From owner-freebsd-security Sun Oct 15 2:59:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 05E8037B66D for ; Sun, 15 Oct 2000 02:59:35 -0700 (PDT) Received: (qmail 3348 invoked by uid 0); 15 Oct 2000 09:59:33 -0000 Received: from p3ee2165d.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.93) by mail.gmx.net with SMTP; 15 Oct 2000 09:59:33 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id JAA31025 for freebsd-security@freebsd.org; Sun, 15 Oct 2000 09:23:31 +0200 Date: Sun, 15 Oct 2000 09:23:31 +0200 From: Gerhard Sittig To: freebsd-security@freebsd.org Subject: Re: FreeBSD 4.x Bug with ICMP Error Messages (fwd) Message-ID: <20001015092331.W25237@speedy.gsinet> Mail-Followup-To: freebsd-security@freebsd.org References: <200010142316.KAA05381@cairo.anu.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200010142316.KAA05381@cairo.anu.edu.au>; from avalon@coombs.anu.edu.au on Sun, Oct 15, 2000 at 10:16:09AM +1100 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 15, 2000 at 10:16 +1100, Darren Reed wrote: > Forwarded message: > > From: "Ofir Arkin" > > To: "Nmap-Hackers" > > Subject: FreeBSD 4.x Bug with ICMP Error Messages > > Date: Sat, 14 Oct 2000 23:09:51 +0200 > > Message-ID: > > > > [ ... ] > > > > A udp datagram sent to a closed udp port (port 0, can be any > > port). The original udp datagram used e655 hex as its IP > > Identification field value. The echoed IP Header inside the > > ICMP Error message states that this value was 55e6 (with the > > offending datagram). > > > > FreeBSD 4.x simply flips between the first 8bits to the > > second 8 bits. There's something missing: which platform does it happen on? I assume it's an i386 machine (or something else little endian). This sounds very much like a missing hton() when setting up the response. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 15 4:40:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from news.IAEhv.nl (news.IAE.nl [194.151.64.4]) by hub.freebsd.org (Postfix) with ESMTP id D85C937B502 for ; Sun, 15 Oct 2000 04:40:22 -0700 (PDT) Received: (from uucp@localhost) by news.IAEhv.nl (8.9.1/8.9.1) with IAEhv.nl id NAA07558; Sun, 15 Oct 2000 13:40:15 +0200 (MET DST) Received: from avalon.oasis.IAEhv.nl (avalon.oasis.IAEhv.nl [192.168.1.3]) by drawbridge.oasis.IAEhv.nl (Postfix) with ESMTP id 416343EB0; Sun, 15 Oct 2000 13:37:25 +0200 (CEST) Received: by avalon.oasis.IAEhv.nl (Postfix, from userid 226) id C0E201B; Sun, 15 Oct 2000 13:37:21 +0200 (CEST) Subject: Re: FreeBSD 4.x Bug with ICMP Error Messages (fwd) In-Reply-To: <200010142316.KAA05381@cairo.anu.edu.au> "from Darren Reed at Oct 15, 2000 10:16:09 am" To: Darren Reed Date: Sun, 15 Oct 2000 13:37:21 +0200 (CEST) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001015113721.C0E201B@avalon.oasis.IAEhv.nl> From: volf@oasis.IAEhv.nl (Frank Volf) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While I was working on IP Filter I came across the same problem. I entered a PR and the problem was fixed within a week by Ruslan Ermilov. The patch is in both CURRENT and 4-STABLE. I don't have the CVS rev. number at hand, but cvs log in sys/netinet is your friend. You may also have a look at PR 16240 and PR 20877. Frank Darren Reed wrote: > Forwarded message: > > From nmap-hackers-return-877-avalon=cheops.anu.edu.au@insecure.org Sun Oct 15 09:43 EST 2000 > > Mailing-List: contact nmap-hackers-help@insecure.org; run by ezmlm > > Precedence: bulk > > Delivered-To: mailing list nmap-hackers@insecure.org > > Delivered-To: moderator for nmap-hackers@insecure.org > > From: "Ofir Arkin" > > To: "Nmap-Hackers" > > Subject: FreeBSD 4.x Bug with ICMP Error Messages > > Date: Sat, 14 Oct 2000 23:09:51 +0200 > > Message-ID: > > MIME-Version: 1.0 > > Content-Transfer-Encoding: 7bit > > X-Priority: 3 (Normal) > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > > Importance: Normal > > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 > > Content-Type: text/plain; > > charset="windows-1255" > > Content-Length: 1594 > > > > It is long known that FreeBSD uses a wrong IP Identification number > > with its ICMP Error Messages. This fact was discovered by Fyodor > > long ago. > > > > I wish to identify were the problem is. > > > > The next example is with FreeBSD 4.1: > > > > 00:52:19.055758 ppp0 > x.x.x.x.1393 > y.y.y.y.0: udp 0 [tos 0x8] > > (ttl 64, id 58965) > > 4508 001c e655 0000 4011 3f63 xxxx xxxx > > yyyy yyyy 0571 0000 0008 a55c > > > > 00:52:19.464548 ppp0 < y.y.y.y > x.x.x.x: icmp: y.y.y.y udp port 0 > > unreachable Offending pkt: x.x.x.x.1393 > y.y.y.y.0: udp 0 [tos 0x8] > > (ttl 47, id 21990, bad cksum 5063!) (ttl 238, id 27639) > > 4500 0038 6bf7 0000 ee01 0bbd yyyy yyyy > > xxxx xxxx 0303 87f3 0000 0000 4508 001c > > 55e6 0000 2f11 5063 xxxx xxxx yyyy yyyy > > 0571 0000 0008 0000 > > > > A udp datagram sent to a closed udp port (port 0, can be any port). > > The original udp datagram used e655 hex as its IP Identification > > field value. The echoed IP Header inside the ICMP Error message > > states that this value was 55e6 (with the offending datagram). > > > > FreeBSD 4.x simply flips between the first 8bits to the second 8 > > bits. > > > > This info was sent to bugtraq, > > and submitted to FreeBSD GNATS bug system. > > > > > > Ofir Arkin [ofir@itcon-ltd.com] > > Senior Security Analyst > > Chief of Grey Hats > > ITcon, Israel. > > http://www.itcon-ltd.com > > > > Personal Web page: http://www.sys-security.com > > > > "Opinions expressed do not necessarily > > represent the views of my employer." > > > > > > -------------------------------------------------- > > For help using this (nmap-hackers) mailing list, send a blank email to > > nmap-hackers-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org). > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 4:11:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id C191637B503 for ; Mon, 16 Oct 2000 04:11:11 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id LAA03122 for ; Mon, 16 Oct 2000 11:11:04 GMT Message-ID: <39EAE245.F713FF93@algroup.co.uk> Date: Mon, 16 Oct 2000 12:11:01 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: Dynamic rc.firewall References: <20001014182803.R25237@speedy.gsinet> <200010141726.EAA05477@cairo.anu.edu.au> <20001014215856.S25237@speedy.gsinet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gerhard Sittig wrote: > > On Sun, Oct 15, 2000 at 04:26 +1100, Darren Reed wrote: > > > > In some mail from Gerhard Sittig, sie said: > > > > > > Speaking of this: I just filed a PR with the "preprocessor > > > for ipfilter rules" subject teaching ipfilter how to invoke a > > > preprocessor. I would welcome comments and improvements on > > > this. > > > > PR# ? > > It wasn't available when I wrote the above. The "announcement" > and the initial gnats-submit message went out at the same time. > That's why I cited the subject, there's a query frontend at the > search subsection of FreeBSD's website. > > And you will definitely learn about it. The PR will be assigned > to you. :) To forwarn you, it's bin/21989. The confirmation > just dropped in. And because I don't know about gnats turnaround > times, I will forward a copy to you via PM. Feel free to > incorporate it into the "regular" ipfilter package. And feel > free to announce flc as the most probably used $PP. :> > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net > -- > If you don't understand or are scared by any of the above > ask your parents or an adult to help you. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Any danger of fixing the gaping port 53/123 security holes in the default rc.firewall script during this current frenzy? Or does this need to go to bugtraq to get your attention...? :) cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 4:14:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from server.osny.com.br (osny.com.br [200.215.110.57]) by hub.freebsd.org (Postfix) with ESMTP id B649537B66E for ; Mon, 16 Oct 2000 04:14:15 -0700 (PDT) Received: from osny.com.br ([172.20.185.22]) by server.osny.com.br (8.10.1/8.10.1) with ESMTP id e9GBFkc06528 for ; Mon, 16 Oct 2000 09:15:46 -0200 (EDT) Message-ID: <39EAC883.DF9FA890@osny.com.br> Date: Mon, 16 Oct 2000 09:21:07 +0000 From: Michelangelo Pisa Organization: Agencia Maritima Osny X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Local Procmail Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can somebody help, I set up the procmail to user it how my mail local software in the sendmail I put this configuration and the sendmail initialized, everything ok, but when I send a e-mail the receiver don't receive the mensage and It don't return with error: Where's it See: Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40, A=procmail -Y -a $h -d $u If I to execute: # procmail "user" Shown this message: ELF interpreter /usr/libeexec/ld-elf.so.1 not found Abort trap In the directory don't has the file , how I install it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 14:14:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 457F037B502 for ; Mon, 16 Oct 2000 14:14:32 -0700 (PDT) Received: from 98wkst ([10.10.1.71]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id RAA10715 for ; Mon, 16 Oct 2000 17:18:34 -0400 Reply-To: From: "Peter Brezny" To: Subject: ipfw startup Date: Mon, 16 Oct 2000 17:14:39 -0400 Message-ID: <001601c037b6$189ea6c0$47010a0a@fire.sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm having difficulty getting ipfw to look at my ruleset on a 4.1-release box. i've compiled in the options needed to the kernel but when the box starts up i get IP packet filtering initialized...rule-based forwarding disabled, default to deny... and of course everything is denied except the loop back device. I've been unable to find any basic get-you-started type info. I'm new to ipfw and just want to use the default rc.firewall for now. I've read the entire security chapter as well as the article on dialup firewall configuration. pointers to any helpful how to info or advice is greatly appreciated. Peter Brezny SysAdmin Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 15:41: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id E934B37B66D for ; Mon, 16 Oct 2000 15:40:53 -0700 (PDT) Received: (qmail 11358 invoked from network); 16 Oct 2000 22:40:44 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 16 Oct 2000 22:40:44 -0000 Message-ID: <39EB867A.E3A2430B@eSec.com.au> Date: Tue, 17 Oct 2000 09:51:38 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@freebsd.org Subject: New encription algo AES References: <001601c037b6$189ea6c0$47010a0a@fire.sysadmininc.com> Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does anyone know anything about AES? Sam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 16: 3:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from slash.ab.videon.ca (slash.ab.videon.ca [206.75.216.210]) by hub.freebsd.org (Postfix) with ESMTP id 1195A37B66D for ; Mon, 16 Oct 2000 16:03:05 -0700 (PDT) Received: from rolf-e-laptop.meccamediagroup.com (firewall.meccamediagroup.com [24.108.76.66]) by slash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id RAA01980 for ; Mon, 16 Oct 2000 17:03:04 -0600 (MDT) Message-Id: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> X-Sender: redwards/firewall.meccamediagroup.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 16 Oct 2000 17:03:09 -0600 To: freebsd-security@FreeBSD.ORG From: Rolf Edwards Subject: Multiple Web/SSL behind firewall Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box running ipfw and natd. The web servers are running both web and SSL connections. I was thinking of using squid and a dns hack to have it proxy the connections. I can't seem to find out if I can also have it listen to the SSL port for those connections. I am assuming that for generic web traffic, I can use the accelerator to recieve multiple domain requests, and have a local dns entry so that they are passed to a natd ip. How would I handle multiple SSL, as a natd static port map would only allow for one SSL host unless SSL is run on multiple ports, one for each machine. What should I do to handle this situation. The web server will have a non-routeable ip, so acting as a gateway won't quite work. Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 16:26:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (mail.dobox.com [208.187.122.44]) by hub.freebsd.org (Postfix) with ESMTP id 3B9CF37B502 for ; Mon, 16 Oct 2000 16:26:43 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13ktA4-0000OX-00; Sun, 15 Oct 2000 13:09:32 -0600 Message-ID: <39EA00EC.3EEE088D@softweyr.com> Date: Sun, 15 Oct 2000 13:09:32 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Rolf Edwards Cc: freebsd-security@FreeBSD.ORG Subject: Re: Dynamic rc.firewall References: <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rolf Edwards wrote: > > How can I have rc.firewall automatically pull in ip, netmask and network > numbers from the currently configured interfaces. > > Lets say I was to supply 'xl0' and have it extract the information from > ifconfig. I started a perl program, but I don't have enough documentation > available at the moment to actually extract the data from what is returned. > > Has anyone tried this? I would assume that if one was using DHCP, they > would want this type of feature? I have just recently done this for ipfilter and ipnat, for static, dhcp, or pppoe network configurations. Here's what you do: Rename the configuration files that have to be edited to {config}.in. Write a (sed?) script that will edit each of these into the proper {config} file, given shell variables that define what the various settings are. This script should source a dynamically-created file that contains the network settings. When the network configuration changes -- including startup -- call the script you wrote above. In our case, we use ipfilter and ipnat rules like: block in on @EXTERN_INTERFACE@ from @INTERN_NETWORK@/@INTERN_CIDR@ to any We have two separate files, one for the internal and one for the external interface, that look like: /etc/extern.config: extern_interface=dc0 extern_ipaddress=122.222.122.12 extern_network=122.222.122.0 extern_netmask=255.255.255.0 extern_cidr=24 (We use a few simple little utility programs like networkof and mask2cidr to generate some of these settings from ones we have, ipaddress and netmask.) Our /etc/configure.network script edits all of the {config}.in files to their corresponding {config} files and re-starts any related network daemons, reloads the ipfilter and ipnat rules, etc. For DHCP, the dhclient-exit-hooks script creates the extern.config file and then runs the configure.network script. For ppp, this happens in the ppp linkup script (we use user-mode ppp to get pppoe support). Configurations you may want to look at include: firewall/nat named - switch to forward-first mode if you get an upstream DNS server time services - sync clock to external time source. We use chrony for this, as it can switch back and forth between using an external time source and running standalone, and is simple to configure. The hard part comes in making this configuration so you can switch back and forth between different configuration types - static, dhcp, pppoe - without breaking anything. Oh, and driving it all from a web interface, that takes a bit of doing also. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 16:44:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id AF2E037B66C for ; Mon, 16 Oct 2000 16:44:24 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id QAA79431; Mon, 16 Oct 2000 16:44:18 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39EB935B.D8EE5E0D@ursine.com> Date: Mon, 16 Oct 2000 16:46:35 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Cc: Sam Wun Subject: Re: New encription algo AES References: <001601c037b6$189ea6c0$47010a0a@fire.sysadmininc.com> <39EB867A.E3A2430B@eSec.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sam Wun wrote: > > Does anyone know anything about AES? The latest CryptoGram newsletter has an update on AES, and links to additional AES information: http://www.counterpane.com/crypto-gram-0010.html#8 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 18:28:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from web106.yahoomail.com (web106.mail.yahoo.com [205.180.60.73]) by hub.freebsd.org (Postfix) with SMTP id 1D40F37B47A for ; Mon, 16 Oct 2000 18:28:09 -0700 (PDT) Received: (qmail 5215 invoked by uid 60001); 17 Oct 2000 01:28:08 -0000 Message-ID: <20001017012808.5214.qmail@web106.yahoomail.com> Received: from [209.247.40.201] by web106.yahoomail.com; Mon, 16 Oct 2000 18:28:08 PDT Date: Mon, 16 Oct 2000 18:28:08 -0700 (PDT) From: Guolin Cheng Subject: Re: Reserved ports too limited for amd (automount) on FreeBSD 4.1 To: Matt Heckaman , freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt Heckaman, Thanks. I changed using sysctl command after FreeBSD 4.1 reboot, the problem is: even the parameter is changed ( sysctl -w net.inet.ip.portrange.lowfirst=2023 ), the amd still using ports <1024, since the reserved ports already was in use from 1023! and now they will be used one by one sequentially!!! :(( Yours sincerely, Guolin Cheng --- Matt Heckaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Did you actually do the sysctl -w though? Just putting them in > sysctl.conf wont take effect until reboot, though I would suspect that one > could just 'sh /etc/rc.sysctl' without a problem.. > > I'm afraid I'm not really familiar with amd, nor messing with this stuff, > so I'm just throwing out a pseudo-educated guess here. :) > > Hope that helps some. > > On Mon, 16 Oct 2000, Guolin Cheng wrote: > > : Matt Heckaman, > : > : Thanks. But in fact, I already added the following lines into the file > : /etc/sysctl.conf: > : > : net.inet.ip.portrange.lowfirst=2023 > : net.inet.ip.portrange.first=2024 > : > : But net.inet.ip.portrange.lowfirst is still 1023!! although > : net.inet.ip.portrange.first was changed into 2024 (this is of no > : use..:(( ), so when I use amd, the sockets still use reserved > : ports.(you can use netstat -a command to show the TCP/UDP ports in > : use) and make my machine crazy and die. > : > : I want to know if we can find a configuration option to instruct amd > : NOT to use reserved ports by deafault.. Thanks. > : > : > : Yours sincerely, > : > : Guolin Cheng > > * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * > * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.3 (FreeBSD) > Comment: http://www.lucida.qc.ca/pgp > > iD8DBQE563n5dMMtMcA1U5ARAgaeAKCNU7vngVhfJT4dE7w35hAuY5C5iwCfQ9J0 > e5q1UO6VNSENiwL11uvdT7Q= > =9BnD > -----END PGP SIGNATURE----- > > ===== With Best Regards. Guolin Cheng Alexa Internet Company Presidio of San Francisco, San Francisco, CA 94129 (415)561-6900 ext. 6021 __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 18:50:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from theartofwar.org (dsl-63-225-41-219.tcsn.uswest.net [63.225.41.219]) by hub.freebsd.org (Postfix) with SMTP id 916C337B483 for ; Mon, 16 Oct 2000 18:50:44 -0700 (PDT) Received: (qmail 29114 invoked from network); 17 Oct 2000 01:50:38 -0000 Received: from unknown (HELO theartofwar.org) (10.0.0.5) by 10.0.0.3 with SMTP; 17 Oct 2000 01:50:38 -0000 Message-ID: <39EBB094.7E422D71@theartofwar.org> Date: Mon, 16 Oct 2000 18:51:16 -0700 From: Hartoyo X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Solaris support for shadow NIS Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry if this a wrong forum: From the Makefile from /var/yp directory, it is said that secure mode would not work for non FreeBSD clients. I am wondering if Solaris with NIS+ can read the NIS shadow password. If it possible, could somebody give me a pointer where should I look? I would really appreciate it. From the Makefile: ... but non-FreeBSD clients (e.g. SunOS, Solaris (without NIS+), IRIX, HP-UX, etc...) will only work properly in 'unsecure' mode. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 19:34:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id EEFBD37B4F9 for ; Mon, 16 Oct 2000 19:34:14 -0700 (PDT) Received: from slave (Studded@slave [10.0.0.1]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id TAA10022; Mon, 16 Oct 2000 19:34:09 -0700 (PDT) (envelope-from DougB@gorean.org) Date: Mon, 16 Oct 2000 19:34:08 -0700 (PDT) From: Doug Barton X-Sender: doug@dt051n37.san.rr.com To: Guolin Cheng Cc: Matt Heckaman , freebsd-security@freebsd.org Subject: Re: Reserved ports too limited for amd (automount) on FreeBSD 4.1 In-Reply-To: <20001017012808.5214.qmail@web106.yahoomail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 16 Oct 2000, Guolin Cheng wrote: > Matt Heckaman, > > Thanks. > > I changed using sysctl command after FreeBSD 4.1 reboot, the problem is: even > the parameter is changed ( sysctl -w net.inet.ip.portrange.lowfirst=2023 ), the > amd still using ports <1024, since the reserved ports already was in use from > 1023! and now they will be used one by one sequentially!!! :(( Your problem is that by definition the secure port range ends at 1023. You _may_ be able to get what you want by changing IPPORT_RESERVED in /usr/src/sys/netinet/in.h and rebuilding your world and kernel, but it'd be a hack of potentially dangerous proportions. Doug -- "The dead cannot be seduced." - Kai, "Lexx" Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 21:58:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 744A937B479 for ; Mon, 16 Oct 2000 21:58:21 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13lP0O-0000CI-00; Mon, 16 Oct 2000 23:09:40 -0600 Message-ID: <39EBDF14.F871BF80@softweyr.com> Date: Mon, 16 Oct 2000 23:09:40 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Michael Bryan Cc: freebsd-security@FreeBSD.ORG, Sam Wun Subject: Re: New encription algo AES References: <001601c037b6$189ea6c0$47010a0a@fire.sysadmininc.com> <39EB867A.E3A2430B@eSec.com.au> <39EB935B.D8EE5E0D@ursine.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Bryan wrote: > > Sam Wun wrote: > > > > Does anyone know anything about AES? > > The latest CryptoGram newsletter has an update on AES, and links > to additional AES information: > > http://www.counterpane.com/crypto-gram-0010.html#8 It's already implemented in NetBSD, IIRC. There was a Daily DaemonNews item about it a week ago or so. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 22: 5:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 7ABD137B4CF for ; Mon, 16 Oct 2000 22:05:55 -0700 (PDT) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id OAA21275; Tue, 17 Oct 2000 14:05:36 +0900 (JST) To: Wes Peters Cc: Michael Bryan , freebsd-security@FreeBSD.ORG, Sam Wun In-reply-to: wes's message of Mon, 16 Oct 2000 23:09:40 CST. <39EBDF14.F871BF80@softweyr.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: New encription algo AES From: itojun@iijlab.net Date: Tue, 17 Oct 2000 14:05:36 +0900 Message-ID: <21273.971759136@coconut.itojun.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> Sam Wun wrote: >> > >> > Does anyone know anything about AES? >> >> The latest CryptoGram newsletter has an update on AES, and links >> to additional AES information: >> >> http://www.counterpane.com/crypto-gram-0010.html#8 > >It's already implemented in NetBSD, IIRC. There was a Daily DaemonNews >item about it a week ago or so. kame code has AES support (with official protocol number), we are yet to update freebsd-current. (actually, i've tried to install freebsd 4.1.1 on my extra laptop more than 5 times for this, with no joy at all. not sure why.) itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 16 22:36:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id 2A20A37B4C5 for ; Mon, 16 Oct 2000 22:36:37 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id HAA06278; Tue, 17 Oct 2000 07:36:20 +0200 Date: Tue, 17 Oct 2000 07:36:20 +0200 (MET DST) From: Mipam To: Sam Wun Cc: freebsd-security@FreeBSD.ORG Subject: Re: New encription algo AES In-Reply-To: <39EB867A.E3A2430B@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Does anyone know anything about AES? There is a nice pdf paper about Rijndael: ftp://ftp.informatik.uni-trier.de/pub/Users-TCS+NA/recker/rijndael/Rijndael.pdf Its a mathematical paper about it, but the new aes is explained in there in detail. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 4:22:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id CE6D237B4E5 for ; Tue, 17 Oct 2000 04:22:40 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id LAA05354; Tue, 17 Oct 2000 11:21:38 GMT Message-ID: <39EC3642.FC627E96@algroup.co.uk> Date: Tue, 17 Oct 2000 12:21:38 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Rolf Edwards Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rolf Edwards wrote: > > I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box > running ipfw and natd. The web servers are running both web and SSL > connections. I was thinking of using squid and a dns hack to have it proxy > the connections. > > I can't seem to find out if I can also have it listen to the SSL port for > those connections. I am assuming that for generic web traffic, I can use > the accelerator to recieve multiple domain requests, and have a local dns > entry so that they are passed to a natd ip. How would I handle multiple > SSL, as a natd static port map would only allow for one SSL host unless SSL > is run on multiple ports, one for each machine. > > What should I do to handle this situation. The web server will have a > non-routeable ip, so acting as a gateway won't quite work. freeby$ cat /etc/natd.conf # redirect web to internal redirect_port tcp a.b.c.d:80 e.f.g.h:80 redirect_port tcp a.b.c.d:443 e.f.g.h:443 where a.b.c.d is your internal webserver address and e.f.g.h is the one you want the world to connect to. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 7:10:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from slash.ab.videon.ca (slash.ab.videon.ca [206.75.216.210]) by hub.freebsd.org (Postfix) with ESMTP id 74F5A37B4CF for ; Tue, 17 Oct 2000 07:10:09 -0700 (PDT) Received: from rolf-e-laptop.meccamediagroup.com (firewall.meccamediagroup.com [24.108.76.66]) by slash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id IAA04116; Tue, 17 Oct 2000 08:09:36 -0600 (MDT) Message-Id: <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1> X-Sender: redwards/firewall.meccamediagroup.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 17 Oct 2000 08:09:41 -0600 To: Adam Laurie From: Rolf Edwards Subject: Re: Multiple Web/SSL behind firewall Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39EC3642.FC627E96@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:21 AM 10/17/2000, Adam Laurie wrote: >Rolf Edwards wrote: > > > > I am attempting to put multiple web servers behind a FreeBSD 4.1.1 box > > running ipfw and natd. The web servers are running both web and SSL > > connections. I was thinking of using squid and a dns hack to have it proxy > > the connections. > > > > I can't seem to find out if I can also have it listen to the SSL port for > > those connections. I am assuming that for generic web traffic, I can use > > the accelerator to recieve multiple domain requests, and have a local dns > > entry so that they are passed to a natd ip. How would I handle multiple > > SSL, as a natd static port map would only allow for one SSL host unless SSL > > is run on multiple ports, one for each machine. > > > > What should I do to handle this situation. The web server will have a > > non-routeable ip, so acting as a gateway won't quite work. > >freeby$ cat /etc/natd.conf ># redirect web to internal >redirect_port tcp a.b.c.d:80 e.f.g.h:80 >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > >where a.b.c.d is your internal webserver address and e.f.g.h is the one >you want the world to connect to. The problem is that there are multiple web servers so that will not work, as it assumes that there is only one. Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 7:30:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id EA26637B4C5 for ; Tue, 17 Oct 2000 07:30:42 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id OAA05650; Tue, 17 Oct 2000 14:29:11 GMT Message-ID: <39EC6236.419081FC@algroup.co.uk> Date: Tue, 17 Oct 2000 15:29:10 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Rolf Edwards Cc: freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rolf Edwards wrote: > > > > > > What should I do to handle this situation. The web server will have a > > > non-routeable ip, so acting as a gateway won't quite work. > > > >freeby$ cat /etc/natd.conf > ># redirect web to internal > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > >where a.b.c.d is your internal webserver address and e.f.g.h is the one > >you want the world to connect to. > > The problem is that there are multiple web servers so that will not work, > as it assumes that there is only one. You could have multiple IP aliases on your outside net. Alternatively, if you want them to come in on a single address, you could point them at a single back end server that then does the round-robin/load-balanced/whatever forwarding. mod_backhand is quite cool for this kind of stuff. (http://www.backhand.org/) cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 8:44:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from laguna.tiscalinet.it (laguna.tiscalinet.it [195.130.224.86]) by hub.freebsd.org (Postfix) with ESMTP id D060537B479 for ; Tue, 17 Oct 2000 08:44:29 -0700 (PDT) Received: from kryo (62.11.120.52) by laguna.tiscalinet.it; 17 Oct 2000 17:43:43 +0200 Message-ID: <003501c03788$18719230$2f29a8c0@kryo> From: "Daniele Mancini" To: Subject: Date: Mon, 16 Oct 2000 17:45:20 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0032_01C03798.DA37A390" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0032_01C03798.DA37A390 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable unsubscribe freebsd-security ------=_NextPart_000_0032_01C03798.DA37A390 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
unsubscribe=20 freebsd-security
------=_NextPart_000_0032_01C03798.DA37A390-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 9:34:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from slash.ab.videon.ca (slash.ab.videon.ca [206.75.216.210]) by hub.freebsd.org (Postfix) with ESMTP id 60F8E37B4E5 for ; Tue, 17 Oct 2000 09:34:32 -0700 (PDT) Received: from rolf-e-laptop.meccamediagroup.com (firewall.meccamediagroup.com [24.108.76.66]) by slash.ab.videon.ca (8.9.2/8.9.2) with ESMTP id KAA18835; Tue, 17 Oct 2000 10:33:58 -0600 (MDT) Message-Id: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1> X-Sender: redwards/firewall.meccamediagroup.com@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 17 Oct 2000 10:34:03 -0600 To: Adam Laurie From: Rolf Edwards Subject: Re: Multiple Web/SSL behind firewall Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39EC6236.419081FC@algroup.co.uk> References: <5.0.0.25.2.20001016165911.00aa83e0@127.0.0.1> <5.0.0.25.2.20001017080850.00ac9510@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:29 AM 10/17/2000, Adam Laurie wrote: >Rolf Edwards wrote: > > > > > > > > > What should I do to handle this situation. The web server will have a > > > > non-routeable ip, so acting as a gateway won't quite work. > > > > > >freeby$ cat /etc/natd.conf > > ># redirect web to internal > > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > > > >where a.b.c.d is your internal webserver address and e.f.g.h is the one > > >you want the world to connect to. > > > > The problem is that there are multiple web servers so that will not work, > > as it assumes that there is only one. > >You could have multiple IP aliases on your outside net. Alternatively, >if you want them to come in on a single address, you could point them at >a single back end server that then does the >round-robin/load-balanced/whatever forwarding. mod_backhand is quite >cool for this kind of stuff. (http://www.backhand.org/) Reviewing the backhand site, it looks as though it isn't a great fit. Do you think I can redirect the SSL port to the web port and use squid to redirect? I think squid will do the web requestes ok, but can SSL be redirected like that? or will the IP changes cause conflicts? Rolf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 9:49:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 2832437B4D7 for ; Tue, 17 Oct 2000 09:49:21 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1743 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 17 Oct 2000 11:46:08 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 17 Oct 2000 11:46:05 -0500 (CDT) From: James Wyatt To: Rolf Edwards Cc: Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall In-Reply-To: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 17 Oct 2000, Rolf Edwards wrote: > At 08:29 AM 10/17/2000, Adam Laurie wrote: > >Rolf Edwards wrote: [ ... ] > > > The problem is that there are multiple web servers so that will not work, > > > as it assumes that there is only one. > >You could have multiple IP aliases on your outside net. Alternatively, > >if you want them to come in on a single address, you could point them at > >a single back end server that then does the > >round-robin/load-balanced/whatever forwarding. mod_backhand is quite > >cool for this kind of stuff. (http://www.backhand.org/) > Reviewing the backhand site, it looks as though it isn't a great fit. Do > you think I can redirect the SSL port to the web port and use squid to > redirect? I think squid will do the web requestes ok, but can SSL be > redirected like that? or will the IP changes cause conflicts? IIUC, this will invalidate the IP addresses you get on the web servers as they will be coming from squid. IP restrictions to parts of the site will have to be done via squid ACLs, rather than .htaccess or server configs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 9:50:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 480BB37B4D7 for ; Tue, 17 Oct 2000 09:50:10 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id MAA59257; Tue, 17 Oct 2000 12:50:49 -0400 (EDT) (envelope-from rjh@mohawk.net) Date: Tue, 17 Oct 2000 12:50:49 -0400 (EDT) From: Ralph Huntington To: Rolf Edwards Cc: Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall In-Reply-To: <5.0.0.25.2.20001017101924.00ab9808@127.0.0.1> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > > > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > > > > The problem is that there are multiple web servers so that will not work, > > > >You could have multiple IP aliases on your outside net. Alternatively, > >a single back end server that then does the > >round-robin/load-balanced/whatever forwarding. (http://www.backhand.org/) > > Reviewing the backhand site, it looks as though it isn't a great fit. You could still run a single back-end server that distributes the hits. You could use mod_rewrite for that. It could handle port 80 and 443 also, redirecting (rewriting) as you please based on the URL requested. This could be name based as well if you run bind for it all inside. -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 9:59: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from bongo.rbc.ru (bongo.rbc.ru [195.218.138.120]) by hub.freebsd.org (Postfix) with ESMTP id D0CB637B4CF for ; Tue, 17 Oct 2000 09:59:01 -0700 (PDT) Received: from bingo.rbc.ru (bingo.rbc.ru [195.218.138.28]) by bongo.rbc.ru (Postfix) with ESMTP id 9053D14FB6 for ; Tue, 17 Oct 2000 20:58:55 +0400 (MSD) Received: from igor ([195.218.167.26]) by bingo.rbc.ru (8.9.3/8.9.3) with SMTP id UAA40998 for ; Tue, 17 Oct 2000 20:58:55 +0400 (MSD) (envelope-from igorp@mail.rbc.ru) Message-ID: <001c01c0385b$b03c11c0$1aa7dac3@glashka.krovatka.ru> From: "Igor" To: Subject: trusted certificates Date: Tue, 17 Oct 2000 21:00:01 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01C0387D.370EFB10" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Disposition-Notification-To: "Igor" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0019_01C0387D.370EFB10 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable # openssl verify mycert.pem error 20 at 0 depth lookup:unable to get local issuer certificate how i can set trusted certificates ? and what I should make, that all = aplications using openssl saw this settings ? ------=_NextPart_000_0019_01C0387D.370EFB10 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
# openssl verify = mycert.pem
 
error 20 at 0 depth lookup:unable to = get local=20 issuer certificate
 
how i can set trusted certificates ? = and what =20 I should make, that all aplications using openssl saw this settings=20 ?
------=_NextPart_000_0019_01C0387D.370EFB10-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 10:32: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.kyx.net (cr95838-b.crdva1.bc.wave.home.com [24.113.50.147]) by hub.freebsd.org (Postfix) with ESMTP id D909D37B4D7 for ; Tue, 17 Oct 2000 10:31:55 -0700 (PDT) Received: from smp.kyx.net (unknown [10.22.22.45]) by mail.kyx.net (Postfix) with SMTP id 6ADF41DC03; Tue, 17 Oct 2000 10:32:57 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: Mipam , Sam Wun Subject: Re: New encription algo AES Date: Tue, 17 Oct 2000 10:24:25 -0700 X-Mailer: KYX-CP/M [version core00-mail-92] Content-Type: text/plain Cc: freebsd-security@FreeBSD.ORG References: In-Reply-To: MIME-Version: 1.0 Message-Id: <0010171032181C.46274@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 16 Oct 2000, Mipam wrote: > > Does anyone know anything about AES? > > There is a nice pdf paper about Rijndael: > > ftp://ftp.informatik.uni-trier.de/pub/Users-TCS+NA/recker/rijndael/Rijndael.pdf > > Its a mathematical paper about it, but the new aes is explained in there > in detail. url: http://csrc.nist.gov/encryption/aes/round2/aesfact.html One of the most informative sites on this IMHO is the NIST site itself where you'll find the code to this new standard in Java and Standard and Optimized C, the Algorithm description and the final comparison report. I'm still not quite sure what to make of this new algorithm. I'm sure it'll have least "pretty good" security. :-) My bottom line after skimming the reports... I know that it has been criticized for complexity and that it sucks cpu the worst out of all the candidates (except when we start going to newfangled 64 bit processors), but my advanced encryption standard still remains twofish. :-) But the momentuum behind AES will no doubt mean that we'll have to implement Rinjandel all over too. cheers, --dr :-) -- Dragos Ruiu dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 10:32:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from obelix.rby.hk-r.se (obelix-140.rby.hk-r.se [194.47.140.4]) by hub.freebsd.org (Postfix) with ESMTP id AE9BB37B4F9 for ; Tue, 17 Oct 2000 10:32:26 -0700 (PDT) Received: from orc.rby.hk-r.se (orc [194.47.134.179]) by obelix.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e9HHWlK22339 for ; Tue, 17 Oct 2000 19:32:47 +0200 (MEST) Received: from localhost (t98pth@localhost) by orc.rby.hk-r.se (8.10.2/8.10.2) with ESMTP id e9HHWNv03341 for ; Tue, 17 Oct 2000 19:32:23 +0200 (MET DST) Date: Tue, 17 Oct 2000 19:32:23 +0200 (MET DST) From: =?ISO-8859-1?Q?P=E4r_Thoren?= To: freebsd-security@freebsd.org Subject: Virus scanner for mailserver Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! When having a fbsd box as a pop and imap server, is there any virusscansoftware available for scanning attachment for viruses? Preferably free software. But if you can recommend any at all I would appreciate it. /P=E4r To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 10:37:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id 1C63837B4E5 for ; Tue, 17 Oct 2000 10:37:37 -0700 (PDT) Received: from localhost (jus@localhost) by athena.za.net (8.9.3/8.9.3) with ESMTP id RAA07731; Tue, 17 Oct 2000 17:38:44 GMT (envelope-from jus@security.za.net) X-Authentication-Warning: athena.za.net: jus owned process doing -bs Date: Tue, 17 Oct 2000 19:38:44 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: =?ISO-8859-1?Q?P=E4r_Thoren?= Cc: freebsd-security@freebsd.org Subject: Re: Virus scanner for mailserver In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Check out www.inflex.co.za. -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Tue, 17 Oct 2000, [ISO-8859-1] P=E4r Thoren wrote: >=20 > Hi! >=20 > When having a fbsd box as a pop and imap server, is there any > virusscansoftware available for scanning attachment for viruses? >=20 > Preferably free software. But if you can recommend any at all I would > appreciate it. >=20 > /P=E4r >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 10:56:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 83E4437B4CF for ; Tue, 17 Oct 2000 10:56:08 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 37C6E6A903 for ; Tue, 17 Oct 2000 19:56:07 +0200 (CEST) Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP (SMTPD32-6.04) id A40216710058; Tue, 17 Oct 2000 20:01:38 +0200 Message-Id: <5.0.0.25.0.20001017195353.06212600@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 17 Oct 2000 19:55:58 +0200 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: Virus scanner for mailserver In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >When having a fbsd box as a pop and imap server, is there any >virusscansoftware available for scanning attachment for viruses? > >Preferably free software. But if you can recommend any at all I would >appreciate it. www.KasperskyLab.com has a FreeBSD server AV scanner for $99. It has been made to work with FreeBSD and postfix and amavis-PERL7. If you have a mid to heavy traffic laod, I recommend a dedicated SMTP AV box, with plenty of MHz and RAM. Len http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4 http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 11:16:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 5161A37B6C4 for ; Tue, 17 Oct 2000 11:16:15 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13lbHX-0005ry-00; Tue, 17 Oct 2000 20:16:11 +0200 Date: Tue, 17 Oct 2000 20:16:11 +0200 (IST) From: Roman Shterenzon To: =?ISO-8859-1?Q?P=E4r_Thoren?= Cc: freebsd-security@freebsd.org Subject: Re: Virus scanner for mailserver In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=koi8-r Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 17 Oct 2000, [ISO-8859-1] P=E4r Thoren wrote: >=20 > Hi! >=20 > When having a fbsd box as a pop and imap server, is there any > virusscansoftware available for scanning attachment for viruses? >=20 > Preferably free software. But if you can recommend any at all I would > appreciate it. You can try AMaViS (http://www.amavis.org) with McAfee: /usr/ports/security/vscan --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 11:51:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from web110.yahoomail.com (web110.mail.yahoo.com [205.180.60.80]) by hub.freebsd.org (Postfix) with SMTP id 2DCF937B4E5 for ; Tue, 17 Oct 2000 11:51:40 -0700 (PDT) Received: (qmail 262 invoked by uid 60001); 17 Oct 2000 18:51:35 -0000 Message-ID: <20001017185135.261.qmail@web110.yahoomail.com> Received: from [209.247.40.201] by web110.yahoomail.com; Tue, 17 Oct 2000 11:51:35 PDT Date: Tue, 17 Oct 2000 11:51:35 -0700 (PDT) From: Guolin Cheng Subject: Reserved ports too limited for amd (automount) on FreeBSD 4.1 - bug created by security fix by Erez Zadok (1999-08-22 ) To: ezk@shekel.mcl.cs.columbia.edu, jch@BSDI.COM, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, all, I find a really troublesome problem with amd... Could you give some help on it? Problem Summary: amd(automount) problem on FreeBSD4.1 machine, due to limited Reserved ports (600-1023). an amd compiling (hidden?) switch/option is needed to diable using reserved ports by default, or we can set some configuration files to instruct amd not to use reserved ports? or we can have a patch file to correct this problem? Methods listed as the following were already taken and proved useless. 1) change kernel parameters (/etc/sysctl.conf, and/or sysctl -w command) to expand the range of reserved ports, but it lead to problems of rsh, rexec, rlogin,... which accepts connections from ports in range [512,1023]. 2) change IPPORT_RESERVED in /usr/src/sys/netinet/in.h and recompile the amd function, but now the new kernel can not run amd at all. I have to use old kernel. The following is some parts from file /usr/src/contrib/ChangeLog.. I really don't know why we ask amd function to use reserved ports by default?? ---------------------------------------------------------------- 1999-08-22 Erez Zadok * libamu/wire.c (getwire_lookup): correctly compute subnet using netmask. * libamu/mount_fs.c (compute_automounter_nfs_args): require that Amd's own NFS mounts use reserved ports (if possible). IP packet security fix from Jeffrey C Honig . * conf/transp/transp_tli.c (create_autofs_service): use correct autofs_port. IP packet security fix from Jeffrey C Honig . * conf/transp/transp_sockets.c (bindnfs_port): remove unnecessary function. IP packet security fix from Jeffrey C Honig . (create_nfs_service): use bind_resv_port() directly. ensure that privileged ports are used. IP packet security fix from Jeffrey C Honig . * amd/nfs_prot_svc.c (nfs_program_2): verify that requests come from reserved ports and from a local IP address. IP packet security fix from Jeffrey C Honig . * amd/amq_subr.c (ok_security): use IPPORT_RESERVED, instead of hard-coded 1024. IP packet security fix from Jeffrey C Honig . (amqproc_mount_1_svc): provide information on the caller making an amq -M request. IP packet security fix from Jeffrey C Honig . * amd/map.c (free_map_if_success): If the program doing an unmount of a program filesystem fails, amd tries to interpret the return code as an errno. Fix from Jeffrey C Honig . ------------------------------------------------------------------------------------- Any one can give us a help on how to revert to an old compatible version of amd, or how to correctly change the .c/.h files under amd directory? Yours sincerely, Guolin Cheng Guolin Cheng wrote in message news:<20001017162441.7770.qmail@web110.yahoomail.com>... > Doug Barton, > > Thanks. > > I already did the step, changed the IPPORT_RESERVED parameter in > /usr/src/sys/netinet/in.h and recompiled it, but the problem is: it aborted > when compiling! I have to use a old kernel. > > I want to know if there is a switch/option that we can set so that amd will > not use reserved ports by default, or if there are other versions of amd that > doesn't use reserved ports by default. Thanks. > > Your know, if we change the range of reserved ports, the R-commands (rsh, > rlogin, rexec..) will run into trouble, because R-daemons can only accept > connection requests using ports between 512 and 1023!!! too terrible! > > Yours sincerely, > > Guolin Cheng > > > --- Doug Barton wrote: > > On Mon, 16 Oct 2000, Guolin Cheng wrote: > > > > > Matt Heckaman, > > > > > > Thanks. > > > > > > I changed using sysctl command after FreeBSD 4.1 reboot, the problem is: > > even > > > the parameter is changed ( sysctl -w net.inet.ip.portrange.lowfirst=2023 ), > > the > > > amd still using ports <1024, since the reserved ports already was in use > > from > > > 1023! and now they will be used one by one sequentially!!! :(( > > > > Your problem is that by definition the secure port range ends at > > 1023. You _may_ be able to get what you want by changing IPPORT_RESERVED > > in /usr/src/sys/netinet/in.h and rebuilding your world and kernel, but > > it'd be a hack of potentially dangerous proportions. > > > > Doug > > -- > > "The dead cannot be seduced." > > - Kai, "Lexx" > > > > Do YOU Yahoo!? > > > > > > > ===== > With Best Regards. > > Guolin Cheng > Alexa Internet Company > Presidio of San Francisco, > San Francisco, CA 94129 > (415)561-6900 ext. 6021 > > __________________________________________________ > Do You Yahoo!? > Yahoo! Messenger - Talk while you surf! It's FREE. > http://im.yahoo.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > ===== With Best Regards. Guolin Cheng Alexa Internet Company Presidio of San Francisco, San Francisco, CA 94129 (415)561-6900 ext. 6021 __________________________________________________ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 13:30: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from alpo.whistle.com (s206m1.whistle.com [207.76.206.1]) by hub.freebsd.org (Postfix) with ESMTP id D7C5237B479 for ; Tue, 17 Oct 2000 13:30:02 -0700 (PDT) Received: from whistle.com (aspen.whistle.com [207.76.205.71]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id NAA34458 for ; Tue, 17 Oct 2000 13:25:30 -0700 (PDT) Message-ID: <39ECB5BA.90C0E3D1@whistle.com> Date: Tue, 17 Oct 2000 13:25:30 -0700 From: Erik Salander X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.1.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: IPSec MIBs? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I see there are alot of IPSec/IKE MIBs in the draft state at: http://www.ietf.org/ids.by.wg/ipsec.html. Is there any work going on in Kame or Racoon to accomodate these? I think there's problem report outstanding on kame.net regarding ucd-snmp, but it's IPV6 (not IPSec) related. I'll ask ucd-snmp too, see if there are any agent extensions in the works... Thanks. Erik To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 17 14:58: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 5602137B4C5 for ; Tue, 17 Oct 2000 14:57:57 -0700 (PDT) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id GAA00986; Wed, 18 Oct 2000 06:57:48 +0900 (JST) To: Erik Salander Cc: freebsd-security@freebsd.org In-reply-to: erik's message of Tue, 17 Oct 2000 13:25:30 MST. <39ECB5BA.90C0E3D1@whistle.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: IPSec MIBs? From: itojun@iijlab.net Date: Wed, 18 Oct 2000 06:57:48 +0900 Message-ID: <984.971819868@coconut.itojun.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I see there are alot of IPSec/IKE MIBs in the draft state >at: http://www.ietf.org/ids.by.wg/ipsec.html. Is there any work going >on in Kame or Racoon to accomodate these? I think there's problem >report outstanding on kame.net regarding ucd-snmp, but it's IPV6 (not >IPSec) related. I'll ask ucd-snmp too, see if there are any agent >extensions in the works... Thanks. i think there's noone working on it. i believed that IPsec/IKE MIB are still ongoing document (subject to big change). also last time i looked into, it imposes certain implementation model behind it. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 18 4: 0: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 259B637B4CF for ; Wed, 18 Oct 2000 04:00:01 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id KAA07352; Wed, 18 Oct 2000 10:58:42 GMT Message-ID: <39ED8261.F07C784@algroup.co.uk> Date: Wed, 18 Oct 2000 11:58:41 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Ralph Huntington Cc: Rolf Edwards , freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ralph Huntington wrote: > > > > > >redirect_port tcp a.b.c.d:80 e.f.g.h:80 > > > > >redirect_port tcp a.b.c.d:443 e.f.g.h:443 > > > > > > > > The problem is that there are multiple web servers so that will not work, > > > > > >You could have multiple IP aliases on your outside net. Alternatively, > > >a single back end server that then does the > > >round-robin/load-balanced/whatever forwarding. (http://www.backhand.org/) > > > > Reviewing the backhand site, it looks as though it isn't a great fit. Hmmm... Not sure about the current situation with SSL, but I know that Ben is interested in make apache-ssl work with mod_backhand so if you wanted to go this way it would worth having a chat. > > You could still run a single back-end server that distributes the hits. > You could use mod_rewrite for that. It could handle port 80 and 443 also, > redirecting (rewriting) as you please based on the URL requested. This > could be name based as well if you run bind for it all inside. -=r=- Indeed. Or mod_proxy. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 18 4:14: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 1E59037B4D7 for ; Wed, 18 Oct 2000 04:13:59 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id HAA77163; Wed, 18 Oct 2000 07:16:11 -0400 (EDT) (envelope-from rjh@mohawk.net) Date: Wed, 18 Oct 2000 07:16:11 -0400 (EDT) From: Ralph Huntington To: Adam Laurie Cc: Rolf Edwards , freebsd-security@FreeBSD.ORG Subject: Re: Multiple Web/SSL behind firewall In-Reply-To: <39ED8261.F07C784@algroup.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hmmm... Not sure about the current situation with SSL, but I know that > Ben is interested in make apache-ssl work with mod_backhand so if you > wanted to go this way it would worth having a chat. I'm not familiar with mod_backhand, but I do run a load-balancing, hit distributing apache machine that feeds a cluster and takes both port 80 and port 443 hits. SSL works fine. > > You could still run a single back-end server that distributes the hits. > > You could use mod_rewrite for that. > > Indeed. Or mod_proxy. Actually *and* mod_proxy for reverse proxy. Thanks for reminding me! -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 18 5: 2:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.decros.cz (ns.decros.cz [193.85.26.2]) by hub.freebsd.org (Postfix) with ESMTP id 6665737B4E5 for ; Wed, 18 Oct 2000 05:02:20 -0700 (PDT) Received: from dcrfs.decros.cz (exchange [10.1.1.3]) by ns.decros.cz (8.9.3/8.9.3) with ESMTP id OAA57546; Wed, 18 Oct 2000 14:02:11 +0200 (CEST) (envelope-from p.rehor@decros.cz) Received: by dcrfs.decros.cz with Internet Mail Service (5.5.2650.21) id ; Wed, 18 Oct 2000 14:02:11 +0200 Message-ID: <9E85DC6CA1D5D311BB460006293960FE0BB116@dcrfs.decros.cz> From: Rehor Petr To: "'Par Thoren'" Cc: freebsd-security@FreeBSD.ORG Subject: RE: Virus scanner for mailserver Date: Wed, 18 Oct 2000 14:02:10 +0200 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > When having a fbsd box as a pop and imap server, is there any > virusscansoftware available for scanning attachment for viruses? > > Preferably free software. But if you can recommend any at all I > would appreciate it. Try http:.//www.decros.cz/~reho/check_virus - this is patch for sendmail and may use any antivirus. I prefer AVP for FreeBSD, becose it is low cost, run as daemon (load virus database only when start) and Kaspersky Lab release virus updates every day. Petr --------------------------------------------------------------------- DECROS s.r.o. J.S.Baara 40, Ceske Budejovice, Czech Republic Tel: +420-38-7312808 Fax: +420-38-7311480 http://www.decros.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 18 8:58:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from hip4.hip-web.com (hip4.hip-web.com [216.173.203.178]) by hub.freebsd.org (Postfix) with SMTP id AC2F437B479 for ; Wed, 18 Oct 2000 08:58:37 -0700 (PDT) Received: (qmail 18554 invoked from network); 18 Oct 2000 15:58:28 -0000 Received: from tokyo224.yyy.or.jp (HELO oemcomputer) (210.174.136.114) by hip4.hip-web.com with SMTP; 18 Oct 2000 15:58:28 -0000 To: FreeBSD-security@FreeBSD.org From: =?ISO-2022-JP?B?GyRCRnxLXCNQI1IlYSE8JWs+cEpzGyhC?= Date: Thu, 19 Oct 2000 00:47:04 +0900 Subject: =?ISO-2022-JP?B?GyRCRmI/JiQrJGlCPzxvJE4lUyU4JU0lOT5SMnAkSCEiTHIkS04pJEQ+cEpzJCxLfjpcISobKEI=?= X-Mailer: IM2000 Version 1.01 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=iso-2022-jp Message-Id: <1019100004704.4832@oemcomputer> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ************************************************************** $BFb?&!&I{6H!&%5%$%I%S%8%M%9!&4uK>R2p$H!"Lr$KN)$D(B $B>pJs$,K~:\!*(B ************************************************************** $B#2#0#0#0(B 10$B7n9f!!#A(B $B!!!!!!!!!!!!!!!!!!(B $B!!(B $BF|K\#P#R%a!<%k>pJs(B $B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(B http://www.pr-mail.net ************************************************************** $B!!!!!!!!!!!!!!!!!!!!!!!!!!FMA3$N%a!<%k$K$F<:NiCW$7$^$9!)!#(B $B!!$3$NEY!";d$I$b$G$O!V%a!<%k@lMQ$N#P#R!J@kEA!KIt!*!W$r3+@_CW$7$^$7$?!#(B $B$3$l$O!"F|>o@83h$N>e$G$N?7J9$N@^9~9-9p$NMM$J$b$N$H8fM}2r$rD:$1$l$P9,$$(B $B$G$9!#3F0L!"3'MM$N!V%[!<%`%Z!<%8!W$N>R2p$rCf?4$K3hF0$r$7$F9T$-$^$9!#H/Aw$O(B $B=5#22s$rM=Dj$7$F$*$j$^$9!##12s$N%[!<%`%Z!<%8>R2p$O#2#0%?%$%H%k0JFb$H$7!"#5#0K|(B $BIt$+$i#1#0#0K|It$NH/Aw$G$9!#:#2s!"$"$J$?MM$K=i$a$F!"$3$N!VF|K\#P#R%a!<%k>pJs!W(B $B$r@'Hs0lEY!"$4MwD:$-$?$/H/Aw$5$;$FD:$-$^$7$?!#$,!":#8e!"$3$NMM$J!VF|K\#P#R%a(B $B!<%k>pJs!W$rI,MW$H$7$FD:$1L5$$>l9g$K$O!"2<5-$NEv$A$KH/Aw$rDd;_$5$;$FD:$-$^$9$N$G!":#2s$N(B $B!"$3$NH/Aw$O8f5v$7$FD:$-$?$/59$7$/8f4j$$CW$7$^$9!#(B $B!!!!!!!!!!Eve(B $BI{6H!&%5%$%I%S%8%M%9$K8B$k!*(B $BCK=w!"G/Na!"3XNr!";q3J!"Ey!"ITLd!&9qFb#4#7ETF;I\8)$G3hF0=PMh$^$9(B $B!!!!!!!!!!!!!!!!!!!v!&;q6b!"EEOC1D6H!"Ey!"0l@ZL5MQ!&!v(B $B$3$N&IJ$r!"$"$J$?$N?H6a$JJ}!P8f2HB2!&7;Do!&M'?M!&CN?M!&(B $B8=:_$N8f5RMM!&Ey!Q$,I,MW$H$5$l$?;~!"8f>R2p!P7@Ls$N@.N)$r!Q$7$FD:(B $B$-$?$$$N$G$9!#!!!!(B $B!&=;=j!&G/Na!&O"Mm@hEEOCHV9f!&8=:_$N?&6H!&4{:'&IJ>R2p!"5Z$S!"HNGd$rL\E*(B $B$H$5$l$k!"@=B$85!"HNGd85$N8f;22C$b>5$j$^$9!#(B *************************************************************** $B!TBhFsJg=8!U(B $B8f<+Bp$G=PMh$kFb?&!!!!!!!!!!!!!!!!!!!!!!:GDc7n<}!o#5#0!$#0#0#0!]J]>Z(B $BMN:[$,=PMh$k=w@-!P7?;f$,$*$3$;$kJ}!Q!P#1E@J*$N:n@=!Q%N%k%^L5$7$G(B $B%^%$%Z!<%9$G;E;v$,=PMh$^$9!#(B $B!!!!!!!!!!!!;E;v$,L5$$;~$O!">e5-$N6b3[$rJ]>ZCW$7$^$9!*!#(B $B9)DB!E@$KIU$-!o#3!$#0#0#0!]0J>e(B $BEl5~#2#36hFb!&L>8E20;TFb!&Bg:e;TFb!&:_=;$NJ}$K8B$j$^$9!#(B $BLd9g$o$;$O!&!&!&!&!&!&!&!&(Binfo@project-agent.ne.jp *************************************************************** $B!TBh;0Jg=8!U(B $B:_Bp;vL3!&%Q%=%3%s$,=PMh$k=w@-!!!!!!:GDc7n<}!&!o#1#0#0!$#0#0#0!]J]>Z(B $BEl5~#2#36hFb$K:_=;$N=w@-$G!"#1F|!"e2DG=$JJ}(B $B86B'$H$7$F!"EZMK(B $B!&F|MK(B $B!&:WF|!&Dj5Y$G$9$,!"G=N(Jb9g$,$"$j$^$9$N$G(B $BK\?MZ(B $BEl5~#2#36h!!!&(B $BEl5~4s$j@iMU8)!"!!:_=;$N>/$7!"!!$/$@$1$?#4#0:P$N=w@-(B $BK?$KIU$-Jb9g5k$,!"%W%i%9(B $B$5$l$^$9!#(B $B!!!!!!!!(B $B%F%l%/%i!&%G!<%H%/%i%V!"$G$O$"$j$^$;$s!#(B $B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!EEOC$G$N6HL3;~4V$O(B $B!!#1#0;~$+$i#1#2;~!&!#4;~$+$i#1#6;~!&!F|#4;~4V$G$9!#(B $B!!!!!!!!!!!!!!!!!!!!!!EZMK!&F|MK!&:WF|!&Dj5Y(B $BLd9g$o$;$O!&!&!&!&!&!&!&!&(Binfo@project-agent.ne.jp *************************************************************** $B!TBh8^Jg=8!U(B $B%9%]%s%5!.;qK\$N%S%8%M%9$KBP$9$k%9%]%s%5!@\!"7P1DpJs!W$O!"3'MM$N%[!<%`%Z!<%8$NFbMF$r!"=PMh$k8B$j$NB?$/$N(B $BJ}!9$K>R2p$9$k;v$rL\E*$H$7$FH/B-$5$;$FD:$-$^$7$?!#$D$-$^$7$F$O!"$3$N!VF|K\#P(B $B#R%a!<%k>pJs!W$K8fM}2r$rD:$1$k3'MM$KBP$7$^$7$F8f6(NO$N8f4j$$$r$7$?$$;v$,$"(B $B$j$^$9!#$=$l$O!"3'MM$N8fCN$j9g$$$NJ}$d!"8fM'?M!"8f?HFb$NJ}$N%"%I%l%9HV9f$r!"(B $BEv/$7$G$bB?$/$NJ}$K!"$3(B $B$N(B $B!VF|K\#P#R%a!<%k>pJs!W(B $B$rDL$8$F!"?'!9$J%[!<%`%Z!<%8$N>R2p$,2DG=$K$J$k;v$H(B $B9M$($F$*$j$^$9!#EvpJs!*(B $B!W$NAw?.$r5qH]$5$l$kJ}$b!"$*$_$($K$J$k;v$+$i!">o;~!"?7$7$$!)%a!<%k%"%I%l%9HV(B $B9f$rI,MW$H$7$F$*$j$^$9!#2?B4!"8f6(NO$NDx!"8fM}2r!"8f4j$$CW$7$^$9!#(B $BKt!"$3$N!VF|K\#P#R%a!<%k>pJs!W$G$O!"7G:\$5$l$F$$$k3F0L%[!<%`%Z!<%8$N&IJ$K$D$-$^$7$F$O!"EvR2p$rCW$7$^$9!#(B*************************************************************** $B!Z%S%8%M%9Be9T![(B $B>&IJ@bL@!&8f8+@Q$j!&0z$-!"Fq$J$j$H!)(B $B!!(B $B5.6H0w$K!JI,MW$J;~$@$1!KL\E*$NCO0h=;L1$,Be9T!JJQ?H!*!K$7$^$9!#(B $B!!!!8=:_$G$O!"4XElCO6h!&6a5&CO6h!"$rCf?4$K3hF0$7$F$*$j$^$9!#CO0h3HBgCf!*(B $B!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!T7Z%S%8%M%9Be9T%7%9%F%`$B$r8!F$$7$F$_$F2<$5$$!##3%v7n0JFb$K!"2q0wMM$N="?&(B $B!!@h$r8f@$OC$5$;$FD:$/$h$&$K!"EXNO$7$F$$$k(B<$B2q(B>$B$G$9!#(B $B!!!!!!!!!!!!!!!!!!!!;d@_%5!<%/%k!!!T="?&$7$g$&2q!U!!$H8@$$$^$9!#(B $B!!!!%[!<%`%Z!<%8$K%j%s%/$9$k!#!&!&!&!&!&!&!&!&(Bhttp://www.work-mutual-search.ne.jp *************************************************************** $B!ZCK=w4V$G$N:$$j;v![A49q5,LO(B $BN%:'LdBj$rCf?4$K!"Fb1o4X78$b4^$a$F!"CK=w4V$G$N%H%i%V%k$r@lLg$K!"BP=h=hM}(B $B!!$r>5$C$F$*$j$^$9!#!VJL$l$?$$!*!W!!!&!!!VJL$l$?$/$J$$!)!W!!!&!!!VJL$l$F$[$7$$!WEy(B $B!!$=$l$K$^$D$o$k6bIJDB49(B $B!&Ey!"$3$l$+$i2?$+;O$a$h$&!*!#$H(B $B8f9M$($NJ}!#!!0lEY!"EvJ}$r;n$7$F$_$F2<$5$$!#!!C&%5%i!"FHN)!"5/6H$H8@$&KA81(B $B!!$O!"BeM}E9$d%U%i%s%A%c%$%:$K;22C$9$k;v$P$+$j$G$O$"$j$^$;$s!#!!5.J}<+?H$,(B $B!!;YIt$dBeM}E9$NJg=8$r$9$k$h$&$J;v6H$r;O$a$F$_$^$;$s$+!)!#;qK\$N3[$G$O$"(B $B!!$j$^$;$s!#B?$1$l$PI,$:LY$+$k!)!#$=$s$J%S%8%M%9$O!"$"$j$($^$;$s!*!#(B $B!!>/$J$$;qK\$K$O>/$J$$;qK\$N%S%8%M%9$,$"$k$N$G$9!#(B $B$=$s$J;v6H7W2h(B $B!J4k2h!&(B $B!!AO0F=q!K$N:n@.$rC4Ev$7$F$*$j$^$9!#(B $B!!!!!!!!!!!!!!!!!!!!!!!!!!!!%Y%s%A%c!R2p=j!)![(B $B!!!!=i:'!&:F:'$rLd$o$:!"C/$+NI$$?M$$$J$$$+$J!A!#$=$s$JJ}$O5o$^$;$s$+!)!#(B $B8f2HB2$dM'?M$NJ}$G!"7k:'$K1o$NL5$$J}$,5o$k>l9g!"Kt!"8=:_!V7k:'AjCL=j!W$K(B $B9b3[$JHqMQ$rG<$a!"EPO?$r$7$F$$$kJ}$G!":#%@!"AjpIT0B!!!}!&ITL@?M!"2H=P?M!"F1Ak@8!"Ey$ND4::!!!}!&EpD04o$NH/8+(B $B!!!}!&:[H=!"$=$NB>$N0Y$NZ5r<}=8!"FbDe(B $B!!!}!&8D?M!"K!?M!"CDBN$N?.MQ!"8[MQ!"?M;vD4::!!!}!&;T>lD4::!">pJs%j%5!<%A(B $B!!!}!&%j%9%/2sHr$N0Y$N$"$i$f$kD4::!!!}!&%9%H!<%+!e#57o$N%[!<%`%Z!<%8$H#17o$ND4::2qR2p$r$5$;$FD:$-$^$7$?!#(B *************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 18 11:11:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id B28CF37B4FE for ; Wed, 18 Oct 2000 11:11:14 -0700 (PDT) Received: from 98wkst ([10.10.1.71]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id OAA17808 for ; Wed, 18 Oct 2000 14:15:27 -0400 Reply-To: From: "Peter Brezny" To: Subject: natd/ipfw and mpd-netgraph for VPN question Date: Wed, 18 Oct 2000 14:11:21 -0400 Message-ID: <000901c0392e$d23150a0$47010a0a@fire.sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org suppose i've got two offices at different locations, each with a cable modem or other 'fast' access using mpd-netgraph on a 4.1 box to create a vpn between them. each office uses their connection to go to the internet as well. Now i need to firewall each connection to the internet. Will natd/ipfw be able to play nice with mpd-netgraph? the natd man page says that options IPFIREWALL options IPDIVERT must be compiled into the kernel however just the line firewall_enable="YES" aparently starts a kernel module for ipfw...is that line in rc.conf enough or does natd really require a recompiled kernel? and finally, would i be better off with a package like SOCKS5 instead of natd/ipfw and would it get along as well with mpd-netgraph? Thanks for your help. Peter Brezny SysAdmin Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 9:43:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from server.osny.com.br (osny.com.br [200.215.110.57]) by hub.freebsd.org (Postfix) with ESMTP id 31E7737B4D7 for ; Thu, 19 Oct 2000 09:43:41 -0700 (PDT) Received: from osny.com.br ([172.20.185.22]) by server.osny.com.br (8.10.1/8.10.1) with ESMTP id e9JGjGh01153 for ; Thu, 19 Oct 2000 14:45:19 -0200 (EDT) Message-ID: <39EF0A35.6A86DEF7@osny.com.br> Date: Thu, 19 Oct 2000 14:50:30 +0000 From: Michelangelo Pisa Organization: Agencia Maritima Osny X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Filtrando atach Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ola! Meu server esta usando o Procmail como mail local e esta configurado o arquivo .procmailrc para a filtragen de atachados Se alguem me envia uma mensagem em texto ela chega bem , mais qdo e enviado qualquer atach ela nao chega fica no server , mesmo que este atach nao conste no POISONED nem no MAILER_EXTENSIONS, o que seria problema no meu html-trap.procmail. Ai vai o meu .procmailrc: DROPPRIVS=YES LOGFILE=/var/log/infectado.log PATH="/usr/bin:$PATH" SHELL=/bin/sh POISONED_EXECUTABLES=/etc/procmail/poisoned SECURITY_NOTIFY="postmaster, security-dude" SECURITY_NOTIFY_VERBOSE="Virus Encontrado" SECURITY_NOTIFY_SENDER="Anti-Virus" SECURITY_QUARANTINE=/var/spool/mail/security POISONED_SCORE=100 SCORE_HISTORY=/var/log/marco-scanner-scores SECRET="CHANGE THIS" INCLUDERC=/etc/procmail/html-trap.procmail POISONED_EXECUTABLES= SECURITY_NOTIFY= SECURITY_NOTIFY_SENDER= SECURITY_QUARANTINE= SECRET= -- Agencia Marítima Osny LTDA Mica's Michelangelo Pisa Administrador de Sistemas e Flamenguista E-mail: michelangelo@osny.com.br Fone: (0xx47) 348 2800 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 9:50:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id C8C9737B4CF for ; Thu, 19 Oct 2000 09:50:32 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id QAA07589; Thu, 19 Oct 2000 16:44:35 GMT Date: Thu, 19 Oct 2000 16:44:34 +0000 (GMT) From: ALAOUI EL HASSANI ALI <961BE653994@stud.alakhawayn.ma> To: Michelangelo Pisa Cc: freebsd-security@FreeBSD.ORG Subject: Re: Filtrando atach In-Reply-To: <39EF0A35.6A86DEF7@osny.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org can you pls write in english or in frensh Ali On Thu, 19 Oct 2000, Michelangelo Pisa wrote: > Ola! >=20 > Meu server esta usando o Procmail como mail local e esta configurado o > arquivo .procmailrc para a filtragen de atachados > Se alguem me envia uma mensagem em texto ela chega bem , mais qdo e > enviado qualquer atach ela nao chega > fica no server , mesmo que este atach nao conste no POISONED nem no > MAILER_EXTENSIONS, o que seria problema no meu html-trap.procmail. Ai > vai o meu .procmailrc: >=20 >=20 > DROPPRIVS=3DYES > LOGFILE=3D/var/log/infectado.log > PATH=3D"/usr/bin:$PATH" > SHELL=3D/bin/sh > POISONED_EXECUTABLES=3D/etc/procmail/poisoned > SECURITY_NOTIFY=3D"postmaster, security-dude" > SECURITY_NOTIFY_VERBOSE=3D"Virus Encontrado" > SECURITY_NOTIFY_SENDER=3D"Anti-Virus" > SECURITY_QUARANTINE=3D/var/spool/mail/security > POISONED_SCORE=3D100 > SCORE_HISTORY=3D/var/log/marco-scanner-scores > SECRET=3D"CHANGE THIS" > INCLUDERC=3D/etc/procmail/html-trap.procmail > POISONED_EXECUTABLES=3D > SECURITY_NOTIFY=3D > SECURITY_NOTIFY_SENDER=3D > SECURITY_QUARANTINE=3D > SECRET=3D >=20 >=20 >=20 > -- > Agencia Mar=EDtima Osny LTDA > Mica's > Michelangelo Pisa > Administrador de Sistemas e Flamenguista > E-mail: michelangelo@osny.com.br > Fone: (0xx47) 348 2800 >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 10: 0: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from server.osny.com.br (osny.com.br [200.215.110.57]) by hub.freebsd.org (Postfix) with ESMTP id 1DCE837B4C5 for ; Thu, 19 Oct 2000 09:59:55 -0700 (PDT) Received: from osny.com.br ([172.20.185.22]) by server.osny.com.br (8.10.1/8.10.1) with ESMTP id e9JH1ih01242 for ; Thu, 19 Oct 2000 15:01:44 -0200 (EDT) Message-ID: <39EF0E10.EE54148@osny.com.br> Date: Thu, 19 Oct 2000 15:06:56 +0000 From: Michelangelo Pisa Organization: Agencia Maritima Osny X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: Filtrando atach References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry!! it was to the portuguese mail-list I be wrong :) Here's I like to know if has some problem with my .procmailrc file, because I use the procmail to filter my mail When somebody send to me a message in text everything ok, but with atach it don't come to me, and don't stay in the server. I don't know maybe the file html-trap.procmail it's wrong? this is the file: #/home/user/.procmailrc DROPPRIVS=YES LOGFILE=/var/log/infectado.log PATH="/usr/bin:$PATH" SHELL=/bin/sh POISONED_EXECUTABLES=/etc/procmail/poisoned SECURITY_NOTIFY="postmaster, security-dude" SECURITY_NOTIFY_VERBOSE="Virus Encontrado" SECURITY_NOTIFY_SENDER="Anti-Virus" SECURITY_QUARANTINE=/var/spool/mail/security POISONED_SCORE=100 SCORE_HISTORY=/var/log/marco-scanner-scores SECRET="CHANGE THIS" INCLUDERC=/etc/procmail/html-trap.procmail POISONED_EXECUTABLES= SECURITY_NOTIFY= SECURITY_NOTIFY_SENDER= SECURITY_QUARANTINE= SECRET= thanks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 10:25:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from mitra.pgt.mpt.gov.br (cache.pgt.mpt.gov.br [200.236.82.236]) by hub.freebsd.org (Postfix) with SMTP id 9525B37B479 for ; Thu, 19 Oct 2000 10:25:44 -0700 (PDT) Received: from support (support.pgt.mpt.gov.br [200.236.82.2]) by cache.pgt.mpt.gov.br (8.8.8/8.8.8) with SMTP id PAA16312 for ; Thu, 19 Oct 2000 15:26:06 -0200 (BRST) (envelope-from cotta@cotta.eti.br) Message-ID: <005801c039f1$94fd3e60$0252ecc8@pgt.mpt.gov.br> Reply-To: "Lucas Cotta" From: "Lucas Cotta" To: Subject: I need Help on filter of E-mail! Date: Thu, 19 Oct 2000 15:24:58 -0200 Organization: =?iso-8859-1?Q?Consultor_em_Tecnologia_da_Informa=E7=E3o?= MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I need to filter the E-mail's that arrive to the Server and that contain enclosed executable files. Can they aid me? He would not like to use ProcMail or thing like this. He would like to Use an external script working with the sendmail. Does anybody know about something? Thanks Lucas Cotta Consultor cotta@cotta.eti.br To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 10:30:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id 8AD5F37B4E5 for ; Thu, 19 Oct 2000 10:30:25 -0700 (PDT) Received: from localhost (jus@localhost) by athena.za.net (8.9.3/8.9.3) with ESMTP id RAA12963; Thu, 19 Oct 2000 17:31:12 GMT (envelope-from jus@security.za.net) X-Authentication-Warning: athena.za.net: jus owned process doing -bs Date: Thu, 19 Oct 2000 19:30:32 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: Lucas Cotta Cc: freebsd-security@FreeBSD.ORG Subject: Re: I need Help on filter of E-mail! In-Reply-To: <005801c039f1$94fd3e60$0252ecc8@pgt.mpt.gov.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Inflex can do this. Check www.inflex.co.za. -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Thu, 19 Oct 2000, Lucas Cotta wrote: > I need to filter the E-mail's that arrive to the Server and that contain > enclosed executable files. Can they aid me? He would not like to use > ProcMail or thing like this. He would like to Use an external script working > with the sendmail. Does anybody know about something? > > Thanks > > Lucas Cotta > Consultor > cotta@cotta.eti.br > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 10:37:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E5D1637B479 for ; Thu, 19 Oct 2000 10:37:24 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id OAA66913; Thu, 19 Oct 2000 14:37:48 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010191737.OAA66913@ns1.via-net-works.net.ar> Subject: Re: I need Help on filter of E-mail! In-Reply-To: <005801c039f1$94fd3e60$0252ecc8@pgt.mpt.gov.br> "from Lucas Cotta at Oct 19, 2000 03:24:58 pm" To: Lucas Cotta Date: Thu, 19 Oct 2000 14:37:48 -0300 (ART) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Take a look at freashmeat.org. There are some anti virus solutions that work like this. Good luck! En un mensaje anterior, Lucas Cotta escribió: > I need to filter the E-mail's that arrive to the Server and that contain > enclosed executable files. Can they aid me? He would not like to use > ProcMail or thing like this. He would like to Use an external script working > with the sendmail. Does anybody know about something? > > Thanks Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 11:29:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from mitra.pgt.mpt.gov.br (cache.pgt.mpt.gov.br [200.236.82.236]) by hub.freebsd.org (Postfix) with SMTP id A182737B4C5 for ; Thu, 19 Oct 2000 11:29:52 -0700 (PDT) Received: from support (support.pgt.mpt.gov.br [200.236.82.2]) by cache.pgt.mpt.gov.br (8.8.8/8.8.8) with SMTP id QAA16506 for ; Thu, 19 Oct 2000 16:30:24 -0200 (BRST) (envelope-from cotta@cotta.eti.br) Message-ID: <004301c039fa$900619a0$0252ecc8@pgt.mpt.gov.br> Reply-To: "Lucas Cotta" From: "Lucas Cotta" To: References: Subject: Re: I need Help on filter of E-mail! Date: Thu, 19 Oct 2000 16:29:37 -0200 Organization: =?iso-8859-1?Q?Consultor_em_Tecnologia_da_Informa=E7=E3o?= MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In first place Thank you for the Suggestions. I will test Inflex. A question: Do you know Amavis? Does Inflex Work in the same way? Do you know some software of public domain or freeware to use with FreeBSD to look for virus I can put in operation with one of these filters? Thanks !! Lucas Cotta Consultor cotta@cotta.eti.br ----- Original Message ----- From: Justin Stanford To: Lucas Cotta Cc: Sent: Thursday, October 19, 2000 3:30 PM Subject: Re: I need Help on filter of E-mail! > Inflex can do this. Check www.inflex.co.za. > > -- > Justin Stanford > 082 7402741 > jus@security.za.net > www.security.za.net > IT Security and Solutions > > > On Thu, 19 Oct 2000, Lucas Cotta wrote: > > > I need to filter the E-mail's that arrive to the Server and that contain > > enclosed executable files. Can they aid me? He would not like to use > > ProcMail or thing like this. He would like to Use an external script working > > with the sendmail. Does anybody know about something? > > > > Thanks > > > > Lucas Cotta > > Consultor > > cotta@cotta.eti.br > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 11:39:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id BE90037B4CF for ; Thu, 19 Oct 2000 11:39:41 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id DCBFF6A903 for ; Thu, 19 Oct 2000 20:39:39 +0200 (CEST) Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP (SMTPD32-6.04) id A13295250054; Thu, 19 Oct 2000 20:45:06 +0200 Message-Id: <5.0.0.25.0.20001019203819.02956eb0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Thu, 19 Oct 2000 20:39:52 +0200 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: I need Help on filter of E-mail! In-Reply-To: <004301c039fa$900619a0$0252ecc8@pgt.mpt.gov.br> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >In first place Thank you for the Suggestions. I will test Inflex. A >question: Do you know Amavis? Does Inflex Work in the same way? Do you know >some software of public domain or freeware to use with FreeBSD to look for >virus I can put in operation with one of these filters? amavis-PERL7 an soon -PERL8 work with postifix and www.KasperskyLab.com US$99 FreeBSD scanning daemon to make a pretty fine unlimited scanning box. Len http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4 http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 16:13:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 208A237B4C5 for ; Thu, 19 Oct 2000 16:13:11 -0700 (PDT) Received: from 98wkst ([10.10.1.71]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id TAA22480 for ; Thu, 19 Oct 2000 19:13:12 -0400 Reply-To: From: "Peter Brezny" To: Subject: rc.firewall rule question. Date: Thu, 19 Oct 2000 19:13:17 -0400 Message-ID: <000c01c03a22$2acab280$47010a0a@fire.sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org on a 4.1 box i've confirmed ipfw/nat working using a simplified rule script. however, when i use the default rc.firewall script (modified for my machine) using the 'simple' parameter designed to protect a network and allow nat, my internal private network (10.90.1.0) doesn't work (i know could i be more specific...). i've added ${fwcmd} add allow icmp from any to any at the next to the last entry of the ruleset to help with diagnosis. when I comment out the line ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} it still doesn't work, however when i comment out the line ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} i can ping to external domains. I guess my big question is, does this script actually allow private internal domains to reach the outside world when properly configured? Has anyone gotten this script to work properly. Thanks in advance. Peter Brezny SysAdmin Services, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 18:57:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26]) by hub.freebsd.org (Postfix) with ESMTP id CA9E937B4E5 for ; Thu, 19 Oct 2000 18:57:14 -0700 (PDT) Received: from curve.dellroad.org (curve.dellroad.org [10.1.1.30]) by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id SAA11679; Thu, 19 Oct 2000 18:57:14 -0700 (PDT) Received: (from archie@localhost) by curve.dellroad.org (8.11.0/8.11.0) id e9K1vDD57363; Thu, 19 Oct 2000 18:57:13 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200010200157.e9K1vDD57363@curve.dellroad.org> Subject: Re: natd/ipfw and mpd-netgraph for VPN question In-Reply-To: <000901c0392e$d23150a0$47010a0a@fire.sysadmininc.com> "from Peter Brezny at Oct 18, 2000 02:11:21 pm" To: peter@sysadmin-inc.com Date: Thu, 19 Oct 2000 18:57:13 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peter Brezny writes: [ Charset ISO-8859-1 unsupported, converting... ] > suppose i've got two offices at different locations, each with a cable modem > or other 'fast' access using mpd-netgraph on a 4.1 box to create a vpn > between them. each office uses their connection to go to the internet as > well. > > Now i need to firewall each connection to the internet. Will natd/ipfw be > able to play nice with mpd-netgraph? > > the natd man page says that > > options IPFIREWALL > options IPDIVERT > > must be compiled into the kernel however just the line > > firewall_enable="YES" > > aparently starts a kernel module for ipfw...is that line in rc.conf enough > or does natd really require a recompiled kernel? > > and finally, would i be better off with a package like SOCKS5 instead of > natd/ipfw and would it get along as well with mpd-netgraph? Should work fine.. just make sure you allow TCP port 1723 and IP proto #47 to reach mpd. -Archie ___________________________________________________________________________ Archie Cobbs * Packet Design, Inc. * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 22:19: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id B9B2837B4D7 for ; Thu, 19 Oct 2000 22:18:57 -0700 (PDT) Received: from localhost (jus@localhost) by athena.za.net (8.9.3/8.9.3) with ESMTP id FAA13866; Fri, 20 Oct 2000 05:20:07 GMT (envelope-from jus@security.za.net) X-Authentication-Warning: athena.za.net: jus owned process doing -bs Date: Fri, 20 Oct 2000 07:19:51 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: Lucas Cotta Cc: freebsd-security@FreeBSD.ORG Subject: Re: I need Help on filter of E-mail! In-Reply-To: <004301c039fa$900619a0$0252ecc8@pgt.mpt.gov.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Inflex is a more functional program similar to amavis. It can do full virus checking using an external virus checker (including attachments) aswell as filtering by content/type. -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Thu, 19 Oct 2000, Lucas Cotta wrote: > In first place Thank you for the Suggestions. I will test Inflex. A > question: Do you know Amavis? Does Inflex Work in the same way? Do you know > some software of public domain or freeware to use with FreeBSD to look for > virus I can put in operation with one of these filters? > > Thanks !! > > Lucas Cotta > Consultor > cotta@cotta.eti.br > > ----- Original Message ----- > From: Justin Stanford > To: Lucas Cotta > Cc: > Sent: Thursday, October 19, 2000 3:30 PM > Subject: Re: I need Help on filter of E-mail! > > > > Inflex can do this. Check www.inflex.co.za. > > > > -- > > Justin Stanford > > 082 7402741 > > jus@security.za.net > > www.security.za.net > > IT Security and Solutions > > > > > > On Thu, 19 Oct 2000, Lucas Cotta wrote: > > > > > I need to filter the E-mail's that arrive to the Server and that > contain > > > enclosed executable files. Can they aid me? He would not like to use > > > ProcMail or thing like this. He would like to Use an external script > working > > > with the sendmail. Does anybody know about something? > > > > > > Thanks > > > > > > Lucas Cotta > > > Consultor > > > cotta@cotta.eti.br > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 22:42:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id AB1CC37B4C5 for ; Thu, 19 Oct 2000 22:42:45 -0700 (PDT) Received: from chimp (fcage [192.168.0.2]) by cage.simianscience.com (8.11.1/8.9.3) with ESMTP id e9K5hV304017 for ; Fri, 20 Oct 2000 01:43:32 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20001020013715.049e8a70@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 20 Oct 2000 01:42:43 -0400 To: security@freebsd.org From: Mike Tancsa Subject: next KAME integration into STABLE ? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been working with IPSEC and was going to try and get x509 certs working. However, according to the KAME site, this is not possible unless your KAME is from Sept or later. Are there any plans to roll a later KAME snapshot into FreeBSD before 4.2 ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 19 23:52:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 61A6B37B4C5 for ; Thu, 19 Oct 2000 23:52:35 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id XAA42070; Thu, 19 Oct 2000 23:54:07 -0700 (PDT) Date: Thu, 19 Oct 2000 23:54:07 -0700 From: Kris Kennaway To: Mike Tancsa Cc: security@FreeBSD.ORG Subject: Re: next KAME integration into STABLE ? Message-ID: <20001019235407.A42026@citusc17.usc.edu> References: <4.2.2.20001020013715.049e8a70@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.2.2.20001020013715.049e8a70@mail.sentex.net>; from mike@sentex.net on Fri, Oct 20, 2000 at 01:42:43AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 20, 2000 at 01:42:43AM -0400, Mike Tancsa wrote: > > I have been working with IPSEC and was going to try and get x509 certs > working. However, according to the KAME site, this is not possible unless > your KAME is from Sept or later. Are there any plans to roll a later KAME > snapshot into FreeBSD before 4.2 ? I have no immediate plans to do this..I took a look at updating some of the ipsec stuff for AES, but it was pretty hard to figure out from the KAME commit logs which changes are relevant. Perhaps Itojun or one of the other KAME committers have plans to do this. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 20 2:20:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id B5A8C37B4D7 for ; Fri, 20 Oct 2000 02:20:43 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id JAA11280; Fri, 20 Oct 2000 09:20:26 GMT Message-ID: <39F00E59.53ABB11D@algroup.co.uk> Date: Fri, 20 Oct 2000 10:20:25 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: peter@sysadmin-inc.com Cc: freebsd-security@freebsd.org Subject: Re: rc.firewall rule question. References: <000c01c03a22$2acab280$47010a0a@fire.sysadmininc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peter Brezny wrote: > > on a 4.1 box i've confirmed ipfw/nat working using a simplified rule script. > > however, when i use the default rc.firewall script (modified for my machine) > using the 'simple' parameter designed to protect a network and allow nat, my > internal private network (10.90.1.0) doesn't work (i know could i be more > specific...). > > i've added > > ${fwcmd} add allow icmp from any to any > > at the next to the last entry of the ruleset to help with diagnosis. > > when I comment out the line > > ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} > > it still doesn't work, however when i comment out the line > > ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} > > i can ping to external domains. > > I guess my big question is, does this script actually allow private internal > domains to reach the outside world when properly configured? > > Has anyone gotten this script to work properly. Not out of box. You need to put your allow rules before the RFC1918 rules if you're doing NAT. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 20 23:13:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from aussie.org (hallam.lnk.telstra.net [139.130.54.166]) by hub.freebsd.org (Postfix) with ESMTP id 6880737B4D7 for ; Fri, 20 Oct 2000 23:13:48 -0700 (PDT) Received: from frankenputer (frankenputer [172.29.58.2]) by aussie.org (8.11.1/8.9.3) with SMTP id e9L6DhI27001 for ; Sat, 21 Oct 2000 17:13:45 +1100 (EST) Message-ID: <007701c03b26$10c42560$023a1dac@dsat.net.au> Reply-To: "Chris" From: "Chris" To: Subject: Unexpected ICMP messages - is someone spoofing my subnet? Date: Sat, 21 Oct 2000 17:13:40 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Recently I have noticed a lot of attention being paid (attempted TCP connections at port 137) to a particular IP address inside my class C subnet. This was over and above the normal subnet scans I get to the entire range. I have had this subnet for about four years and have never at any time had anything at that IP address. So, I modified my ipfw setup to log any IP data that come in for any unused address (in the past I tended to ignore ICMP at those addresses without logging). What I have seen surprises and to an extent perplexes me, so I'm writing to see if there is a rational explanation for it. Basically, I am getting perhaps 50 or 100 ICMP messages per day for a number (more than 30) of IP addresses that have never at any time been used by me. I am not referring to echo requests - those I could under- stand. These messages are typically either 'destination unreachable' or occasionally 'time exceeded' (almost always the former). The senders vary widely but tend to come in groups ; that is, I'll get a batch of ICMP messages from a single host (or two closely related hosts) that are sent to a number of different IP addresses within my net, usually within a short time span. I have verified that nothing is going out of my network using those IP addresses. Given that 'host unreachable' messages imply that the remote system in question has received a packet from one of my IP addresses, which it rejected and then attempted to tell me about, it would seem that either someone is spoofing my subnet, or someone is using my subnet internally even though it's not assigned to them. In that case, I'd expect to see OTHER data coming in to it - but to a great extent I don't (apart from the normal probes that we all seem to get from script kiddiez). Additionally, I don't see what benefit that someone would gain from spoofing my subnet unless they had the ability to grab the data being routed back or they're performing DOS attacks. In the former case I would not expect to receive any ICMP at all, and in the latter, I'd expect to see a lot more data than what I have seen. Has anyone got any particular suggestions as to either the cause of this, and/or as to how I may get to the bottom of it ? regards, -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 21 3: 5:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from des.thinksec.com (isdn-25.follo.net [195.204.140.114]) by hub.freebsd.org (Postfix) with ESMTP id 694C837B4C5 for ; Sat, 21 Oct 2000 03:05:15 -0700 (PDT) Received: (from des@localhost) by des.thinksec.com (8.11.1/8.11.1) id e9LA4pP31771; Sat, 21 Oct 2000 12:04:51 +0200 (CEST) (envelope-from des@thinksec.com) X-URL: http://www.ofug.org/~des/ To: "Chris" Cc: Subject: Re: Unexpected ICMP messages - is someone spoofing my subnet? References: <007701c03b26$10c42560$023a1dac@dsat.net.au> From: Dag-Erling Smorgrav Date: 21 Oct 2000 12:04:51 +0200 In-Reply-To: "Chris"'s message of "Sat, 21 Oct 2000 17:13:40 +1100" Message-ID: Lines: 13 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Chris" writes: > Basically, I am getting perhaps 50 or 100 ICMP messages per day for a > number (more than 30) of IP addresses that have never at any time been > used by me. Somebody is running a DOS attack with spoofed source addresses, with a different address for every packet (router meltdown...) What you're seeing is the victim replying to spoofed packets that happen to have one of your IPs as source address. DES --=20 Dag-Erling Sm=F8rgrav - des@thinksec.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message