From owner-freebsd-security Sun Apr 2 3:39:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 7072337B6AB for ; Sun, 2 Apr 2000 03:39:50 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by awfulhak.org (8.9.3/8.9.3) with ESMTP id LAA90403; Sun, 2 Apr 2000 11:37:58 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id LAA01485; Sun, 2 Apr 2000 11:37:57 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004021037.LAA01485@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Andre Gironda Cc: James Wyatt , Nate Williams , Jim Durham , freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules In-Reply-To: Message from Andre Gironda of "Sat, 01 Apr 2000 20:08:28 -0800." <20000401200828.B319@toaster.sun4c.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 02 Apr 2000 11:37:57 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Proxies are a great idea in most cases, although I think they're > a bit restrictive. But then again, do you really want people > using programs like httptunnel and creating a potential security > problem? > > Have you seen http://www.detached.net/mailtunnel.html ? [.....] And there's an ftptunnel too... I really think that the only way to really secure your network is to deny everything and then allow what you know. Of course this means over-restrictive access to the 'net which may be unrealistic for some companies. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 12: 8:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.hitter.net (smtp.hitter.net [207.192.64.51]) by hub.freebsd.org (Postfix) with ESMTP id 584A337BE8B; Sun, 2 Apr 2000 12:08:19 -0700 (PDT) (envelope-from kerberus@strictlyhosting.com) Received: from [207.192.83.3] (helo=strictlyhosting.com) by smtp.hitter.net with esmtp (Exim 3.12 #1) id 12bpeG-000Jkg-00; Sun, 02 Apr 2000 19:03:00 +0000 Received: from strictlyhosting.com [207.192.83.3] by strictlyhosting.com (SMTPD32-5.05) id AEC4891B0102; Sun, 02 Apr 2000 14:17:40 -0400 From: "System Admin" Reply-To: "System Admin" Date: Sun, 2 Apr 100 14:17:42 -0400 To: questions@freebsd.org Cc: security@freebsd.org Subject: MAJOR DDOS Message-Id: <200004021417660.SM00209@strictlyhosting.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I belive i am experiencing a major DDOS on port 80 .... 40+ Megs inbound...... from all over, what is the fastest way to start protecting this machine ???? and alleviate some of this traffic under 3.4 ???? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 12:19:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 84DC737B9FC for ; Sun, 2 Apr 2000 12:19:35 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id PAA70419; Sun, 2 Apr 2000 15:19:34 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id PAA26254; Sun, 2 Apr 2000 15:19:33 -0400 (EDT) Message-Id: <4.2.2.20000402151228.035846d8@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sun, 02 Apr 2000 15:16:52 -0500 To: "System Admin" From: Mike Tancsa Subject: Re: MAJOR DDOS Cc: security@FreeBSD.ORG In-Reply-To: <200004021417660.SM00209@strictlyhosting.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:17 PM 4/2/2000 -0400, System Admin wrote: >I belive i am experiencing a major DDOS on port 80 .... 40+ Megs >inbound...... from all over, what is the fastest way to start protecting >this machine ???? and alleviate some of this traffic under 3.4 ???? I would say get in touch with your upstreams to see where all the traffic is coming from. Hopefully they have someone in their NOCs will have people around today to track down the sources of the attacks. If its all "legitimate" traffic, I dont think options ICMP_BANDLIM will help. If its all just one web site they are attacking, perhaps change the IP address for that specific site to 10.10.10.10 to protect your other sites. Make the TTL 1 second so you can quickly change it back. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 12:28:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gradwell.com (mail.gradwell.com [194.205.225.96]) by hub.freebsd.org (Postfix) with SMTP id 3E46237B884 for ; Sun, 2 Apr 2000 12:28:10 -0700 (PDT) (envelope-from dozprompt@onsea.com) Received: (qmail 21475 invoked from network); 2 Apr 2000 19:28:11 -0000 Received: from unknown (HELO merlin.onsea.com) (212.49.242.5) by mail.gradwell.com with SMTP; 2 Apr 2000 19:28:11 -0000 Received: from localhost (dozprompt@localhost) by merlin.onsea.com (8.9.3/8.9.3) with ESMTP id UAA52241; Sun, 2 Apr 2000 20:28:35 +0100 (BST) (envelope-from dozprompt@onsea.com) X-Authentication-Warning: merlin.onsea.com: dozprompt owned process doing -bs Date: Sun, 2 Apr 2000 20:28:34 +0100 (BST) From: Cliff Rowley To: Mike Tancsa Cc: System Admin , security@FreeBSD.ORG Subject: Re: MAJOR DDOS In-Reply-To: <4.2.2.20000402151228.035846d8@mail.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > If its all "legitimate" traffic, I dont think > options ICMP_BANDLIM > will help. It wouldnt help if it was not legitimate traffic either, since ICMP is portless (meaning that the connections are either TCP or UDP) - just clearing that up. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 14: 6:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id DFB5E37B6A7 for ; Sun, 2 Apr 2000 14:06:13 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id RAA77090; Sun, 2 Apr 2000 17:06:02 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id RAA15154; Sun, 2 Apr 2000 17:06:01 -0400 (EDT) Message-Id: <4.2.2.20000402170029.0360cd28@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sun, 02 Apr 2000 17:03:21 -0500 To: Cliff Rowley From: Mike Tancsa Subject: Re: MAJOR DDOS Cc: security@FreeBSD.ORG In-Reply-To: References: <4.2.2.20000402151228.035846d8@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:28 PM 4/2/2000 +0100, Cliff Rowley wrote: > > If its all "legitimate" traffic, I dont think > > options ICMP_BANDLIM > > will help. > >It wouldnt help if it was not legitimate traffic either, since ICMP is >portless (meaning that the connections are either TCP or UDP) - just >clearing that up. I thought the point of ICMP_BANDLIM was to throttle back the amount of ICMP error traffic in response to a whole whack of bogus connection attempts. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 19:11:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 1541037B799; Sun, 2 Apr 2000 19:11:56 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id WAA09945; Sun, 2 Apr 2000 22:11:53 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Sun, 2 Apr 2000 22:11:52 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: System Admin Cc: questions@freebsd.org, security@freebsd.org Subject: Re: MAJOR DDOS In-Reply-To: <200004021417660.SM00209@strictlyhosting.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 2 Apr 100, System Admin wrote: > I belive i am experiencing a major DDOS on port 80 .... 40+ Megs > inbound...... from all over, what is the fastest way to start protecting > this machine ???? and alleviate some of this traffic under 3.4 ???? Not enough information. Tell us something useful: is it a classic network-layer DoS such as a SYN attack, TCP segment flood, etc? Are real connections being built, are these randomly sourced packets? Are the source IPs randomized (unlikely if real connections are being built)? Is the limiting component here the web server CPU/state management? Router packet-pushing capacity? Link capacity? Is the target the application level? Before we can tell you anything that can help you defend yourself, you need to tell us what the problem is. How do you know you're being DoS'd? Is it adversely affecting performance/etc, or is it something you can sit out waiting for the attacker to get bored? Someone else has already suggested you go to your up-stream provider(s). This is a good idea--if you don't know what you're doing, there's a greater chance that they have experience in the area, as it may also be affecting their network performance et al, and would love to throttle the attack stream if they knew that it wasn't legitimate. If the attack is persistent and having serious effects, why haven't you contacted law enforcement, who have lately been showing relatively serious interest in tracking attacks such as these? Have you been attempting to gather evidence necessary for criminal prosecution, including packet traces, etc? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 20:54:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from mta01.onebox.com (mta01.onebox.com [216.33.158.208]) by hub.freebsd.org (Postfix) with ESMTP id 623C137B5D4 for ; Sun, 2 Apr 2000 20:54:52 -0700 (PDT) (envelope-from chutima_s@zdnetonebox.com) Received: from onebox.com ([216.33.158.158]) by mta01.onebox.com (InterMail vM.4.01.02.17 201-229-119) with SMTP id <20000403035452.VVHA21091.mta01.onebox.com@onebox.com> for ; Sun, 2 Apr 2000 20:54:52 -0700 Received: from [203.107.232.70] by onebox.com with HTTP; Sun, 02 Apr 2000 20:54:52 -0800 Date: Sun, 02 Apr 2000 20:54:52 -0800 Subject: How to deal with intruder? From: "Chutima S." To: freebsd-security@FreeBSD.ORG Message-Id: <20000403035452.VVHA21091.mta01.onebox.com@onebox.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear all, I'm a new internet admin. I found in security check output routine that many people try to connect to my server: Mar 3 18:56:45 mail inetd[2409]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 18:58:05 mail inetd[2411]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service tcpd (tcp) Mar 3 18:59:11 mail inetd[2412]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:01:38 mail inetd[2426]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:11:32 mail inetd[2439]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:21:33 mail inetd[2451]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 17 12:48:14 mail inetd[32549]: refused connection from 210.71.232.99, service tcpd (tcp) Mar 17 12:48:16 mail inetd[32551]: refused connection from 210.71.232.99, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34770]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34771]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34772]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34773]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:41:27 mail inetd[34775]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:41:41 mail inetd[34777]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Apr 2 14:48:11 mail inetd[69483]: refused connection from root@203.107.227.2, service tcpd (tcp) Apr 2 14:48:11 mail inetd[69484]: refused connection from root@203.107.227.2, service tcpd (tcp) That really scare me!!! I don't know how to deal with them. So I want your advice for : 1. Should I try to contact anybody(admin at those server)? 2. How can I trace them back to know are they? Thank you, -- Chutima Subsirin chutima_s@zdnetonebox.com - email ___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 2 21: 3:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 7274E37BA6F for ; Sun, 2 Apr 2000 21:03:49 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id AAA08006; Mon, 3 Apr 2000 00:03:47 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id AAA06324; Mon, 3 Apr 2000 00:03:46 -0400 (EDT) Message-Id: <4.2.2.20000402235801.033166c8@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 03 Apr 2000 00:01:07 -0500 To: "Chutima S." , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: How to deal with intruder? In-Reply-To: <20000403035452.VVHA21091.mta01.onebox.com@onebox.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:54 PM 4/2/2000 -0800, Chutima S. wrote: >Dear all, > >I'm a new internet admin. I found in security check output routine that >many people try to connect to my server: Yup. Unfortunately, this is normal. You will quite often see people scanning for holes and weaknesses. >That really scare me!!! I don't know how to deal with them. So I want >your advice for : >1. Should I try to contact anybody(admin at those server)? Yes. Do so when you can. >2. How can I trace them back to know are they? By the IP address in your logs. whois -a . Often however, the accounts are dialup accounts, or machines that have been broken into. If you are new to network administration, see http://www.securityfocus.com and http://www.sans.org. They are two useful *starting* places. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 4:33:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from pitu.ito.tu-darmstadt.de (pitu.ito.tu-darmstadt.de [130.83.27.70]) by hub.freebsd.org (Postfix) with ESMTP id 35B5137B529 for ; Mon, 3 Apr 2000 04:33:09 -0700 (PDT) (envelope-from schumacher@ito.tu-darmstadt.de) Received: from ito.tu-darmstadt.de (whiskey.ito.tu-darmstadt.de [130.83.27.84]) by pitu.ito.tu-darmstadt.de (Postfix) with ESMTP id ADE967E64 for ; Mon, 3 Apr 2000 13:32:46 +0200 (CEST) Message-ID: <38E88F27.B873E7@ito.tu-darmstadt.de> Date: Mon, 03 Apr 2000 13:31:35 +0100 From: Markus Schumacher X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Call for Participation: Survey on Vulnerability Databases Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks, maybe this message is a somehow off-topic, but we think that you, as subscribers of this security related mailing list, are the best target group and might be interested in our work. We are a research group at the Darmstadt University of Technology, Germany, Department of Computer Science. Our current studies focus on the systematic analysis of software vulnerabilities. As an example we want to apply data mining algorithms in order to assess or prognose vulnerabilities, and to avoid their causes (e.g. reoccuring coding/design faults). We have prepared a survey in order to determine the most acceptable operational properties of a vulnerability database that will be of use for the greatest possible group of people, companies and institutions. Therefore we are trying to gather some information about the terms of use that would be accepted by most users. If you have some time please have a look on our survey at http://www.ito.tu-darmstadt.de/survey.html Cheers ... Markus -- _________________________________________________________________ Markus Schumacher Darmstadt University of Technology fon: +49 6151 16-6217 Department of Computer Science (ITO) fax: +49 6151 16-6229 mailto:schumacher@ito.tu-darmstadt.de http://www.ito.tu-darmstadt.de/staff/Markus/zzz _________________________________________________________________ Researcher and all around nice guy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 6:59:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from lansolo.actv.com (smtp.actv.com [209.10.139.20]) by hub.freebsd.org (Postfix) with ESMTP id 683F437B512 for ; Mon, 3 Apr 2000 06:59:39 -0700 (PDT) (envelope-from mchugh@actv.com) Received: from actv.com (ranger.actv.com [209.10.139.10]) by lansolo.actv.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id H8FXB932; Mon, 3 Apr 2000 10:07:17 -0400 Message-ID: <38E8A393.D492BB3B@actv.com> Date: Mon, 03 Apr 2000 09:58:43 -0400 From: Michael McHugh X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Adam Woodbeck (KEYKERTUSA)" Cc: freebsd-security@freebsd.org Subject: Re: Firewall rules for an internet FTP server? References: <0039010010682121000002L112*@MHS> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Get Chapman & Zawicki's "Building Internet Firewalls" - ISBN 1565921240 It may be outdated, but it is an excellent starting point. To the best of my knowledge, many of the services you're working on are tcp, not udp based. If you're in an environment where you can experiment, I'd recommend figuring out which services are tcp, which are udp, and paring your ruleset down accordingly. Also, ftp can be run in two modes - passive and active. Passive involves pure port 21, active involves the ftp server opening a connection from port 20 to a high numbered port on the client. Also - I remember having some trouble with Internet Exploder connecting to ftp servers. You may have to tweak your rules a wee bit to accomodate Micro$oft's fine products. "Adam Woodbeck (KEYKERTUSA)" wrote: > > I'm putting an ftp server online soon and I'm wanted to get your input on what > ports you suggest I open up to the Internet. I have the firewall set up to use > the "client" configuration. I've added a few lines to open up FTP to the > Internet as well as allow other services to my local network. I've also added > what I think will allow me to update the FTP server through CVS. Does anyone > suggest I change anything on this configuration or does it look pretty complete? > Thanks for the help! > > Adam > > # set these to your network and netmask and ip > net="10.0.0.0" > mask="255.255.255.0" > ip="10.0.0.10" > > # Allow ping to or from anyone. > # ICMP flood protection compiled into the kernel. > ${fwcmd} add pass icmp from ${ip} to any > ${fwcmd} add pass icmp from any to ${ip} > > # Allow ftp access to or from anyone. > ${fwcmd} add pass tcp from ${ip} 21 to any > ${fwcmd} add pass tcp from any to ${ip} 21 > ${fwcmd} add pass udp from ${ip} 21 to any > ${fwcmd} add pass udp from any to ${ip} 21 > > # All CVS access > ${fwcmd} add pass tcp from ${ip} 2401 to any > ${fwcmn} add pass tcp from any to ${ip} 2401 > ${fwcmd} add pass udp from ${ip} 2401 to any > ${fwcmn} add pass udp from any to ${ip} 2401 > ${fwcmd} add pass tcp from ${ip} 5999 to any > ${fwcmn} add pass tcp from any to ${ip} 5999 > > # Allow ssh traffic to or from my own net. > ${fwcmd} add pass tcp from ${ip} 22 to ${net}:${mask} > ${fwcmd} add pass tcp from ${net}:${mask} to ${ip} 22 > ${fwcmd} add pass udp from ${ip} 22 to ${net}:${mask} > ${fwcmd} add pass udp from ${net}:${mask} to ${ip} 22 > > # Allow smtp traffic to or from my own net. > ${fwcmd} add pass tcp from ${ip} 25 to ${net}:${mask} > ${fwcmd} add pass tcp from ${net}:${mask} to ${ip} 25 > ${fwcmd} add pass udp from ${ip} 25 to ${net}:${mask} > ${fwcmd} add pass udp from ${net}:${mask} to ${ip} 25 > > # Allow domain traffic to or from my own net. > ${fwcmd} add pass tcp from ${ip} 53 to ${net}:${mask} > ${fwcmd} add pass tcp from ${net}:${mask} to ${ip} 53 > ${fwcmd} add pass udp from ${ip} 53 to ${net}:${mask} > ${fwcmd} add pass udp from ${net}:${mask} to ${ip} 53 > > # Allow http traffic to or from my own net. > ${fwcmd} add pass tcp from ${ip} 80 to ${net}:${mask} > ${fwcmd} add pass tcp from ${net}:${mask} to ${ip} 80 > ${fwcmd} add pass udp from ${ip} 80 to ${net}:${mask} > ${fwcmd} add pass udp from ${net}:${mask} to ${ip} 80 > > # Allow pop3 traffic to or from my own net. > ${fwcmd} add pass tcp from ${ip} 110 to ${net}:${mask} > ${fwcmd} add pass tcp from ${net}:${mask} to ${ip} 110 > ${fwcmd} add pass udp from ${ip} 110 to ${net}:${mask} > ${fwcmd} add pass udp from ${net}:${mask} to ${ip} 110 > > # Allow TCP through if setup succeeded > ${fwcmd} add pass tcp from any to any established > > # Allow IP fragments to pass through > ${fwcmd} add pass all from any to any frag > > # Allow setup of incoming email > ${fwcmd} add pass tcp from any to ${ip} 25 setup > > # Allow setup of outgoing TCP connections only > ${fwcmd} add pass tcp from ${ip} to any setup > > # Disallow setup of all other TCP connections > ${fwcmd} add deny tcp from any to any setup > > # Allow DNS queries out in the world > ${fwcmd} add pass udp from any 53 to ${ip} > ${fwcmd} add pass udp from ${ip} to any 53 > > # Allow NTP queries out in the world > ${fwcmd} add pass udp from any 123 to ${ip} > ${fwcmd} add pass udp from ${ip} to any 123 > > # Everything else is denied by default > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Michael McHugh Systems Admin HyperTV, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 9: 9: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from spcem01sgl.sugar-land.omnes.net (spcem01sgl.sugar-land.omnes.net [163.188.48.51]) by hub.freebsd.org (Postfix) with ESMTP id E774D37BA4E for ; Mon, 3 Apr 2000 09:08:58 -0700 (PDT) (envelope-from rayk@sugar-land.spc.slb.com) Received: from rayk-sgl.sugar-land.spc.slb.com ([163.188.49.242]) by spcem01sgl.sugar-land.omnes.net (Post.Office MTA v3.5.3 release 223 ID# 0-58147U25000L25000S0V35) with ESMTP id net for ; Mon, 3 Apr 2000 11:02:16 -0500 Message-Id: <4.3.1.2.20000403104253.00af9380@163.188.48.51> X-Sender: rayk@163.188.48.51 X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 03 Apr 2000 11:03:48 -0500 To: freebsd-security@FreeBSD.ORG From: Keith Ray Subject: ipfw dynamic rules & tcp rst Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been using the new dynamic ipfw rules in 4.0. I wanted to make the firewall react as though it didn't exist by returning TCP RSTs instead of just dropping the connection. However, the following rules do not work: 00400 check-state 00500 reset tcp from any to {myip} established 00600 reset tcp from {myip} to any established 00700 allow tcp from any to {myip} 22 keep-state setup 00800 reset tcp from any to {myip} setup 65535 deny ip from any to any When a connection comes in for a non-allowed port, rule 800 rejects the connection. However, rule 600 prevents the TCP RST from being sent and the connection is dropped. The following rules work however: 00300 allow tcp from {myip} to any 00400 check-state 00500 reset tcp from any to {myip} established 00600 allow tcp from any to {myip} 22 keep-state setup 00700 reset tcp from any to {myip} setup 65535 deny ip from any to any This time the connection is rejected and rule 300 allows the RST to be sent. Is there a better way of accomplishing this? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 9:17:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 3071737BB8A for ; Mon, 3 Apr 2000 09:17:51 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Mon, 3 Apr 2000 10:17:49 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma012899; Mon, 3 Apr 00 10:17:44 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA13922; Mon, 3 Apr 2000 10:15:51 -0600 (MDT) Date: Mon, 3 Apr 2000 10:15:51 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Michael McHugh Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall rules for an internet FTP server? In-Reply-To: <38E8A393.D492BB3B@actv.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 3 Apr 2000, Michael McHugh wrote: > Also, ftp can be run in two modes - passive and active. Passive > involves pure port 21, active involves the ftp server opening a > connection from port 20 to a high numbered port on the client. Uhh, not quite. Passive mode DOES involve the client connecting to a high numbered port on the server (chosen by the server). Both active and passive modes require a separate data channel and are troublesome to firewall. The difference is only in who picks the ports and who contacts who. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 11:13:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 2A0CA37B526 for ; Mon, 3 Apr 2000 11:13:26 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (Foolstrustidentd@obie.softweyr.com [204.68.178.33]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id MAA13620; Mon, 3 Apr 2000 12:12:50 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <38E8DF28.8846A1ED@softweyr.com> Date: Mon, 03 Apr 2000 12:12:56 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Jim Durham , freebsd-security@FreeBSD.ORG Subject: Re: FTP with firewall rules References: <38E159DF.3D7E5DF6@w2xo.pgh.pa.us> <200004011825.LAA04705@nomad.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams wrote: > > > I'm looking for some input on how to set up > > FTP through an IPFW firewall so that you don't > > have to run passive mode. > > > > Passive mode makes things like building ports difficult. > > Why? I've got it setup that way (been that way for a couple of years), > and things work fine. However, I do things a bit 'non-standard', and go > hack the sources to both ftp and fetch to make passive mode the > default on my boxes. :) Passive mode appears to be the default on NetBSD lately. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 17: 4:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f88.law4.hotmail.com [216.33.149.88]) by hub.freebsd.org (Postfix) with SMTP id C1BCB37B5C0 for ; Mon, 3 Apr 2000 17:04:36 -0700 (PDT) (envelope-from cindy_lou16@hotmail.com) Received: (qmail 99473 invoked by uid 0); 4 Apr 2000 00:04:36 -0000 Message-ID: <20000404000436.99472.qmail@hotmail.com> Received: from 136.142.227.39 by www.hotmail.com with HTTP; Mon, 03 Apr 2000 17:04:36 PDT X-Originating-IP: [136.142.227.39] From: "Cindy Snopko" To: security@FreeBSD.ORG Subject: TCP Wrapper Date: Mon, 03 Apr 2000 17:04:36 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a TCP Wrapper question, and I hope you can answer it... I want to use a TCP wrapper to prevent a site (i.e., host.aaa.bbb.edu) from using the finger service on my machine, but all other hosts can use it, while only people logged into host.aaa.bbb.edu can telnet into my machine. Can you tell me how I can accomplish this using a TCP wrapper? Thank you for your time. Cindy ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 17:18:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 2F6D537B512 for ; Mon, 3 Apr 2000 17:18:15 -0700 (PDT) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12cH2l-000LHt-00; Tue, 04 Apr 2000 02:18:07 +0200 From: Sheldon Hearn To: "Cindy Snopko" Cc: security@FreeBSD.ORG Subject: Re: TCP Wrapper In-reply-to: Your message of "Mon, 03 Apr 2000 17:04:36 PDT." <20000404000436.99472.qmail@hotmail.com> Date: Tue, 04 Apr 2000 02:18:07 +0200 Message-ID: <81832.954807487@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 03 Apr 2000 17:04:36 PDT, "Cindy Snopko" wrote: > I have a TCP Wrapper question, and I hope you can answer it... Since it's really just a simple configuration question, it would have been more appropriate on the freebsd-questions mailing list. just something to keep in mind for next time. > I want to use a TCP wrapper to prevent a site (i.e., host.aaa.bbb.edu) from > using the finger service on my machine, but all other hosts can > use it, while only people logged into host.aaa.bbb.edu can telnet > into my machine. The hosts_access(5) manual page would explain everything you need to make sense of the following rules: fingerd: host.aaa.bbb.edu: deny fingerd: ALL allow telnetd: host.aaa.bbb.edu: allow telnetd: ALL: deny Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 17:27:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id C570A37B76C for ; Mon, 3 Apr 2000 17:27:24 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id UAA24334; Mon, 3 Apr 2000 20:27:16 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id UAA22113; Mon, 3 Apr 2000 20:27:15 -0400 (EDT) Message-Id: <4.2.2.20000403201543.039c3950@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 03 Apr 2000 20:24:28 -0500 To: "Cindy Snopko" , security@FreeBSD.ORG From: Mike Tancsa Subject: Re: TCP Wrapper In-Reply-To: <20000404000436.99472.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:04 PM 4/3/2000 -0700, Cindy Snopko wrote: >I have a TCP Wrapper question, and I hope you can answer it... > >I want to use a TCP wrapper to prevent a site (i.e., host.aaa.bbb.edu) >from using the finger service on my machine, but all other hosts can >use it, while only people logged into host.aaa.bbb.edu can telnet >into my machine. > >Can you tell me how I can accomplish this using a TCP wrapper? You would do well to consult the documentation at http://www.freebsd.org on how to get the best results when posting a question so people can better help you. Specifically, http://www.freebsd.org/projects/newbies.html If you are using a recent version of FreeBSD e.g. 3.3 and above, then edit the file /etc/hosts.allow. If its a really old version, see /usr/local/etc/hosts.allow fingerd: host.aaa.bbb.edu: deny fingerd: ALL allow Also, you can get answers to questions like the one you asked at http://www.deja.com/home_ps.shtml Enter in *freebsd* in the forums section, and enter in the key words you are looking for. You will find answers to almost any question there. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 3 19: 1: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id B76CD37B74A for ; Mon, 3 Apr 2000 19:00:47 -0700 (PDT) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id MAA24050; Tue, 4 Apr 2000 12:01:21 +1000 (EST) From: Darren Reed Message-Id: <200004040201.MAA24050@cairo.anu.edu.au> Subject: Re: ipfw dynamic rules & tcp rst In-Reply-To: <4.3.1.2.20000403104253.00af9380@163.188.48.51> from Keith Ray at "Apr 3, 0 11:03:48 am" To: rayk@sugar-land.spc.slb.com (Keith Ray) Date: Tue, 4 Apr 2000 12:01:20 +1000 (EST) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Keith Ray, sie said: > I have been using the new dynamic ipfw rules in 4.0. I wanted to make the > firewall react as though it didn't exist by returning TCP RSTs instead of > just dropping the connection. However, the following rules do not work: > > 00400 check-state > 00500 reset tcp from any to {myip} established > 00600 reset tcp from {myip} to any established > 00700 allow tcp from any to {myip} 22 keep-state setup > 00800 reset tcp from any to {myip} setup > 65535 deny ip from any to any > > When a connection comes in for a non-allowed port, rule 800 rejects the > connection. However, rule 600 prevents the TCP RST from being sent and the > connection is dropped. The following rules work however: > > 00300 allow tcp from {myip} to any > 00400 check-state > 00500 reset tcp from any to {myip} established > 00600 allow tcp from any to {myip} 22 keep-state setup > 00700 reset tcp from any to {myip} setup > 65535 deny ip from any to any > > This time the connection is rejected and rule 300 allows the RST to be > sent. Is there a better way of accomplishing this? Yeah, use IP Filter. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 10:38:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from linux.sduteam.com (adsl-216-102-118-84.dsl.scrm01.pacbell.net [216.102.118.84]) by hub.freebsd.org (Postfix) with ESMTP id 9F3B437B6B1 for ; Wed, 5 Apr 2000 10:38:12 -0700 (PDT) (envelope-from goten@linux.sduteam.com) Received: from localhost (goten@localhost) by linux.sduteam.com (8.9.3/8.9.3) with ESMTP id LAA09901 for ; Wed, 5 Apr 2000 11:26:44 -0700 Date: Wed, 5 Apr 2000 11:26:44 -0700 (PDT) From: To: security@freebsd.org Subject: Queston on secure syslogd Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, I am just wondering if there is any secure alternative for syslogd. Since I want to send the log file via TCP/IP over the Internet, using @1.2.3.4 in syslogd.conf is not secure enough if that IP is not on the LAN. I have tried to use nsyslogd, but the SSL not seems to be working right. I can use Snort -dvC to read all the content in clear text when nsyslogd send message thru UDP port 514. Any suggestions? rgd, Derek ps. I have tried ssyslogd also, it won't even compile on FreeBSD 4.0. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 11:10:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from toaster.sun4c.net (toaster.sun4c.net [63.193.27.6]) by hub.freebsd.org (Postfix) with ESMTP id 0931937BB24 for ; Wed, 5 Apr 2000 11:10:56 -0700 (PDT) (envelope-from andre@toaster.sun4c.net) Received: (from andre@localhost) by toaster.sun4c.net (8.9.3+openldap/8.9.3) id LAA03845; Wed, 5 Apr 2000 11:10:51 -0700 (PDT) Date: Wed, 5 Apr 2000 11:10:51 -0700 From: Andre Gironda To: goten@linux.sduteam.com Cc: security@freebsd.org Subject: Re: Queston on secure syslogd Message-ID: <20000405111051.A3830@toaster.sun4c.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: ; from goten@linux.sduteam.com on Wed, Apr 05, 2000 at 11:26:44AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I always use the syslogd flags "-ss" except when I have a syslog server on a backhaul firewalled network. Over the Internet, I'd be more likely to use scp, rsync, or CVSup even though I should probably use something better like IPSec or SNMPv3. There have got to be 4 million different ways to solve your problem. dre On Wed, Apr 05, 2000 at 11:26:44AM -0700, goten@linux.sduteam.com wrote: > Ok, I am just wondering if there is any secure alternative for syslogd. > Since I want to send the log file via TCP/IP over the Internet, using > @1.2.3.4 in syslogd.conf is not secure enough if that IP is not on the > LAN. > > I have tried to use nsyslogd, but the SSL not seems to be working > right. I can use Snort -dvC to read all the content in clear text when > nsyslogd send message thru UDP port 514. Any suggestions? > > rgd, > Derek > > ps. I have tried ssyslogd also, it won't even compile on FreeBSD 4.0. -- This program has been brought to you by the language C and the number F. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 11:19:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from turing.csis.gvsu.edu (csis.gvsu.edu [148.61.162.182]) by hub.freebsd.org (Postfix) with SMTP id F399937B99E for ; Wed, 5 Apr 2000 11:19:45 -0700 (PDT) (envelope-from matt@csis.gvsu.edu) Received: (qmail 7684 invoked by uid 0); 5 Apr 2000 18:19:40 -0000 Received: from eos16.csis.gvsu.edu (matt@148.61.162.116) by turing.csis.gvsu.edu with QMQP; 5 Apr 2000 18:19:40 -0000 From: matt@csis.gvsu.edu Date: Wed, 5 Apr 2000 14:19:40 -0400 To: Andre Gironda Cc: goten@linux.sduteam.com, security@freebsd.org Subject: Re: Queston on secure syslogd Message-ID: <20000405141940.A6357@eos16.csis.gvsu.edu> References: <20000405111051.A3830@toaster.sun4c.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: <20000405111051.A3830@toaster.sun4c.net>; from Andre Gironda on Wed, Apr 05, 2000 at 11:10:51AM -0700 X-my-OS-is-better-than-your-OS: Linux 2.2.5-22 i686 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Over the Internet, I'd be more likely to use scp, rsync, or CVSup > even though I should probably use something better like IPSec or SNMPv3. Things like scp that copy files won't deliver messages in (pseudo) real-time. I don't know if this is a priority for the original poster. The simplest solution is to use a syslogd that delivers over TCP and send messages through an ssh tunnel. btw, have you tried syslog-ng? http://www.balabit.hu/products/syslog-ng/index.html -- http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Try to understand everything, but believe nothing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 11:52:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 1C49D37B809 for ; Wed, 5 Apr 2000 11:52:35 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1321 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Wed, 5 Apr 2000 13:48:37 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Wed, 5 Apr 2000 13:48:36 -0500 (CDT) From: James Wyatt To: matt@csis.gvsu.edu Cc: Andre Gironda , goten@linux.sduteam.com, security@freebsd.org Subject: Re: Queston on secure syslogd In-Reply-To: <20000405141940.A6357@eos16.csis.gvsu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 5 Apr 2000 matt@csis.gvsu.edu wrote: > > Over the Internet, I'd be more likely to use scp, rsync, or CVSup > > even though I should probably use something better like IPSec or SNMPv3. > > Things like scp that copy files won't deliver messages in (pseudo) > real-time. I don't know if this is a priority for the original poster. > The simplest solution is to use a syslogd that delivers over TCP and > send messages through an ssh tunnel. My first thought was a ssh of a remote 'tail -f', but the ssh tunnel sounds best here to me too, fwiw. What about limiting the tunnel to just syslog so you don't have anyone trying to hack a machine through it. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 12:59:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from sprout.cgf.net (adsl-207-215-8-122.dsl.snfc21.pacbell.net [207.215.8.122]) by hub.freebsd.org (Postfix) with ESMTP id 909E637B888 for ; Wed, 5 Apr 2000 12:59:41 -0700 (PDT) (envelope-from tomb@cgf.net) Received: from cgf.net (sprout.cgf.net [207.215.8.122]) by sprout.cgf.net (8.9.3/8.9.3) with ESMTP id MAA37455 for ; Wed, 5 Apr 2000 12:04:18 GMT (envelope-from tomb@cgf.net) Message-ID: <38EB2B30.79A7105E@cgf.net> Date: Wed, 05 Apr 2000 12:01:52 +0000 From: tom X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 4.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: IPSec implementation's question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm not sure if this is the right place to ask, but.. I'm trying for the first time to build IPSec from 4.0-Release. There seem to me, a multitude of different ways to do this and I feel a bit lost as to which way to go (Is there and official way?). I've seem the KAME stuff and found an whole load of different resources, all witha slightly different approach. If anyone has any strong opinions about the good/bad/ugly methods I'd love to hear them. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 5 18:34:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from sable.cc.vt.edu (sable.cc.vt.edu [128.173.16.30]) by hub.freebsd.org (Postfix) with ESMTP id 5B33F37B854; Wed, 5 Apr 2000 18:34:23 -0700 (PDT) (envelope-from dhagan@cs.vt.edu) Received: from mail.vt.edu (gkar.cc.vt.edu [128.173.16.40]) by sable.cc.vt.edu (8.9.3/8.9.3) with ESMTP id VAA17890; Wed, 5 Apr 2000 21:33:16 -0400 (EDT) Received: from techmate ([128.173.43.126]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.1999.05.24.18.28.p7) with SMTP id <0FSK004CTMZF7T@gkar.cc.vt.edu>; Wed, 5 Apr 2000 21:33:15 -0400 (EDT) Date: Wed, 05 Apr 2000 21:32:00 -0400 From: Daniel Hagan Subject: Re: misc/17155: Add mount(8) check to /etc/security To: freebsd-gnats-submit@FreeBSD.org, cjc@cc942873-a.ewndsr1.nj.home.com Cc: freebsd-security@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Importance: Normal X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 X-Priority: 3 (Normal) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This seems like a good idea. There aren't any objections logged in the PR, so is someone interested in committing this? http://www.freebsd.org/cgi/query-pr.cgi?pr=17155 Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 2:20: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id 8504C37BB75; Thu, 6 Apr 2000 02:19:58 -0700 (PDT) (envelope-from obrien@NUXI.ucdavis.edu) Received: from dragon.nuxi.com (root@09-027.006.popsite.net [216.126.136.27]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id CAA26454; Thu, 6 Apr 2000 02:19:57 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id CAA00923; Thu, 6 Apr 2000 02:19:54 -0700 (PDT) (envelope-from obrien) Date: Wed, 5 Apr 2000 18:08:33 -0700 From: "David O'Brien" To: hackers@freebsd.org, security@freebsd.org Subject: desire for ftp.internat.freebsd.org mirror Message-ID: <20000405180833.A15912@dragon.nuxi.com> Reply-To: obrien@NUXI.ucdavis.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Access to ftp.internat.freebsd.org from the USA (and presumably elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP server that could officially mirror the crypto bits from ftp.internat.freebsd.org? -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 3: 3:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from brunel.uk1.vbc.net (brunel.uk1.vbc.net [194.207.2.8]) by hub.freebsd.org (Postfix) with ESMTP id BD88437B9C7; Thu, 6 Apr 2000 03:03:24 -0700 (PDT) (envelope-from lloyd@brunel.uk1.vbc.net) Received: from localhost (lloyd@localhost) by brunel.uk1.vbc.net (8.9.3/8.9.3) with ESMTP id LAA59816; Thu, 6 Apr 2000 11:03:19 +0100 (BST) Date: Thu, 6 Apr 2000 11:03:19 +0100 (BST) From: Lloyd Rennie To: "David O'Brien" Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000405180833.A15912@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 5 Apr 2000, David O'Brien wrote: > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? We expect to have a mirror service setup with the next two months or so - if noone else has helped with this by then, we'd be happy to. -- Lloyd Rennie VBCnet GB Ltd lloyd@vbc.net tel +44 (0) 117 929 1316 http://www.vbc.net fax +44 (0) 117 927 2015 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 4:57: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (wandering-wizard.cybercity.dk [212.242.43.150]) by hub.freebsd.org (Postfix) with ESMTP id C950237BC2A; Thu, 6 Apr 2000 04:56:57 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost.freebsd.dk [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id LAA00793; Thu, 6 Apr 2000 11:39:03 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: obrien@NUXI.ucdavis.edu Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror In-reply-to: Your message of "Wed, 05 Apr 2000 18:08:33 PDT." <20000405180833.A15912@dragon.nuxi.com> Date: Thu, 06 Apr 2000 11:39:03 +0200 Message-ID: <791.955013943@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000405180833.A15912@dragon.nuxi.com>, "David O'Brien" writes: >Access to ftp.internat.freebsd.org from the USA (and presumably >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP >server that could officially mirror the crypto bits from >ftp.internat.freebsd.org? I may be able to arrange a server here in Denmark with a 10-20 Mbit upstream. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 5:16:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97]) by hub.freebsd.org (Postfix) with ESMTP id E09EC37B98C; Thu, 6 Apr 2000 05:16:16 -0700 (PDT) (envelope-from jesper@skriver.dk) Received: by freesbee.wheel.dk (Postfix, from userid 1001) id 7E7873E43; Thu, 6 Apr 2000 14:16:15 +0200 (CEST) Date: Thu, 6 Apr 2000 14:16:15 +0200 From: Jesper Skriver To: Poul-Henning Kamp Cc: obrien@NUXI.ucdavis.edu, hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406141615.H80268@skriver.dk> References: <20000405180833.A15912@dragon.nuxi.com> <791.955013943@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <791.955013943@critter.freebsd.dk>; from phk@critter.freebsd.dk on Thu, Apr 06, 2000 at 11:39:03AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Apr 06, 2000 at 11:39:03AM +0200, Poul-Henning Kamp wrote: > In message <20000405180833.A15912@dragon.nuxi.com>, "David O'Brien" writes: > > >Access to ftp.internat.freebsd.org from the USA (and presumably > >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > >server that could officially mirror the crypto bits from > >ftp.internat.freebsd.org? > > I may be able to arrange a server here in Denmark with a 10-20 Mbit > upstream. If the amount of data is not huge, we can put it on ftp.dk.FreeBSD.org ... /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 6:10:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.targetnet.com (mail.targetnet.com [207.245.246.3]) by hub.freebsd.org (Postfix) with ESMTP id 95F7F37B9F0 for ; Thu, 6 Apr 2000 06:10:36 -0700 (PDT) (envelope-from james@targetnet.com) Received: from james by mail.targetnet.com with local (Exim 3.02 #1) id 12dC3H-000J43-00; Thu, 06 Apr 2000 09:10:27 -0400 Date: Thu, 6 Apr 2000 09:10:27 -0400 From: James FitzGibbon To: goten@linux.sduteam.com Cc: security@freebsd.org Subject: Re: Queston on secure syslogd Message-ID: <20000406091026.B34667@targetnet.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre1i In-Reply-To: Organization: Targetnet.com Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * goten@linux.sduteam.com (goten@linux.sduteam.com) [000405 13:40]: > Ok, I am just wondering if there is any secure alternative for syslogd. > Since I want to send the log file via TCP/IP over the Internet, using > @1.2.3.4 in syslogd.conf is not secure enough if that IP is not on the > LAN. Look at syslog-ng: http://www.balabit.hu/products/syslog-ng/index.html It offers forwarding of logs over TCP/IP instead of UDP/IP, as well as hashing and compression of the stream. -- j. James FitzGibbon james@targetnet.com Targetnet.com Inc. Voice/Fax +1 416 306-0466/0452 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 8: 1:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 4762337B714 for ; Thu, 6 Apr 2000 08:01:27 -0700 (PDT) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id BAA20192; Fri, 7 Apr 2000 01:01:55 +1000 (EST) From: Darren Reed Message-Id: <200004061501.BAA20192@cairo.anu.edu.au> Subject: Re: Queston on secure syslogd In-Reply-To: <20000406091026.B34667@targetnet.com> from James FitzGibbon at "Apr 6, 0 09:10:27 am" To: james@targetnet.com (James FitzGibbon) Date: Fri, 7 Apr 2000 01:01:55 +1000 (EST) Cc: goten@linux.sduteam.com, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL39 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from James FitzGibbon, sie said: > * goten@linux.sduteam.com (goten@linux.sduteam.com) [000405 13:40]: > > > Ok, I am just wondering if there is any secure alternative for syslogd. > > Since I want to send the log file via TCP/IP over the Internet, using > > @1.2.3.4 in syslogd.conf is not secure enough if that IP is not on the > > LAN. > > Look at syslog-ng: > > http://www.balabit.hu/products/syslog-ng/index.html > > It offers forwarding of logs over TCP/IP instead of UDP/IP, as well as > hashing and compression of the stream. or if you want one which uses ssl, http://coombs.anu.edu.au/~avalon/nsyslogd.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 8:24:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 9A5DE37C024; Thu, 6 Apr 2000 08:24:35 -0700 (PDT) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id PAA19924; Thu, 6 Apr 2000 15:22:53 GMT Message-ID: <38ECABCC.30ED2879@algroup.co.uk> Date: Thu, 06 Apr 2000 16:22:52 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: obrien@NUXI.ucdavis.edu Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror References: <20000405180833.A15912@dragon.nuxi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David O'Brien wrote: > > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? Tell me the exact tree you want mirrored and I'll make put it on: ftp://opensores.thebunker.net/ and http://opensores.thebunker.net/ cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 9: 2:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from peace.mahoroba.org (peace.calm.imasy.or.jp [202.227.26.34]) by hub.freebsd.org (Postfix) with ESMTP id 0EA5637BCEB; Thu, 6 Apr 2000 09:02:18 -0700 (PDT) (envelope-from ume@mahoroba.org) Received: from localhost (IDENT:Zb1ghnyWFMEVDnBfQmd+vr4CqtYdQS5R8zSMEN/5VT8CKA0wkgQFYQZJPTy9z9KX@localhost [::1]) by peace.mahoroba.org (8.10.0/3.7W-peace) with ESMTP id e36Fxs539303; Fri, 7 Apr 2000 00:59:54 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Fri, 7 Apr 2000 00:59:54 +0900 (JST) Message-Id: <200004061559.e36Fxs539303@peace.mahoroba.org> To: obrien@NUXI.ucdavis.edu Cc: hackers@freebsd.org, security@freebsd.org Cc: ume@mahoroba.org Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000405180833.A15912@dragon.nuxi.com> References: <20000405180833.A15912@dragon.nuxi.com> X-Mailer: xcite1.20> Mew version 1.94.2 on Emacs 20.6 / Mule 4.0 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?= X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91 05 D0 B3 EF 36 9B 6A BC X-URL: http://www.imasy.org/~ume/ X-OS: FreeBSD 5.0-CURRENT Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Hajimu UMEMOTO (=?ISO-2022-JP?B?GyRCR19LXBsoQiA=?= =?ISO-2022-JP?B?GyRCSCUbKEI=?=) X-Dispatcher: imput version 20000228(IM140) Lines: 14 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> On Wed, 5 Apr 2000 18:08:33 -0700 >>>>> "David O'Brien" said: obrien> Access to ftp.internat.freebsd.org from the USA (and presumably obrien> elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP obrien> server that could officially mirror the crypto bits from obrien> ftp.internat.freebsd.org? daemon.jp.freebsd.org has. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 9:52:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 4607737B518 for ; Thu, 6 Apr 2000 09:52:44 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.10.0/8.10.0) with ESMTP id e36GqgZ11629 for ; Thu, 6 Apr 2000 18:52:42 +0200 (MET DST) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) by mail1.siemens.de (8.10.0/8.10.0) with ESMTP id e36GqgB20099 for ; Thu, 6 Apr 2000 18:52:42 +0200 (MET DST) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.9.3/8.9.3) id SAA71248 for ; Thu, 6 Apr 2000 18:52:41 +0200 (CEST) Date: Thu, 6 Apr 2000 18:52:40 +0200 From: Andre Albsmeier To: "David O'Brien" Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406185240.A24261@internal> References: <20000405180833.A15912@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000405180833.A15912@dragon.nuxi.com>; from obrien@NUXI.ucdavis.edu on Wed, Apr 05, 2000 at 06:08:33PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 05-Apr-2000 at 18:08:33 -0700, David O'Brien wrote: > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? Try ftp://ftp.uni-trier.de/pub/unix/systems/BSD/FreeBSD/development/CTM-international -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 9:53:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc2.pa.home.com (ha1.rdc2.pa.home.com [24.12.106.194]) by hub.freebsd.org (Postfix) with ESMTP id AAAAB37B881; Thu, 6 Apr 2000 09:53:20 -0700 (PDT) (envelope-from jgowdy@home.com) Received: from cx443070a ([24.4.93.90]) by mail.rdc2.pa.home.com (InterMail vM.4.01.02.00 201-229-116) with SMTP id <20000406165319.WXYY24433.mail.rdc2.pa.home.com@cx443070a>; Thu, 6 Apr 2000 09:53:19 -0700 Message-ID: <000701bf9fea$00507620$0100000a@vista1.sdca.home.com> From: "Jeremiah Gowdy" To: , )> Cc: , , References: <20000405180833.A15912@dragon.nuxi.com> <200004061559.e36Fxs539303@peace.mahoroba.org> Subject: Re: desire for ftp.internat.freebsd.org mirror Date: Thu, 6 Apr 2000 10:03:15 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Access to ftp.internat.freebsd.org from the USA (and presumably >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP heh lol. I wouldn't think it could be that serious. :) Shall we lead a holy Jihad against it ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 10:40: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 9705D37BBD4; Thu, 6 Apr 2000 10:39:49 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (Foolstrustidentd@obie.softweyr.com [204.68.178.33]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id LAA21032; Thu, 6 Apr 2000 11:39:35 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <38ECCBED.F5409DF3@softweyr.com> Date: Thu, 06 Apr 2000 11:39:57 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: obrien@NUXI.ucdavis.edu Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror References: <20000405180833.A15912@dragon.nuxi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David O'Brien wrote: > > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? For a mere $100,000 per year I could anchor a boat 3 miles outside the golden gate and get a wireless T-1 service. Anybody got some change? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12: 6: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id B74C137B9E0; Thu, 6 Apr 2000 12:05:55 -0700 (PDT) (envelope-from obrien@NUXI.ucdavis.edu) Received: from dragon.nuxi.com (root@14-078.006.popsite.net [216.126.137.78]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id MAA29168; Thu, 6 Apr 2000 12:05:50 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id MAA86952; Thu, 6 Apr 2000 12:05:48 -0700 (PDT) (envelope-from obrien) Date: Thu, 6 Apr 2000 12:05:48 -0700 From: "David O'Brien" To: Jesper Skriver Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406120548.B81460@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20000405180833.A15912@dragon.nuxi.com> <791.955013943@critter.freebsd.dk> <20000406141615.H80268@skriver.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000406141615.H80268@skriver.dk>; from jesper@skriver.dk on Thu, Apr 06, 2000 at 02:16:15PM +0200 X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Apr 06, 2000 at 02:16:15PM +0200, Jesper Skriver wrote: > > >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > > >server that could officially mirror the crypto bits from > > >ftp.internat.freebsd.org? > > If the amount of data is not huge, we can put it on ftp.dk.FreeBSD.org I have no idea how big the collection is -- I could just finally login, but an ``ls'' timed out. -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12:23:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1CBCE37B995; Thu, 6 Apr 2000 12:23:22 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA76302; Thu, 6 Apr 2000 12:23:22 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 6 Apr 2000 12:23:21 -0700 (PDT) From: Kris Kennaway To: "David O'Brien" Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000405180833.A15912@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 5 Apr 2000, David O'Brien wrote: > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? There are already international mirrors which mirror the crypto, I think (e.g. I know there's one in japan). We need to deginate them as ftpN.internat.freebsd.org or similar. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12:30:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id 579C337B5F8; Thu, 6 Apr 2000 12:30:10 -0700 (PDT) (envelope-from obrien@NUXI.ucdavis.edu) Received: from dragon.nuxi.com (root@14-078.006.popsite.net [216.126.137.78]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id MAA29327; Thu, 6 Apr 2000 12:30:06 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id MAA20023; Thu, 6 Apr 2000 12:30:05 -0700 (PDT) (envelope-from obrien) Date: Thu, 6 Apr 2000 12:30:04 -0700 From: "David O'Brien" To: Kris Kennaway Cc: hackers@FreeBSD.org, security@FreeBSD.org Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406123004.A13677@dragon.nuxi.com> Reply-To: obrien@NUXI.ucdavis.edu References: <20000405180833.A15912@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from kris@FreeBSD.org on Thu, Apr 06, 2000 at 12:23:21PM -0700 X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Apr 06, 2000 at 12:23:21PM -0700, Kris Kennaway wrote: > There are already international mirrors which mirror the crypto, I think > (e.g. I know there's one in japan). We need to deginate them as > ftpN.internat.freebsd.org or similar. Can someone that knows what they are get a list of them together so we can ship it off to DG to create the DNS entries? -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12:43:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 1471237B7C6 for ; Thu, 6 Apr 2000 12:43:32 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 49653 invoked by uid 1000); 6 Apr 2000 19:43:20 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Apr 2000 19:43:20 -0000 Date: Thu, 6 Apr 2000 15:43:18 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Kris Kennaway Cc: David O'Brien , hackers@freebsd.org, security@freebsd.org Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Could anyone clue me in as to what kind of resources mirroring the int. crypto would take? I'd be more than willing to setup a Canadian mirror, I'm on T1 to UUnet Canada here in Montreal. Thanks, Matt On Thu, 6 Apr 2000, Kris Kennaway wrote: : Date: Thu, 6 Apr 2000 15:23:21 -0400 : From: Kris Kennaway : To: David O'Brien : Cc: hackers@freebsd.org, security@freebsd.org : Subject: Re: desire for ftp.internat.freebsd.org mirror : : On Wed, 5 Apr 2000, David O'Brien wrote: : : > Access to ftp.internat.freebsd.org from the USA (and presumably : > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP : > server that could officially mirror the crypto bits from : > ftp.internat.freebsd.org? : : There are already international mirrors which mirror the crypto, I think : (e.g. I know there's one in japan). We need to deginate them as : ftpN.internat.freebsd.org or similar. : : Kris : : ---- : In God we Trust -- all others must submit an X.509 certificate. : -- Charles Forsythe : : : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message : Matt Heckaman matt@arpa.mail.net http://www.lucida.qc.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE47OjYdMMtMcA1U5ARAoTQAKDfd9wcJd8MY4TZZl7miOS1lj8lAgCfbWir 8q2lNQBUsRbmitavcTwWX5o= =XgMO -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12:47:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id CAF4D37BA81; Thu, 6 Apr 2000 12:47:16 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA79349; Thu, 6 Apr 2000 12:47:16 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 6 Apr 2000 12:47:16 -0700 (PDT) From: Kris Kennaway To: "David O'Brien" Cc: hackers@FreeBSD.org, security@FreeBSD.org Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000406123004.A13677@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 6 Apr 2000, David O'Brien wrote: > On Thu, Apr 06, 2000 at 12:23:21PM -0700, Kris Kennaway wrote: > > There are already international mirrors which mirror the crypto, I think > > (e.g. I know there's one in japan). We need to deginate them as > > ftpN.internat.freebsd.org or similar. > > Can someone that knows what they are get a list of them together so we > can ship it off to DG to create the DNS entries? I don't think that anyone knows them all..but quite a few have already been reported. I guess the thing to do is to make sure they have the same directory structure as internat though, so people can simply substitute e.g. ftp2.internat.freebsd.org for something which tries to fetch(1) from internat. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 12:52:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.du.gtn.com (mail.du.gtn.com [194.77.9.57]) by hub.freebsd.org (Postfix) with ESMTP id 8DBF737B993; Thu, 6 Apr 2000 12:52:36 -0700 (PDT) (envelope-from ticso@cicely8.cicely.de) Received: from mail.cicely.de (cicely.de [194.231.9.142]) by mail.du.gtn.com (8.9.3/8.9.3) with ESMTP id VAA05537; Thu, 6 Apr 2000 21:51:03 +0200 (MET DST) Received: from cicely8.cicely.de (cicely8.cicely.de [10.1.2.10]) by mail.cicely.de (8.9.3/8.9.0) with ESMTP id VAA45932; Thu, 6 Apr 2000 21:52:10 +0200 (CEST) Received: (from ticso@localhost) by cicely8.cicely.de (8.9.3/8.9.2) id VAA31235; Thu, 6 Apr 2000 21:53:19 +0200 (CEST) (envelope-from ticso) Date: Thu, 6 Apr 2000 21:53:18 +0200 From: Bernd Walter To: "David O'Brien" Cc: Jesper Skriver , hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406215318.A31205@cicely8.cicely.de> References: <20000405180833.A15912@dragon.nuxi.com> <791.955013943@critter.freebsd.dk> <20000406141615.H80268@skriver.dk> <20000406120548.B81460@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000406120548.B81460@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Apr 06, 2000 at 12:05:48PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Apr 06, 2000 at 12:05:48PM -0700, David O'Brien wrote: > On Thu, Apr 06, 2000 at 02:16:15PM +0200, Jesper Skriver wrote: > > > >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > > > >server that could officially mirror the crypto bits from > > > >ftp.internat.freebsd.org? > > > > If the amount of data is not huge, we can put it on ftp.dk.FreeBSD.org > > I have no idea how big the collection is -- I could just finally login, > but an ``ls'' timed out. I found out that not using passive mode works. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 13:48:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [169.237.7.38]) by hub.freebsd.org (Postfix) with ESMTP id 6F94237B79C; Thu, 6 Apr 2000 13:48:18 -0700 (PDT) (envelope-from obrien@NUXI.ucdavis.edu) Received: from dragon.nuxi.com (root@14-078.006.popsite.net [216.126.137.78]) by relay.nuxi.com (8.9.3/8.9.3) with ESMTP id NAA29922; Thu, 6 Apr 2000 13:48:14 -0700 (PDT) (envelope-from obrien@dragon.nuxi.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id NAA24761; Thu, 6 Apr 2000 13:48:13 -0700 (PDT) (envelope-from obrien) Date: Thu, 6 Apr 2000 13:48:12 -0700 From: "David O'Brien" To: Kris Kennaway Cc: hackers@FreeBSD.org, security@FreeBSD.org Subject: Re: desire for ftp.internat.freebsd.org mirror Message-ID: <20000406134812.J13677@dragon.nuxi.com> Reply-To: obrien@NUXI.ucdavis.edu References: <20000406123004.A13677@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from kris@FreeBSD.org on Thu, Apr 06, 2000 at 12:47:16PM -0700 X-Operating-System: FreeBSD 4.0-CURRENT Organization: The NUXI BSD group X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Apr 06, 2000 at 12:47:16PM -0700, Kris Kennaway wrote: > I guess the thing to do is to make sure they have the same directory > structure as internat though, so people can simply substitute e.g. > ftp2.internat.freebsd.org for something which tries to fetch(1) from > internat. Can someone that can actually get into ftp.internat.freebsd.org compare them? -- -- David (obrien@NUXI.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 15: 1: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1968E37B8A9; Thu, 6 Apr 2000 15:00:54 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA02946; Thu, 6 Apr 2000 16:00:52 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA93925; Thu, 6 Apr 2000 15:59:58 -0600 (MDT) Message-Id: <200004062159.PAA93925@harmony.village.org> To: Wes Peters Subject: Re: desire for ftp.internat.freebsd.org mirror Cc: obrien@NUXI.ucdavis.edu, hackers@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Thu, 06 Apr 2000 11:39:57 MDT." <38ECCBED.F5409DF3@softweyr.com> References: <38ECCBED.F5409DF3@softweyr.com> <20000405180833.A15912@dragon.nuxi.com> Date: Thu, 06 Apr 2000 15:59:58 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <38ECCBED.F5409DF3@softweyr.com> Wes Peters writes: : For a mere $100,000 per year I could anchor a boat 3 miles outside the : golden gate and get a wireless T-1 service. Anybody got some change? If you could find a location that this would be legal from, I'd be game to help :-) Wanrer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 6 23: 4:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from rucus.ru.ac.za (rucus.ru.ac.za [146.231.29.2]) by hub.freebsd.org (Postfix) with SMTP id 3A8E637C210 for ; Thu, 6 Apr 2000 23:04:34 -0700 (PDT) (envelope-from geoff@rucus.ru.ac.za) Received: (qmail 13112 invoked by uid 268); 7 Apr 2000 05:57:45 -0000 Message-ID: <20000407055745.13111.qmail@rucus.ru.ac.za> Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000405180833.A15912@dragon.nuxi.com> from "David O'Brien" at "Apr 5, 2000 06:08:33 pm" To: obrien@NUXI.ucdavis.edu Date: Fri, 7 Apr 2000 07:57:45 +0200 (SAST) Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Reply-To: "Geoff Rehmet" From: "Geoff Rehmet" X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David O'Brien writes : > Access to ftp.internat.freebsd.org from the USA (and presumably > elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > server that could officially mirror the crypto bits from > ftp.internat.freebsd.org? > Part of the reason for the poor access is that we are suffering from late delivery of circuits on the part of AT&T (some of the circuits have been outstanding since 15 November). - The site is located on one of our customers' premises. Of course, latency across satellite circuits also does not help. A further problem is apparent congestion on the customer's access crcuit to us - they really seem to be nailing their Internet access. (I'm seeing 600ms ping times across the access circuit.) Thus, a small modicum of improvement may be achieved if we were to mirror the site on ftp.is.co.za. This should be possible when we upgrade our ftp server (sometime this month). I can check with the administrator of our ftp site, whether he will be able to do the mirror. Only problem is that the directory structures will need to differ, as we are already ftp4.za.freebsd.org. For anyone from across the pond trying to access the site, your best mileage will probably be between 1900 and 0600 GMT, when most of our clients are asleep. Ciao, Geoff. -- Geoff Rehmet, The Internet Solution geoffr@is.co.za; geoff@rucus.ru.ac.za; csgr@freebsd.org tel: +27-83-292-5800 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 7 2:52: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id 3CE0F37B65A; Fri, 7 Apr 2000 02:50:09 -0700 (PDT) (envelope-from jhay@zibbi.mikom.csir.co.za) Received: (from jhay@localhost) by zibbi.mikom.csir.co.za (8.9.3/8.9.3) id LAA54684; Fri, 7 Apr 2000 11:44:42 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200004070944.LAA54684@zibbi.mikom.csir.co.za> Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000406215318.A31205@cicely8.cicely.de> from Bernd Walter at "Apr 6, 2000 09:53:18 pm" To: ticso@cicely.de (Bernd Walter) Date: Fri, 7 Apr 2000 11:44:42 +0200 (SAT) Cc: obrien@FreeBSD.ORG (David O'Brien), jesper@skriver.dk (Jesper Skriver), hackers@FreeBSD.ORG, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Thu, Apr 06, 2000 at 12:05:48PM -0700, David O'Brien wrote: > > On Thu, Apr 06, 2000 at 02:16:15PM +0200, Jesper Skriver wrote: > > > > >elsewhere) is an abomination. Isn't there *anyone* with an permanate FTP > > > > >server that could officially mirror the crypto bits from > > > > >ftp.internat.freebsd.org? > > > > > > If the amount of data is not huge, we can put it on ftp.dk.FreeBSD.org > > > > I have no idea how big the collection is -- I could just finally login, > > but an ``ls'' timed out. > > I found out that not using passive mode works. Oops, that was my fault. Somewhere in all the wu-ftpd upgrades the ports that the CSIR firewall allowed and what wu-ftpd tried to use for passive ftp got out of sync. Should be fixed now. At the moment our (the CSIR's) internet link is VERY saturated during working hours (we are in SA so GMT+2). If you can try after hours, you should have better luck. The people responsible for our network are playing with a PacketShaper from Packeteer to see if that will help, but at the moment it seems that ftp response is worse than ever. I'm trying to work with them to see if we can get it better. BTW. Wes Peters' idea of a boat is way cheaper than what we pay for our 1Mbit/s link here. :-) John -- John Hay -- John.Hay@mikom.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 7 15:36:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.securify.com (relay.securify.com [207.5.63.61]) by hub.freebsd.org (Postfix) with SMTP id E214337B5F1 for ; Fri, 7 Apr 2000 15:36:19 -0700 (PDT) (envelope-from adam@securify.com) Received: by relay.securify.com; id PAA09543; Fri, 7 Apr 2000 15:38:34 -0700 Received: from unknown(10.5.63.6) by relay.securify.com via smap (V5.5) id xma009531; Fri, 7 Apr 00 15:38:05 -0700 Received: from cerberus (dude.securify.com [10.5.63.6]) by dude.securify.com (8.9.3/8.9.3) with SMTP id PAA31303 for ; Fri, 7 Apr 2000 15:38:04 -0700 (PDT) (envelope-from adam@securify.com) Reply-To: From: "Adam Kaufman" To: Subject: ipsec on freebsd Date: Fri, 7 Apr 2000 15:36:42 -0700 Message-ID: <000901bfa0e1$c024b4a0$1f3f050a@cerberus> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We are trying to get a peer to peer connection between two FreeBSD machines. Both hosts are on the same network. We have received the following error messages: IPv4 ESP input: no key association found for spi 5441:dropping the packet for simplicity Any help with this would be greatly appreciated. Below are the setkey.conf files for both machines. >>>> setkey.conf for 10.5.63.100 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P out ipsec esp/transport//use; >>>> setkey.conf for 10.5.63.81 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P out ipsec esp/transport//use -- Adam Kaufman Securify, A Kroll-O'Gara Company Office: [650] 812-9400 x 4148 Mobile: [650] 814-5948 PGP Fingerprint: 57F4 C284 9BE3 188D 87C4 0240 37B7 554B 7AFC 06C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 8 11: 8:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from juice.shallow.net (node16229.a2000.nl [24.132.98.41]) by hub.freebsd.org (Postfix) with ESMTP id AA95237BB70; Sat, 8 Apr 2000 11:08:18 -0700 (PDT) (envelope-from joshua@roughtrade.net) Received: from localhost (joshua@localhost) by juice.shallow.net (8.9.3/8.9.3) with ESMTP id UAA18275; Sat, 8 Apr 2000 20:08:16 +0200 (CEST) (envelope-from joshua@roughtrade.net) Date: Sat, 8 Apr 2000 20:08:15 +0200 (CEST) From: Joshua Goodall X-Sender: joshua@juice.shallow.net To: "David O'Brien" Cc: Kris Kennaway , hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: desire for ftp.internat.freebsd.org mirror In-Reply-To: <20000406134812.J13677@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I can't get there. Latency & packetloss too high from my cable modem in NL. Amusingly the route goes through the US :) - J On Thu, 6 Apr 2000, David O'Brien wrote: > On Thu, Apr 06, 2000 at 12:47:16PM -0700, Kris Kennaway wrote: > > I guess the thing to do is to make sure they have the same directory > > structure as internat though, so people can simply substitute e.g. > > ftp2.internat.freebsd.org for something which tries to fetch(1) from > > internat. > > Can someone that can actually get into ftp.internat.freebsd.org compare > them? > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message