cross-posted to security and questions a couple days ago, but never got a response. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. And speaking of security, I am looking for information on the relative usefulness and efficiency of tcp wrappers vs. Darren Reed's IP filtering. I've read all I can find on both (including downloading the IP filter package), and I'm still a bit confused about how much overhead either will add to my system. It looks like I'll be going with Darren's stuff because I need to filter access to ircd, and as far as I can tell the wrappers won't hook it. Any information or pointers to more detailed documentation would be appreciated. Thank you, Doug From owner-freebsd-security Thu Jan 30 07:48:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA15879 for security-outgoing; Thu, 30 Jan 1997 07:48:50 -0800 (PST) Received: from leonie.object-factory.com (ns1.object-factory.com [194.25.136.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA15874 for ; Thu, 30 Jan 1997 07:48:46 -0800 (PST) Received: (from daemon@localhost) by leonie.object-factory.com (8.8.2/8.8.2) id QAA29727 for freebsd-security@freebsd.org; Thu, 30 Jan 1997 16:49:52 +0100 (MET) Received: (from news@localhost) by leonie.object-factory.com (8.8.2/8.8.2) id QAA29719; Thu, 30 Jan 1997 16:49:51 +0100 (MET) To: freebsd-security@freebsd.org From: znek@object-factory.com (Marcus Mueller) Subject: ipfw trouble under FreeBSD 2.1.5 Date: 30 Jan 1997 15:49:50 GMT Message-ID: <5cqfuu$sqt@leonie.object-factory.com> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, it seems that ipfw under FreeBSD 2.1.5 has a bug which leads to deny-rules being applied to connections which should have been accepted before. (That means a 65000 deny blah from blah to blah matches a connection which should have been accepted by a 10000 allow blah from blah to blah). In certain cases - though not deterministically - I have to flush the list and then setup all rules again for the firewall to function properly. In some cases this does not help, however. Is this problem known and solved under FreeBSD 2.1.6? Thanks in advance, Marcus. From owner-freebsd-security Thu Jan 30 08:58:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA18966 for security-outgoing; Thu, 30 Jan 1997 08:58:16 -0800 (PST) Received: from smokey.systemics.com (smokey.systemics.com [193.67.124.65]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA18961 for ; Thu, 30 Jan 1997 08:58:12 -0800 (PST) Received: from internal-mail.systemics.com (cunAg+AZjsjCG0k13y/vO6fdTv2hgkbY@internal-mail.systemics.com [193.67.124.74]) by smokey.systemics.com (8.6.12/8.6.12) with ESMTP id RAA07545; Thu, 30 Jan 1997 17:58:34 +0100 Received: from localhost (localhost [127.0.0.1]) by internal-mail.systemics.com with SMTPid RAA23236; Thu, 30 Jan 1997 17:57:59 +0100 (MET) Message-Id: <199701301657.RAA23236@internal-mail.systemics.com> X-Authentication-Warning: kampai.systemics.com: Host localhost [127.0.0.1] didn't use HELO protocol X-Mailer: exmh version 1.6.9 8/22/96 To: znek@object-factory.com (Marcus Mueller) cc: freebsd-security@freebsd.org Subject: Re: ipfw trouble under FreeBSD 2.1.5 In-reply-to: Your message of "30 Jan 1997 15:49:50 GMT." <5cqfuu$sqt@leonie.object-factory.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 30 Jan 1997 17:57:59 +0100 From: Gary Howland Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Hi, > > it seems that ipfw under FreeBSD 2.1.5 has a bug which leads to deny-rules > being applied to connections which should have been accepted before. > (That means a 65000 deny blah from blah to blah matches a connection which > should have been accepted by a 10000 allow blah from blah to blah). > In certain cases - though not deterministically - I have to flush the list > and then setup all rules again for the firewall to function properly. > In some cases this does not help, however. > > Is this problem known and solved under FreeBSD 2.1.6? Are you certain? Are you catering for fragmented packets? In other words, do you have a rule like this: # Allow all fragments /sbin/ipfw add pass ip from any to any frag BTW - my security skills are currently for hire, preferably in Europe :-) Gary From owner-freebsd-security Thu Jan 30 15:32:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA10061 for security-outgoing; Thu, 30 Jan 1997 15:32:16 -0800 (PST) Received: from bbs.mpcs.com (hgoldste@bbs.mpcs.com [204.215.226.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA10051 for ; Thu, 30 Jan 1997 15:32:12 -0800 (PST) Received: (from hgoldste@localhost) by bbs.mpcs.com (8.8.5/8.8.5/MPCS) id SAA29061 for freebsd-security@freebsd.org; Thu, 30 Jan 1997 18:32:00 -0500 Date: Thu, 30 Jan 1997 18:32:00 -0500 From: Howard Goldstein Message-Id: <199701302332.SAA29061@bbs.mpcs.com> To: freebsd-security@freebsd.org Subject: talkd? Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk What is the state of the talkd in the aftermath of the AUSCERT advisory? Apologies in advance if this was discussed before; the mailing list archives on www.freebsd.org are thoroughly hosed. From owner-freebsd-security Thu Jan 30 16:20:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA15065 for security-outgoing; Thu, 30 Jan 1997 16:20:37 -0800 (PST) Received: from hq.idt.net (hq.idt.net [169.132.12.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA15060 for ; Thu, 30 Jan 1997 16:20:32 -0800 (PST) Received: from hq.idt.net (hq.idt.net [169.132.12.10]) by hq.idt.net (8.8.5/NETSYS-LEN) with SMTP id TAA14795; Thu, 30 Jan 1997 19:20:12 -0500 (EST) Date: Thu, 30 Jan 1997 19:20:12 -0500 (EST) From: Parthiv Shah To: Howard Goldstein cc: freebsd-security@FreeBSD.ORG Subject: Re: talkd? In-Reply-To: <199701302332.SAA29061@bbs.mpcs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk If FreeBSD puts ntalkd patched on there site or at least have a pointer or something it'll make more sense :) just adding my 2 cents.. Parthiv -- Shah, Parthiv http://www.netadmin.net/ Systems Administrator at IDT (201) 928 - 4414 PGP fingerprint = 1E 03 5B F3 43 47 FE 02 6B DD EE 12 65 AD 1B EB On Thu, 30 Jan 1997, Howard Goldstein wrote: > Date: Thu, 30 Jan 1997 18:32:00 -0500 > From: Howard Goldstein > To: freebsd-security@FreeBSD.ORG > Subject: talkd? > > What is the state of the talkd in the aftermath of the AUSCERT > advisory? > > Apologies in advance if this was discussed before; the mailing list > archives on www.freebsd.org are thoroughly hosed. > From owner-freebsd-security Thu Jan 30 16:30:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA15852 for security-outgoing; Thu, 30 Jan 1997 16:30:38 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA15843 for ; Thu, 30 Jan 1997 16:30:29 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id LAA06191; Fri, 31 Jan 1997 11:30:31 +1100 (EST) Date: Fri, 31 Jan 1997 11:30:30 +1100 (EST) From: "Daniel O'Callaghan" To: Howard Goldstein cc: freebsd-security@freebsd.org Subject: Re: talkd? In-Reply-To: <199701302332.SAA29061@bbs.mpcs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Talkd in -current, 2.2 and 2.1-stable are fixed. Grab the sources from ftp.freebsd.org and rebuild. Very easy. I am working on having all of these fixes converted into packages, which will make things very easy. regards, Danny On Thu, 30 Jan 1997, Howard Goldstein wrote: > What is the state of the talkd in the aftermath of the AUSCERT > advisory? > > Apologies in advance if this was discussed before; the mailing list > archives on www.freebsd.org are thoroughly hosed. > From owner-freebsd-security Thu Jan 30 16:51:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA17041 for security-outgoing; Thu, 30 Jan 1997 16:51:39 -0800 (PST) Received: from onyx.auscert.org.au (onyx0.auscert.org.au [203.5.112.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA17036 for ; Thu, 30 Jan 1997 16:51:35 -0800 (PST) Received: from amethyst.auscert.org.au (amethyst.auscert.org.au [203.5.112.218]) by onyx.auscert.org.au (8.8.5/8.8.4) with ESMTP id KAA02629 for ; Fri, 31 Jan 1997 10:51:28 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by amethyst.auscert.org.au (8.8.5/8.8.0) with SMTP id KAA02927; Fri, 31 Jan 1997 10:51:26 +1000 (EST) Message-Id: <199701310051.KAA02927@amethyst.auscert.org.au> X-Authentication-Warning: amethyst.auscert.org.au: localhost [127.0.0.1] didn't use HELO protocol From: auscert@auscert.org.au To: freebsd-security@freebsd.org Subject: Re: talkd? Cc: auscert@auscert.org.au Organization: AUSCERT (Australian Computer Emergency Response Team) Mime-Version: 1.0 Content-Type: text/plain; format=mime Content-Transfer-Encoding: 7bit Date: Fri, 31 Jan 1997 10:51:25 +1000 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii > What is the state of the talkd in the aftermath of the AUSCERT > advisory? > > Apologies in advance if this was discussed before; the mailing list > archives on www.freebsd.org are thoroughly hosed. The FreeBSD team supplied the following information to AUSCERT after the initial release of AA-97.01: FreeBSD versions 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1 are all affected by the talkd vulnerability described in this advisory. This has been fixed in version 2.2-current as of 1997-01-18 and 2.1-stable as of 1997-01-18. The FreeBSD Security Team have released an advisory and patch information for this talkd vulnerability. This advisory (FreeBSD-SA-96:21.talkd) is available from: ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-96:21.talkd.asc Patches are available from: ftp://freebsd.org/pub/CERT/patches/SA-96:21/ We have since updated our advisory to contain this, and other vendor information. You can retrieve a copy of the updated talkd advisory from: ftp://ftp.auscert.org.au/pub/auscert/advisory/ AA-97.01.talkd.buffer.overrun.vul - -- regards, tony ========================================================================== Anthony Shepherd | Fax: +61 7 3365 4477 AUSCERT | Phone: +61 7 3365 4417 c/- Prentice Centre | (answered during business hours) The University of Queensland | (on call after hours for emergencies) Qld. 4072. Australia | Internet: auscert@auscert.org.au -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBMvHOqyh9+71yA2DNAQElEgQAkI0fv7a/W8yBX8E3OjFpqh6Rw/qfSX2G W4ZxNAGRiVhDqb11aXmDvXMcrFdxKyeCWdibwtVGpsmgqUHc/il6hABnn1GePWUy gwGtxGPwawn0t1BEAiynhmdJyWuzmtxcinBN7JCVN8JnWg/RrkeFwymzBMz8xOIM +6uY5nuCX1M= =6QH7 -----END PGP SIGNATURE----- From owner-freebsd-security Thu Jan 30 16:58:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA17660 for security-outgoing; Thu, 30 Jan 1997 16:58:43 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA17651 for ; Thu, 30 Jan 1997 16:58:39 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id LAA06381; Fri, 31 Jan 1997 11:59:16 +1100 (EST) Date: Fri, 31 Jan 1997 11:59:16 +1100 (EST) From: "Daniel O'Callaghan" To: Parthiv Shah cc: Howard Goldstein , freebsd-security@freebsd.org Subject: Re: talkd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 30 Jan 1997, Parthiv Shah wrote: > If FreeBSD puts ntalkd patched on there site or at least > have a pointer or something it'll make more sense :) I'm working on a security update repository of patches. Danny From owner-freebsd-security Thu Jan 30 17:05:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA18134 for security-outgoing; Thu, 30 Jan 1997 17:05:04 -0800 (PST) Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA18117 for ; Thu, 30 Jan 1997 17:04:59 -0800 (PST) Received: (from ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) id RAA15496; Thu, 30 Jan 1997 17:05:01 -0800 (PST) Date: Thu, 30 Jan 1997 17:05:01 -0800 (PST) From: Snob Art Genre To: freebsd-security@freebsd.org Subject: Re: talkd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 31 Jan 1997, Daniel O'Callaghan wrote: > > Talkd in -current, 2.2 and 2.1-stable are fixed. > Grab the sources from ftp.freebsd.org and rebuild. Very easy. I am > working on having all of these fixes converted into packages, which will > make things very easy. Do you know where I can find patches for all the various buffer overflows, &c, since the 2.1.5 CDs came out? I missed quite a few of them when they came out, and the CERT page has no way of sorting advisories by date or OS. > regards, > > Danny > > > On Thu, 30 Jan 1997, Howard Goldstein wrote: > > > What is the state of the talkd in the aftermath of the AUSCERT > > advisory? > > > > Apologies in advance if this was discussed before; the mailing list > > archives on www.freebsd.org are thoroughly hosed. > > > Ben The views expressed above are not those of the Worker's Compensation Board of Queensland, Australia. From owner-freebsd-security Thu Jan 30 23:06:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA08341 for security-outgoing; Thu, 30 Jan 1997 23:06:38 -0800 (PST) Received: from oskar.nanoteq.co.za (oskar.nanoteq.co.za [163.195.220.170]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA08324 for ; Thu, 30 Jan 1997 23:06:31 -0800 (PST) Received: (from rbezuide@localhost) by oskar.nanoteq.co.za (8.6.12/8.6.12) id JAA15488; Fri, 31 Jan 1997 09:05:57 +0200 From: Reinier Bezuidenhout Message-Id: <199701310705.JAA15488@oskar.nanoteq.co.za> Subject: Re: ipfw trouble under FreeBSD 2.1.5 In-Reply-To: <5cqfuu$sqt@leonie.object-factory.com> from Marcus Mueller at "Jan 30, 97 03:49:50 pm" To: znek@object-factory.com (Marcus Mueller) Date: Fri, 31 Jan 1997 09:05:56 +0200 (SAT) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi there > it seems that ipfw under FreeBSD 2.1.5 has a bug which leads to deny-rules > being applied to connections which should have been accepted before. > (That means a 65000 deny blah from blah to blah matches a connection which > should have been accepted by a 10000 allow blah from blah to blah). > In certain cases - though not deterministically - I have to flush the list > and then setup all rules again for the firewall to function properly. > In some cases this does not help, however. I have to agree with this ... I've seen it on two FreeBSD firewalls we have, e.g. 1000 accept tcp from any to any established . . . . 17000 deny tcp from any to 1.2.3.4 via ed0 setup and if I telnet from the one to the other on an open port, rule 17000 fires about 3 times, denying packets, and then the connection is established ???? Greetings Reinier From owner-freebsd-security Fri Jan 31 00:07:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA11157 for security-outgoing; Fri, 31 Jan 1997 00:07:36 -0800 (PST) Received: from super-g.inch.com (super-g.com [204.178.32.161]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA11151 for ; Fri, 31 Jan 1997 00:07:33 -0800 (PST) Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.6.9) with SMTP id DAA08521; Fri, 31 Jan 1997 03:10:59 -0500 (EST) Date: Fri, 31 Jan 1997 03:10:59 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: Parthiv Shah cc: Howard Goldstein , freebsd-security@freebsd.org Subject: Re: talkd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk A good thing to do if you feel behind on this stuff is to subscribe to Bugtraq (listserv@netspace.org "subscribe bugtraq" in the body) and make sure you're subscribed to freebsd-security. The pointer to the patch was up really fast (I even used it to patch a NetBSD machine) and really easy to apply; less than 5 minutes per machine... Charles On Thu, 30 Jan 1997, Parthiv Shah wrote: > If FreeBSD puts ntalkd patched on there site or at least > have a pointer or something it'll make more sense :) > > just adding my 2 cents.. > > Parthiv > > -- > Shah, Parthiv http://www.netadmin.net/ > Systems Administrator at IDT (201) 928 - 4414 > PGP fingerprint = 1E 03 5B F3 43 47 FE 02 6B DD EE 12 65 AD 1B EB > > On Thu, 30 Jan 1997, Howard Goldstein wrote: > > > Date: Thu, 30 Jan 1997 18:32:00 -0500 > > From: Howard Goldstein > > To: freebsd-security@FreeBSD.ORG > > Subject: talkd? > > > > What is the state of the talkd in the aftermath of the AUSCERT > > advisory? > > > > Apologies in advance if this was discussed before; the mailing list > > archives on www.freebsd.org are thoroughly hosed. > > > From owner-freebsd-security Fri Jan 31 01:11:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA13643 for security-outgoing; Fri, 31 Jan 1997 01:11:36 -0800 (PST) Received: from elaine17.Stanford.EDU (elaine17.Stanford.EDU [171.64.15.82]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA13636 for ; Fri, 31 Jan 1997 01:11:34 -0800 (PST) Received: (from jkoum@localhost) by elaine17.Stanford.EDU (8.8.5/8.8.4) id BAA18428; Fri, 31 Jan 1997 01:12:19 -0800 (PST) Date: Fri, 31 Jan 1997 01:12:19 -0800 (PST) From: Jan Koum To: listserv@netspace.org, freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk subscribe From owner-freebsd-security Fri Jan 31 02:52:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id CAA17025 for security-outgoing; Fri, 31 Jan 1997 02:52:08 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA17019 for ; Fri, 31 Jan 1997 02:52:05 -0800 (PST) Received: from casimir.easynet.fr (casimir.easynet.fr [194.51.27.235]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id CAA05791 for ; Fri, 31 Jan 1997 02:52:02 -0800 (PST) Received: from casimir.easynet.fr (casimir.easynet.fr [194.51.27.235]) by casimir.easynet.fr (8.8.2/8.7.3) with SMTP id LAA17376 for ; Fri, 31 Jan 1997 11:49:49 +0100 (MET) Date: Fri, 31 Jan 1997 11:49:49 +0100 (MET) From: David Ramahefason To: freebsd-security@freebsd.org Subject: IP Masquerading / IP Firewalling Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, Could someone explain me how to setup a Firewall with ip masquerading in it... In fact we'd like to put appart our office network from the rest of the world... and if possible use for it False ip's (considering the fact taht all queries from this network will be seen as coming from a unique box... the firewall..) Thanks |David Ramahefason, rama@easynet.fr, Sysop, Easynet France SA| |http://www.easynet.fr 23, rue du Renard, 75004 Paris, FRANCE| | Think different Think BSD http://www.FreeBSD.org | | Wrap around problems with Python http://www.python.org | From owner-freebsd-security Fri Jan 31 07:06:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA26211 for security-outgoing; Fri, 31 Jan 1997 07:06:58 -0800 (PST) Received: from chaos.ecpnet.com (raistlin@chaos.ecpnet.com [204.246.64.13]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA26206 for ; Fri, 31 Jan 1997 07:06:53 -0800 (PST) Received: from localhost (raistlin@localhost) by chaos.ecpnet.com (8.8.5/8.8.3) with SMTP id JAA08900; Fri, 31 Jan 1997 09:08:47 -0600 (CST) Date: Fri, 31 Jan 1997 09:08:46 -0600 (CST) From: Justen Stepka To: David Ramahefason cc: freebsd-security@freebsd.org Subject: Re: IP Masquerading / IP Firewalling In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Currently there is a port called socks5, and if your interested in just doing www stuff apache should have it compiled in. If your looking to offer all services with IP masq then you might want to *dare I say it* linux, this has ip masq/ip firewalling designed for what your looking to do. On Fri, 31 Jan 1997, David Ramahefason wrote: > > Hi, > > Could someone explain me how to setup a Firewall with ip masquerading in > it... > > In fact we'd like to put appart our office network from the rest of the > world... and if possible use for it False ip's (considering the fact taht > all queries from this network will be seen as coming from a unique box... > the firewall..) > > Thanks > > |David Ramahefason, rama@easynet.fr, Sysop, Easynet France SA| > |http://www.easynet.fr 23, rue du Renard, 75004 Paris, FRANCE| > | Think different Think BSD http://www.FreeBSD.org | > | Wrap around problems with Python http://www.python.org | > > > From owner-freebsd-security Fri Jan 31 08:19:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA28918 for security-outgoing; Fri, 31 Jan 1997 08:19:41 -0800 (PST) Received: from spitfire.ecsel.psu.edu (qmailr@spitfire.ecsel.psu.edu [146.186.218.51]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id IAA28913 for ; Fri, 31 Jan 1997 08:19:34 -0800 (PST) Received: (qmail 26906 invoked by uid 1000); 31 Jan 1997 16:19:29 -0000 Message-ID: <19970131161929.26905.qmail@spitfire.ecsel.psu.edu> To: Justen Stepka cc: David Ramahefason , freebsd-security@freebsd.org Subject: Re: IP Masquerading / IP Firewalling In-reply-to: Your message of "Fri, 31 Jan 1997 09:08:46 CST." Date: Fri, 31 Jan 1997 11:19:28 -0500 From: Dan Cross Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Currently there is a port called socks5, and if your interested in just > doing www stuff apache should have it compiled in. If your looking to > offer all services with IP masq then you might want to *dare I say it* > linux, this has ip masq/ip firewalling designed for what your looking to > do. Or, you could just get natd and 2.2.... :-) I think that http://www.srv.net/~cmott/natd.html is what you want to look at. I have it running on my 2.2-CURRENT (which isn't so current anymore...) machine at home. It's rather gratifying to be able to connect from my VAX at home, which is behind the firewall, running VMS with no hope of doing SOCKS, to the university. - Dan C. From owner-freebsd-security Fri Jan 31 08:39:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA29763 for security-outgoing; Fri, 31 Jan 1997 08:39:49 -0800 (PST) Received: from casimir.easynet.fr (casimir.easynet.fr [194.51.27.235]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA29755 for ; Fri, 31 Jan 1997 08:39:42 -0800 (PST) Received: from casimir.easynet.fr (casimir.easynet.fr [194.51.27.235]) by casimir.easynet.fr (8.8.2/8.7.3) with SMTP id RAA23791; Fri, 31 Jan 1997 17:37:57 +0100 (MET) Date: Fri, 31 Jan 1997 17:37:57 +0100 (MET) From: David Ramahefason To: Dan Cross cc: Justen Stepka , freebsd-security@FreeBSD.ORG Subject: Re: IP Masquerading / IP Firewalling In-Reply-To: <19970131161929.26905.qmail@spitfire.ecsel.psu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 31 Jan 1997, Dan Cross wrote: > Or, you could just get natd and 2.2.... :-) Yep I've just downloaded it :) Btw is there somewhere a HOW-TO for ipfw.... cause it seems to be quite hard to handle... Cheers |David Ramahefason, rama@easynet.fr, Sysop, Easynet France SA| |http://www.easynet.fr 23, rue du Renard, 75004 Paris, FRANCE| | Think different Think BSD http://www.FreeBSD.org | | Wrap around problems with Python http://www.python.org |