From owner-freebsd-security Sun Oct 7 0:42:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp4.cluster.oleane.net (smtp4.cluster.oleane.net [195.25.12.62]) by hub.freebsd.org (Postfix) with ESMTP id 8FAFB37B405 for ; Sun, 7 Oct 2001 00:42:41 -0700 (PDT) Received: from diabolic-cow.chatgris.net (dyn-1-1-011.Orl.dialup.oleane.fr [195.25.26.11]) by smtp4.cluster.oleane.net with ESMTP id f977gcZ45618 for ; Sun, 7 Oct 2001 09:42:39 +0200 (CEST) Received: by diabolic-cow.chatgris.net (Postfix, from userid 1000) id 9A19D42D; Sun, 7 Oct 2001 09:42:41 +0200 (CEST) Date: Sun, 7 Oct 2001 09:42:41 +0200 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= To: freebsd-security@freebsd.org Subject: Re: Amavis + Linux scanners Message-ID: <20011007094241.A62103@diabolic-cow.chatgris.net> References: <20011006004613.B1992@madcap.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20011006004613.B1992@madcap.dyndns.org>; from ngps@post1.com on Sat, Oct 06, 2001 at 12:46:14AM +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Oct 06, 2001 at 12:46:14AM +0800, Ng Pheng Siong wrote: > Hi, > > I'm looking at running Amavis with Postfix. The Amavis site pointed to > several scanner products which predictably offer Linux but not FreeBSD > versions. > > Has anyone run Amavis on FreeBSD with Linux scanners? Any caveats, gotchas, > better option? http://www.ravantivirus.com/ Native antivirus software for Linux, FreeBSD & OpenBSD (NetBSD in beta). Plugs nicely into Postfix (using the content-filter mechanism), sendmail (via milter), qmail and communigate pro. You don't need Amavis with RAV. I'm not affiliated with them, besides being a very happy customer :) -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 7 5:19:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id A698537B403 for ; Sun, 7 Oct 2001 05:19:20 -0700 (PDT) Received: from blossom.cjclark.org (dialup-209.245.131.25.Dial1.SanJose1.Level3.net [209.245.131.25]) by gull.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id FAA19029; Sun, 7 Oct 2001 05:19:12 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.3) id f96NgPs01383; Sat, 6 Oct 2001 16:42:25 -0700 (PDT) (envelope-from cjc) Date: Sat, 6 Oct 2001 16:42:25 -0700 From: "Crist J. Clark" To: D J Hawkey Jr Cc: Alexander Langer , deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20011006164225.B350@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> <20011006094650.A19631@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011006094650.A19631@sheol.localdomain>; from hawkeyd@visi.com on Sat, Oct 06, 2001 at 09:46:50AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Oct 06, 2001 at 09:46:50AM -0500, D J Hawkey Jr wrote: > Hello, Christ, > > On Oct 04, at 02:30 AM, Crist J. Clark wrote: > > > > [SNIP] > > > > I went in and made a very simple kernel-build option which disables > > the use of kldload(2) (and kldunload(2)) at all times. This is not as > > good as raising securelevel(8) since root can still write to > > /dev/mem. However, a lot of people in this thread still seem to want > > this ability. Since you can still write to /dev/mem, it is only raises > > the bar a bit for an attacker. But it does raise the bar enough to > > possibly foil a skr1pt k1ddi3 or two. > > Hey, thanks. I for one appreciate this hack. One Q though: Is there a > config flag to link the screen-saver to the kernel? I can't seem to find > it. # Splash screen at start up! Screen savers require this too. pseudo-device splash -- Crist J. Clark cjclark@alum.mit.edu cjclark@jhu.edu cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 7 5:27:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id EEA1F37B408 for ; Sun, 7 Oct 2001 05:27:15 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id B87182DDCFD; Sun, 7 Oct 2001 07:27:14 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id f97CQhW25480; Sun, 7 Oct 2001 07:26:43 -0500 (CDT) (envelope-from hawkeyd) Date: Sun, 7 Oct 2001 07:26:43 -0500 From: D J Hawkey Jr To: cjclark@alum.mit.edu Cc: Alexander Langer , deepak@ai.net, freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits Message-ID: <20011007072643.A25464@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> <20011006094650.A19631@sheol.localdomain> <20011006164225.B350@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011006164225.B350@blossom.cjclark.org>; from cristjc@earthlink.net on Sat, Oct 06, 2001 at 04:42:25PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Oct 06, at 04:42 PM, Crist J. Clark wrote: > > On Sat, Oct 06, 2001 at 09:46:50AM -0500, D J Hawkey Jr wrote: > > Hello, Christ, > > > > Hey, thanks. I for one appreciate this hack. One Q though: Is there a > > config flag to link the screen-saver to the kernel? I can't seem to find > > it. > > # Splash screen at start up! Screen savers require this too. > pseudo-device splash Oh, yeah, this I have. However, [sheol] /usr/home/hawkeyd$ kldstat Id Refs Address Size Name 1 2 0xc0100000 28a868 kernel 2 1 0xc0af6000 2000 blank_saver.ko It seems that the pseudo-device doesn't actually link the saver into the kernel, but just some sort of interface layer? If I'm right, with your patch, I'd have that layer, but no screen saver? > Crist J. Clark Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 7 7: 4:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp.wp.pl (smtp.wp.pl [212.77.101.161]) by hub.freebsd.org (Postfix) with SMTP id 3A53237B408 for ; Sun, 7 Oct 2001 07:04:19 -0700 (PDT) Received: (WP-smtpd 27536 invoked from network); 7 Oct 2001 14:04:17 -0000 Received: from unknown (HELO paszczak) ([213.76.36.153]) (envelope-sender ) by smtp.wp.pl (WP-smtpd) with SMTP for ; 7 Oct 2001 14:04:08 -0000 Message-ID: <025501c14f38$f01bc840$b8284cd5@paszczak> Reply-To: "Rolnik Paszczak" From: "Rolnik Paszczak" To: =?iso-8859-2?B?UG9ncm9tY3kgr2Fys29jem55Y2ggQnVyYWvzdw==?= Subject: =?iso-8859-2?Q?UWAGA_=AFar=B3oczny_Burak_atakuje!!!!!?= Date: Sun, 7 Oct 2001 15:51:45 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Żarłoczny Burak - Dawno temu (lata osiemdziesąte) uciekł z roli pewnemu farmerowi (niejakiemu Paszczakowi) i jakimś cudem dostał się do komputera jego sąsiada; od lat sieje spustoszenie na polskich dyskach twardych i nie tylko. Tak naprawdę to zjedzenie milinów MB danych spowodowanych rzekomo atakami Michal Angelo, CIH, I love U itp. to jego sprawka. Rozmnaża się w zastraszającym tempie. Część przedstawicieli jego gatunku została zmutowana podczas wybuchu elektrowni w Czarnobylu - to on spowodował eksplozję (!)- Był przecież obecny w komputerach sterujących pracą reaktorów. Jego gatunek przeewoluował w kilka innych gatunków i odmian. Niektórzy klonowali go. To właśnie jego obawiają się użytkownicy komputerów domowych i administratorzy sieci! Wirusy nie istnieją! - to wszystko sprawka Żarłocznych Buraków!!! Jak zaradzić niebezpieczeństwu. Jest tylko jeden sposób: BURAK MUSI WRÓCIĆ NA ROLĘ!!!! - TAM GDZIE JEGO MIEJSCE. Dlatego prześlij go wraz z tą instrukcją postępowania do jak największej ilości osób. Może wreszcie burak trafi do odpowiedniej osoby, która okaże się doskonałym rolinikiem i wsadzi go ponownie do gruntu... Jeśli nie potrafisz sobie z nim poradzić wyślij go jak najszybciej. W innym wybadku może on spowodowac Tobie nieodwracalne szkody!!!! A oto adres rolnika Paszczaka: Rolnik.Paszczak@poczta.fm Jeśli uda Ci się uporać z groźnym Żarłocznym Burakiem poinformuj go o tym, a wkrótce Twoja metoda uporanie się z Burakiem zostanie umieszczona na jego stronie: www.Rolnik.Paszczak.prv.pl lub www.ZarlocznyBurak.prv.pl Jesteśmy wdzięczni za okazaną pomoc... Rolnik Paszczak i Zespół ds Zwalczania Żarłocznych Buraków A oto Żarłoczny Burak: /\ /\ _ /\ \ \ / / / /\ \ \ \ \ / / / /\ \ \ \ | | | / / / V \ | / / \ | / ./ ____\|/ /_____ / (o) (o) \ / \ | /\/\/\/\/\/\/\/\/\/\/\/\/\ | | \/\/\/\/\/\/\/\/\/\/\/\/\/ | \ / \ / \ / \ / \ / ///|\\ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 7 21: 6: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id C4DB037B403 for ; Sun, 7 Oct 2001 21:05:58 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f9845s529810; Mon, 8 Oct 2001 00:05:54 -0400 (EDT) (envelope-from wollman) Date: Mon, 8 Oct 2001 00:05:54 -0400 (EDT) From: Garrett Wollman Message-Id: <200110080405.f9845s529810@khavrinen.lcs.mit.edu> To: Dag-Erling Smorgrav Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kernel-loadable Root Kits In-Reply-To: References: <200109081052.f88AqRG30016@sheol.localdomain> <20010908141700.A53738@fump.kawo2.rwth-aachen.de> <20010908072542.A57605@sheol.localdomain> <20010908143231.A53801@fump.kawo2.rwth-aachen.de> <20010908074445.A77252@sheol.localdomain> <20010908181537.A840@ringworld.oblivion.bg> <20010908102816.B77764@sheol.localdomain> <20010908183728.D840@ringworld.oblivion.bg> <20010908105308.A78138@sheol.localdomain> <20011004023034.U8391@blossom.cjclark.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > "Crist J. Clark" writes: >> I went in and made a very simple kernel-build option which disables >> the use of kldload(2) (and kldunload(2)) at all times. > # vi /boot/loader.conf > # shutdown -r now That's OK -- most people would notice if their machine ``spontaneously'' rebooted. This isn't Windows, after all. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 6: 7:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from n18.groups.yahoo.com (n18.groups.yahoo.com [216.115.96.68]) by hub.freebsd.org (Postfix) with SMTP id 060A537B405 for ; Mon, 8 Oct 2001 06:07:44 -0700 (PDT) X-eGroups-Return: notify-return-freebsd-security=FreeBSD.ORG@yahoogroups.com Received: from [10.1.2.91] by n18.groups.yahoo.com with NNFMP; 08 Oct 2001 13:07:43 -0000 Date: 8 Oct 2001 13:07:40 -0000 Message-ID: <1002546460.8493.43375.w74@yahoogroups.com> From: Burak Moderator Reply-To: Burak-unsubscribe@yahoogroups.com To: freebsd-security@FreeBSD.ORG Subject: Welcome to the Burak group MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I've added you to my Burak group at Yahoo! Groups, a free, easy-to-use email group service. As a member of this group, you may send messages to the entire group using just one email address: Burak@yahoogroups.com. Yahoo! Groups also makes it easy to store photos and files, coordinate events, and more. Here's a description of the group: ------------------------------------------------------------------------ Burak ------------------------------------------------------------------------ Here's my introductory message for you: ------------------------------------------------------------------------ . ------------------------------------------------------------------------ TO START SENDING messages to members of this group, simply send email to Burak@yahoogroups.com If you do not wish to belong to the Burak group, you can unsubscribe by replying to this message, or by sending an email to Burak-unsubscribe@yahoogroups.com Regards, Moderator, Burak SPECIAL NOTE FROM Yahoo! Groups: Because Yahoo! Groups values your privacy, it is a violation of our service rules for moderators to add subscribers to a group against their wishes. If you feel this has happened, please notify us at abuse@yahoogroups.com P.S. If you would like to learn more about the Burak group, please visit http://groups.yahoo.com/group/Burak Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 6:13:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from n15.groups.yahoo.com (n15.groups.yahoo.com [216.115.96.65]) by hub.freebsd.org (Postfix) with SMTP id E539337B401 for ; Mon, 8 Oct 2001 06:13:15 -0700 (PDT) X-eGroups-Return: confirm-return-freebsd-security=FreeBSD.ORG@yahoogroups.com Received: from [10.1.4.55] by n15.groups.yahoo.com with NNFMP; 08 Oct 2001 13:13:15 -0000 Received: (qmail 59037 invoked by uid 7800); 8 Oct 2001 13:13:14 -0000 Date: 8 Oct 2001 13:13:14 -0000 Message-ID: <1002546794.483.59025.m11@yahoogroups.com> From: Yahoo!Groups Notification Reply-To: confirm-unsub-_Xlq7g7tyzRONsejq9n9MCi5tWQ@yahoogroups.com To: freebsd-security@FreeBSD.ORG Subject: Please reply to unsubscribe from Burak MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, We have received a request from you to unsubscribe from the Burak group. Please confirm your request by replying to this message. If you do not wish to unsubscribe from Burak, please ignore this message. Regards, Yahoo! Groups Customer Care Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 6:14:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from n26.groups.yahoo.com (n26.groups.yahoo.com [216.115.96.76]) by hub.freebsd.org (Postfix) with SMTP id C80A837B409 for ; Mon, 8 Oct 2001 06:14:15 -0700 (PDT) X-eGroups-Return: notify-return-freebsd-security=FreeBSD.ORG@yahoogroups.com Received: from [10.1.1.221] by n26.groups.yahoo.com with NNFMP; 08 Oct 2001 13:14:12 -0000 Received: (qmail 1102 invoked by uid 7800); 8 Oct 2001 13:11:31 -0000 Date: 8 Oct 2001 13:11:31 -0000 Message-ID: <1002546691.263.1096.m3@yahoogroups.com> From: Yahoo!Groups Notification To: freebsd-security@FreeBSD.ORG Subject: You have been unsubscribed from Burak MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, This is to inform you that your request to unsubscribe from Burak has been completed. Regards, Yahoo! Groups Customer Care Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 9: 7: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from mk-smarthost-1.mail.uk.worldonline.com (mk-smarthost-1.mail.uk.worldonline.com [212.74.112.71]) by hub.freebsd.org (Postfix) with ESMTP id 6E55637B401 for ; Mon, 8 Oct 2001 09:06:58 -0700 (PDT) Received: from scooby-s1.lineone.net ([194.75.152.224] helo=lineone.net) by mk-smarthost-1.mail.uk.worldonline.com with smtp (Exim 3.22 #3) id 15qcvf-00092T-00 for freebsd-security@freebsd.org; Mon, 08 Oct 2001 17:06:56 +0100 To: freebsd-security@freebsd.org From: tariq_rashid@lineone.net Subject: isakmpd ipsec over PART of the path .... Message-Id: Date: Mon, 08 Oct 2001 17:06:56 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 9:50:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from medialab.lostboys.nl (medialab.lostboys.nl [194.109.72.254]) by hub.freebsd.org (Postfix) with ESMTP id 6EB6237B405 for ; Mon, 8 Oct 2001 09:49:50 -0700 (PDT) Received: from buur.medialab.lostboys.nl (root@buur.medialab.lostboys.nl [194.109.110.8]) by medialab.lostboys.nl (8.9.3/8.9.3) with ESMTP id SAA20322 for ; Mon, 8 Oct 2001 18:55:43 +0200 (CEST) Received: from darkroom.medialab.lostboys.nl (ip-037.medialab.lostboys.nl [194.109.110.37]) by buur.medialab.lostboys.nl (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id SAA15027 for ; Mon, 8 Oct 2001 18:51:02 +0200 Received: by darkroom.medialab.lostboys.nl (Postfix, from userid 1000) id D6CA415F7; Mon, 8 Oct 2001 18:49:44 +0200 (CEST) Date: Mon, 8 Oct 2001 18:49:44 +0200 From: Martijn Lina To: freebsd-security@freebsd.org Subject: Re: Amavis + Linux scanners Message-ID: <20011008184944.A20079@medialab.lostboys.nl> Mail-Followup-To: freebsd-security@freebsd.org References: <20011006004613.B1992@madcap.dyndns.org> <20011005150751.F96869-100000@mail.wlcg.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <20011005150751.F96869-100000@mail.wlcg.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Once upon a 05-10-2001, Rob Simmons hit keys in the following order: >=20 > Other than that, it works great. Also, you can cron the following script > to update your virus identities automatically: Or subscribe to their IDE notification and run this script from the mail aliases or your procmailrc: #!/usr/bin/perl -w use strict; my $gonna_die=3D0; my $mailto=3D"root"; my $mailoutput=3D"|/usr/lib/sendmail -t $mailto"; my $origmail; my $source; my $sav_dir=3D"/usr/local/share/sav"; while (<>) { $origmail.=3D$_; if ( /(http:\/\/www\.sophos\.com\/downloads\/ide\/.*\.ide)/ && !$gonna_d= ie) { $gonna_die =3D system("/usr/local/bin/wget -q -N -P $sav_dir $1"); $source =3D $1; } } if ($gonna_die) { mail("Failed virus update", "Getting virus update from $source didn't wo= rk (errno $gonna_die).\nHere's the original update mail:\n\n$origmail"); die("Couldn't get virus update"); } else { mail("Virus update","Successfully updated Sophos with $source.\nHere's t= he original update mail:\n\n$origmail"); } exit; sub mail { my $sbj=3Dshift; my $msg=3Dshift; open(OUTPUT,$mailoutput); print OUTPUT "From: Exterminator\n"; print OUTPUT "To: $mailto\n"; print OUTPUT "Subject: $sbj\n\n"; print OUTPUT $msg."\n"; close(OUTPUT); } --jRHKVT23PllUwdXP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE7wdkow/5eikYCPQYRApgzAJ9dQFGB+REy6Tl51ztEBxS4M+J7PACaAtCH sDyAfw/2yqI2rel0caDF99Y= =C24b -----END PGP SIGNATURE----- --jRHKVT23PllUwdXP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 9:52:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from mk-smarthost-1.mail.uk.worldonline.com (mk-smarthost-1.mail.uk.worldonline.com [212.74.112.71]) by hub.freebsd.org (Postfix) with ESMTP id 2DC1F37B405 for ; Mon, 8 Oct 2001 09:52:07 -0700 (PDT) Received: from scooby-s1.lineone.net ([194.75.152.224] helo=lineone.net) by mk-smarthost-1.mail.uk.worldonline.com with smtp (Exim 3.22 #3) id 15qddM-000MmP-00 for freebsd-security@freebsd.org; Mon, 08 Oct 2001 17:52:04 +0100 To: freebsd-security@freebsd.org From: tariq_rashid@lineone.net Subject: connecting ipsec tunnels and routing .... Message-Id: Date: Mon, 08 Oct 2001 17:52:04 +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Consider the following network of FreeBSD 4.4R gateways: ( subet-A ) ----- [ gateway A ] 10.2.0.0/16 | | | | [ "hub" gateway B ]----- ( subet-B ) 10.0.0.0/16 | | | | ( subet-C ) ----- [ gateway C ] 10.1.0.0/16 Now, gateway B (the "hub" or concentrator) has the following properties: * it is the only one with a static public IP address - for this reason isakmpd is used over racoon * gateway B has its own attached protected subnet (subnet-C) * gateway B must provide routes for ipsec traffic from any other subnet to any other subnet (eg subnet-A to subnet-C) It seems obvious that all the subnets must use their gateways as their default gateway. These gateways must decide which traffic to protect using ipsec. This is decided by the isakmpd.conf file: -------------------------- [IPsec-A-centre] Phase= 2 ISAKMP-peer= ISAKMP-peer-centre Configuration= Default-quick-mode Local-ID= Net-centre Remote-ID= Net-B [Net-A] ID-type= IPV4_ADDR_SUBNET Network= 10.2.0.0 Netmask= 255.255.0.0 [Net-centre] # ID-type= IPV4_ADDR_SUBNET # Address= public-ip-of-gateway-B ID-type= IPV4_ADDR_SUBNET Network= 10.1.0.0 Netmask= 255.255.0.0 -------------------------- It appears that the ID-type (network, netmask) determine the filters that ipsec will apply. Thus traffic from subnet-A 10.2.7.13 to 10.1.7.2 is caught and tunnelled. tcpdump shows ESP leaving the machine gateway-A > gateway-B. So the default gateway in netstat -rn is used as expected. The tunnel is to the central gateway-B (using Address= 10.0.7.2 in the [ISAKMP-peer-centre] section of gateway-A). Gateway-B does receive the ESP packets as shown by tcpdump. HOWEVER, gateway B does not forward the pakets on as per its own routing table. This is has failed to work both when the forwarding gateway-B to gateway-C has no IPSEC tunnel configured and also when it has (as is finally intended). In addition, setting the ID-type address to IP_ADDR gateway-B-public-ip fails to work as expected. The routing criteria are not met for 10.2.7.13 to 10.1.7.2, for example. 10.2.7.13 to gateway-B-public-ip dows work as expected but is not useful. Finally, the isakmpd port from OpenBSD is being used. This is because it allows the non-hub gateways to have dynamically allocated IP addresses. Only these gateways need to know the static IP address of the central gateway-B. HOWEVER, this configuration apears to have no need to configure tunnel devices (gif, tun, ipip). This is correct as simple subnet to subnet VPNs have een tested and both netstat -i and ifconfig return no configured tunnels. This appears to make routing more difficult. Any ideas, experiences, advice, thoughts, solutions? Gratefully received. tariq To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 12:21: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from web20901.mail.yahoo.com (web20901.mail.yahoo.com [216.136.226.223]) by hub.freebsd.org (Postfix) with SMTP id 78A5437B406 for ; Mon, 8 Oct 2001 12:21:03 -0700 (PDT) Message-ID: <20011008192103.59425.qmail@web20901.mail.yahoo.com> Received: from [209.8.72.253] by web20901.mail.yahoo.com via HTTP; Mon, 08 Oct 2001 12:21:03 PDT Date: Mon, 8 Oct 2001 12:21:03 -0700 (PDT) From: Randy Lee Subject: questions@freebsd.org To: FreeBSD-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've been DOS-ed several times. How do I know where is it coming from ? Where can i find a document to study about DOS ? Thanks in advance. __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 13:16:48 2001 Delivered-To: freebsd-security@freebsd.org Received: from web20905.mail.yahoo.com (web20905.mail.yahoo.com [216.136.226.227]) by hub.freebsd.org (Postfix) with SMTP id D7E4437B407 for ; Mon, 8 Oct 2001 13:16:43 -0700 (PDT) Message-ID: <20011008201643.82245.qmail@web20905.mail.yahoo.com> Received: from [209.8.72.254] by web20905.mail.yahoo.com via HTTP; Mon, 08 Oct 2001 13:16:43 PDT Date: Mon, 8 Oct 2001 13:16:43 -0700 (PDT) From: Randy Lee Subject: against trino ? To: freebsd-security@freebsd.org Cc: questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How do i protect my server from DOS called 'trinoo' ? is there any scanner that can check the ip of DOS'er ? Thanks a lot. __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 13:54:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id E42D637B403 for ; Mon, 8 Oct 2001 13:54:21 -0700 (PDT) Received: (qmail 30510 invoked by uid 1002); 8 Oct 2001 20:54:14 -0000 Date: Mon, 8 Oct 2001 22:54:14 +0200 From: Alson van der Meulen To: freebsd-security@freebsd.org, questions@freebsd.org Subject: Re: against trino ? Message-ID: <20011008225414.E24409@md2.mediadesign.nl> Mail-Followup-To: freebsd-security@freebsd.org, questions@freebsd.org References: <20011008201643.82245.qmail@web20905.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011008201643.82245.qmail@web20905.mail.yahoo.com> User-Agent: Mutt/1.3.22i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Oct 08, 2001 at 01:16:43PM -0700, Randy Lee wrote: > How do i protect my server from DOS called 'trinoo' ? > > is there any scanner that can check the ip of DOS'er ? make search key=trinoo in /usr/ports gives: alson@alm:/usr/ports$ make search key=trinoo Port: find_ddos-4.2 Path: /usr/ports/security/find_ddos Info: Scans a host filesystem for distributed denial of service programs Maint: obrien@FreeBSD.org Index: security B-deps: R-deps: Port: zombiezapper-1.0 Path: /usr/ports/security/zombiezapper Info: Send a terminate command to Trinoo/TFN/Stacheldracht DDoS agents Maint: roam@FreeBSD.org Index: security B-deps: libnet-1.0.2a R-deps: -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' Well, my files were backed up. --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 14: 8:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E9D0E37B40C; Mon, 8 Oct 2001 14:08:01 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f98L81B93103; Mon, 8 Oct 2001 14:08:01 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 8 Oct 2001 14:08:01 -0700 (PDT) Message-Id: <200110082108.f98L81B93103@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-01:61.squid Reply-To: security-advisories@FreeBSD.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:61 Security Advisory FreeBSD, Inc. Topic: Squid in accelerator-only mode ignores ACLs Category: ports Modules: squid22, squid23, squid24 Announced: 2001-10-08 Credits: Paul Nasrat Affects: Ports collection prior to the correction date. Corrected: 2001-07-29 12:29:00 (squid23) 2001-08-28 16:48:35 2001 UTC (squid24) FreeBSD only: NO I. Background The Squid Internet Object Cache is a web proxy/cache. II. Problem Description If squid is configured in acceleration-only mode (http_accel_host is set, but http_accel_with_proxy is off), then as a result of a bug, access control lists (ACLs) are ignored. III. Impact A remote attacker may use the squid server in order to issue requests to hosts that are otherwise inaccessible. Because the squid server processes these requests as HTTP requests, the attacker cannot send or retrieve arbitrary data. However, the attacker could use squid's response to determine if a particular port is open on a victim host. Therefore, the squid server may be used to conduct a port scan. IV. Workaround 1) Do not run squid in acceleration-only mode. 2) Deinstall the squid port/package if you have it installed. V. Solution The port squid-2.3_1 and later 2.3 versions, and the port squid-2.4_5 and later 2.4 versions include fixes for this vulnerability. The squid-2.3 and squid-2.2 ports have been deprecated and removed from the ports collection, and users are advised to upgrade to squid-2.4 as soon as possible. 1) Upgrade your entire ports collection and rebuild the squid port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.3_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_5.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.3_1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.4_5.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. 3) Download a new port skeleton for the procmail port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Affected port Path Revision - ------------------------------------------------------------------------- squid22 *NOT CORRECTED* squid23 ports/www/squid23/Makefile 1.78 ports/www/squid23/distinfo 1.57 squid24 ports/www/squid24/Makefile 1.84 ports/www/squid24/distinfo 1.61 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBO8IVHVUuHi5z0oilAQGK1AP+MZ+Drf7VzdO1O0nr4SIIS8/FGmLYsIha WsjWUBpmIeQk/c8jjLDMu32yIRoZNSu3F1Alc4XieDznAE8ZjburLMHY9RrQHOOY WKuBcjjgSpmeB84MVIT0nCOtlI6+cmk7gLflxNYwUY1QKkIff5KrhTRqByJnICW3 +g0WZtpdinE= =js2W -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 14:10:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 47E1F37B403; Mon, 8 Oct 2001 14:08:41 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f98L8fR93294; Mon, 8 Oct 2001 14:08:41 -0700 (PDT) (envelope-from security-advisories@FreeBSD.org) Date: Mon, 8 Oct 2001 14:08:41 -0700 (PDT) Message-Id: <200110082108.f98L8fR93294@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: kris set sender to security-advisories@FreeBSD.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-01:62.uucp Reply-To: security-advisories@FreeBSD.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: zen-parse@gmx.net Affects: All released versions of FreeBSD 4.x prior to 4.4. FreeBSD 4.3-STABLE prior to the correction date. Corrected: 2001-09-10 20:22:57 UTC (FreeBSD 4.3-STABLE) 2001-09-10 22:30:28 UTC (RELENG_4_3) FreeBSD only: NO I. Background Taylor UUCP is an implementation of the Unix-to-Unix Copy Protocol, a protocol sometimes used for mail delivery on systems where permanent IP connectivity to the internet is not available. II. Problem Description The UUCP suite of utilities allow a user-specified configuration file to be given on the command-line. This configuration file is incorrectly processed by the setuid uucp and/or setgid dialer UUCP utilities while running as the uucp user and/or dialer group, and allows unprivileged local users to execute arbitrary commands as the uucp user and/or dialer group. Since the uucp user owns most of the UUCP binaries (this is required for UUCP to be able to write to its spool directory during normal operation, by virtue of being setuid) the attacker can replace these binaries with trojaned versions which execute arbitrary commands as the user which runs them. The uustat binary is run as root by default during the daily maintenance scripts. All versions of FreeBSD 4.x prior to the correction date including 4.3-RELEASE are vulnerable to this problem, but it was corrected prior to the release of FreeBSD 4.4-RELEASE. III. Impact Unprivileged local users can overwrite the uustat binary, which is executed as root by the daily system maintenance scripts. This allows them to execute arbitrary commands as root the next time the daily maintenance scripts are run. IV. Workaround One or more of the following: 1) Set the noschg flag on all binaries owned by the uucp user: # chflags schg /usr/bin/cu /usr/bin/uucp /usr/bin/uuname \ /usr/bin/uustat /usr/bin/uux /usr/bin/tip /usr/libexec/uucp/uucico \ /usr/libexec/uucp/uuxqt 2) Remove the above binaries from the system, if UUCP is not in use. 3) Disable the daily UUCP maintenance tasks by adding the following lines to /etc/periodic.conf: # 340.uucp daily_uuclean_enable="NO" # Run uuclean.daily # 410.status-uucp daily_status_uucp_enable="NO" # Check uucp status # 300.uucp weekly_uucp_enable="NO" # Clean uucp weekly V. Solution We recommend that UUCP be removed entirely from systems containing untrusted users: to remove UUCP, refer to the directions in section IV above. Compiling the UUCP binaries when rebuilding the FreeBSD system can be prevented by adding the following line to /etc/make.conf: NOUUCP=true 1) Upgrade your vulnerable FreeBSD system to 4.4-RELEASE, 4.4-STABLE or the RELENG_4_3 security branch dated after the respective correction dates. 2) To patch your present system: download the relevant patch from the below location, and execute the following commands as root: [FreeBSD 4.3] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch.asc Verify the detached PGP signature using your PGP utility. # cd /usr/src # patch -p < /path/to/patch # make depend && make all install 3) FreeBSD 4.3-RELEASE systems: An experimental upgrade package is available for users who wish to provide testing and feedback on the binary upgrade process. This package may be installed on FreeBSD 4.3-RELEASE systems only, and is intended for use on systems for which source patching is not practical or convenient. If you use the upgrade package, feedback (positive or negative) to security-officer@FreeBSD.org is requested so we can improve the process for future advisories. During the installation procedure, backup copies are made of the files which are replaced by the package. These backup copies will be reinstalled if the package is removed, reverting the system to a pre-patched state. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz.asc Verify the detached PGP signature using your PGP utility. # pkg_add security-patch-uucp-01.62.tgz VI. Correction details The following is the $FreeBSD$ revision number of the file that was corrected for the supported branches of FreeBSD. The $FreeBSD$ revision number of the installed source can be examined using the ident(1) command. The patch provided above does not cause these revision numbers to be updated. [FreeBSD 4.3-STABLE] Revision Path [RELENG_4_3] Revision Path 1.8.4.1 src/gnu/libexec/uucp/cu/Makefile 1.6.4.1 src/gnu/libexec/uucp/uucp/Makefile 1.5.4.1 src/gnu/libexec/uucp/uuname/Makefile 1.5.4.1 src/gnu/libexec/uucp/uustat/Makefile 1.6.4.1 src/gnu/libexec/uucp/uux/Makefile 1.10.8.1 src/usr.bin/tip/tip/Makefile 1.3.2.2.2.1 src/etc/periodic/daily/410.status-uucp VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBO8IU0FUuHi5z0oilAQFE4gP/dqLwzjAk3M5fhtfsENFy0OAlzQA70SG3 IJibpH19KdjcQX53CrLI/wI34JXqCVfiGpw2kLSysL6yfbBI+3Z2YUxPRaxrtoGF 9R4ZcCuuLuE14pCmAtWnLEdXFHVRThJzsLzk2xEZkhYU5hufW3+IqfIMcMNayQbf BSI5/zAjPG4= =TBLy -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 19:29: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mb2.mgt.ncu.edu.tw (mb2.mgt.ncu.edu.tw [140.115.83.202]) by hub.freebsd.org (Postfix) with ESMTP id 3BBF537B405 for ; Mon, 8 Oct 2001 19:28:58 -0700 (PDT) Received: from localhost (clking@localhost) by mb2.mgt.ncu.edu.tw (8.11.0/8.11.0) with ESMTP id f992QGf66181 for ; Tue, 9 Oct 2001 10:26:18 +0800 (CST) (envelope-from clking@mb2.mgt.ncu.edu.tw) Date: Tue, 9 Oct 2001 10:26:16 +0800 (CST) From: "Charlie C.L. King" To: freebsd-security@FreeBSD.ORG Subject: any idea on udp port 8? (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, everybody: I'm a newbie adm. in bsd and managing my own box. Does any one have any idea what service runs on udp port 8? I'm currently running portsentry on my freebsd box, and recently got lots of attack alerts on udp port 8; it goes like this: Oct 7 16:09:17 ncumis portsentry[6306]: attackalert: Connect from host: hostname/ip_address to UDP port: 8 Oct 5 17:45:57 ncumis portsentry[6306]: attackalert: Connect from host: hostname/ip_address to UDP port: 8 I've tried to look into the /etc/services file under red-hat linux and my freebsd, neither of which is it recorded. Thus still i've got no idea about what this means. Any response or suggestion would be appreciated. -- With regards Lord Ouch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 19:43:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from pineapple.theshop.net (pineapple.theshop.net [208.128.7.7]) by hub.freebsd.org (Postfix) with ESMTP id 9BCE537B405 for ; Mon, 8 Oct 2001 19:43:35 -0700 (PDT) Received: from bsdprophet.org (cherry46.theshop.net [63.67.33.111]) by pineapple.theshop.net (8.12.0/8.12.0) with ESMTP id f992l16R094245; Mon, 8 Oct 2001 21:47:02 -0500 (CDT) Message-ID: <3BC26492.7080302@bsdprophet.org> Date: Mon, 08 Oct 2001 21:44:34 -0500 From: Scott Corey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20010922 X-Accept-Language: en-us MIME-Version: 1.0 To: "Charlie C.L. King" Cc: freebsd-security@FreeBSD.ORG Subject: Re: any idea on udp port 8? (fwd) References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org port 8 for tcp and udp are unassigned here is a good site for more info: http://www.iana.org/assignments/port-numbers Scott Charlie C.L. King wrote: >Hello, everybody: > I'm a newbie adm. in bsd and managing my own box. Does any one >have any idea what service runs on udp port 8? I'm currently running >portsentry on my freebsd box, and recently got lots of attack alerts >on udp port 8; it goes like this: > >Oct 7 16:09:17 ncumis portsentry[6306]: attackalert: Connect from host: >hostname/ip_address to UDP port: 8 >Oct 5 17:45:57 ncumis portsentry[6306]: attackalert: Connect from host: >hostname/ip_address to UDP port: 8 > > I've tried to look into the /etc/services file under red-hat >linux and my freebsd, neither of which is it recorded. Thus still i've got >no idea about what this means. > Any response or suggestion would be appreciated. > >-- >With regards >Lord Ouch > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 8 23:45:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id 7396E37B401 for ; Mon, 8 Oct 2001 23:45:43 -0700 (PDT) Received: from jus (helo=localhost) by athena.za.net with local-esmtp (Exim 3.22 #1) id 15qqdE-0005Dx-00; Tue, 09 Oct 2001 08:44:48 +0200 Date: Tue, 9 Oct 2001 08:44:48 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: Martijn Lina Cc: freebsd-security@freebsd.org Subject: Re: Amavis + Linux scanners In-Reply-To: <20011008184944.A20079@medialab.lostboys.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org While we're on this topic, does anyone know of any stats scripts or programs for exiscan? Thanks, Justin -- Justin Stanford Internet/Network Security & Solutions Consultant 4D Digital Security http://www.4dds.co.za Cell: (082) 7402741 E-Mail: jus@security.za.net PGP Key: http://www.security.za.net/jus-pgp-key.txt On Mon, 8 Oct 2001, Martijn Lina wrote: > Once upon a 05-10-2001, Rob Simmons hit keys in the following order: > > > > Other than that, it works great. Also, you can cron the following script > > to update your virus identities automatically: > > Or subscribe to their IDE notification and run this script from the mail > aliases or your procmailrc: > > #!/usr/bin/perl -w > use strict; > > my $gonna_die=0; > my $mailto="root"; > my $mailoutput="|/usr/lib/sendmail -t $mailto"; > my $origmail; > my $source; > my $sav_dir="/usr/local/share/sav"; > > while (<>) > { > $origmail.=$_; > if ( /(http:\/\/www\.sophos\.com\/downloads\/ide\/.*\.ide)/ && !$gonna_die) > { > $gonna_die = system("/usr/local/bin/wget -q -N -P $sav_dir $1"); > $source = $1; > } > } > > if ($gonna_die) > { > mail("Failed virus update", "Getting virus update from $source didn't work (errno $gonna_die).\nHere's the original update mail:\n\n$origmail"); > die("Couldn't get virus update"); > } else > { > mail("Virus update","Successfully updated Sophos with $source.\nHere's the original update mail:\n\n$origmail"); > } > > exit; > > sub mail > { > my $sbj=shift; > my $msg=shift; > open(OUTPUT,$mailoutput); > print OUTPUT "From: Exterminator\n"; > print OUTPUT "To: $mailto\n"; > print OUTPUT "Subject: $sbj\n\n"; > print OUTPUT $msg."\n"; > close(OUTPUT); > } > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 1:26:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from shinatama.hayai.de (tekkno.tv [212.222.165.65]) by hub.freebsd.org (Postfix) with ESMTP id A8B1737B407 for ; Tue, 9 Oct 2001 01:26:12 -0700 (PDT) Received: (from marco@localhost) by shinatama.hayai.de (8.11.6/8.11.3) id f99APP795109; Tue, 9 Oct 2001 10:25:25 GMT (envelope-from marco) Date: Tue, 9 Oct 2001 10:24:10 +0000 From: Marco Wertejuk To: freebsd-security@FreeBSD.ORG Cc: clking@mb2.mgt.ncu.edu.tw Subject: Re: any idea on udp port 8? (fwd) Message-ID: <20011009102409.A94951@localhost.com> Mail-Followup-To: Marco Wertejuk , freebsd-security@FreeBSD.ORG, clking@mb2.mgt.ncu.edu.tw References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from clking@mb2.mgt.ncu.edu.tw on Tue, Oct 09, 2001 at 10:26:16AM +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Lord Ouch. | I've tried to look into the /etc/services file under red-hat | linux and my freebsd, neither of which is it recorded. Thus still i've got | no idea about what this means. | Any response or suggestion would be appreciated. You can use sockstat (man 1 sockstat) to see which pid opened that port. -- Mit freundlichen Gruessen, Marco Wertejuk - mwcis.com Computer/Internet/Security-Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 7:50:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [217.156.25.2]) by hub.freebsd.org (Postfix) with ESMTP id 6EB5737B401 for ; Tue, 9 Oct 2001 07:50:43 -0700 (PDT) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id SAA93869; Tue, 9 Oct 2001 18:02:00 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Tue, 9 Oct 2001 18:02:00 +0300 (EEST) From: Adrian Penisoara To: freebsd-security@freebsd.org, bind-users@isc.org Cc: Aaron Bush , Mark.Andrews@nominum.com Subject: named 8.2.4-REL on FreeBSD 4.4 abort due to INSIST() trap Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, [ CC'ed to two persons that I suspect they've been hit by this issue too ] In the last two days we had two signal 6 (ABORT) bind crashes which were triggered by a software assertion: Oct 8 15:43:40 quark /kernel: Oct 8 15:43:40 quark named[38899]: /usr/src/usr.sbin/named/../../contrib/bind/bin/named/ns_maint.c:274: INSIST(zp->z_time == 0 || zp->z_time > tt.tv_sec) failed. Oct 8 15:43:40 quark /kernel: Oct 8 15:43:40 quark /kernel: pid 38899 (named), uid 53: exited on signal 6 Oct 9 14:44:21 quark /kernel: Oct 9 14:44:21 quark named[42553]: /usr/src/usr.sbin/named/../../contrib/bind/bin/named/ns_maint.c:274: INSIST(zp->z_time == 0 || zp->z_time > tt.tv_sec) failed. Oct 9 14:44:21 quark /kernel: Oct 9 14:44:21 quark /kernel: pid 42553 (named), uid 53: exited on signal 6 The relevant code from bind/bin/named/ns_maint.c is: /* * It is essential that we never try to set a timer in the past * or for now because doing so could cause an infinite loop. */ INSIST(zp->z_time == 0 || zp->z_time > tt.tv_sec); sched_zone_maint(zp); Environment: FreeBSD quark.warpnet.ro 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Tue Aug 7 18:11:12 EEST 2001 root@quark.warpnet.ro:/usr/obj/usr/src/sys/QUARK i386 named 8.2.4-REL Tue Aug 7 12:20:09 EEST 2001 root@quark.warpnet.ro:/usr/obj/usr/src/usr.sbin/named Has anyone else experience this ? Is there a fix commited into the CVS tree for this ? Does 8.2.5-REL fix this (BTW, it hasn't been yet committed to the FreeBSD CVS repository; the bind8 port hasn't been updated either)? Please no "update to current -STABLE, maybe it's been fixed" :-) ... it's a production server and I prefer to check this out before I jump on the CVSup bandwagon. Thank you, Ady (@warpnet.ro) _______________________________________________________________________ | I don't need to test my programs. I have an error-correcting modem. | | (Om I. Baud) | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 13:13:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from yapalot.com (cr780231-a.mtnk1.on.wave.home.com [24.101.41.132]) by hub.freebsd.org (Postfix) with SMTP id E7F6837B40B for ; Tue, 9 Oct 2001 13:13:09 -0700 (PDT) From: "Yapalot Communications" To: Subject: Notice Mime-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Date: Tue, 9 Oct 2001 16:07:12 -0400 Reply-To: "Yapalot Communications" Content-Transfer-Encoding: 8bit Message-Id: <20011009201309.E7F6837B40B@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org

FREE LONG DISTANCE...NO OBLIGATION

1-800-YAPALOT

October 9, 2001

Hello,

You must be getting too many email promotions by now.  This one however is genuine and available to 500 pre-selected customers in Toronto, Montreal and Vancouver only.

At Yapalot we wanted to bring true value to this promotion as such there are no strings attached. 

You get 150 Minutes or 10 days of North American Long Distance for FREE.  

After the 10 days continue with Yapalot for Unlimited Long Distance for $50 per month or cancel with no obligation to pay anything!

    Claim Your Free Long Distance HERE 

 

 

 

 

If you would like to be removed from future emails, please reply to this message with "REMOVE" as the subject heading.

Thank You

 

To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 14:17:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 8FBD737B403 for ; Tue, 9 Oct 2001 14:17:27 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f99KDlL78909 for ; Tue, 9 Oct 2001 13:13:48 -0700 (PDT) Date: Tue, 9 Oct 2001 13:13:47 -0700 (PDT) From: David Kirchner X-X-Sender: To: Subject: heads up? ssh, krb5-realm.{com,net} Message-ID: <20011009130922.C85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This problem just started showing up for us today. Apparently, the openssh that comes with 4.2-R has some strange bug in that it looks up krb5-realm in DNS even though no Kerberos server was ever configured in any file on the system. (Dangerous to have this default, no?) The provider that hosts krb5-realm.com and .net apparently decided to either shut off their name servers or delay name server responses for these domains - not too surprising since this probably created a fair amount of traffic. I suspect we'll be seeing a number of e-mails from people having trouble ssh'ing in to their machines and having it take >2 minutes. The quick-fix for us was to add krb5-realm.com and .net to our DNS tables so the lookup would be quick. The problem appears to be fixed in 4.4, but I haven't checked out how yet (hopefully, all Kerberos checking is completely disabled unless someone specifically enables it?) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 14:18:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 61BE737B40F for ; Tue, 9 Oct 2001 14:18:19 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f99KEfb78918 for ; Tue, 9 Oct 2001 13:14:41 -0700 (PDT) Date: Tue, 9 Oct 2001 13:14:41 -0700 (PDT) From: David Kirchner X-X-Sender: To: Subject: Re: heads up? ssh, krb5-realm.{com,net} In-Reply-To: <20011009130922.C85958-100000@localhost> Message-ID: <20011009131414.G85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Here's a post to USENET by someone else that describes the problem (no response was given then) : http://groups.google.com/groups?q=krb5-realm&hl=en&rnum=5&selm=6CCW5.212%2404.1842%40read1 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 14:24:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from manual-override.net (manual-override.net [65.42.236.5]) by hub.freebsd.org (Postfix) with ESMTP id 338BF37B403 for ; Tue, 9 Oct 2001 14:24:28 -0700 (PDT) Received: from manual-override.net (localhost [127.0.0.1]) by manual-override.net (8.11.6/8.11.6) with SMTP id f99LOqE09400 for ; Tue, 9 Oct 2001 16:24:52 -0500 (EST) (envelope-from chris@localline.com) Received: from 65.42.236.13 (SquirrelMail authenticated user chris) by manual-override.net with HTTP; Tue, 9 Oct 2001 16:24:52 -0500 (EST) Message-ID: <4392.65.42.236.13.1002662692.squirrel@manual-override.net> Date: Tue, 9 Oct 2001 16:24:52 -0500 (EST) Subject: amavis + freebsd From: "Chris Orr" To: X-Mailer: SquirrelMail (version 1.2.0 [rc1]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hey, ive got a question about amavis, and how it preforms.. does anyone use it on mail servers that have 3000+ users? how does it preform? does it put the cpu load up high? thanks! -chris Bare feet magnetize sharp metal objects so they point upward from the floor -- especially in the dark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 14:59:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 0371D37B409 for ; Tue, 9 Oct 2001 14:59:18 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f99LxF654550; Tue, 9 Oct 2001 17:59:15 -0400 (EDT) (envelope-from wollman) Date: Tue, 9 Oct 2001 17:59:15 -0400 (EDT) From: Garrett Wollman Message-Id: <200110092159.f99LxF654550@khavrinen.lcs.mit.edu> To: David Kirchner Cc: Subject: heads up? ssh, krb5-realm.{com,net} In-Reply-To: <20011009130922.C85958-100000@localhost> References: <20011009130922.C85958-100000@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > This problem just started showing up for us today. Apparently, the openssh > that comes with 4.2-R has some strange bug in that it looks up krb5-realm > in DNS even though no Kerberos server was ever configured in any file on > the system. (Dangerous to have this default, no?) Your DNS resolver is mis-configured; you're probably using a `domain foo.com' in /etc/resolv.conf when you should have said `search foo.com' instead. It is never correct to include a TLD in your search list. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 15: 2:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id C9DF037B40E for ; Tue, 9 Oct 2001 15:02:35 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f99Kwts79029; Tue, 9 Oct 2001 13:58:55 -0700 (PDT) Date: Tue, 9 Oct 2001 13:58:55 -0700 (PDT) From: David Kirchner X-X-Sender: To: Garrett Wollman Cc: Subject: Re: heads up? ssh, krb5-realm.{com,net} In-Reply-To: <200110092159.f99LxF654550@khavrinen.lcs.mit.edu> Message-ID: <20011009135644.U85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 9 Oct 2001, Garrett Wollman wrote: > < said: > > > This problem just started showing up for us today. Apparently, the openssh > > that comes with 4.2-R has some strange bug in that it looks up krb5-realm > > in DNS even though no Kerberos server was ever configured in any file on > > the system. (Dangerous to have this default, no?) > > Your DNS resolver is mis-configured; you're probably using a `domain > foo.com' in /etc/resolv.conf when you should have said `search > foo.com' instead. It is never correct to include a TLD in your search > list. > > -GAWollman We don't have 'domain foo.com' in our resolv.conf. Here's what we have (with some data masked): search hosting.foo.net foo.net nameserver 207.246.xx.yy nameserver 207.246.xx.zz No TLD is in our search list. Kerberos (SSH's implementation, probably) was doing the lookups by chopping off each part of the hostname and then pre-pending krb5-realm . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 16:10:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from mydomain.com (1Cust241.tnt4.cph3.da.uu.net [213.116.23.241]) by hub.freebsd.org (Postfix) with ESMTP id 0E0C737B414; Tue, 9 Oct 2001 16:10:21 -0700 (PDT) Date: Wed, 10 Oct 2001 01:07:39 +0100 From: EROTICAWWW To: EROTICAWWW@FreeBSD.ORG Subject: SEXWEB NO.1 .. MEGAWEB-SEX ! Message-Id: <20011009231022.0E0C737B414@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies & Gentlemen, Welcome to the GREATEST SEX SHOW on the ENTIRE NET ! We now offer you to ENTER the World´s No.1 voted SEX-SERVER on the WEB ! By far the largest and most incredible content of LIVE SEX is now served to users WORLDWIDE! EVERYTHING is offered 100% ANONOMOUSLY & you don´t need to sign-up or have a creditcard ... The way it should be ! TO PLUGIN and get access to something you with guarantee NEVER have seen before, use ANY of the servers listed below ! Enjoy the BEST! Yours truly, EROTICAWWW INC. To get EASY ACCESS & PLUGIN to the LARGEST CONTENT SEXSERVER on the NET, use any of the 2 SERVERS listed here: 1. http://superhits.onweb.cx 2. http://wwwap.to/superhits To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 16:10:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from mydomain.com (1Cust241.tnt4.cph3.da.uu.net [213.116.23.241]) by hub.freebsd.org (Postfix) with ESMTP id AE66637B406; Tue, 9 Oct 2001 16:10:16 -0700 (PDT) Date: Wed, 10 Oct 2001 01:07:33 +0100 From: EROTICAWWW To: EROTICAWWW@FreeBSD.ORG Subject: SEXWEB NO.1 .. MEGAWEB-SEX ! Message-Id: <20011009231016.AE66637B406@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear Ladies & Gentlemen, Welcome to the GREATEST SEX SHOW on the ENTIRE NET ! We now offer you to ENTER the World´s No.1 voted SEX-SERVER on the WEB ! By far the largest and most incredible content of LIVE SEX is now served to users WORLDWIDE! EVERYTHING is offered 100% ANONOMOUSLY & you don´t need to sign-up or have a creditcard ... The way it should be ! TO PLUGIN and get access to something you with guarantee NEVER have seen before, use ANY of the servers listed below ! Enjoy the BEST! Yours truly, EROTICAWWW INC. To get EASY ACCESS & PLUGIN to the LARGEST CONTENT SEXSERVER on the NET, use any of the 2 SERVERS listed here: 1. http://superhits.onweb.cx 2. http://wwwap.to/superhits To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 16:37:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from web20907.mail.yahoo.com (web20907.mail.yahoo.com [216.136.226.229]) by hub.freebsd.org (Postfix) with SMTP id 47A2D37B401 for ; Tue, 9 Oct 2001 16:37:30 -0700 (PDT) Message-ID: <20011009233730.11902.qmail@web20907.mail.yahoo.com> Received: from [209.8.72.253] by web20907.mail.yahoo.com via HTTP; Tue, 09 Oct 2001 16:37:30 PDT Date: Tue, 9 Oct 2001 16:37:30 -0700 (PDT) From: Randy Lee Subject: ipfw - DoS ? To: questions@freebsd.org Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Oct 9 12:00:02 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 202.228.131.2:3072 Oct 9 12:00:02 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 202.105.10.73:3072 Oct 9 12:00:02 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 209.114.222.105:3072 Oct 9 12:00:03 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 209.215.254.43:3072 Oct 9 12:00:04 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 209.10.122.24:1024 Oct 9 12:00:04 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 216.79.11.124:3072 Oct 9 12:00:04 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 216.248.242.59:1024 Oct 9 12:00:05 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 202.253.21.75:3072 Oct 9 12:00:06 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 202.204.219.111:1024 Oct 9 12:00:08 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 202.173.45.46:3072 Oct 9 12:00:08 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 209.245.158.51:3072 Oct 9 12:00:10 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 209.5.171.39:1024 Oct 9 12:00:11 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 216.163.72.16:1024 Oct 9 12:00:11 MY /kernel: Connection attempt to TCP 216.8.77.2:0 from 216.138.54.79:3072 Is someone is DoS'ing my server ? How can i deny all connection from port :3072 and :1024 using ipfw ? Any Idea is appreciated. __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 20:36: 0 2001 Delivered-To: freebsd-security@freebsd.org Received: from oksala.org (modemcable005.86-201-24.timi.mc.videotron.ca [24.201.86.5]) by hub.freebsd.org (Postfix) with ESMTP id 5F3C037B40A for ; Tue, 9 Oct 2001 20:35:57 -0700 (PDT) Received: from videotron.ca (silence [24.201.86.5]) by oksala.org (8.11.6/8.11.1) with ESMTP id f9A3Yoh91437 for ; Tue, 9 Oct 2001 23:34:51 -0400 (EDT) (envelope-from "ghislainl"@videotron.ca) Message-Id: <200110100334.f9A3Yoh91437@oksala.org> Date: Tue, 09 Oct 2001 23:34:50 -0400 From: Pierre-Luc =?iso-8859-1?Q?Lesp=E9rance?= X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@freebsd.org Subject: Re: ipfw - DoS ? References: <20011009233730.11902.qmail@web20907.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Is someone is DoS'ing my server ? > > How can i deny all connection from port :3072 and > :1024 using ipfw ? I think it's useless to block non-listening ports So it's certainly a port scan. Don't worry about it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 22:22:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by hub.freebsd.org (Postfix) with ESMTP id C462237B406 for ; Tue, 9 Oct 2001 22:22:39 -0700 (PDT) Received: from DougBarton.net (db-cvad-2-tmp.yahoo.com [216.145.48.243]) by mail-relay1.yahoo.com (Postfix) with ESMTP id 2B4698B5A7; Tue, 9 Oct 2001 22:22:39 -0700 (PDT) Message-ID: <3BC3DB29.E2A7B3DA@DougBarton.net> Date: Tue, 09 Oct 2001 22:22:49 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Adrian Penisoara Cc: freebsd-security@FreeBSD.ORG, bind-users@isc.org, Aaron Bush , Mark.Andrews@nominum.com Subject: Re: named 8.2.4-REL on FreeBSD 4.4 abort due to INSIST() trap References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Adrian Penisoara wrote: > Does 8.2.5-REL fix this (BTW, it hasn't been yet committed > to the FreeBSD CVS repository; the bind8 port hasn't been updated either)? We are cautious when it comes to upgrading BIND. I usually wait about a week to upgrade the port (which I've just done) and upgrading the BIND source in the base takes longer, both due to caution and the time involved. Enjoy, Doug -- "We will not tire, we will not falter, and we will not fail." - George W. Bush, President of the United States September 20, 2001 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 9 23:38:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from kremilek.gyrec.cz (kremilek.gyrec.cz [62.168.40.188]) by hub.freebsd.org (Postfix) with ESMTP id 75EAA37B403 for ; Tue, 9 Oct 2001 23:38:22 -0700 (PDT) Received: from xskoba1 (helo=localhost) by kremilek.gyrec.cz with local-esmtp (Exim 3.12 #1 (Debian)) id 15rD0X-0001ba-00 for ; Wed, 10 Oct 2001 08:38:21 +0200 Date: Wed, 10 Oct 2001 08:38:21 +0200 (CEST) From: To: security@freebsd.org Subject: "Rubbish" idea on security In-Reply-To: <20011009130922.C85958-100000@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anyone ever thought about physicial stealing of server? I know I sound like pretty paranoid, but my question is. Is there any way to crypt all harddrive in the way, no one from outside will see anything from it. I mean, for example, that rebooting of server is going to be dependandt on connection from somewhere, that connection send a key, which is all the time only in memory and if someone decide to steal the harddrive, he has nothing unless he has a key. And the second thing is concerning config or any files which are necessary to change to compromise server. The idea is the same, the changes are (probably by kernel) written into some temprorary area and only when private key is provided, changes are written on the right place. sorry if everything I told is too dificult or too stupid to be created. yours sincerely Rene Skoba To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 0:58: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.pilikia.net (ns1.pilikia.net [63.173.194.12]) by hub.freebsd.org (Postfix) with ESMTP id 479C337B405 for ; Wed, 10 Oct 2001 00:58:02 -0700 (PDT) Received: from gecko (gecko.local.net [10.25.0.9]) by ns1.pilikia.net (8.11.4/8.11.4) with ESMTP id f9A7vYf00214; Tue, 9 Oct 2001 21:57:35 -1000 (HST) (envelope-from art@pilikia.net) Message-ID: <200110092157350520.113B5396@smtp> In-Reply-To: <4392.65.42.236.13.1002662692.squirrel@manual-override.net> References: <4392.65.42.236.13.1002662692.squirrel@manual-override.net> X-Mailer: Calypso Version 3.20.02.00 (3) Date: Tue, 09 Oct 2001 21:57:35 -1000 Reply-To: art@pilikia.net From: "Arthur W. Neilson III" To: "Chris Orr" Cc: freebsd-security@freebsd.org Subject: Re: amavis + freebsd Content-Type: text/plain; charset="ISO-8859-1" X-Virus-Scanned: by AMaViS/NAI-uvscan-4.14 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, that depends on the cpu(s) of course. we average around 5% processor utilization on a HP netserver with dual 350Mhz processors and 196M RAM during our peak daytime hours. we pass ~120 mails a minute at our peaks and have stress tested the box at over 10 times that load. our hardware is way overkill for this application however we wanted the box to be able to handle in the event the load increased dramatically :^) On 10/9/01 at 4:24 PM Chris Orr wrote: > >hey, >ive got a question about amavis, and how it preforms.. >does anyone use it on mail servers that have 3000+ users? >how does it preform? >does it put the cpu load up high? >thanks! >-chris > >Bare feet magnetize sharp metal objects so they point upward from the >floor -- especially in the dark. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -- __ / ) _/_ It is a capital mistake to theorise before one has data. /--/ __ / Insensibly one begins to twist facts to suit theories, / (_/ (_<__ Instead of theories to suit facts. -- Sherlock Holmes, "A Scandal in Bohemia" Arthur W. Neilson III, WH7N - FISTS #7448 Bank of Hawaii Network Services http://www.pilikia.net art@pilikia.net, aneilson@boh.com, wh7n@arrl.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 1:42: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from rage.abc.ro (goanga.com [193.231.240.30]) by hub.freebsd.org (Postfix) with ESMTP id D1DF737B406 for ; Wed, 10 Oct 2001 01:41:59 -0700 (PDT) Received: from abc.ro (goanga.com [193.231.240.30]) by rage.abc.ro (8.11.3/8.11.3) with ESMTP id f9A8fpQ01892; Wed, 10 Oct 2001 11:41:52 +0300 (EEST) (envelope-from andrei@abc.ro) Message-ID: <3BC409CF.BC11F35E@abc.ro> Date: Wed, 10 Oct 2001 11:41:51 +0300 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: de, ro, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Cc: Randy Lee Subject: Re: ipfw - DoS ? References: <20011009233730.11902.qmail@web20907.mail.yahoo.com> <200110100334.f9A3Yoh91437@oksala.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org anyhow, answering how to deny: deny ip from any to any 3072 or (a bit different and in the rc.firewall-file format): ${fwcmd} add unreach net all from any to any 3072 this answers to icmp "net unreacheable"... but it's better you choose an closed policy for default, and then you configure your firewall to pass through only what you want... maybe i'm wrong, but i guess this is best to do... aloha, ANdrei > > Is someone is DoS'ing my server ? > > > > How can i deny all connection from port :3072 and > > :1024 using ipfw ? > > I think it's useless to block non-listening ports > So it's certainly a port scan. Don't worry about it. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- "I live in my own little world - but it's ok, they know me here!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 2:42:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from mout0.freenet.de (mout0.freenet.de [194.97.50.131]) by hub.freebsd.org (Postfix) with ESMTP id 9B99537B408 for ; Wed, 10 Oct 2001 02:42:45 -0700 (PDT) Received: from [194.97.50.144] (helo=mx1.freenet.de) by mout0.freenet.de with esmtp (Exim 3.33 #1) id 15rFsu-0007xo-00; Wed, 10 Oct 2001 11:42:40 +0200 Received: from b82bc.pppool.de ([213.7.130.188] helo=Magelan.Leidinger.net) by mx1.freenet.de with esmtp (Exim 3.33 #3) id 15rFsr-0004C6-00; Wed, 10 Oct 2001 11:42:39 +0200 Received: from Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.11.6/8.11.6) with ESMTP id f9A9hSK00843; Wed, 10 Oct 2001 11:43:29 +0200 (CEST) (envelope-from netchild@Leidinger.net) Message-Id: <200110100943.f9A9hSK00843@Magelan.Leidinger.net> Date: Wed, 10 Oct 2001 11:43:27 +0200 (CEST) From: Alexander Leidinger Subject: Re: Kernel-loadable Root Kits To: cjclark@alum.mit.edu Cc: Alexander Langer , deepak@ai.net, freebsd-security@FreeBSD.ORG In-Reply-To: <20011004023034.U8391@blossom.cjclark.org> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I went in and made a very simple kernel-build option which disables > the use of kldload(2) (and kldunload(2)) at all times. This is not as > good as raising securelevel(8) since root can still write to > /dev/mem. However, a lot of people in this thread still seem to want > this ability. Since you can still write to /dev/mem, it is only raises > the bar a bit for an attacker. But it does raise the bar enough to > possibly foil a skr1pt k1ddi3 or two. If my memory serves me right there was an effort on -audit in the last months to remove the need for /dev/mem. If this work is finished, the NO_KLD patch would be more useful. If you commit this, you didn't only raise the bar a bit for an attacker, it also would harden the system when /dev/mem isn't needed anymore (maybe before 5.0-RELEASE, maybe not). Bye, Alexander. -- ...and that is how we know the Earth to be banana-shaped. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 5:19:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from kumquat.mail.uk.easynet.net (kumquat.mail.uk.easynet.net [195.40.1.42]) by hub.freebsd.org (Postfix) with ESMTP id 208C537B407 for ; Wed, 10 Oct 2001 05:19:53 -0700 (PDT) Received: from magrat.office.easynet.net ([195.40.3.130]) by kumquat.mail.uk.easynet.net with esmtp (Exim 3.33 #1) id 15rIKc-0006Iv-00; Wed, 10 Oct 2001 13:19:26 +0100 Received: by magrat.office.easynet.net with Internet Mail Service (5.5.2653.19) id ; Wed, 10 Oct 2001 13:19:25 +0100 Message-ID: <7052044C7D7AD511A20200508B5A9C5851688C@magrat.office.easynet.net> From: Lee Brotherston To: "'xskoba1@kremilek.gyrec.cz'" , security@freebsd.org Subject: RE: "Rubbish" idea on security Date: Wed, 10 Oct 2001 13:19:19 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org | I know I sound like pretty paranoid, but my question | is. Is there | any way to crypt all harddrive in the way, no one from | outside will see | anything from it. I mean, for example, that rebooting of | server is going | to be dependandt on connection from somewhere, that | connection send a key, | which is all the time only in memory and if someone decide to | steal the | harddrive, he has nothing unless he has a key. | | | And the second thing is concerning config or any files which are | necessary to change to compromise server. The idea is the same, the | changes | are (probably by kernel) written into some temprorary area | and only when | private key is provided, changes are written on the right place. | | sorry if everything I told is too dificult or too stupid to be | created. It might be worth checking out http://www.rubberhose.org - I've not actually used it myself, so I can't offer any personal experience, but I've seen good things posted about it. It was designed to allow deniability about the levels of encryption on the drive (Encrypted data and random noise are not discernable from each other), but could be used to hold important data I suppose. Similarly holding the configs on here might be possible. The FreeBSD kernel module is said to be nearing completion. Lee -- Lee Brotherston - IP Security Manager, Easynet Ltd http://www.easynet.net/ Phone: +44 20 7900 4444 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 5:24:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from male.aldigital.co.uk (male.aldigital.co.uk [213.129.64.13]) by hub.freebsd.org (Postfix) with ESMTP id C33C437B40E for ; Wed, 10 Oct 2001 05:24:31 -0700 (PDT) Received: from algroup.co.uk (sockittome.aldigital.co.uk [194.128.162.252]) by male.aldigital.co.uk (Postfix) with ESMTP id 91FC16A1484; Wed, 10 Oct 2001 13:24:29 +0100 (BST) Message-ID: <3BC43DFF.C356A86A@algroup.co.uk> Date: Wed, 10 Oct 2001 13:24:31 +0100 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: xskoba1@kremilek.gyrec.cz Cc: security@freebsd.org, Ben Laurie Subject: Re: "Rubbish" idea on security References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org xskoba1@kremilek.gyrec.cz wrote: > > Has anyone ever thought about physicial stealing of server? > > I know I sound like pretty paranoid, but my question is. Is there > any way to crypt all harddrive in the way, no one from outside will see > anything from it. I mean, for example, that rebooting of server is going > to be dependandt on connection from somewhere, that connection send a key, > which is all the time only in memory and if someone decide to steal the > harddrive, he has nothing unless he has a key. this would be quite easy with cfs (http://www.freebsddiary.org/encrypted-fs.php) - you'd need an unencrypted boot that got you up far enough to run (say) sshd, then log in and unlock the main filesystem and finish the boot. however, if the thief knows that it's protected in this way, all they need to do is maintain the power until they can copy the files. it would of course provide good protection against opportunist or ram-raid style theft though. > > And the second thing is concerning config or any files which are > necessary to change to compromise server. The idea is the same, the > changes > are (probably by kernel) written into some temprorary area and only when > private key is provided, changes are written on the right place. a variation on the above. > > sorry if everything I told is too dificult or too stupid to be > created. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 The Stores http://www.thebunker.net 2 Bath Road http://www.aldigital.co.uk London W4 1LT mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 5:33:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 43D7337B403 for ; Wed, 10 Oct 2001 05:33:23 -0700 (PDT) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id f9ACWmV19152; Wed, 10 Oct 2001 14:32:52 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Adam Laurie Cc: xskoba1@kremilek.gyrec.cz, security@FreeBSD.ORG, Ben Laurie Subject: Re: "Rubbish" idea on security In-Reply-To: Your message of "Wed, 10 Oct 2001 13:24:31 BST." <3BC43DFF.C356A86A@algroup.co.uk> Date: Wed, 10 Oct 2001 14:32:48 +0200 Message-ID: <19150.1002717168@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <3BC43DFF.C356A86A@algroup.co.uk>, Adam Laurie writes: >this would be quite easy with cfs >(http://www.freebsddiary.org/encrypted-fs.php) - you'd need an >unencrypted boot that got you up far enough to run (say) sshd, then log >in and unlock the main filesystem and finish the boot. however, if the >thief knows that it's protected in this way, all they need to do is >maintain the power until they can copy the files. it would of course >provide good protection against opportunist or ram-raid style theft >though. If you want to physically protect information, then study the PAL/SL/WL system on atomic warheads: http://www.google.com/search?q=permissive+action+link http://www.google.com/search?hl=en&q=warhead+weak+strong+link -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 7:16:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id 095A837B401 for ; Wed, 10 Oct 2001 07:16:17 -0700 (PDT) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9AEGGW95022 for ; Wed, 10 Oct 2001 10:16:16 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Date: Wed, 10 Oct 2001 10:16:13 -0400 (EDT) From: Rob Simmons To: Subject: ftp configuration files Message-ID: <20011010101019.F73080-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Instead of having the two ftp config files, ftpchroot and ftpusers, maybe this could be incorporated into fields in the passwd file, or turned into options in login.conf. This way you would be able to look at all this information at once. It would be easier to make sure that all the users that need to be listed in ftpusers get restricted properly. The same would go for ftpchroot. Is this something that has been thought about before? Is there a reason not to do something like this? Robert Simmons Systems Administrator http://www.wlcg.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7xFgwv8Bofna59hYRAws/AJ93IyPV3BUGzarCR6iJUtSMyuR1LwCfWJwB LX93AysI2treutwQXcL3jcY= =Z+NA -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 9: 7:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id 1B01B37B405; Wed, 10 Oct 2001 09:07:01 -0700 (PDT) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id CAA10568; Thu, 11 Oct 2001 02:06:50 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Thu, 11 Oct 2001 02:06:49 +1000 (EST) From: Ian Smith To: Randy Lee Cc: questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: ipfw - DoS ? In-Reply-To: <20011009233730.11902.qmail@web20907.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 9 Oct 2001, Randy Lee wrote: > Oct 9 12:00:02 MY /kernel: Connection attempt to TCP > 216.8.77.2:0 from 202.228.131.2:3072 [..] > Oct 9 12:00:05 MY /kernel: Connection attempt to TCP > 216.8.77.2:0 from 202.253.21.75:3072 This source port 3072 was arbitrarily chosen. It could be any port 1024 and above. It's not significant. The varying source addresses are more likely than not spoofed, or relays, and likely not worth chasing up either. Hopefully you have no TCP server bound to port 0 :-) > Oct 9 12:00:06 MY /kernel: Connection attempt to TCP > 216.8.77.2:0 from 202.204.219.111:1024 [..] > Oct 9 12:00:10 MY /kernel: Connection attempt to TCP > 216.8.77.2:0 from 209.5.171.39:1024 [..] Likely a freshly rebooted win box using the first port allocated, 1024. > Oct 9 12:00:11 MY /kernel: Connection attempt to TCP > 216.8.77.2:0 from 216.138.54.79:3072 Either 2 kiddies hit you at once, or the scan was distributed via a couple of other hosts. Again, most often not worth hotly pursuing. > Is someone is DoS'ing my server ? Running some script looking for a port 0 server, more likely. If there were thousands of these you might consider it a try at a DoS attack. > How can i deny all connection from port :3072 and > :1024 using ipfw ? Never mind about the 'from' unless you do want to block some particular site/s sometime; you want (in a nutshell) to allow connections (setup) to services you are providing (mail, web, whatever), allow established connections, and then deny everything else. Use rc.firewall as a guide. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 9:30:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by hub.freebsd.org (Postfix) with ESMTP id 8184837B40A for ; Wed, 10 Oct 2001 09:30:32 -0700 (PDT) Received: from DougBarton.net (db-cvad-2-tmp.yahoo.com [216.145.48.243]) by mail-relay1.yahoo.com (Postfix) with ESMTP id 056EB8B5E7; Wed, 10 Oct 2001 09:30:32 -0700 (PDT) Message-ID: <3BC477B2.53262305@DougBarton.net> Date: Wed, 10 Oct 2001 09:30:42 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Rob Simmons Cc: freebsd-security@FreeBSD.ORG Subject: Re: ftp configuration files References: <20011010101019.F73080-100000@mail.wlcg.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Rob Simmons wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > Instead of having the two ftp config files, ftpchroot and ftpusers, maybe > this could be incorporated into fields in the passwd file, or turned into > options in login.conf. This way you would be able to look at all this > information at once. It would be easier to make sure that all the users > that need to be listed in ftpusers get restricted properly. The same > would go for ftpchroot. > > Is this something that has been thought about before? Is there a reason > not to do something like this? Historical reasons, not breaking compatability with password file standards, and violation of the unix idea of combining smaller building blocks to create larger tools. -- "We will not tire, we will not falter, and we will not fail." - George W. Bush, President of the United States September 20, 2001 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 12:17: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 2EF9B37B401 for ; Wed, 10 Oct 2001 12:16:53 -0700 (PDT) Received: (qmail 60904 invoked by uid 1000); 10 Oct 2001 19:17:12 -0000 Date: Wed, 10 Oct 2001 21:17:12 +0200 From: "Karsten W. Rohrbach" To: xskoba1@kremilek.gyrec.cz Cc: security@freebsd.org Subject: Re: "Rubbish" idea on security Message-ID: <20011010211712.B60609@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , xskoba1@kremilek.gyrec.cz, security@freebsd.org References: <20011009130922.C85958-100000@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="b5gNqxB1S1yM7hjW" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from xskoba1@kremilek.gyrec.cz on Wed, Oct 10, 2001 at 08:38:21AM +0200 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --b5gNqxB1S1yM7hjW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable xskoba1@kremilek.gyrec.cz(xskoba1@kremilek.gyrec.cz)@2001.10.10 08:38:21 +0= 000: >=20 > Has anyone ever thought about physicial stealing of server? yes ;-) >=20 > I know I sound like pretty paranoid, but my question is. Is there > any way to crypt all harddrive in the way, no one from outside will see > anything from it. I mean, for example, that rebooting of server is going > to be dependandt on connection from somewhere, that connection send a key, > which is all the time only in memory and if someone decide to steal the > harddrive, he has nothing unless he has a key. for a somewhat larger client's installation we ordered a safe containing rackmounts, ups and air conditioning. those boxes are quite expensive (and quite big), heavy to lift (trust me, noone's ever gonna carry such a thing out of the building) and they provide the physical security level demanded by the german bank and insurance industry. hard drives cannot be removed when the safe is closed, so you just got to think about a good network/os security solution. > And the second thing is concerning config or any files which are > necessary to change to compromise server. The idea is the same, the > changes > are (probably by kernel) written into some temprorary area and only when > private key is provided, changes are written on the right place. we put /, /usr, /opt (custom binaries) on a write-disabled scsi harddisk raid mirror, the remaining filesystems went onto a standard raid5 scsi-scsi bridge solution. software upgrades are being deployed onto new disks on the same hardware in a lab and then transported to the site for being actively deployed (swapped agains the original boot volume disk set). >=20 > sorry if everything I told is too dificult or too stupid to be > created. not at all. there are just not that many customers demanding that degree of security. /k --=20 > Only two things are infinite, the universe and human stupidity, and I'm > not sure about the former. --Albert Einstein=20 KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --b5gNqxB1S1yM7hjW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7xJ64M0BPTilkv0YRAgEzAKC6vLtkuvdjnLnx864L3MNUczY9ygCfThRa RaQBe2BqdkvjCRShOHnYKDk= =Fq2K -----END PGP SIGNATURE----- --b5gNqxB1S1yM7hjW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 12:19:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from 4evermail.com (equinox.4evermail.com [204.92.209.4]) by hub.freebsd.org (Postfix) with SMTP id 1BA7A37B40B for ; Wed, 10 Oct 2001 12:18:42 -0700 (PDT) Received: (qmail 70094 invoked from network); 10 Oct 2001 19:19:15 -0000 Received: from 24-168-45-37.nyc.rr.com (HELO sioux) (24.168.45.37) by equinox.4evermail.com with SMTP; 10 Oct 2001 19:19:15 -0000 Message-ID: <007b01c151c0$646ab510$252da818@sioux> From: "Jonathan M. Slivko" To: "asssaf123 kachlon" , Cc: References: Subject: Re: Date: Wed, 10 Oct 2001 15:18:49 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0078_01C1519E.DC9576F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0078_01C1519E.DC9576F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable First, cvsup to 4.4-STABLE. Then, you should be patched. 4.4-STABLE (and = -RELEASE) incorporate the patch needed to secure the machine. -- = Jonathan ----- Original Message -----=20 From: asssaf123 kachlon=20 To: freebsd-questions@FreeBSD.ORG=20 Sent: Wednesday, October 10, 2001 3:16 PM hello=20 i have box with freebsd in it: # uname -r RELENG_4_2001_06_29_NOSRC i want to secure this box from telnetd remote exploit but with out to = close telnet what can i do ? the info in ur site is dont work please help me, assaf k -------------------------------------------------------------------------= ----- Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe = freebsd-questions" in the body of the message=20 ------=_NextPart_000_0078_01C1519E.DC9576F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
First, cvsup to 4.4-STABLE. Then, you = should be=20 patched. 4.4-STABLE (and -RELEASE) incorporate the patch needed to = secure the=20 machine. -- Jonathan
----- Original Message -----
From:=20 asssaf123=20 kachlon
To: freebsd-questions@FreeBSD.O= RG=20
Sent: Wednesday, October 10, = 2001 3:16=20 PM

hello

i have box with freebsd in it:

# uname -r
RELENG_4_2001_06_29_NOSRC

i want to secure this box from telnetd remote exploit but with = out to=20 close telnet

what can i do ?

the info in ur site is dont work

please help me,

assaf k

 


Get your FREE download of MSN Explorer at http://explorer.msn.com
To = Unsubscribe:=20 send mail to majordomo@FreeBSD.org with "unsubscribe = freebsd-questions" in the=20 body of the message ------=_NextPart_000_0078_01C1519E.DC9576F0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 14:53:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from student.uci.agh.edu.pl (student.uci.agh.edu.pl [149.156.98.60]) by hub.freebsd.org (Postfix) with ESMTP id 99D9837B405 for ; Wed, 10 Oct 2001 14:53:26 -0700 (PDT) Received: from localhost (winfried@localhost) by student.uci.agh.edu.pl (8.8.7/8.8.5/ts-tmpl.970124+rchk1.22) with ESMTP id XAA27525 for ; Wed, 10 Oct 2001 23:53:19 +0200 (MET DST) Date: Wed, 10 Oct 2001 23:53:19 +0200 (MET DST) From: Jan Srzednicki To: Subject: OpenSSH from -STABLE SIGSEGV Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I have machine with 4.4-STABLE, built on October the 3rd. I have just put it online, and I noticed something weird in the logs: Oct 10 23:25:06 spitfire sshd[28568]: Accepted password for rafalg from 192.168.46.6 port 32807 Oct 10 23:25:06 spitfire /kernel: pid 28575 (sshd), uid 0: exited on signal 11 (core dumped) Oct 10 23:25:06 spitfire sshd[28568]: Disconnecting: Command terminated on signal 11. It seems only to happen in SSH1 mode, I had no trouble logging in in the SSH2 mode. I tried to run sshd in debug and that's what I've got: root@spitfire:/# /usr/sbin/sshd -d -d -d debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20010713 debug1: private host key: #0 type 0 RSA1 debug3: No RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from stronghold.dywizjonet port 32955 Connection from 192.168.46.205 port 32955 debug1: Client protocol version 1.5; client software version OpenSSH_2.5.2p2 debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH_2\.5\.[012] debug1: Local version string SSH-1.99-OpenSSH_2.9 FreeBSD localisations 20010713 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Starting up PAM with username "winfried" debug3: Trying to reverse map address 192.168.46.205. debug1: Attempting authentication for winfried. debug1: temporarily_use_uid: 1001/1001 (e=0) debug1: restore_uid Failed rsa for winfried from 192.168.46.205 port 32955 debug1: PAM Password authentication accepted for user "winfried" Accepted password for winfried from 192.168.46.205 port 32955 debug1: PAM setting rhost to "stronghold.dywizjonet" debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug2: tty_parse_modes: ospeed 38400 debug2: tty_parse_modes: ispeed 38400 debug2: tty_parse_modes: 1 3 debug2: tty_parse_modes: 2 28 debug2: tty_parse_modes: 3 127 debug2: tty_parse_modes: 4 21 debug2: tty_parse_modes: 5 4 debug2: tty_parse_modes: 6 0 debug2: tty_parse_modes: 7 0 debug2: tty_parse_modes: 8 17 debug2: tty_parse_modes: 9 19 debug2: tty_parse_modes: 10 26 debug2: tty_parse_modes: 12 18 debug2: tty_parse_modes: 13 23 debug2: tty_parse_modes: 14 22 debug2: tty_parse_modes: 18 15 debug2: tty_parse_modes: 30 1 debug2: tty_parse_modes: 31 0 debug2: tty_parse_modes: 32 0 debug2: tty_parse_modes: 33 0 debug2: tty_parse_modes: 34 0 debug2: tty_parse_modes: 35 0 debug2: tty_parse_modes: 36 1 debug1: Ignoring unsupported tty mode opcode 37 (0x25) debug2: tty_parse_modes: 38 1 debug2: tty_parse_modes: 39 0 debug2: tty_parse_modes: 40 0 debug2: tty_parse_modes: 41 1 debug2: tty_parse_modes: 50 1 debug2: tty_parse_modes: 51 1 debug1: Ignoring unsupported tty mode opcode 52 (0x34) debug2: tty_parse_modes: 53 1 debug2: tty_parse_modes: 54 1 debug2: tty_parse_modes: 55 1 debug2: tty_parse_modes: 56 0 debug2: tty_parse_modes: 57 0 debug2: tty_parse_modes: 58 0 debug2: tty_parse_modes: 59 1 debug2: tty_parse_modes: 60 1 debug2: tty_parse_modes: 61 1 debug2: tty_parse_modes: 62 0 debug2: tty_parse_modes: 70 1 debug1: Ignoring unsupported tty mode opcode 71 (0x47) debug2: tty_parse_modes: 72 1 debug2: tty_parse_modes: 73 0 debug2: tty_parse_modes: 74 0 debug2: tty_parse_modes: 75 0 debug2: tty_parse_modes: 90 1 debug2: tty_parse_modes: 91 1 debug2: tty_parse_modes: 92 0 debug2: tty_parse_modes: 93 0 debug1: PAM setting tty to "/dev/ttypc" debug1: do_pam_session: euid 0, uid 0 debug1: PAM establishing creds debug1: Entering interactive session. debug1: fd 3 setting O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. debug1: fd 4 IS O_NONBLOCK debug1: Received SIGCHLD. debug1: server_init_dispatch_13 debug1: server_init_dispatch_15 debug3: tvp!=NULL kid 1 mili 100 debug1: End of interactive session; stdin 0, stdout (read 0, sent 0), stderr 0 bytes. Disconnecting: Command terminated on signal 11. debug1: Calling cleanup 0x8055de4(0x8086240) debug1: pty_cleanup_proc: /dev/ttypc debug1: Calling cleanup 0x8059674(0x0) debug1: Calling cleanup 0x806003c(0x0) I have just installed OpenSSH 2.9.9 from ports tree and it works fine. I used the same config files. -- Winfried mail: winfried@dream.vg http://violent.dream.vg Warning: Never underestimate the power of stupid people in large numbers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 15:43:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34]) by hub.freebsd.org (Postfix) with ESMTP id 25D2237B407 for ; Wed, 10 Oct 2001 15:43:13 -0700 (PDT) Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61]) by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id PAA38141 for ; Wed, 10 Oct 2001 15:43:06 -0700 (PDT) (envelope-from greg@bogslab.ucdavis.edu) Received: from thistle.bogs.org (localhost [127.0.0.1]) by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id f9AMeSt15451 for ; Wed, 10 Oct 2001 15:40:28 -0700 (PDT) (envelope-from greg@thistle.bogs.org) Message-Id: <200110102240.f9AMeSt15451@thistle.bogs.org> To: security@FreeBSD.ORG X-To: "Jonathan M. Slivko" X-Sender: owner-freebsd-security@FreeBSD.ORG Subject: Re: In-reply-to: Your message of "Wed, 10 Oct 2001 15:18:49 EDT." <007b01c151c0$646ab510$252da818@sioux> Reply-To: gkshenaut@ucdavis.edu Date: Wed, 10 Oct 2001 15:40:27 -0700 From: Greg Shenaut Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <007b01c151c0$646ab510$252da818@sioux>, "Jonathan M. Slivko" cleopede: >First, cvsup to 4.4-STABLE. Then, you should be patched. 4.4-STABLE (and = >-RELEASE) incorporate the patch needed to secure the machine. -- = But turn off telnet until you install the patched version ! Greg Shenaut >Jonathan > ----- Original Message -----=20 > From: asssaf123 kachlon=20 > To: freebsd-questions@FreeBSD.ORG=20 > Sent: Wednesday, October 10, 2001 3:16 PM > > > hello=20 > i have box with freebsd in it: > > # uname -r > RELENG_4_2001_06_29_NOSRC > > i want to secure this box from telnetd remote exploit but with out to = >close telnet > > what can i do ? > > the info in ur site is dont work > > please help me, > > assaf k > > > > > >-------------------------------------------------------------------------= >----- > Get your FREE download of MSN Explorer at http://explorer.msn.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe = >freebsd-questions" in the body of the message=20 > >------=_NextPart_000_0078_01C1519E.DC9576F0 >Content-Type: text/html; > charset="iso-8859-1" >Content-Transfer-Encoding: quoted-printable > > > >charset=3Diso-8859-1"> > > > > >
First, cvsup to 4.4-STABLE. Then, you = >should be=20 >patched. 4.4-STABLE (and -RELEASE) incorporate the patch needed to = >secure the=20 >machine. -- Jonathan
>style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = >BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> >
----- Original Message -----
> style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = >black">From:=20 > href=3D"mailto:asssaf123@hotmail.com">asssaf123=20 > kachlon >
To: title=3Dfreebsd-questions@FreeBSD.ORG=20 > = >href=3D"mailto:freebsd-questions@FreeBSD.ORG">freebsd-questions@FreeBSD.O= >RG=20 >
>
Sent: Wednesday, October 10, = >2001 3:16=20 > PM
>

>
>
hello
>

i have box with freebsd in it:

>

# uname -r
RELENG_4_2001_06_29_NOSRC

>

i want to secure this box from telnetd remote exploit but with = >out to=20 > close telnet

>

what can i do ?

>

the info in ur site is dont work

>

please help me,

>

assaf k

>

 


>
> Get your FREE download of MSN Explorer at href=3D"http://explorer.msn.com">http://explorer.msn.com
To = >Unsubscribe:=20 > send mail to majordomo@FreeBSD.org with "unsubscribe = >freebsd-questions" in the=20 > body of the message > >------=_NextPart_000_0078_01C1519E.DC9576F0-- > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 21:56:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from lima.epix.net (lima.epix.net [199.224.64.56]) by hub.freebsd.org (Postfix) with ESMTP id 9B06437B401 for ; Wed, 10 Oct 2001 21:56:11 -0700 (PDT) Received: from brockspc (svcr-adsl-216-37-223-34.epix.net [216.37.223.34]) by lima.epix.net (8.12.1/2001100501/PL) with SMTP id f9B4uAMn027424 for ; Thu, 11 Oct 2001 00:56:10 -0400 (EDT) Message-ID: <001101c15211$09dc51c0$0500a8c0@brockspc> From: "Brock Kreiser" To: Subject: firewall Date: Thu, 11 Oct 2001 00:56:02 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000E_01C151EF.7F83C420" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C151EF.7F83C420 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hey all, Let me start by saying im a new to fbsd but im learning fast:) im run = 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want = to no is how to configure this box to be a firewall with a way to have a = ftp routed to another machine running win 2k on an internal network... = Is there any good docs on this kind of setup? Any kind of help in the = right direction would be greatly appreciated... thanks, Brock=20 ------=_NextPart_000_000E_01C151EF.7F83C420 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hey all,
 
 Let me start by saying im a new = to fbsd but=20 im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue = Oct  9=20 09:44:05 EDT 2001 and want to no is how to configure this box to be = a=20 firewall with a way to have a ftp routed to another machine running win = 2k on an=20 internal network... Is there any good docs on this kind of setup? Any = kind of=20 help in the right direction would be greatly appreciated...
 
thanks,
 Brock 
------=_NextPart_000_000E_01C151EF.7F83C420-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 22:17:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 8DB1D37B406 for ; Wed, 10 Oct 2001 22:17:53 -0700 (PDT) Received: (qmail 26699 invoked from network); 11 Oct 2001 05:17:50 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 11 Oct 2001 05:17:50 -0000 Message-ID: <001701c15214$1420ec10$0100a8c0@alexus> From: "alexus" To: "Brock Kreiser" , References: <001101c15211$09dc51c0$0500a8c0@brockspc> Subject: Re: firewall Date: Thu, 11 Oct 2001 01:17:52 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0014_01C151F2.8C875760" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0014_01C151F2.8C875760 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable man ipfw and man natd ----- Original Message -----=20 From: Brock Kreiser=20 To: freebsd-security@freebsd.org=20 Sent: Thursday, October 11, 2001 12:56 AM Subject: firewall Hey all, Let me start by saying im a new to fbsd but im learning fast:) im run = 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want = to no is how to configure this box to be a firewall with a way to have a = ftp routed to another machine running win 2k on an internal network... = Is there any good docs on this kind of setup? Any kind of help in the = right direction would be greatly appreciated... thanks, Brock=20 ------=_NextPart_000_0014_01C151F2.8C875760 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
man ipfw and man natd
----- Original Message -----
From:=20 Brock=20 Kreiser
Sent: Thursday, October 11, = 2001 12:56=20 AM
Subject: firewall

Hey all,
 
 Let me start by saying im a new = to fbsd but=20 im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue = Oct  9=20 09:44:05 EDT 2001 and want to no is how to configure this box to = be a=20 firewall with a way to have a ftp routed to another machine running = win 2k on=20 an internal network... Is there any good docs on this kind of setup? = Any kind=20 of help in the right direction would be greatly = appreciated...
 
thanks,
 Brock 
------=_NextPart_000_0014_01C151F2.8C875760-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 10 22:39: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from thatguys.dyndns.org (wks-65-27-97-255.kscable.com [65.27.97.255]) by hub.freebsd.org (Postfix) with ESMTP id 1C07237B401 for ; Wed, 10 Oct 2001 22:38:59 -0700 (PDT) Received: from localhost (thatguy@localhost) by thatguys.dyndns.org (8.11.3/8.11.3) with ESMTP id f9B620L02927; Thu, 11 Oct 2001 01:02:01 -0500 (CDT) (envelope-from thatguy@thatguys.dyndns.org) Date: Thu, 11 Oct 2001 01:02:00 -0500 (CDT) From: Josh Thomas To: alexus Cc: freebsd-security@freebsd.org Subject: Re: firewall In-Reply-To: <001701c15214$1420ec10$0100a8c0@alexus> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just to add to this, look specifically into port forwarding through nat. On Thu, 11 Oct 2001, alexus wrote: > man ipfw and man natd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 0:10:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from TYO201.gate.nec.co.jp (TYO201.gate.nec.co.jp [202.32.8.214]) by hub.freebsd.org (Postfix) with ESMTP id 1CB0837B406 for ; Thu, 11 Oct 2001 00:10:24 -0700 (PDT) Received: from mailgate4.nec.co.jp ([10.7.69.197]) by TYO201.gate.nec.co.jp (8.11.6/3.7W01080315) with ESMTP id f9B79iO03864; Thu, 11 Oct 2001 16:09:45 +0900 (JST) Received: from mailsv.nec.co.jp (mailgate51.nec.co.jp [10.7.69.196]) by mailgate4.nec.co.jp (8.11.6/3.7W-MAILGATE-NEC) with ESMTP id f9B79hV24109; Thu, 11 Oct 2001 16:09:43 +0900 (JST) Received: from necspl.do.mms.mt.nec.co.jp (necspl.do.mms.mt.nec.co.jp [10.16.5.21]) by mailsv.nec.co.jp (8.11.6/3.7W-MAILSV-NEC) with ESMTP id f9B79fO19666; Thu, 11 Oct 2001 16:09:42 +0900 (JST) Received: from localhost (localhost [127.0.0.1]) by necspl.do.mms.mt.nec.co.jp (8.12.1/8.12.1) with ESMTP id f9B79flC003348; Thu, 11 Oct 2001 16:09:41 +0900 (JST) Date: Thu, 11 Oct 2001 16:09:41 +0900 (JST) Message-Id: <20011011.160941.74753041.y-koga@jp.FreeBSD.org> To: freebsd-security@FreeBSD.ORG Subject: sdiff tmpfile race condition From: Koga Youichirou X-Mailer: Mew version 2.0.58 on Emacs 21.0 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I'm afraid that FreeBSD's sdiff has the same vulnerability described in following pages: http://www.kb.cert.org/vuls/id/579982 http://www.securityfocus.com/bid/2191 Does anyone know current status about this? Regards, -- Koga, Youichirou To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 1:30:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from amar.szczecin.mtl.pl (amar.szczecin.multinet.pl [195.117.116.14]) by hub.freebsd.org (Postfix) with ESMTP id AAEF037B403 for ; Thu, 11 Oct 2001 01:30:25 -0700 (PDT) Received: from localhost (amar@localhost [127.0.0.1]) by amar.szczecin.mtl.pl (8.11.6/8.9.3) with ESMTP id f9B8Suc59002; Thu, 11 Oct 2001 10:28:56 +0200 (CEST) (envelope-from amar@respect.rezist.com) Date: Thu, 11 Oct 2001 10:28:56 +0200 (CEST) From: amar_ X-Sender: amar@amar.szczecin.mtl.pl To: Yahoo!Groups Notification Cc: freebsd-security@FreeBSD.ORG Subject: Re: Please reply to unsubscribe from Burak In-Reply-To: <1002546794.483.59025.m11@yahoogroups.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 8 Oct 2001, Yahoo!Groups Notification wrote: >=20 > Hello, >=20 > We have received a request from you to unsubscribe from the > Burak group. Please confirm your request by=20 > replying to this message. If you do not wish to unsubscribe from=20 > Burak, please ignore this message. >=20 > Regards, >=20 > Yahoo! Groups Customer Care >=20 > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > =20 >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 --=20 "Imieniem bestii jestem Nocnym str=F3=BFem=20 Anio=B3em upad=B3ym U bram piekie=B3" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 2:37:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from osvald.void.ru (osvald.void.ru [195.209.226.151]) by hub.freebsd.org (Postfix) with ESMTP id 8843137B403 for ; Thu, 11 Oct 2001 02:37:29 -0700 (PDT) Received: from abgEYem__dmsjsWR (gw.solist.ru [195.42.77.50]) by osvald.void.ru (8.11.3/6.6.6) with ESMTP id f9B9ZrT89116 for ; Thu, 11 Oct 2001 13:35:54 +0400 (MSD) Date: Thu, 11 Oct 2001 13:36:49 +0400 From: void@void.ru X-Mailer: The Bat! (v1.53bis) UNREG / CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <1544247985.20011011133649@void.ru> Disposition-Notification-To: void@void.ru To: freebsd-security@FreeBSD.ORG Subject: jail(8) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Good day ! After setting up a virtual enviroment using JAIL(8) I've encountered the following problem: setuid/setgid bit became no more effective. So, this screwed up apache's suexec, passwd(1) and several other apps whose setuidness is nessesary for their normal operation flow. i.e.: jail# chmod u+s /usr/bin/id jail# ls -la /usr/bin/id -r-sr-xr-x 1 root wheel 6744 11 Oct 02:59 /usr/bin/id jail# su admin admin@jail$ /usr/bin/id uid=1000(admin) gid=1000(admin) groups=1000(admin) Is this bug or feature ? If it's a feature, how it can be disabled and how would it affect the virtual machine bounds integrity ? I did not found an appropriate sysctl value or something describing it in jail man pages. /kernel: FreeBSD 4.4-STABLE smp .d To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 5:44:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.nsu.ru (b.ns.ssc.nsu.ru [193.124.215.221]) by hub.freebsd.org (Postfix) with ESMTP id 16E7C37B401 for ; Thu, 11 Oct 2001 05:44:15 -0700 (PDT) Received: from iclub.nsu.ru ([193.124.222.66] ident=root) by mail.nsu.ru with esmtp (Exim 3.20 #1) id 15rfC4-0008IP-00 for security@freebsd.org; Thu, 11 Oct 2001 19:44:08 +0700 Received: (from fjoe@localhost) by iclub.nsu.ru (8.11.6/8.11.6) id f9BCi7g14634 for security@freebsd.org; Thu, 11 Oct 2001 19:44:07 +0700 (NSS) (envelope-from fjoe) Date: Thu, 11 Oct 2001 19:44:07 +0700 From: Max Khon To: security@freebsd.org Subject: [security-advisories@FreeBSD.ORG: FreeBSD Security Advisory FreeBSD-SA-01:62.uucp] Message-ID: <20011011194407.A14596@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, there! ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit [...] any objections if I commit this to RELENG_3? proposed patch attached /fjoe --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="uucp.SA-01.62" --- gnu/libexec/uucp/cu/Makefile.orig Sun Aug 29 22:29:20 1999 +++ gnu/libexec/uucp/cu/Makefile Tue Oct 9 10:12:37 2001 @@ -12,6 +12,7 @@ DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) CFLAGS+= -I$(.CURDIR)/../common_sources\ -DVERSION=\"$(VERSION)\" +INSTALLFLAGS+= -fschg .include .PATH: $(.CURDIR)/../common_sources --- gnu/libexec/uucp/uucp/Makefile.orig Sun Aug 29 22:30:38 1999 +++ gnu/libexec/uucp/uucp/Makefile Tue Oct 9 10:12:37 2001 @@ -11,6 +11,7 @@ DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) CFLAGS+= -I$(.CURDIR)/../common_sources\ -DVERSION=\"$(VERSION)\" +INSTALLFLAGS+= -fschg .include .PATH: $(.CURDIR)/../common_sources --- gnu/libexec/uucp/uuname/Makefile.orig Sun Aug 29 22:30:42 1999 +++ gnu/libexec/uucp/uuname/Makefile Tue Oct 9 10:12:37 2001 @@ -11,7 +11,7 @@ DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) CFLAGS+= -I$(.CURDIR)/../common_sources\ -DVERSION=\"$(VERSION)\" - +INSTALLFLAGS+= -fschg .include .PATH: $(.CURDIR)/../common_sources --- gnu/libexec/uucp/uustat/Makefile.orig Sun Aug 29 22:30:49 1999 +++ gnu/libexec/uucp/uustat/Makefile Tue Oct 9 10:12:37 2001 @@ -13,6 +13,7 @@ CFLAGS+= -I$(.CURDIR)/../common_sources\ -DOWNER=\"$(owner)\"\ -DVERSION=\"$(VERSION)\" +INSTALLFLAGS+= -fschg .include .PATH: $(.CURDIR)/../common_sources --- gnu/libexec/uucp/uux/Makefile.orig Sun Aug 29 22:30:54 1999 +++ gnu/libexec/uucp/uux/Makefile Tue Oct 9 10:12:37 2001 @@ -11,6 +11,7 @@ DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) CFLAGS+= -I$(.CURDIR)/../common_sources\ -DVERSION=\"$(VERSION)\" +INSTALLFLAGS+= -fschg .include .PATH: $(.CURDIR)/../common_sources --- etc/periodic/daily/410.status-uucp.orig Tue Oct 9 10:09:11 2001 +++ etc/periodic/daily/410.status-uucp Tue Oct 9 10:12:11 2001 @@ -8,4 +8,5 @@ echo "UUCP status:" - uustat -a + (echo "/usr/bin/uustat -a" | su -fm uucp ) fi --- usr.bin/tip/tip/Makefile.orig Mon Sep 21 16:41:35 1998 +++ usr.bin/tip/tip/Makefile Tue Oct 9 10:12:37 2001 @@ -21,6 +21,7 @@ MAN5= modems.5 SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ remote.c tip.c tipout.c value.c vars.c +INSTALLFLAGS+= -fschg BINDIR?= /usr/bin BINOWN= uucp --HcAYCG3uE/tztfnV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 5:55:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [213.59.3.194]) by hub.freebsd.org (Postfix) with ESMTP id 9AF4637B405 for ; Thu, 11 Oct 2001 05:55:41 -0700 (PDT) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id 8BE17667D1 for ; Thu, 11 Oct 2001 16:55:39 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 39275CCC9 for ; Thu, 11 Oct 2001 16:55:39 +0400 (MSD) Date: Thu, 11 Oct 2001 16:55:39 +0400 (MSD) From: Alexey Zakirov X-X-Sender: Cc: Subject: Re: jail(8) In-Reply-To: <1544247985.20011011133649@void.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 11 Oct 2001 void@void.ru wrote: > After setting up a virtual enviroment using JAIL(8) I've encountered > the following problem: setuid/setgid bit became no more effective. So, > this screwed up apache's suexec, passwd(1) and several other apps > whose setuidness is nessesary for their normal operation flow. Probably you've done something wrong because I use jail intensive and sugid works just fine: frank@evidence:~/tmp$ ls -l total 8 -r-sr-xr-x 1 root wheel 6692 Oct 11 16:52 id frank@evidence:~/tmp$ id uid=1038(frank) gid=32(users) groups=32(users), 0(wheel) frank@in-evidence:~/tmp$ ./id uid=1038(frank) euid=0(root) gid=32(users) groups=32(users), 0(wheel) frank@in-evidence:~/tmp$ ps -p $$ PID TT STAT TIME COMMAND 35765 p3 SsJ 0:00.06 /usr/local/bin/bash *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 6: 9:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86]) by hub.freebsd.org (Postfix) with ESMTP id 218C737B408 for ; Thu, 11 Oct 2001 06:08:59 -0700 (PDT) Received: (from eugen@localhost) by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) id f9BD7kv00781; Thu, 11 Oct 2001 21:07:46 +0800 (KRAST) (envelope-from eugen) Date: Thu, 11 Oct 2001 21:07:46 +0800 From: Eugene Grosbein To: Max Khon Cc: security@FreeBSD.ORG Subject: Re: [security-advisories@FreeBSD.ORG: FreeBSD Security Advisory FreeBSD-SA-01:62.uucp] Message-ID: <20011011210746.A743@grosbein.pp.ru> References: <20011011194407.A14596@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011011194407.A14596@iclub.nsu.ru>; from fjoe@iclub.nsu.ru on Thu, Oct 11, 2001 at 07:44:07PM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 11, 2001 at 07:44:07PM +0700, Max Khon wrote: > ============================================================================= > FreeBSD-SA-01:62 Security Advisory > FreeBSD, Inc. > > Topic: UUCP allows local root exploit > > [...] > > any objections if I commit this to RELENG_3? > > proposed patch attached > > /fjoe > --- gnu/libexec/uucp/cu/Makefile.orig Sun Aug 29 22:29:20 1999 > +++ gnu/libexec/uucp/cu/Makefile Tue Oct 9 10:12:37 2001 > @@ -12,6 +12,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uucp/Makefile.orig Sun Aug 29 22:30:38 1999 > +++ gnu/libexec/uucp/uucp/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uuname/Makefile.orig Sun Aug 29 22:30:42 1999 > +++ gnu/libexec/uucp/uuname/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,7 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > - > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uustat/Makefile.orig Sun Aug 29 22:30:49 1999 > +++ gnu/libexec/uucp/uustat/Makefile Tue Oct 9 10:12:37 2001 > @@ -13,6 +13,7 @@ > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DOWNER=\"$(owner)\"\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- gnu/libexec/uucp/uux/Makefile.orig Sun Aug 29 22:30:54 1999 > +++ gnu/libexec/uucp/uux/Makefile Tue Oct 9 10:12:37 2001 > @@ -11,6 +11,7 @@ > DPADD+= $(LIBUNIX) $(LIBUUCONF) $(LIBUUCP) > CFLAGS+= -I$(.CURDIR)/../common_sources\ > -DVERSION=\"$(VERSION)\" > +INSTALLFLAGS+= -fschg > > .include > .PATH: $(.CURDIR)/../common_sources > --- etc/periodic/daily/410.status-uucp.orig Tue Oct 9 10:09:11 2001 > +++ etc/periodic/daily/410.status-uucp Tue Oct 9 10:12:11 2001 > @@ -8,4 +8,5 @@ > echo "UUCP status:" > > - uustat -a > + (echo "/usr/bin/uustat -a" | su -fm uucp ) This line must be changed to + echo "/usr/bin/uustat -a" | su -fm uucp e.g ()'s must be omitted. > fi > --- usr.bin/tip/tip/Makefile.orig Mon Sep 21 16:41:35 1998 > +++ usr.bin/tip/tip/Makefile Tue Oct 9 10:12:37 2001 > @@ -21,6 +21,7 @@ > MAN5= modems.5 > SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ > remote.c tip.c tipout.c value.c vars.c > +INSTALLFLAGS+= -fschg > > BINDIR?= /usr/bin > BINOWN= uucp Eugene To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 6:25:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 1E55337B403 for ; Thu, 11 Oct 2001 06:25:51 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA12018; Thu, 11 Oct 2001 06:25:49 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda12016; Thu Oct 11 06:25:37 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f9BDPM251604; Thu, 11 Oct 2001 06:25:22 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpda51599; Thu Oct 11 06:25:12 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f9BDOvl06544; Thu, 11 Oct 2001 06:24:57 -0700 (PDT) Message-Id: <200110111324.f9BDOvl06544@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdrD6538; Thu Oct 11 06:24:06 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: "Brock Kreiser" Cc: freebsd-security@FreeBSD.ORG Subject: Re: firewall In-reply-to: Your message of "Thu, 11 Oct 2001 00:56:02 EDT." <001101c15211$09dc51c0$0500a8c0@brockspc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 Oct 2001 06:24:06 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <001101c15211$09dc51c0$0500a8c0@brockspc>, "Brock Kreiser" writes: > This is a multi-part message in MIME format. > Hey all, > > Let me start by saying im a new to fbsd but im learning fast:) im run = > 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want = > to no is how to configure this box to be a firewall with a way to have a = > ftp routed to another machine running win 2k on an internal network... = > Is there any good docs on this kind of setup? Any kind of help in the = > right direction would be greatly appreciated... FreeBSD comes with two firewalls, IPFW and IP Filter. Take a look at the ipf(1), ipnat(1), ipfw(8), and natd(8) man pages. Having said all that, you will have to seriously open your firewall in order to make FTP work properly through your firewall. Even if you restrict your FTP clients to using PORT (active) FTP, people can still use an FTP bounce to map or even gain access to other hosts and ports behind the firewall through your FTP server. These are two of the reasons I've been an advocate (on various mailing lists) of deprecating the FTP protocol. If you absolutely have to use the FTP protocol, put the FTP server on an external network or if you cannot do that on your DMZ. (I haven't even begun to talk about the various FTP server software vulnerabilities). If you still need to put an FTP server behind your firewall, you might be able to perform NAT using IP Filter's FTP proxy on the internal interface of your firewall. I haven't tried this, so I don't know whether it would work. Search the IP Filter mailing list archives at false.net for more info. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 6:45:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from rfnj.org (rfnj.org [216.239.237.194]) by hub.freebsd.org (Postfix) with ESMTP id 30F9737B403 for ; Thu, 11 Oct 2001 06:45:14 -0700 (PDT) Received: from megalomaniac.biosys.net (megalomaniac.rfnj.org [216.239.237.200]) by rfnj.org (Postfix) with ESMTP id 3121F1367E; Thu, 11 Oct 2001 09:44:26 +0000 (GMT) Message-Id: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> X-Sender: asym@rfnj.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 11 Oct 2001 09:46:21 -0400 To: freebsd-security@FreeBSD.ORG, "Brock Kreiser" From: Allen Landsidel Subject: Re: firewall In-Reply-To: <200110111324.f9BDOvl06544@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 06:24 AM 10/11/2001 -0700, Cy Schubert - ITSD Open Systems Group wrote: >Having said all that, you will have to seriously open your firewall in >order to make FTP work properly through your firewall. Even if you >restrict your FTP clients to using PORT (active) FTP, people can still >use an FTP bounce to map or even gain access to other hosts and ports >behind the firewall through your FTP server. These are two of the Can I get something clarified here? Judging by the tone of that statement, do you advocate using PORT over PASV? I agree standalone FTP has some pretty bad security implications, including hijacked sessions and password sniffing.. but that's what we have ftp-only users for. Passive mode I think is a far safer alternative than active also, as far as blowing holes in your firewall goes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 7: 6:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id AA47F37B406 for ; Thu, 11 Oct 2001 07:06:50 -0700 (PDT) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9BE6g618194; Thu, 11 Oct 2001 10:06:42 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Date: Thu, 11 Oct 2001 10:06:39 -0400 (EDT) From: Rob Simmons To: Allen Landsidel Cc: , Brock Kreiser Subject: Re: firewall In-Reply-To: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> Message-ID: <20011011100410.G7007-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Passive FTP requires a larger hole in the firewall than active does. You must open port 21 as well as ports > 1024. Not good. If you use ipfilter and are keeping state, you only need the one pass in rule for port 21. The state tables take care of the rest. Robert Simmons Systems Administrator http://www.wlcg.com/ On Thu, 11 Oct 2001, Allen Landsidel wrote: > At 06:24 AM 10/11/2001 -0700, Cy Schubert - ITSD Open Systems Group wrote: > > >Having said all that, you will have to seriously open your firewall in > >order to make FTP work properly through your firewall. Even if you > >restrict your FTP clients to using PORT (active) FTP, people can still > >use an FTP bounce to map or even gain access to other hosts and ports > >behind the firewall through your FTP server. These are two of the > > Can I get something clarified here? Judging by the tone of that statement, > do you advocate using PORT over PASV? > > I agree standalone FTP has some pretty bad security implications, including > hijacked sessions and password sniffing.. but that's what we have ftp-only > users for. Passive mode I think is a far safer alternative than active > also, as far as blowing holes in your firewall goes. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7xadyv8Bofna59hYRA2v8AJ91pR1uuIAJmSTE1X6ZHye1996ugACfZHm+ kBgN+leHPSwRdNHGD+nd9f4= =gWqM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 7: 7:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from reaper.daddyg.org (cr969375-a.etob1.on.wave.home.com [24.114.87.242]) by hub.freebsd.org (Postfix) with ESMTP id CB95C37B406 for ; Thu, 11 Oct 2001 07:07:32 -0700 (PDT) Received: from ginnespc (ginnes-pc.daddyg.org [192.168.0.10]) by reaper.daddyg.org (8.11.3/8.11.3) with SMTP id f9BE7Hv00812 for ; Thu, 11 Oct 2001 10:07:26 -0400 (EDT) (envelope-from grant.innes@mirror-image.com) From: "Grant Innes" To: Subject: RE: firewall Date: Thu, 11 Oct 2001 10:07:08 -0400 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_008D_01C1523C.7CBE5B90" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: <001101c15211$09dc51c0$0500a8c0@brockspc> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_008D_01C1523C.7CBE5B90 Content-Type: multipart/alternative; boundary="----=_NextPart_001_008E_01C1523C.7CC168D0" ------=_NextPart_001_008E_01C1523C.7CC168D0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Here's a link to a good tutorial to get you started http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html Grant -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Brock Kreiser Sent: Thursday, October 11, 2001 12:56 AM To: freebsd-security@FreeBSD.ORG Subject: firewall Hey all, Let me start by saying im a new to fbsd but im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want to no is how to configure this box to be a firewall with a way to have a ftp routed to another machine running win 2k on an internal network... Is there any good docs on this kind of setup? Any kind of help in the right direction would be greatly appreciated... thanks, Brock ------=_NextPart_001_008E_01C1523C.7CC168D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Here's a link to a good tutorial to get you=20 started
 
h= ttp://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html<= /FONT>
 
Grant
 
-----Original Message-----
From:=20 owner-freebsd-security@FreeBSD.ORG=20 [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Brock=20 Kreiser
Sent: Thursday, October 11, 2001 12:56 = AM
To:=20 freebsd-security@FreeBSD.ORG
Subject: = firewall

Hey all,
 
 Let me start by saying im a new = to fbsd but=20 im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue = Oct  9=20 09:44:05 EDT 2001 and want to no is how to configure this box to be = a=20 firewall with a way to have a ftp routed to another machine running win = 2k on an=20 internal network... Is there any good docs on this kind of setup? Any = kind of=20 help in the right direction would be greatly appreciated...
 
thanks,
 Brock 
------=_NextPart_001_008E_01C1523C.7CC168D0-- ------=_NextPart_000_008D_01C1523C.7CBE5B90 Content-Type: text/x-vcard; name="Grant Innes.vcf" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="Grant Innes.vcf" BEGIN:VCARD VERSION:2.1 N:Innes;Grant FN:Grant Innes ORG:Mirror Image Internet TITLE:Systems Engineer TEL;WORK;VOICE:416-977-9521 TEL;CELL;VOICE:416-738-1851 TEL;WORK;FAX:416-977-8960 ADR;WORK:;;891C Adelaide St. W.;Toronto;Ontario;M6J 3T1;Canada LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:891C Adelaide St. = W.=3D0D=3D0AToronto, Ontario M6J 3T1=3D0D=3D0ACanada URL: URL:http://www.mirror-image.com EMAIL;PREF;INTERNET:grant.innes@mirror-image.com REV:20001122T005341Z END:VCARD ------=_NextPart_000_008D_01C1523C.7CBE5B90-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 7:13:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 253D837B403 for ; Thu, 11 Oct 2001 07:13:19 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA12155; Thu, 11 Oct 2001 07:13:10 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda12153; Thu Oct 11 07:12:59 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id f9BECiH51883; Thu, 11 Oct 2001 07:12:44 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdE51879; Thu Oct 11 07:11:58 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.6/8.9.1) id f9BEBwm06821; Thu, 11 Oct 2001 07:11:58 -0700 (PDT) Message-Id: <200110111411.f9BEBwm06821@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdLw6817; Thu Oct 11 07:11:43 2001 X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Allen Landsidel Cc: freebsd-security@FreeBSD.ORG, "Brock Kreiser" Subject: Re: firewall In-reply-to: Your message of "Thu, 11 Oct 2001 09:46:21 EDT." <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 Oct 2001 07:11:43 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <5.1.0.14.0.20011011094352.00b022e8@rfnj.org>, Allen Landsidel write s: > At 06:24 AM 10/11/2001 -0700, Cy Schubert - ITSD Open Systems Group wrote: > > >Having said all that, you will have to seriously open your firewall in > >order to make FTP work properly through your firewall. Even if you > >restrict your FTP clients to using PORT (active) FTP, people can still > >use an FTP bounce to map or even gain access to other hosts and ports > >behind the firewall through your FTP server. These are two of the > > Can I get something clarified here? Judging by the tone of that statement, > do you advocate using PORT over PASV? > No tone was intended. I've had the flu since Tuesday and am very crabby. :( PORT FTP should be used when the FTP server is protected by a firewall that does not support an FTP proxy. Passive FTP should be used when the client is protected by a firewall that does that support an FTP proxy. If both client and server are protected by firewalls that don't support FTP proxies, you're pretty much SOL. (There is a thread currently on the IP Filter mailing list about just this topic). > I agree standalone FTP has some pretty bad security implications, including > hijacked sessions and password sniffing.. but that's what we have ftp-only > users for. Passive mode I think is a far safer alternative than active > also, as far as blowing holes in your firewall goes. See my comments above. Passive FTP is safer for clients, PORT FTP is safer for servers, hence the dilemma. Who (server or client) sacrifices their protection provided by their firewall in order to make the FTP protocol work from behind opposing firewalls? The FTP protocol allows you to use an FTP server as a proxy to connect to a third FTP server. One can use this feature of the FTP protocol to connect to other servers behind the same firewall as an FTP server. It is conceivable that one could use an FTP server to connect to arbitrary ports or even servers behind the same firewall that protects the FTP server. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD Ministry of Management Services Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 7:14:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from stargate.compuware.com (stargate.compuware.com [166.90.248.158]) by hub.freebsd.org (Postfix) with SMTP id F3CC737B43C for ; Thu, 11 Oct 2001 07:14:12 -0700 (PDT) Received: from [199.186.16.12] by stargate.compuware.com via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 11 Oct 2001 14:14:12 UT Received: from bh1.compuware.com (compuware.com [172.22.1.239]) by cwus-dtw-mr02.compuware.com (Postfix) with ESMTP id E51BA74F0A for ; Thu, 11 Oct 2001 10:14:11 -0400 (EDT) Received: by bh1.compuware.com with Internet Mail Service (5.5.2653.19) id <415K841A>; Thu, 11 Oct 2001 10:14:11 -0400 Message-ID: From: "Barkell, Bill" To: freebsd-security@FreeBSD.ORG Subject: RE: firewall Date: Thu, 11 Oct 2001 10:14:09 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1525E.FED6D4A0" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1525E.FED6D4A0 Content-Type: text/plain; charset="iso-8859-1" IPfilter handles ftp very well when coupled with an IPnat rule. Details can be found in the IPfilter HOW-TO. http://www.obfuscation.org/ipf/ipf-howto.txt Bill Barkell Network Security Analyst Compuware Corp -----Original Message----- From: Grant Innes [mailto:grant.innes@mirror-image.com] Sent: Thursday, October 11, 2001 10:07 AM To: freebsd-security@FreeBSD.ORG Subject: RE: firewall Here's a link to a good tutorial to get you started http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html Grant -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Brock Kreiser Sent: Thursday, October 11, 2001 12:56 AM To: freebsd-security@FreeBSD.ORG Subject: firewall Hey all, Let me start by saying im a new to fbsd but im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue Oct 9 09:44:05 EDT 2001 and want to no is how to configure this box to be a firewall with a way to have a ftp routed to another machine running win 2k on an internal network... Is there any good docs on this kind of setup? Any kind of help in the right direction would be greatly appreciated... thanks, Brock ------_=_NextPart_001_01C1525E.FED6D4A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
IPfilter handles ftp very well when coupled = with an=20 IPnat rule. Details can be found in the IPfilter = HOW-TO.
 
http://www.obfusca= tion.org/ipf/ipf-howto.txt
 
 
Bill=20 Barkell
Network Security Analyst
Compuware Corp
-----Original Message-----
From: Grant Innes=20 [mailto:grant.innes@mirror-image.com]
Sent: Thursday, = October 11,=20 2001 10:07 AM
To: = freebsd-security@FreeBSD.ORG
Subject:=20 RE: firewall

Here's a link to a good tutorial to get = you=20 started
 
= http://www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html
 
Grant
 
-----Original Message-----
From:=20 owner-freebsd-security@FreeBSD.ORG=20 [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Brock=20 Kreiser
Sent: Thursday, October 11, 2001 12:56 = AM
To:=20 freebsd-security@FreeBSD.ORG
Subject: = firewall

Hey all,
 
 Let me start by saying im a = new to fbsd but=20 im learning fast:) im run 4.4-STABLE FreeBSD 4.4-STABLE #2: Tue = Oct  9=20 09:44:05 EDT 2001 and want to no is how to configure this box to = be a=20 firewall with a way to have a ftp routed to another machine running = win 2k on=20 an internal network... Is there any good docs on this kind of setup? = Any kind=20 of help in the right direction would be greatly = appreciated...
 
thanks,
 Brock 
------_=_NextPart_001_01C1525E.FED6D4A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 7:22:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from rfnj.org (rfnj.org [216.239.237.194]) by hub.freebsd.org (Postfix) with ESMTP id 1F99637B403 for ; Thu, 11 Oct 2001 07:22:13 -0700 (PDT) Received: from megalomaniac.biosys.net (megalomaniac.rfnj.org [216.239.237.200]) by rfnj.org (Postfix) with ESMTP id 21B4D1367E; Thu, 11 Oct 2001 10:21:30 +0000 (GMT) Message-Id: <5.1.0.14.0.20011011101105.00b17e30@rfnj.org> X-Sender: asym@rfnj.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 11 Oct 2001 10:23:26 -0400 To: Rob Simmons From: Allen Landsidel Subject: Re: firewall Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20011011100410.G7007-100000@mail.wlcg.com> References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:06 AM 10/11/2001 -0400, you wrote: >Passive FTP requires a larger hole in the firewall than active does. You >must open port 21 as well as ports > 1024. Not good. > >If you use ipfilter and are keeping state, you only need the one pass in >rule for port 21. The state tables take care of the rest. Well, I've always considered PASV to be the safer of the two, although there is no good reason why.. with a PORT command, there is always the possibility (that you mentioned) that a malicious client could tell the server to connect to a port going god knows where, doing god knows what.. possibly doing some soft of mischief. A PASV connection on the other hand doesn't require the server to connect out to some random unknown machine.. it just requires the random unknown machine to connect back to it on the port it says to. PASV sounds more secure to me simply because it requires an active man-in-the-middle attack to exploit it in the way a PORT connection can be exploited by design. I don't see a problem with leaving some random high port range open for ftp to use, assuming the ftpd is smart enough to grab that port before it advertises that it has it back to the client. My only real problem with ftp at all is that it sends passwords in plaintext, and doesn't do any sort of authentication outside of this. ftp in an ssh tunnel, or via ssl, is a reasonably solid alternative.. but then so is scp. Problem is, nobody (meaning most people who dope around ftp sites) don't have any idea what any of this means. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 8:25:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12]) by hub.freebsd.org (Postfix) with ESMTP id 2168637B403 for ; Thu, 11 Oct 2001 08:25:15 -0700 (PDT) Received: by squall.waterspout.com (Postfix, from userid 1050) id 92C4F9B08; Thu, 11 Oct 2001 10:24:32 -0500 (EST) Date: Thu, 11 Oct 2001 10:24:32 -0500 From: Will Andrews To: Rob Simmons Cc: Allen Landsidel , freebsd-security@FreeBSD.ORG, Brock Kreiser Subject: Re: firewall Message-ID: <20011011102432.B57251@squall.waterspout.com> Reply-To: Will Andrews Mail-Followup-To: Rob Simmons , Allen Landsidel , freebsd-security@FreeBSD.ORG, Brock Kreiser References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> <20011011100410.G7007-100000@mail.wlcg.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011011100410.G7007-100000@mail.wlcg.com> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 11, 2001 at 10:06:39AM -0400, Rob Simmons wrote: > Passive FTP requires a larger hole in the firewall than active does. You > must open port 21 as well as ports > 1024. Not good. > > If you use ipfilter and are keeping state, you only need the one pass in > rule for port 21. The state tables take care of the rest. Er, you have that backwards. Passive FTP requires a SMALLER hole because it doesn't require ports > 1024 like active does. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 8:29:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (straylight.ringlet.net [217.75.134.254]) by hub.freebsd.org (Postfix) with SMTP id 1CBEF37B403 for ; Thu, 11 Oct 2001 08:29:05 -0700 (PDT) Received: (qmail 75569 invoked by uid 1000); 11 Oct 2001 15:26:01 -0000 Date: Thu, 11 Oct 2001 18:26:01 +0300 From: Peter Pentchev To: Will Andrews Cc: Rob Simmons , Allen Landsidel , freebsd-security@FreeBSD.ORG, Brock Kreiser Subject: Re: firewall Message-ID: <20011011182601.D6135@straylight.oblivion.bg> Mail-Followup-To: Will Andrews , Rob Simmons , Allen Landsidel , freebsd-security@FreeBSD.ORG, Brock Kreiser References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> <20011011100410.G7007-100000@mail.wlcg.com> <20011011102432.B57251@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011011102432.B57251@squall.waterspout.com>; from will@physics.purdue.edu on Thu, Oct 11, 2001 at 10:24:32AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 11, 2001 at 10:24:32AM -0500, Will Andrews wrote: > On Thu, Oct 11, 2001 at 10:06:39AM -0400, Rob Simmons wrote: > > Passive FTP requires a larger hole in the firewall than active does. You > > must open port 21 as well as ports > 1024. Not good. > > > > If you use ipfilter and are keeping state, you only need the one pass in > > rule for port 21. The state tables take care of the rest. > > Er, you have that backwards. Passive FTP requires a SMALLER hole > because it doesn't require ports > 1024 like active does. I believe that they are discussing the case of a server being NAT'd. In that case, the NAT machine has to allow for connections to ports > 1024 on the server to allow PASV FTP to work. G'luck, Peter -- I am the thought you are now thinking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 8:52:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from medialab.lostboys.nl (medialab.lostboys.nl [194.109.72.254]) by hub.freebsd.org (Postfix) with ESMTP id B48D637B408 for ; Thu, 11 Oct 2001 08:52:39 -0700 (PDT) Received: from buur.medialab.lostboys.nl (root@buur.medialab.lostboys.nl [194.109.110.8]) by medialab.lostboys.nl (8.9.3/8.9.3) with ESMTP id RAA20936; Thu, 11 Oct 2001 17:58:02 +0200 (CEST) Received: from darkroom.medialab.lostboys.nl (ip-037.medialab.lostboys.nl [194.109.110.37]) by buur.medialab.lostboys.nl (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id RAA29064; Thu, 11 Oct 2001 17:53:26 +0200 Received: by darkroom.medialab.lostboys.nl (Postfix, from userid 1000) id DB1A315F7; Thu, 11 Oct 2001 17:52:08 +0200 (CEST) Date: Thu, 11 Oct 2001 17:52:08 +0200 From: Martijn Lina To: Peter Pentchev Cc: freebsd-security@freebsd.org Subject: Re: firewall Message-ID: <20011011175208.B3267@medialab.lostboys.nl> Mail-Followup-To: Peter Pentchev , freebsd-security@freebsd.org References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> <20011011100410.G7007-100000@mail.wlcg.com> <20011011102432.B57251@squall.waterspout.com> <20011011182601.D6135@straylight.oblivion.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: <20011011182601.D6135@straylight.oblivion.bg> User-Agent: Mutt/1.3.22.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Once upon a 11-10-2001, Peter Pentchev hit keys in the following order: >=20 > I believe that they are discussing the case of a server being NAT'd. > In that case, the NAT machine has to allow for connections to ports > 1024 > on the server to allow PASV FTP to work. Depends on which ftp daemon you're using. The default FreeBSD ftpd only ope= ns a smaller port range than just everything above 1024, according to the man pa= ge: "In previous versions of ftpd, when a passive mode client requested a data connection to the server, the server would use data ports in the range 1024..4999. Now, by default, the server will use data ports in the range 49152..65535." It would be nice if the range could actually be specified through options. = My NAT just portmaps to ports below 49152, which gives me enough simultanious connections through NAT. Would it be a good solution to redirect the passive ftp port range directly to the box running ftpd (or to a ip alias in a jail= , in my home situation) with NAT and drop all connections above 49151 to other i= p#s? martijn --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE7xcAow/5eikYCPQYRAofgAJ41ennQk/aEan3PlH9CvzwpSkOZngCfcOz2 ChGx6XZTfgqbgnAIE0/ILig= =JpCN -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 9: 4:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (straylight.ringlet.net [217.75.134.254]) by hub.freebsd.org (Postfix) with SMTP id 36D3737B407 for ; Thu, 11 Oct 2001 09:04:46 -0700 (PDT) Received: (qmail 77179 invoked by uid 1000); 11 Oct 2001 16:01:37 -0000 Date: Thu, 11 Oct 2001 19:01:37 +0300 From: Peter Pentchev To: Martijn Lina Cc: freebsd-security@freebsd.org Subject: Re: firewall Message-ID: <20011011190137.E6135@straylight.oblivion.bg> Mail-Followup-To: Martijn Lina , freebsd-security@freebsd.org References: <5.1.0.14.0.20011011094352.00b022e8@rfnj.org> <20011011100410.G7007-100000@mail.wlcg.com> <20011011102432.B57251@squall.waterspout.com> <20011011182601.D6135@straylight.oblivion.bg> <20011011175208.B3267@medialab.lostboys.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011011175208.B3267@medialab.lostboys.nl>; from martijn@medialab.lostboys.nl on Thu, Oct 11, 2001 at 05:52:08PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Oct 11, 2001 at 05:52:08PM +0200, Martijn Lina wrote: > Once upon a 11-10-2001, Peter Pentchev hit keys in the following order: > > > > I believe that they are discussing the case of a server being NAT'd. > > In that case, the NAT machine has to allow for connections to ports > 1024 > > on the server to allow PASV FTP to work. > > Depends on which ftp daemon you're using. The default FreeBSD ftpd only opens a > smaller port range than just everything above 1024, according to the man page: > > "In previous versions of ftpd, when a passive mode client requested a data > connection to the server, the server would use data ports in the range > 1024..4999. Now, by default, the server will use data ports in the range > 49152..65535." > > It would be nice if the range could actually be specified through options. It can be specified. ftpd(8) only uses the high portrange defined by the net.inet.ip.portrange.* sysctls. [roam@straylight:v4 /usr/src/libexec/ftpd]$ sysctl net.inet.ip.portrange net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 [roam@straylight:v4 /usr/src/libexec/ftpd]$ So, as you can see, the default is 49152-65535, but it is easily tweakable :) G'luck, Peter -- When you are not looking at it, this sentence is in Spanish. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 11:50:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14604.mail.yahoo.com (web14604.mail.yahoo.com [216.136.224.84]) by hub.freebsd.org (Postfix) with SMTP id 98D4037B407 for ; Thu, 11 Oct 2001 11:50:08 -0700 (PDT) Message-ID: <20011011185008.95738.qmail@web14604.mail.yahoo.com> Received: from [66.156.14.26] by web14604.mail.yahoo.com via HTTP; Thu, 11 Oct 2001 11:50:08 PDT Date: Thu, 11 Oct 2001 11:50:08 -0700 (PDT) From: Jerry Murdock Subject: Jail vs Active FTP To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have what appears to be woking Jail environment with one exception. When initiating an FTP transfer use "ftp" inside the jail, I get an "500 Invalid Port Command" error. Should I be able to initiate and active FTP session from inside a jail? Thanks, Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 12: 3: 7 2001 Delivered-To: freebsd-security@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id A82F037B40A for ; Thu, 11 Oct 2001 12:03:03 -0700 (PDT) Received: (qmail 40120 invoked by uid 1000); 11 Oct 2001 19:03:02 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Oct 2001 19:03:02 -0000 Date: Thu, 11 Oct 2001 21:03:02 +0200 (CEST) From: Attila Nagy To: Jerry Murdock Cc: freebsd-security@freebsd.org Subject: Re: Jail vs Active FTP In-Reply-To: <20011011185008.95738.qmail@web14604.mail.yahoo.com> Message-ID: <20011011210142.G32220-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, > When initiating an FTP transfer use "ftp" inside the jail, I get an > "500 Invalid Port Command" error. Should I be able to initiate and > active FTP session from inside a jail? I often run jails with 127/8 IPs or private (non-routable intranet) addressess. The easiest solution is to put IPF into the kernel and use its built-in FTP proxy. -------------------------------------------------------------------------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194) H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 12:51: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14606.mail.yahoo.com (web14606.mail.yahoo.com [216.136.224.86]) by hub.freebsd.org (Postfix) with SMTP id BD6C037B403 for ; Thu, 11 Oct 2001 12:50:59 -0700 (PDT) Message-ID: <20011011195059.81764.qmail@web14606.mail.yahoo.com> Received: from [66.156.14.26] by web14606.mail.yahoo.com via HTTP; Thu, 11 Oct 2001 12:50:59 PDT Date: Thu, 11 Oct 2001 12:50:59 -0700 (PDT) From: Jerry Murdock Subject: Re: Jail vs Active FTP To: Attila Nagy Cc: freebsd-security@freebsd.org In-Reply-To: <20011011210142.G32220-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Attila Nagy wrote: > Hello, > > > When initiating an FTP transfer use "ftp" inside the jail, I get an > > "500 Invalid Port Command" error. Should I be able to initiate and > > active FTP session from inside a jail? > I often run jails with 127/8 IPs or private (non-routable intranet) > addressess. > The easiest solution is to put IPF into the kernel and use its built-in > FTP proxy. > Thanks for the tip. I already had "MAP map tun0 0.0.0.0/0 -> 0/32 proxy port ftp ftp/tcp" in the IPNAT rules, which I thought would be enough. I went back and added an explicit "MAP map tun0 jail.ad.dr.ess/32 -> 0/32 proxy port ftp ftp/tcp" which fixed it up. I should have thought of it myself. Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 11 20:31: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.aalbaek.com (port126.ds1-van.adsl.cybercity.dk [217.157.140.131]) by hub.freebsd.org (Postfix) with SMTP id DD2F437B408 for ; Thu, 11 Oct 2001 20:30:31 -0700 (PDT) Received: from ksbyr.Email.cz (209.134.34.38) by mail.aalbaek.com with MERCUR-SMTP/POP3/IMAP4-Server (v3.30.03 FC-8388608) for ; Fri, 12 Oct 2001 05:00:35 +0200 From: wyove@Email.cz Reply-To: kdzlukdtxl@zxmail.com To: freebsd-newbies@freebsd.org Subject: What Have You Been Smokin'? bfcip Date: Fri, 12 Oct 2001 05:00:35 +0200 Message-Id: <011012050035111600@mail.aalbaek.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Now Offering for your "Sensitive" Delight ... NEW & IMPROVED *** KATHMANDU 2 *** Thanks to recent dramatic advances in the laboratorial processes for the extraction of botanical/herbal alkaloids and glycocides, we are now able to offer what has already been the most incredibly potent marijuana/cannabis alternative available on the planet .... KATHMANDU TEMPLE KIFF!!! It is NEW, IMPROVED and 20 times more stokin'-tokin' potent in its formulation. KATHMANDU 2 ... a viripotent cannabis alternative for blissful regressions of vexatious depressions... * BURNS AND SMOKES EASIER! * TOKES DEEPER! * TASTES SWEETER! * LASTS LONGER! Kathmandu Temple Kiff is a proprietary; Nepalese, sensitive, pipe-smoking/stoking substance. Kathmandu Temple Kiff is indeed the most substantial marijuana/cannabis alternative on the planet. Absolutely Legal! Marvelously Potent! Kathmandu Temple Kiff possesses all of the positive virtues fine ganja/cannabis without any of the negatives. An amalgamation of high concentrates of rare euphoric herbas, Kathmandu is offered in a solid jigget/bar format and is actually more UPLIFTING & POISED than cannabis / marijuana while rendering Euphoria, Happiness, Mood-Enhancement, Stress/Depression Relief and promoting contemplativeness, creativity, better sleep, lucid dreaming ... and enhancing the sexual experience!!! Kathmandu Temple Kiff is simply the best and just a little pinch/snippet of the Kathmandu goes a long, "sensitive" way. Just 4 or 5 draws of the pipe ... (an herb pipe included with each package of Kathmandu Temple Kiff). PLEASE NOTE: Although no botanical factor in Kathmandu Temple Kiff is illegal or considered to be harmful by regulatory agencies and no tobacco is included therein, it is the policy of our company that Kathmandu Temple Kiff may not be offered or sold to any person that has not attained at least 21 years of age. So power-smokin potent is our new formulation, that much to our delight and actually even to our amazement, we have even be able to establish a very happy clientele within the hard core stoner market. Here is what our customers are saying about Kathmandu Temple Kiff: "Thank you so much for the Temple Kiff. It is everything you guys claim, and then some! I was a bit skeptical when I read your description of its effects, but there is literally no exaggeration in your advertisements. How nice that this is legal! It tastes great and feels great too! I am so glad I took a chance and ordered. Blessings to all of you." -- Frankie R. "I'm a man of my 40's and I really know my stuff. I don't drink or do illegal drugs anymore and have found a much more spiritual path. I used to have to take Valium in the past. Not anymore with the Temple Kiff. It really amazes me how this stuff tastes exactly like the lebanese red and blond hash I used to smoke in the 70's and it has a much more pleasurable effect. I am very satisfied with this product. I like it a lot and will be a customer for life for sure. Whoever makes this stuff is an ARTIST at it. Who would have thought?! Folks, this is the real stuff! Look no further!!" -- A.J. ************************************************************ Our other fine herbal, botanical products include the following: 1. Sweet Vjestika Aphrodisia Drops (tm); An erotic aphrodisia; sexual intensifier / enhancer liquid amalgamated extract for MEN and WOMEN. 2. "Seventh Heaven" Prosaka Tablets (tm); a botanical alternative to pharmaceutical medications for calm, balance, serenity and joyful living... 3. "Seventh Heaven" Gentle Ferocity Tablets (tm); a most efficacious, non-caffeine, non-ephedrine, non-MaHuang botanical energizer and cutting-edge appetite suppressant... 4. Extreme Martial Arts Botanical Remedies; Equivalence Tablets & Dragon Wing Remedy Spray ... pain management that works to alleviate pain even for arthritis and fibromyalgia sufferers... ********************************************* Sweet Vjestika Aphrodisia Drops (tm) inspires and enhances: * Penile & clitoral sensitivity * Sensitivity to touch * Desire to touch and be touched * Fantasy, lust, rapture, erogenous sensitivity ... * Prolongs and intensifies foreplay, orgasm & climax ********************************************* "Seventh Heaven" Prosaka Tablets ... Entirely natural, proprietary, botanical prescription comprised of uncommon Asian Herbs for Calm, Balance, Serenity and Joyful Living. "Seventh Heaven" Prosaka is indeed a most extraordinary, viripotent, calming, centering, mood-enhancing, holistically-formulated, exotic herbaceous alternative to pharmaceutical medications for depression, anxiety, stress, insomnia, etc. NO side effects! NO dependency! Vivaciously Mellow! ********************************************** "Seventh Heaven" Gentle Ferocity Tablets (tm) ... a non-caffeine, non-ephedrine, non-ephedra, non-MaHuang; viripotent, herbaceous prescription for the dynamic energization of body, mind and spirit. This Gentle Ferocity Formulation is amalgamated in accordance with the fundamental Taoist herbal principle of botanical interactiveness and precursorship which in essence is a molecular equation of the relevant botanical/herbal alkaloids and glycosides interacting with one another to prolificate molecular communion and thereby to achieve demonstrative herbal efficaciousness without negative implication to any aspect of human composition. These Gentle Ferocity Cordial Tablets are incredulously and thoroughly effective. Enjoy! For those of you who seek to achieve most demonstrative/non-invasive/non-prohibitive appetite suppression without the negative implications of ongoing usage of MaHuang Herb, Ephedra/Ephedrine or Caffeine as are so magnaminously utilized in a multitude of herbal "diet aids" entitled as "Thermogenics" ... this is ABSOLUTELY the herbal agenda/product for you!! Entirely Natural! Increases Energy! Increases Metabolism! Decreases Appetite! *********************************************** Extreme Martial Arts Botanical Remedies Eastern culture has long had a treatment for bone, muscle, tendon, ligament, sinew and joint distress, traumas, afflictions and constrictions. We are pleased to offer Equivalence Tablets & Dragon Wing Remedy Spray (Hei Ping Shun) (Hei Long Chibang) PLEASE NOTE: While it is true that all physiological traumas and injuries are unique and that no product can arbitrarily eliminate all of the pain and discomfort in all people all of the time, the combination of Equivalence Tablets (Hei Ping Shun) and Dragon Wing Remedy (Hei Long Chibang) remedial botanicals does guarantee to at the least: 1. Significantly reduce discomfort and pain! (In many instances most, if not all, traumas and distress can be eliminated!) 2. Significantly increase mobility and strength ratio. (Please remember also the significance of proper diet, excercise, rest and prayer.) Equivalence Tablets & Dragon Wing Spray Remedials are comprised of entirely natural botanical factors. While Equivalence Tablets (Hei Ping Shun) and Dragon Wing Remedy Spray (Hei Long Chibang) are extremely effective individually, they are utilized to maximum advantage when used in conjunction with one another. ======================================================== PRICING INFORMATION: 1. SEVENTH HEAVEN KATHMANDU TEMPLE KIFF (tm) One .75 oz. jigget/bar $65.00 One 2.0 oz. jigget/bar $115.00 (Free Capillaris Herba with 2.0 oz. bar. Refer to Capillaris paragraph at end of text) 2. SWEET VJESTIKA APHRODISIA DROPS (tm) One 1.0 oz. bottle $90.00 Two 1.0 oz. bottles $140.00 3. SEVENTH HEAVEN PROSAKA (tm) One 100 tablet tin $40.00 Three 100 tablet tins $105.00 Six 100 tablet tins $185.00 4. SEVENTH HEAVEN GENTLE FEROCITY (tm) One 300 tablet jar $130.00 5. Equivalence Tablets - Each bottle contains 90 - 500mg tablets. ** 3-pack (270 tablets) $83.00 ** 6-pack (540 tablets) $126.00 (save $40.00) ** 9-pack (810 tablets) $159.00 (save $90.00) ** 12-pack (1,080 tablets) $192.00 (save $140.00) 6. Dragon Wing Spray Remedy - Each spray bottle contains 4 liquid oz. ** 3-pack (3 - 4 oz. bottles) $83.00 ** 6-pack (6 - 4 oz. bottles) $126.00 (save $40.00) ** 9-pack (9 - 4 oz. bottles) $159.00 (save $90.00) ** 12-pack (12 - 4 oz. bottles) $192.00 (save $140.00) 7. Dynamic Duo Introductory Offers ** 3-pack Equivalence Tabs & 3-pack Dragon Wing $126.00 (save $40.00) ** 6-pack Equivalence Tabs & 3-pack Dragon Wing $159.00 (save $50.00) ** 9-pack Equivalence Tabs & 6-pack Dragon Wing $215.00 (save $70.00) ** 12-pack Equivalence Tabs & 9-pack Dragon Wing $271.00 (save $80.00) 8. SWEET APHRODISIA INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & one, 1 oz. bottle of Sweet Vjestika Aphrodisia Drops. For $150.00 (Reg. $205.00 Save $55) (Free Capillaris Herba with this intro offer. Refer to Capillaris paragraph at end of text) 9. BODY, MIND, SPIRIT "HEAVENLY" INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 tin (100 tablets) of Seventh Heaven Prosaka. For $125.00 (Reg. $155.00 Save $30) (Free Capillaris Herba with this intro offer. Refer to Capillaris paragraph at end of text) 10. "PURE ENERGY" INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 jar (300 tablets) of Seventh Heaven Gentle Ferocity. For $170.00 (Reg. $245.00 Save $75) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text) 11. "SENSITIVE" PREFERENTIAL INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 tin (100 tablets) of Seventh Heaven Prosaka & 1 jar (300 tablets) of Seventh Heaven Gentle Ferocity For $200.00 (Reg. $285.00 Save $85) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text.) 12. ULTIMATE HERBACEOUSNESS INTRO COMBINATION OFFER Includes one - 2.0 oz. jigget / bar of Kathmandu Temple Kiff, one - 1 oz. bottle of Sweet Vjestika Aphrodisia Drops, one - 100 tablet tin of Prosaka, and one - 300 count jar of Gentle Ferocity for a deep discounted Retail Price of $260.00 (Reg. $375.00 Save $115) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text.) SPECIAL OFFER: For a limited time only, you will receive a FREE personal brass hookah with the Ultimate Herbaceous Intro Offer as our gift to you. This hookah has a retail value of $25.00. ************************************************** ORDERING INFORMATION: For your convenience, you can call us direct with your orders or questions. Call 1-719-686-1161 Monday - Friday -- 10:30 AM to 7:00 PM (Mountain Time) Saturday -- 11:00 AM to 3:00 PM (Mountain Time) For all domestic orders, add $5.00 shipping & handling (shipped U.S. Priority Mail). Add $20.00 for International orders. ************************************************** SPECIAL DISCOUNT & GIFT Call now and receive a FREE botanical gift! With every order for a 2.0 oz. jigget / bar of Kathmandu Temple Kiff or one of our four (4) Intro Combination Offers, we will include as our free gift to you ... a 2.0 oz. package of our ever so sedate, sensitive Asian import, loose-leaf Capillaris Herba for "happy" smoking or brewing ... (a $65.00 retail value). ==================================================== To remove your address from our list, click "Reply" in your email software and type "Remove" in the subject field, then send. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 0:36:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 7848137B405 for ; Fri, 12 Oct 2001 00:36:12 -0700 (PDT) Received: (qmail 27571 invoked by uid 0); 12 Oct 2001 07:36:10 -0000 Received: from pd9022bd8.dip.t-dialin.net (HELO l5zy6) (217.2.43.216) by mail.gmx.net (mp004-rz3) with SMTP; 12 Oct 2001 07:36:10 -0000 Message-ID: <004f01c152f0$9034c290$fe78a8c0@espe.de> From: "Clemens Hermann" To: "freebsd-security" Subject: commercial firewall proxy-kit? Date: Fri, 12 Oct 2001 09:36:10 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, can anyone recommend a commercial proxy kit to build a firewall on FreeBSD? The free equivalents either don't seem to be completely ready for use or are incomlete. I am looking for something with a central user-/auth system. thanks for any hints in advance /ch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 1:21:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14608.mail.yahoo.com (web14608.mail.yahoo.com [216.136.224.88]) by hub.freebsd.org (Postfix) with SMTP id 72C2337B408 for ; Fri, 12 Oct 2001 01:21:11 -0700 (PDT) Message-ID: <20011012082111.12601.qmail@web14608.mail.yahoo.com> Received: from [66.156.9.124] by web14608.mail.yahoo.com via HTTP; Fri, 12 Oct 2001 01:21:11 PDT Date: Fri, 12 Oct 2001 01:21:11 -0700 (PDT) From: Jerry Murdock Subject: Squid Inside a Jail - DNS Errors! To: freebsd-security@freebsd.org In-Reply-To: <20011011210142.G32220-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I can't get squid(2.4S2) to operate inside a jail using squid's internal DNS. I get a log full of the following errors as it repeatedly tries to lookup the address: 2001/10/12 02:08:49| comm_udp_sendto: FD 4, 192.168.1.3, port 53: (22) Invalid argument 2001/10/12 02:08:49| idnsSendQuery: FD 4: sendto: (22) Invalid argument All other name resolution in the jail works fine, and squid will work if I disable the internal DNS and re-make. Has anyone else seen this? I did some searching and couldn't find reference. Is it a raw socket issue? Any insight appreciated. Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 1:34:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f121.law14.hotmail.com [64.4.21.121]) by hub.freebsd.org (Postfix) with ESMTP id CA2B637B401 for ; Fri, 12 Oct 2001 01:34:10 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 12 Oct 2001 01:34:10 -0700 Received: from 203.130.214.173 by lw14fd.law14.hotmail.msn.com with HTTP; Fri, 12 Oct 2001 08:34:10 GMT X-Originating-IP: [203.130.214.173] From: "himura kenshin" To: freebsd-security@FreeBSD.org Date: Fri, 12 Oct 2001 16:34:10 +0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 12 Oct 2001 08:34:10.0747 (UTC) FILETIME=[AA6928B0:01C152F8] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org subscribe _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 1:43:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id 2FFB637B403 for ; Fri, 12 Oct 2001 01:43:32 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f9C8hQi28054; Fri, 12 Oct 2001 16:43:27 +0800 (KRAST) Date: Fri, 12 Oct 2001 16:44:25 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.53d) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <114281381164.20011012164425@morning.ru> To: Jerry Murdock Cc: freebsd-security@FreeBSD.ORG Subject: Re: Squid Inside a Jail - DNS Errors! In-Reply-To: <20011012082111.12601.qmail@web14608.mail.yahoo.com> References: <20011012082111.12601.qmail@web14608.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have jailed squid running... several quick patches was needed though > I can't get squid(2.4S2) to operate inside a jail using squid's internal DNS. > I get a log full of the following errors as it repeatedly tries to lookup the > address: > 2001/10/12 02:08:49| comm_udp_sendto: FD 4, 192.168.1.3, port 53: (22) Invalid > argument isn't it one-ip-per-address issue? > 2001/10/12 02:08:49| idnsSendQuery: FD 4: sendto: (22) Invalid argument > All other name resolution in the jail works fine, and squid will work if I > disable the internal DNS and re-make. > Has anyone else seen this? I did some searching and couldn't find reference. > Is it a raw socket issue? > Any insight appreciated. > Jerry > __________________________________________________ > Do You Yahoo!? > Make a great connection at Yahoo! Personals. > http://personals.yahoo.com > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 3:10:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.nsu.ru (b.ns.ssc.nsu.ru [193.124.215.221]) by hub.freebsd.org (Postfix) with ESMTP id ECEE137B401 for ; Fri, 12 Oct 2001 03:10:30 -0700 (PDT) Received: from iclub.nsu.ru ([193.124.222.66] ident=root) by mail.nsu.ru with esmtp (Exim 3.20 #1) id 15rzGq-00089t-00 for security@freebsd.org; Fri, 12 Oct 2001 17:10:24 +0700 Received: (from fjoe@localhost) by iclub.nsu.ru (8.11.6/8.11.6) id f9CAANB24654 for security@freebsd.org; Fri, 12 Oct 2001 17:10:23 +0700 (NSS) (envelope-from fjoe) Date: Fri, 12 Oct 2001 17:10:22 +0700 From: Max Khon To: security@freebsd.org Subject: [marck@rinet.ru: Re: adduser and passwords] Message-ID: <20011012171022.A24494@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi, there! Seems like a good idea. I thought just about the same today when I was adding user who will be able to login only using DSA auth. Any objections if I commit this? ----- Forwarded message from Dmitry Morozovsky ----- Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD) From: Dmitry Morozovsky To: William Wong Cc: freebsd-stable@FreeBSD.ORG Subject: Re: adduser and passwords On Fri, 12 Oct 2001, William Wong wrote: [...] Here is quick'n'dirty fix to adduser (this should be done more politely, sure ;-) to put '*' when password is empty to not open your system with passwordless user between adding new user and changing its password. Index: adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.44.2.2 diff -u -r1.44.2.2 adduser.perl --- adduser.perl 2001/07/30 23:56:48 1.44.2.2 +++ adduser.perl 2001/10/12 09:35:23 @@ -710,7 +710,7 @@ if (&new_users_ok) { $new_users_ok = 1; - $cryptpwd = ""; + $cryptpwd = "*"; $cryptpwd = crypt($password, &salt) if $password ne ""; # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 4:29:45 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.euroscript-ls.de (mail.euroscript-ls.de [213.68.26.164]) by hub.freebsd.org (Postfix) with ESMTP id 345DC37B401 for ; Fri, 12 Oct 2001 04:29:41 -0700 (PDT) Received: from euroscript-ls.de (testbox.euroscript-ls.de [10.18.10.4]) by mail.euroscript-ls.de (8.10.0/8.10.0) with ESMTP id f9CBTdB85978 for ; Fri, 12 Oct 2001 13:29:39 +0200 (CEST) Message-ID: <3BC6D445.27C078CF@euroscript-ls.de> Date: Fri, 12 Oct 2001 13:30:13 +0200 From: Radoy Pavlov Organization: euroscript Language Services GmbH X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Randomizing TCP sequence Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm trying to randomize my tcp sequence. Upon experimenting with portsentry i made couple of nmap scans and I was suprized to see that the value never exceeds the number of 30, which IMO is weak. I activated net.inet.tcp.strict_rfc1948=1, which should do the randomizing, still i get a value of 30 or so. Are there any particular steps that could be taken to make this happen ? cheers, Radoy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 4:40:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from web14605.mail.yahoo.com (web14605.mail.yahoo.com [216.136.224.85]) by hub.freebsd.org (Postfix) with SMTP id 2F6C137B405 for ; Fri, 12 Oct 2001 04:40:30 -0700 (PDT) Message-ID: <20011012114030.46419.qmail@web14605.mail.yahoo.com> Received: from [66.156.10.114] by web14605.mail.yahoo.com via HTTP; Fri, 12 Oct 2001 04:40:30 PDT Date: Fri, 12 Oct 2001 04:40:30 -0700 (PDT) From: Jerry Murdock Subject: Re: Squid Inside a Jail - DNS Errors! To: Igor Podlesny Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <114281381164.20011012164425@morning.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Igor Podlesny wrote: > > I have jailed squid running... several quick patches was needed though Using squid's internal DNS? Any hints as to what they were? > > I can't get squid(2.4S2) to operate inside a jail using squid's internal > DNS. > > > I get a log full of the following errors as it repeatedly tries to lookup > the > > address: > > 2001/10/12 02:08:49| comm_udp_sendto: FD 4, 192.168.1.3, port 53: (22) > Invalid > > argument > > isn't it one-ip-per-address issue? Could be, but the address for the jail is on the same subnet as the DNS server, and DNS queries from any other app resolve without problems. Thanks, Jerry __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 7:34: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id D4BD837B407 for ; Fri, 12 Oct 2001 07:33:53 -0700 (PDT) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id QAA27102 for security@freebsd.org; Fri, 12 Oct 2001 16:33:50 +0200 (MET DST) Received: (from zgabor@localhost) by zg.CoDe.hu (8.11.3/8.11.1) id f9CE5NH00457 for security@freebsd.org; Fri, 12 Oct 2001 14:05:23 GMT (envelope-from zgabor) Date: Fri, 12 Oct 2001 14:05:23 +0000 From: Gabor Zahemszky To: security@freebsd.org Subject: Re: recovery from 'rm -rf /' Message-ID: <20011012140523.A339@zg.CoDe.hu> References: <64563.1002193406@axl.seasidesoftware.co.za> <3BBDC538.4B115243@abc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <3BBDC538.4B115243@abc.ro>; from andrei@abc.ro on Fri, Oct 05, 2001 at 05:35:36PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sorry for the late reply: On Fri, Oct 05, 2001 at 05:35:36PM +0300, ANdrei wrote: > i have no solution, bbut i heard smtg interesting on the radio this > morning: > > there are only 3 companies in the world who are really specialised in > doing such stuff, and one of these is in Hungary... they are said to be > very helpful, and maybe you find them and talk to them about it... they > have repeatedly offered help at no cost, so maybe you are lucky... > unfortunately I do not know their name, so... maybe google will help Their name is Kürt Kft. Bye, Gabor from Hungary :-) -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 8:38: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 444EB37B403 for ; Fri, 12 Oct 2001 08:37:59 -0700 (PDT) Received: (qmail 29768 invoked by uid 1000); 12 Oct 2001 15:37:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 Oct 2001 15:37:57 -0000 Date: Fri, 12 Oct 2001 10:37:57 -0500 (CDT) From: Mike Silbersack To: Radoy Pavlov Cc: Subject: Re: Randomizing TCP sequence In-Reply-To: <3BC6D445.27C078CF@euroscript-ls.de> Message-ID: <20011012103330.F29732-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 12 Oct 2001, Radoy Pavlov wrote: > I'm trying to randomize my tcp sequence. Upon > experimenting with portsentry i made couple of > nmap scans and I was suprized to see that the > value never exceeds the number of 30, which IMO > is weak. I activated net.inet.tcp.strict_rfc1948=1, > which should do the randomizing, still i get a > value of 30 or so. Scan your box from another box; there's something funky with nmaping localhost. When I try it, nmap says that there aren't enough responses for a good identification. Alternately, run tcpdump and watch the sequence numbers; the output is quite pseudo-random. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 10:35:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from R181172.resnet.ucsb.edu (R181172.resnet.ucsb.edu [128.111.181.172]) by hub.freebsd.org (Postfix) with ESMTP id 222C537B403 for ; Fri, 12 Oct 2001 10:35:49 -0700 (PDT) Received: from localhost (mudman@localhost) by R181172.resnet.ucsb.edu (8.11.6/8.11.6) with ESMTP id f9CHceh58443 for ; Fri, 12 Oct 2001 10:38:40 -0700 (PDT) (envelope-from mudman@R181172.resnet.ucsb.edu) Date: Fri, 12 Oct 2001 10:38:40 -0700 (PDT) From: Dave To: Subject: Only an ftp account Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org How would I be able to give an account to someone where they can only login and use FTP? Shell interpeters, sendmail, and virtually all the other parts of the system should not be at their disposal. How does one accomplish the creation of such a 'ftp-locked' account? I've heard some discussion about jails, but man jail(1) and jail(2) only talk about freezing a process, so I think this might not be the solution I need. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 10:45: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 6CAB537B403 for ; Fri, 12 Oct 2001 10:44:58 -0700 (PDT) Received: (qmail 45812 invoked from network); 12 Oct 2001 17:45:00 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 12 Oct 2001 17:45:00 -0000 Message-ID: <000b01c15345$9ace6170$0d00a8c0@alexus> From: "alexus" To: "Dave" , References: Subject: Re: Only an ftp account Date: Fri, 12 Oct 2001 13:44:55 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org just change shell to /sbin/nologin and this user won't be able login on shell while he/she'll be able to use ftp ----- Original Message ----- From: "Dave" To: Sent: Friday, October 12, 2001 1:38 PM Subject: Only an ftp account > > How would I be able to give an account to someone where they can only > login and use FTP? Shell interpeters, sendmail, and virtually all the > other parts of the system should not be at their disposal. > > How does one accomplish the creation of such a 'ftp-locked' account? > > I've heard some discussion about jails, but man jail(1) and jail(2) only > talk about freezing a process, so I think this might not be the solution I > need. > > Thanks. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 10:45:38 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5]) by hub.freebsd.org (Postfix) with ESMTP id E80C437B407 for ; Fri, 12 Oct 2001 10:45:32 -0700 (PDT) Received: (from root@localhost) by mail.wlcg.com (8.11.6/8.11.6) id f9CHjW748143; Fri, 12 Oct 2001 13:45:32 -0400 (EDT) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.6/8.11.6) with ESMTP id f9CHjVL48136; Fri, 12 Oct 2001 13:45:31 -0400 (EDT) (envelope-from rsimmons@wlcg.com) X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs Date: Fri, 12 Oct 2001 13:45:28 -0400 (EDT) From: Rob Simmons To: Dave Cc: Subject: Re: Only an ftp account In-Reply-To: Message-ID: <20011012134241.W29795-100000@mail.wlcg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 pw useradd -n -w no -s /sbin/nologin You may also want to add that user to /etc/ftpchroot which will chroot them to their home directory. You should also make sure that /sbin/nologin is in /etc/shells. Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 12 Oct 2001, Dave wrote: > > How would I be able to give an account to someone where they can only > login and use FTP? Shell interpeters, sendmail, and virtually all the > other parts of the system should not be at their disposal. > > How does one accomplish the creation of such a 'ftp-locked' account? > > I've heard some discussion about jails, but man jail(1) and jail(2) only > talk about freezing a process, so I think this might not be the solution I > need. > > Thanks. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7xyw6v8Bofna59hYRA5mGAJ4seMzzFMWmdFWJzKxEp3iRGfuGJwCfZD5W Hz1ZXRcXbLAqlaP6i7rLSMo= =fz7N -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 10:47:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from pcbtech.ru (servak.pcbtech.ru [195.54.223.248]) by hub.freebsd.org (Postfix) with SMTP id DDCF037B403 for ; Fri, 12 Oct 2001 10:47:34 -0700 (PDT) Received: (qmail 10929 invoked from network); 12 Oct 2001 17:47:32 -0000 Received: from 134.inforser.ru (HELO indian) (195.54.220.134) by servak.pcbtech.ru with SMTP; 12 Oct 2001 17:47:32 -0000 Message-ID: <001301c15345$f64a2e30$86dc36c3@indian> From: "iNDiAN" To: "Dave" Cc: References: Subject: Re: Only an ftp account Date: Fri, 12 Oct 2001 21:47:26 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > How would I be able to give an account to someone where they can only > login and use FTP? Shell interpeters, sendmail, and virtually all the > other parts of the system should not be at their disposal. what ftp daemon? it depends. but in general -- user w/o shell would be accepted by, for expamle ProFTPd. Obvious he/she has no way to login. > How does one accomplish the creation of such a 'ftp-locked' account? > > I've heard some discussion about jails, but man jail(1) and jail(2) only > talk about freezing a process, so I think this might not be the solution I > need. jails are just too much powerfull techniquez. In case of just ftp-only account you don't need it. "JH said once -- everybody stay cool. He didn't reproduced it 'cause there's no need. That's enough -- his life is a picture." Oleg PCB Technology, Moscow, Russia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11: 3:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from omega.metrics.com (omega.metrics.com [204.138.110.1]) by hub.freebsd.org (Postfix) with ESMTP id DC5A137B401 for ; Fri, 12 Oct 2001 11:03:34 -0700 (PDT) Received: from syncro.metrics.com (syncro.metrics.com [204.138.110.20]) by omega.metrics.com (8.9.3/8.9.3) with ESMTP id OAA01009 for ; Fri, 12 Oct 2001 14:03:34 -0400 (EDT) Received: by syncro.metrics.com with Internet Mail Service (5.5.2653.19) id <4TAC84CM>; Fri, 12 Oct 2001 14:00:05 -0400 Message-ID: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com> From: "Haapanen, Tom" To: freebsd-security@FreeBSD.ORG Subject: FreeBSD 4.4 and DES Date: Fri, 12 Oct 2001 13:59:59 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Has anyone successfully got DES working with FreeBSD 4.4? I need this to get FrontPage 2002 server extensions running ... I managed to get through the FrontPage install process -- the 2002 extensions explicitly support FreeBSD, and I now get a few steps into the FrontPage-to-Apache connection. But I fail in the authentication process. I think this is because FrontPage uses DES, while FreeBSD 4.4 defaults to MD5. Or at least that's what my net.research tells me. So, fine, I used CVS to retrieve new DES crypto sources. I successfully built the libdescrypt* libraries, copied them to /usr/lib, and symlinked the libcrypt* libdescrypt* (four separate libraries). But when I try to change a password (plain old passwd command), i get an error: murcielago 125 # passwd tomh Changing local password for tomh. New password: Retype new password: passwd: cannot set password cipher: Undefined error: 0 passwd: /etc/master.passwd: unchanged murcielago 126 # I tried with a set of libdescrypt* libraries from a FreeBSD 4.1 system, and I get exactly the same error. Once I symlink libcrypt* back to the original files, all is well -- except that I have no luck with FrontPage. Can anyone point me in the right direction? Thanks ... Tom Haapanen tomh@motorsport.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11: 8:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 2769637B401 for ; Fri, 12 Oct 2001 11:08:14 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f9CH4aj85541; Fri, 12 Oct 2001 10:04:36 -0700 (PDT) Date: Fri, 12 Oct 2001 10:04:36 -0700 (PDT) From: David Kirchner X-X-Sender: To: "Haapanen, Tom" Cc: Subject: Re: FreeBSD 4.4 and DES In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com> Message-ID: <20011012100315.A85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 12 Oct 2001, Haapanen, Tom wrote: > murcielago 125 # passwd tomh > > Changing local password for tomh. > New password: > Retype new password: > passwd: cannot set password cipher: Undefined error: 0 > passwd: /etc/master.passwd: unchanged > murcielago 126 # This would be a hack, but you could leave your MD5 libraries where they are and then create the DES crypt manually (either by using 'htpasswd' or crypt() itself) and then insert it in to your password file via vipw. FreeBSD's crypt, as I understand it, automatically recognizes MD5 and DES crypts. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11:12:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from omega.metrics.com (omega.metrics.com [204.138.110.1]) by hub.freebsd.org (Postfix) with ESMTP id 5A0D337B401 for ; Fri, 12 Oct 2001 11:12:35 -0700 (PDT) Received: from syncro.metrics.com (syncro.metrics.com [204.138.110.20]) by omega.metrics.com (8.9.3/8.9.3) with ESMTP id OAA01455; Fri, 12 Oct 2001 14:12:05 -0400 (EDT) Received: by syncro.metrics.com with Internet Mail Service (5.5.2653.19) id <4TAC84C6>; Fri, 12 Oct 2001 14:08:35 -0400 Message-ID: <6B3C6B6F7AA2D511A35E0080C86993435963@syncro.metrics.com> From: "Haapanen, Tom" To: "'iNDiAN'" Cc: freebsd-security@FreeBSD.ORG Subject: RE: FreeBSD 4.4 and DES Date: Fri, 12 Oct 2001 14:08:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmmm ... promising ... but ... AUTH.CONF(5) FreeBSD File Formats Manual AUTH.CONF(5) NAME auth.conf - authentication capability database SYNOPSIS /etc/auth.conf DESCRIPTION auth.conf contains various attributes important to the authentication code, most notably kerberos(5) for the time being. This documentation will be updated as the /etc/auth.conf file, which is very new, evolves. SEE ALSO auth_getval(3) Doesn't tell me much. :-( And the auth.conf file is somewhat mysterious, too: # # $FreeBSD: src/etc/auth.conf,v 1.4.2.1 2001/07/13 14:37:26 dd Exp $ # # This file contains information on what types of authentication to use. # It is just the beginnings of a greater scheme. # crypt_default = md5 des # auth_list = passwd kerberos auth_list = passwd Tom Haapanen tomh@metrics.com -----Original Message----- From: iNDiAN [mailto:indian@pcbtech.ru] Sent: Friday, 12 October, 2001 14:09 To: Haapanen, Tom Subject: Re: FreeBSD 4.4 and DES > Has anyone successfully got DES working with FreeBSD 4.4? I need this to > get FrontPage 2002 server extensions running ... > > I managed to get through the FrontPage install process -- the 2002 > extensions explicitly support FreeBSD, and I now get a few steps into the > FrontPage-to-Apache connection. But I fail in the authentication process. > > I think this is because FrontPage uses DES, while FreeBSD 4.4 defaults to > MD5. Or at least that's what my net.research tells me. maybe `man auth.conf` be of help To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11:16:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from pcbtech.ru (servak.pcbtech.ru [195.54.223.248]) by hub.freebsd.org (Postfix) with SMTP id A6A1137B401 for ; Fri, 12 Oct 2001 11:16:47 -0700 (PDT) Received: (qmail 11061 invoked from network); 12 Oct 2001 18:16:46 -0000 Received: from 134.inforser.ru (HELO indian) (195.54.220.134) by servak.pcbtech.ru with SMTP; 12 Oct 2001 18:16:46 -0000 Message-ID: <006901c1534a$0b9e8cf0$86dc36c3@indian> From: "iNDiAN" To: "Haapanen, Tom" Cc: References: <6B3C6B6F7AA2D511A35E0080C86993435963@syncro.metrics.com> Subject: Re: FreeBSD 4.4 and DES Date: Fri, 12 Oct 2001 22:16:41 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > # $FreeBSD: src/etc/auth.conf,v 1.4.2.1 2001/07/13 14:37:26 dd Exp $ > # > # This file contains information on what types of authentication to use. > # It is just the beginnings of a greater scheme. > > # crypt_default = md5 des > # auth_list = passwd kerberos try do set crypt-default to des that would probably cure your prob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11:17:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id C6A6537B40A for ; Fri, 12 Oct 2001 11:17:16 -0700 (PDT) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id f9CHDeQ85587; Fri, 12 Oct 2001 10:13:40 -0700 (PDT) Date: Fri, 12 Oct 2001 10:13:40 -0700 (PDT) From: David Kirchner X-X-Sender: To: "Haapanen, Tom" Cc: Subject: Re: FreeBSD 4.4 and DES In-Reply-To: <20011012100315.A85958-100000@localhost> Message-ID: <20011012101215.J85958-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 12 Oct 2001, David Kirchner wrote: > This would be a hack, but you could leave your MD5 libraries where they > are and then create the DES crypt manually (either by using 'htpasswd' or > crypt() itself) and then insert it in to your password file via vipw. > FreeBSD's crypt, as I understand it, automatically recognizes MD5 and DES > crypts. Another hack solution would be to leave your user as-is, with the MD5 password, and then create another user only for Frontpage that shares tomh's UID and GID, but has a DES crypted password. This To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 11:28: 4 2001 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id 709CF37B406 for ; Fri, 12 Oct 2001 11:28:02 -0700 (PDT) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.6) id f9CIS0s12249; Fri, 12 Oct 2001 11:28:00 -0700 (PDT) (envelope-from emechler) Date: Fri, 12 Oct 2001 11:28:00 -0700 From: Erick Mechler To: "Haapanen, Tom" Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD 4.4 and DES Message-ID: <20011012112800.A9940@techometer.net> References: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com>; from Haapanen, Tom on Fri, Oct 12, 2001 at 01:59:59PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: Has anyone successfully got DES working with FreeBSD 4.4? I need this to :: get FrontPage 2002 server extensions running ... The correct place to make the change is in login.conf. From the manpage, under the AUTHENTICATION section... passwd_format string md5 The encryption format that new or changed passwords will use. Valid values include "des", "md5" and "blf". NIS clients using a non-FreeBSD NIS server should probably use "des". The libcrypt libraries that ship with 4.4 (actually, they were committed sometime in 4.3-STABLE, I do believe) contain the code for both md5 and des, so there's no need to have separate libraries anymore (see crypt(3)). I might suggest creating a separate login class for your FrontPage users that uses des, and continue using md5 for everyone else. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 12:56:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from omega.metrics.com (omega.metrics.com [204.138.110.1]) by hub.freebsd.org (Postfix) with ESMTP id 3746637B403 for ; Fri, 12 Oct 2001 12:56:16 -0700 (PDT) Received: from syncro.metrics.com (syncro.metrics.com [204.138.110.20]) by omega.metrics.com (8.9.3/8.9.3) with ESMTP id PAA06084; Fri, 12 Oct 2001 15:56:09 -0400 (EDT) Received: by syncro.metrics.com with Internet Mail Service (5.5.2653.19) id <4TAC84GJ>; Fri, 12 Oct 2001 15:52:39 -0400 Message-ID: <6B3C6B6F7AA2D511A35E0080C86993435969@syncro.metrics.com> From: "Haapanen, Tom" To: "'Erick Mechler'" Cc: freebsd-security@FreeBSD.ORG Subject: RE: FreeBSD 4.4 and DES Date: Fri, 12 Oct 2001 15:52:28 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ah-ha! That's all I needed to get DES working ... Is this the -current man page? Also, the handbook still talks about symlinking libraries ... that's how I got onto that track. Thanks, Erick (and others who made helpful suggestions) Tom Haapanen tomh@metrics.com -----Original Message----- From: Erick Mechler [mailto:emechler@techometer.net] Sent: Friday, 12 October, 2001 14:28 To: Haapanen, Tom Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD 4.4 and DES :: Has anyone successfully got DES working with FreeBSD 4.4? I need this to :: get FrontPage 2002 server extensions running ... The correct place to make the change is in login.conf. From the manpage, under the AUTHENTICATION section... passwd_format string md5 The encryption format that new or changed passwords will use. Valid values include "des", "md5" and "blf". NIS clients using a non-FreeBSD NIS server should probably use "des". The libcrypt libraries that ship with 4.4 (actually, they were committed sometime in 4.3-STABLE, I do believe) contain the code for both md5 and des, so there's no need to have separate libraries anymore (see crypt(3)). I might suggest creating a separate login class for your FrontPage users that uses des, and continue using md5 for everyone else. Cheers - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 13:56:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id 7228C37B401; Fri, 12 Oct 2001 13:56:12 -0700 (PDT) Received: from blood (pool-138-88-105-28.res.east.verizon.net [138.88.105.28]) by aries.ai.net (8.9.3/8.9.3) with SMTP id QAA23813; Fri, 12 Oct 2001 16:59:50 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "FreeBSD-Questions" Cc: "Freebsd-Security@Freebsd. Org" Subject: Dummynet/IPFW Date: Fri, 12 Oct 2001 17:00:18 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org With 4.4, I believe VLAN support has become standard in FreeBSD. Does Dummynet have targets to apply policies to VLANs themselves? Thanks, Deepak Jain AiNET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 14:14:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id A7C6F37B407 for ; Fri, 12 Oct 2001 14:14:56 -0700 (PDT) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.6) id f9CLEtv14013; Fri, 12 Oct 2001 14:14:55 -0700 (PDT) (envelope-from emechler) Date: Fri, 12 Oct 2001 14:14:55 -0700 From: Erick Mechler To: "Haapanen, Tom" Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD 4.4 and DES Message-ID: <20011012141455.F9940@techometer.net> References: <6B3C6B6F7AA2D511A35E0080C86993435969@syncro.metrics.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435969@syncro.metrics.com>; from Haapanen, Tom on Fri, Oct 12, 2001 at 03:52:28PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: Ah-ha! That's all I needed to get DES working ... Rock on. :: Is this the -current man page? I got it from my 4.4-STABLE machine built on 10 October. However, according to the CVSWeb interface, it was committed to -CURRENT around the new year, and into -STABLE sometime in May this year. :: Also, the handbook still talks about symlinking libraries ... that's how I :: got onto that track. Well, that would be a different situaion entirely, and someone should probably talk to the docs people to see that gets corrected. Have fun - Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 17:42: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from hermes.pressenter.com (hermes.pressenter.com [209.224.20.19]) by hub.freebsd.org (Postfix) with ESMTP id D533837B401 for ; Fri, 12 Oct 2001 17:41:58 -0700 (PDT) Received: from [209.224.22.136] (helo=daggar) by hermes.pressenter.com with smtp (Exim 3.16 #1) id 15sCs6-0002b0-00 for freebsd-security@FreeBSD.ORG; Fri, 12 Oct 2001 19:41:47 -0500 From: "Stephen Hilton" To: "FreeBSD Security" Subject: RE: FreeBSD 4.4 and DES Date: Fri, 12 Oct 2001 19:42:12 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <6B3C6B6F7AA2D511A35E0080C86993435962@syncro.metrics.com> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Has anyone successfully got DES working with FreeBSD 4.4? I need this to > get FrontPage 2002 server extensions running ... > > I managed to get through the FrontPage install process -- the 2002 > extensions explicitly support FreeBSD, and I now get a few steps into the > FrontPage-to-Apache connection. But I fail in the authentication process. > > I think this is because FrontPage uses DES, while FreeBSD 4.4 defaults to > MD5. Or at least that's what my net.research tells me. I tried to install the apache13-fp port today on FreeBSD snapshot 4.4-20011010 and had to also make some changes to the ports Makefile to get it to compile. This is for FrontPage 2000 support, not FrontPage 2002, YMMV Changed this in the Makefile: .if ${OSVERSION} < 500016 pre-extract: @if ! ${LDCONFIG} -r | ${GREP} -q -e "-ldescrypt"; then \ ${ECHO} ; \ ${ECHO} "WARNING: MS FrontPage Extentions require the DES Library" To: .if ${OSVERSION} < 500016 pre-extract: @if ! ${LDCONFIG} -r | ${GREP} -q -e "-lcrypt"; then \ ${ECHO} ; \ ${ECHO} "WARNING: MS FrontPage Extentions require the DES Library" Changed the "-ldescrypt" to "-lcrypt" Then edited my /etc/login.conf and uncommented the last example for "des_users" to activate it, then ran the "cap_mkdb /etc/login.conf" command. Then I took my FrontPage user who was already added with the default md5 style password and added the login class to their passwd file entry with vipw. Example: From: webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100::0:0:FP-2000 user:/home/webborg :/sbin/nologin To: webborg:$2$Ogfr3HH/$ou812YtzNcnKRnIrtU0G3/:1100:1100:des_user:0:0:FP-2000 user:/home/webborg:/sbin/nologin Now I logged in as webborg and changed my password with "passwd", this then gave this user a DES based password, and connection with FrontPage went fine from a W2k PC. From other reading it appears that the FP extensions to Apache add a number of security problems, and should be thoroughly researched and vulnerability tested before deploying. In my case the web server is in a small secure intranet only. Hope this may help. Regards, Stephen Hilton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 12 18:45:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 6EA5037B407 for ; Fri, 12 Oct 2001 18:45:17 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id f9D1jFi92242; Fri, 12 Oct 2001 21:45:15 -0400 (EDT) (envelope-from str) Date: Fri, 12 Oct 2001 21:45:15 -0400 (EDT) From: Igor Roshchin Message-Id: <200110130145.f9D1jFi92242@giganda.komkon.org> To: mudman@r181172.resnet.ucsb.edu, rsimmons@wlcg.com Subject: Re: Only an ftp account Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20011012134241.W29795-100000@mail.wlcg.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > From owner-freebsd-security@FreeBSD.ORG Fri Oct 12 13:46:09 2001 > Date: Fri, 12 Oct 2001 13:45:28 -0400 (EDT) > From: Rob Simmons > To: Dave > Cc: > Subject: Re: Only an ftp account > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > pw useradd -n -w no -s /sbin/nologin > > You may also want to add that user to /etc/ftpchroot which will chroot > them to their home directory. You should also make sure that > /sbin/nologin is in /etc/shells. > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Fri, 12 Oct 2001, Dave wrote: > > > > > How would I be able to give an account to someone where they can only > > login and use FTP? Shell interpeters, sendmail, and virtually all the > > other parts of the system should not be at their disposal. > > > > How does one accomplish the creation of such a 'ftp-locked' account? > > > > I've heard some discussion about jails, but man jail(1) and jail(2) only > > talk about freezing a process, so I think this might not be the solution I > > need. > > > > Thanks. > > > > Let me just point out that just changing the shell to /sbin/nologin or any other simliar shell will only prevent the user from telnet/rlogin/ssh logins. This, however, will not prevent that user from receiving e-mail, if the sendmail is running, especially, if the shell is in /etc/shells (I think the defualt configuration of sendmail checks for the valid shell in /etc/shells). Also, it doesn't prevent the user from using a pop-client, if the popd is enabled. Having an ability to receive an e-mail and to download files via ftp provides the user with capability of running most if not all commands on the computer (just think what one can use in .forward). This is what very often is forgotten. The way around that is probably to use a chrooted environment + an empty .forward and user's home directory both owned by root + some special arrangements to prevent the user from using popd/imapd services... + .... However, don't take this as an advice of a complete set of measures. Hope, this helps... Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 13 6:50:21 2001 Delivered-To: freebsd-security@freebsd.org Received: from ipcard.iptcom.net (ipcard.iptcom.net [212.9.224.5]) by hub.freebsd.org (Postfix) with ESMTP id C596937B401; Sat, 13 Oct 2001 06:42:14 -0700 (PDT) Received: from notebook.vega.com (h143.228.dialup.iptcom.net [212.9.228.143]) by ipcard.iptcom.net (8.9.3/8.9.3) with ESMTP id QAA34835; Sat, 13 Oct 2001 16:42:10 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Date: Sat, 13 Oct 2001 16:42:10 +0300 (EEST) Message-Id: <200110131342.QAA34835@ipcard.iptcom.net> To: kris@FreeBSD.org Cc: security@FreeBSD.org From: Maxim Sobolev Subject: Recent major changes in the NetBSD audit system X-Mailer: Pygmy (v0.5.12) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI: http://www.netbsd.org/Changes/#audit-011013 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 13 15:10: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-136.dsl.lsan03.pacbell.net [63.207.60.136]) by hub.freebsd.org (Postfix) with ESMTP id 90A3737B40A; Sat, 13 Oct 2001 15:10:03 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3E04466B0C; Sat, 13 Oct 2001 15:10:03 -0700 (PDT) Date: Sat, 13 Oct 2001 15:10:03 -0700 From: Kris Kennaway To: Maxim Sobolev Cc: kris@FreeBSD.org, security@FreeBSD.org Subject: Re: Recent major changes in the NetBSD audit system Message-ID: <20011013151002.B74378@xor.obsecurity.org> References: <200110131342.QAA34835@ipcard.iptcom.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200110131342.QAA34835@ipcard.iptcom.net>; from sobomax@FreeBSD.org on Sat, Oct 13, 2001 at 04:42:10PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --eAbsdosE1cNLO4uF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Oct 13, 2001 at 04:42:10PM +0300, Maxim Sobolev wrote: > FYI: http://www.netbsd.org/Changes/#audit-011013 Looks cool. Anyone want to port it over? Kris --eAbsdosE1cNLO4uF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7yLu6Wry0BWjoQKURAo2TAKDGfEwwEOA9eXaXtBjRh5dFDFJLAACfU1ow IE1o0u0ufeYW5pdn6Qz2yqM= =zthZ -----END PGP SIGNATURE----- --eAbsdosE1cNLO4uF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message