From owner-freebsd-security Sun Jun 2 7:51: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from kogut.o2.pl (kogut.o2.pl [212.126.20.61]) by hub.freebsd.org (Postfix) with ESMTP id 18D1437B40A for ; Sun, 2 Jun 2002 07:49:27 -0700 (PDT) Received: from localhost (unknown [62.233.167.10]) by kogut.o2.pl (Postfix) with ESMTP id 294612CAA99 for ; Sun, 2 Jun 2002 16:48:09 +0200 (CEST) X-Sender: info@o2.pl From: =?windows-1250?Q?t=B3umaczenie?= To: FreeBSD-security@FreeBSD.org Date: Sun, 02 Jun 2002 16:51:43 +0200 Subject: =?windows-1250?Q?oferta_t=B3umaczenia?= Reply-To: info@o2.pl MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 8bit Message-Id: <20020602144809.294612CAA99@kogut.o2.pl> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Szanowni Państwo, Chciałbym Państwu zaproponować usługę tłumaczenia z zakresu języka niemieckiego i angielskiego. Tłumaczenie we wszystkich możliwych konfiguracjach (pol-ang, ang-niem itd.) Posiadam kilkunastoletnie doświadczenie w tłumaczeniu różnorodnych tekstów ze szczególnym uwzględnieniem materiałów z zakresu business english, Wirtschaftsdeutsch, programy komputerowe. Z uwagi na fakt, że nie posiadam żadnego tytułu potwierdzającego moje kwalifikacje zawodowe w dziedzinie profesjonalnego tłumaczenie (tłumacz przysięgły itp.) mogę Państwu zaproponować korzystną ofertę cenową. Certyfikaty jakie posiadam to LCCI III - Business English, DeutschWirtschaftDiplom (DWD) Z poważaniem, Marcin G. W przypadku gdyby Państwo byli zainteresowani proszę o kontakt pod translations@o2.pl Dear Sir or Madam, I wish to offer you translation services in english, german and polish. All configurations e.i. germ - eng, eng - pol e.t.c. are possible. I posses quite long expierience in translating various written materials, especially with regard to business english, Wirtschaftsdeutsch and computer software. Owing to the fact that I am not able to produce any certificate that would prove my professional skills with regard to translations (e.g. certified translator) I can offer you favourable price. Certificates that I do posses are LCCI III - Business English and DWD - DeutschWirtschaftDiplom Sincerely, Marcin G. Should you be interested please contact me under translations@o2.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 8: 9:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl6-t65.citlink.net [207.173.251.65]) by hub.freebsd.org (Postfix) with ESMTP id 9430D37B405 for ; Sun, 2 Jun 2002 08:09:42 -0700 (PDT) Received: from TAGALONG (unknown [192.168.1.27]) by blacklamb.mykitchentable.net (Postfix) with SMTP id C811DEE540 for ; Sun, 2 Jun 2002 08:09:39 -0700 (PDT) Message-ID: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> From: "Drew Tomlinson" To: Subject: Security Messages re: hosts.allow? Date: Sun, 2 Jun 2002 08:09:31 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I found the following in my daily security email: blacklamb.mykitchentable.net kernel log messages: > Jun 1 01:33:15 blacklamb sshd[30021]: warning: /etc/hosts.allow, line 23: host name/address mismatch: 210.59.224.42 != server1.camelweb.com.tw > Jun 1 01:33:15 blacklamb sshd[30022]: warning: /etc/hosts.allow, line 23: host name/address mismatch: 210.59.224.42 != server1.camelweb.com.tw I checked my hosts.allow file and line 23 is the default: ALL : ALL : allow I have not changed hosts.allow from the default. What do the above messages mean and what should I do about them (if anything)? Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 10:49:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.interchange.ca (ns.interchange.ca [216.126.79.2]) by hub.freebsd.org (Postfix) with ESMTP id A011137B404 for ; Sun, 2 Jun 2002 10:49:22 -0700 (PDT) Received: by mail.interchange.ca (Fastmailer, from userid 555) id B684B4A1B; Sun, 2 Jun 2002 13:48:28 -0400 (EDT) MIME-Version: 1.0 Message-Id: <3CFA5A6C.000009.72128@ns.interchange.ca> Content-Type: Multipart/Mixed; boundary="------------Boundary-00=_SSA30DJXFQQMYJ0CCJD0" To: security@FreeBSD.ORG Subject: Subnet Security From: "Michael Richards" X-Fastmail-IP: [24.43.130.241] Received: from 24.43.130.241 by www.fastmail.ca with HTTP; Sun, 2 Jun 2002 17:48:28 +0000 (UTC) Date: Sun, 2 Jun 2002 13:48:28 -0400 (EDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --------------Boundary-00=_SSA30DJXFQQMYJ0CCJD0 Content-Type: Text/Plain Content-Transfer-Encoding: 7bit I've got a firewall and need to set up a subnet so the servers on it have a much more restrictive ruleset than the other subnet. I'm not 100% sure how to do it but here is the info. firewall: outside fxp0 -> 192.168.72.31 netmask 0xffffffc0 gw 192.168.72.1 fxp1 -> 192.168.79.1 netmask 0xffffff00 xl0 -> 192.168.79.120 netmask 0xfffffff0 secure webserver: fxp0 -> 192.168.79.112 netmask ??? gw ??? We own a /24 block of IPs represented here as 192.168.79/24. For historical reasons the secure subnet I'm trying to set up here is stuck in the middle of the range. The machines are all plugged into the same switch as well as the firewall's fxp1 and xl0. xl0 is to be the secure one and it's set up as a vlan. The ports for the secure servers will be tagged as the same vlan as xl0 is plugged into. Here is what I'm wondering: a) Is this scheme possible with the netmasks I've defined? It would seem that 192.168.79.1 overlaps 192.168.79.120 in terms of netmasks. Does FreeBSD simply use the interface with the most restrictive netmask? b) what netmask and gw should I be using for the secure webserver? c) will routing figure this out automagically or would it need to be statically defined? If so how? thanks -Michael _________________________________________________________________ http://fastmail.ca/ - Fast Secure Web Email for Canadians --------------Boundary-00=_SSA30DJXFQQMYJ0CCJD0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 10:53:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from hub.FreeBSD.org (ppp-62-235-225-245.tiscali.be [62.235.225.245]) by hub.freebsd.org (Postfix) with SMTP id 7026037B412 for ; Sun, 2 Jun 2002 10:52:48 -0700 (PDT) From: immoresto@gran.com (Anne-abel) To: FreeBSD-security@FreeBSD.org SUBJECT: Auberge a vendre MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0030_01C05A02.8AD62BA0" Message-Id: <20020602175248.7026037B412@hub.freebsd.org> Date: Sun, 2 Jun 2002 10:52:48 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0030_01C05A02.8AD62BA0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0031_01C05A02.8AD62BA0" ------=_NextPart_001_0031_01C05A02.8AD62BA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable =3c=48=54=4d=4c=3e =3c=48=45=41=44=3e =3c=4d=45=54=41=20=48=54=54=50=2d=45=51=55=49=56=3d=22=43=6f=6e=74=65=6e=74=2d=54=79=70=65=22=20=43=4f=4e=54=45=4e=54=3d=22=74=65=78=74=2f=68=74=6d=6c=3b=20=63=68=61=72=73=65=74=3d=77=69=6e=64=6f=77=73=2d=31=32=35=32=22=3e =3c=4d=45=54=41=20=4e=41=4d=45=3d=22=47=65=6e=65=72=61=74=6f=72=22=20=43=4f=4e=54=45=4e=54=3d=22=4d=69=63=72=6f=73=6f=66=74=20=57=6f=72=64=20=39=37=22=3e =3c=54=49=54=4c=45=3e=6d=65=73=73=61=67=65=3c=2f=54=49=54=4c=45=3e =3c=4d=45=54=41=20=4e=41=4d=45=3d=22=56=65=72=73=69=6f=6e=22=20=43=4f=4e=54=45=4e=54=3d=22=38=2e=30=2e=33=34=32=39=22=3e =3c=4d=45=54=41=20=4e=41=4d=45=3d=22=44=61=74=65=22=20=43=4f=4e=54=45=4e=54=3d=22=31=31=2f=32=38=2f=39=36=22=3e =3c=4d=45=54=41=20=4e=41=4d=45=3d=22=54=65=6d=70=6c=61=74=65=22=20=43=4f=4e=54=45=4e=54=3d=22=43=3a=5c=50=72=6f=67=72=61=6d=20=46=69=6c=65=73=5c=4d=69=63=72=6f=73=6f=66=74=20=4f=66=66=69=63=65=5c=4f=66=66=69=63=65=5c=48=54=4d=4c=2e=44=4f=54=22=3e =3c=2f=48=45=41=44=3e =3c=42=4f=44=59=20=54=45=58=54=3d=22=23=30=30=30=30=30=30=22=20=4c=49=4e=4b=3d=22=23=30=30=30=30=66=66=22=20=56=4c=49=4e=4b=3d=22=23=38=30=30=30=38=30=22=20=42=47=43=4f=4c=4f=52=3d=22=23=66=66=66=66=66=66=22=3e =3c=50=3e=26=6e=62=73=70=3b=3c=2f=50=3e =3c=46=4f=4e=54=20=46=41=43=45=3d=22=41=72=69=61=6c=22=20=53=49=5a=45=3d=34=20=43=4f=4c=4f=52=3d=22=23=38=30=30=30=38=30=22=3e=3c=50=3e=41=75=62=65=72=67=65=20=72=65=73=74=61=75=72=61=6e=74=20=26=61=67=72=61=76=65=3b=20=76=65=6e=64=72=65=3c=42=52=3e =41=75=62=65=72=67=65=20=72=65=73=74=61=75=72=61=6e=74=20=66=6f=72=20=73=61=6c=65=3c=2f=50=3e =3c=2f=46=4f=4e=54=3e=3c=42=3e=3c=46=4f=4e=54=20=46=41=43=45=3d=22=41=72=69=61=6c=22=20=43=4f=4c=4f=52=3d=22=23=38=30=30=30=38=30=22=3e=3c=50=3e=52=65=6e=73=65=69=67=6e=65=6d=65=6e=74=73=20=2d=20=69=6e=6c=69=63=68=74=69=6e=67=65=6e=3a=3c=2f=50=3e=3c=44=49=52=3e =3c=44=49=52=3e =3c=44=49=52=3e =3c=44=49=52=3e =3c=2f=42=3e=3c=2f=46=4f=4e=54=3e=3c=50=3e=3c=41=20=48=52=45=46=3d=22=68=74=74=70=3a=2f=2f=77=65=62=2e=77=61=6e=61=64=6f=6f=2e=62=65=2f=6a=69=63=65=64=65=22=3e=3c=46=4f=4e=54=20=46=41=43=45=3d=22=41=72=69=61=6c=22=3e=68=74=74=70=3a=2f=2f=77=65=62=2e=77=61=6e=61=64=6f=6f=2e=62=65=2f=6a=69=63=65=64=65=3c=2f=46=4f=4e=54=3e=3c=2f=41=3e=3c=2f=50=3e =3c=50=3e=26=6e=62=73=70=3b=3c=2f=50=3e=3c=2f=44=49=52=3e =3c=2f=44=49=52=3e =3c=2f=44=49=52=3e =3c=2f=44=49=52=3e =3c=46=4f=4e=54=20=43=4f=4c=4f=52=3d=22=23=38=30=38=30=30=30=22=3e=3c=50=3e=43=65=63=69=20=65=73=74=20=75=6e=20=63=6f=75=72=72=69=65=72=20=75=6e=69=71=75=65=2e=3c=42=52=3e =53=69=20=76=6f=75=73=20=6e=27=26=65=63=69=72=63=3b=74=65=73=20=70=61=73=20=69=6e=74=26=65=61=63=75=74=65=3b=72=65=73=73=26=65=61=63=75=74=65=3b=20=70=61=72=20=6c=65=73=20=69=6e=66=6f=72=6d=61=74=69=6f=6e=73=20=66=69=67=75=72=61=6e=74=20=63=69=2d=64=65=73=73=75=73=2c=3c=42=52=3e =6e=6f=75=73=20=73=6f=6d=6d=65=73=20=73=69=6e=63=26=65=67=72=61=76=65=3b=72=65=6d=65=6e=74=20=64=26=65=61=63=75=74=65=3b=73=6f=6c=26=65=61=63=75=74=65=3b=73=20=70=6f=75=72=20=6c=65=73=20=64=26=65=61=63=75=74=65=3b=73=61=67=72=26=65=61=63=75=74=65=3b=6d=65=6e=74=73=20=71=75=65=3c=42=52=3e =63=65=74=20=65=2d=6d=61=69=6c=20=70=6f=75=72=72=61=69=74=20=76=6f=75=73=20=61=76=6f=69=72=20=6f=63=63=61=73=69=6f=6e=6e=26=65=61=63=75=74=65=3b=73=2e=3c=42=52=3e =3c=2f=46=4f=4e=54=3e=3c=46=4f=4e=54=20=43=4f=4c=4f=52=3d=22=23=30=30=38=30=30=30=22=3e=54=68=69=73=20=69=73=20=61=20=6f=6e=65=20=74=69=6d=65=20=6f=6e=6c=79=20=65=6d=61=69=6c=2e=3c=42=52=3e =49=66=20=79=6f=75=20=61=72=65=20=6e=6f=74=20=69=6e=74=65=72=65=73=74=65=64=20=69=6e=20=74=68=65=20=69=6e=66=6f=72=6d=61=74=69=6f=6e=20=61=62=6f=76=65=2c=20=77=65=20=73=69=6e=63=65=72=65=6c=79=20=61=70=6f=6c=6f=67=69=7a=65=3c=42=52=3e =66=6f=72=20=61=6e=79=20=69=6e=63=6f=6e=76=65=6e=69=65=6e=63=65=20=74=68=69=73=20=65=6d=61=69=6c=20=6d=69=67=68=74=20=68=61=76=65=20=63=61=75=73=65=64=20=79=6f=75=2e=3c=2f=50=3e =3c=2f=46=4f=4e=54=3e=3c=46=4f=4e=54=20=43=4f=4c=4f=52=3d=22=23=38=30=38=30=30=30=22=3e=3c=2f=46=4f=4e=54=3e=3c=2f=42=4f=44=59=3e =3c=2f=48=54=4d=4c=3e ------=_NextPart_001_0031_01C05A02.8AD62BA0-- ------=_NextPart_000_0030_01C05A02.8AD62BA0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 11:34:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id E43FA37B406 for ; Sun, 2 Jun 2002 11:34:10 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020602183410.DILF11426.rwcrmhc51.attbi.com@blossom.cjclark.org>; Sun, 2 Jun 2002 18:34:10 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g52IYA833195; Sun, 2 Jun 2002 11:34:10 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 2 Jun 2002 11:34:09 -0700 From: "Crist J. Clark" To: Drew Tomlinson Cc: security@FreeBSD.ORG Subject: Re: Security Messages re: hosts.allow? Message-ID: <20020602113409.F20911@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG>; from drew@mykitchentable.net on Sun, Jun 02, 2002 at 08:09:31AM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jun 02, 2002 at 08:09:31AM -0700, Drew Tomlinson wrote: > I found the following in my daily security email: > > blacklamb.mykitchentable.net kernel log messages: > > Jun 1 01:33:15 blacklamb sshd[30021]: warning: /etc/hosts.allow, > line 23: host name/address mismatch: 210.59.224.42 != > server1.camelweb.com.tw > > Jun 1 01:33:15 blacklamb sshd[30022]: warning: /etc/hosts.allow, > line 23: host name/address mismatch: 210.59.224.42 != > server1.camelweb.com.tw > > I checked my hosts.allow file and line 23 is the default: > > ALL : ALL : allow > > I have not changed hosts.allow from the default. What do the above > messages mean and what should I do about them (if anything)? It means that site has some pretty wacked out DNS entries for those entities, server1.camelweb.com.tw. 23h59m43s IN CNAME dns.camelweb.com.tw. server1.camelweb.com.tw. 23h59m43s IN A 210.59.224.44 dns.camelweb.com.tw. 22h47m42s IN A 210.59.224.42 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR server1.camelweb.com.tw. But from the looks of it, these DNS entries themselves do not look malicious. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 11:50:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from cheer.mahoroba.org (flets19-004.kamome.or.jp [218.45.19.4]) by hub.freebsd.org (Postfix) with ESMTP id E6FD037B401; Sun, 2 Jun 2002 11:50:40 -0700 (PDT) Received: from piano.mahoroba.org (IDENT:MPF7/AL28zIIbHobNx76t0frSrVrKO2un/nlgTMXkE49SqDVN3sVpb1wXXzCcSWT@piano.mahoroba.org [IPv6:2001:200:301:0:240:96ff:fe48:4ea8]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g52IoXHo011859 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 3 Jun 2002 03:50:34 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Mon, 03 Jun 2002 03:50:33 +0900 Message-ID: From: Hajimu UMEMOTO To: "Crist J. Clark" Cc: Drew Tomlinson , security@FreeBSD.ORG Subject: Re: Security Messages re: hosts.allow? In-Reply-To: <20020602113409.F20911@blossom.cjclark.org> References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.6-PRERELEASE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Sun, 2 Jun 2002 11:34:09 -0700 >>>>> "Crist J. Clark" said: crist.clark> server1.camelweb.com.tw. 23h59m43s IN CNAME dns.camelweb.com.tw. crist.clark> server1.camelweb.com.tw. 23h59m43s IN A 210.59.224.44 crist.clark> dns.camelweb.com.tw. 22h47m42s IN A 210.59.224.42 crist.clark> 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR server1.camelweb.com.tw. crist.clark> But from the looks of it, these DNS entries themselves do not look crist.clark> malicious. No, CNAME RR cannot co-exist with A RR. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 12: 2: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id C525837B403 for ; Sun, 2 Jun 2002 12:01:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g52J1p3d096946; Mon, 3 Jun 2002 07:01:51 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Date: Mon, 3 Jun 2002 07:01:51 +1200 (NZST) From: Andrew McNaughton X-X-Sender: andrew@a2 To: Michael Richards Cc: security@FreeBSD.ORG Subject: Re: Subnet Security In-Reply-To: <3CFA5A6C.000009.72128@ns.interchange.ca> Message-ID: <20020603060419.N96186-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 2 Jun 2002, Michael Richards wrote: > I've got a firewall and need to set up a subnet so the servers on it > have a much more restrictive ruleset than the other subnet. I'm not > 100% sure how to do it but here is the info. > > firewall: > outside > fxp0 -> 192.168.72.31 netmask 0xffffffc0 gw 192.168.72.1 > fxp1 -> 192.168.79.1 netmask 0xffffff00 > xl0 -> 192.168.79.120 netmask 0xfffffff0 > > secure webserver: > fxp0 -> 192.168.79.112 netmask ??? gw ??? > We own a /24 block of IPs represented here as 192.168.79/24. For > historical reasons the secure subnet I'm trying to set up here is > stuck in the middle of the range. > > The machines are all plugged into the same switch as well as the > firewall's fxp1 and xl0. xl0 is to be the secure one and it's set up > as a vlan. The ports for the secure servers will be tagged as the > same vlan as xl0 is plugged into. This is wrong. A switch should only sit on one network. you want an extra switch for your server subnet. You might be able to get things to talk to each other with a single switch, but you've bought yourself little security. eg arpspoof in the dsniff port. > Here is what I'm wondering: > a) Is this scheme possible with the netmasks I've defined? It would > seem that 192.168.79.1 overlaps 192.168.79.120 in terms of netmasks. > Does FreeBSD simply use the interface with the most restrictive > netmask? No problem. Most specific route takes priority. > b) what netmask and gw should I be using for the secure webserver? As I understand it, the secure webserver is in 192.168.79.120/24. From that it follows that the netmask should be that of the subnet (/24) and the gateway should be the IP of the router which connects it to the world - the router's address for this purpose should be the one within the subnet, because until the router is defined, there is no route to any of its other addresses. So the gateway address should be defined as 192.168.79.120. > c) will routing figure this out automagically or would it need to be > statically defined? If so how? Your webserver should probably be set up with a static route. Routers can pick up routing information from each other automatically, but this isn't done for other machines on the network, except insofar as this is what things like DHCP do. You could use something like DHCP, but this is not really dynamic information, so DHCP would just be an extra thing to go wrong with no real benefit. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 12:11: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from perelaz.lviv.farlep.net (ns.lviv.farlep.net [213.130.16.3]) by hub.freebsd.org (Postfix) with ESMTP id F384737B401 for ; Sun, 2 Jun 2002 12:10:53 -0700 (PDT) Received: from taras.ofis.loc (l20.lviv.farlep.net [213.130.17.20]) by perelaz.lviv.farlep.net with ESMTP id g52JAoXW005340 for ; Sun, 2 Jun 2002 22:10:50 +0300 Date: Sun, 2 Jun 2002 22:11:04 +0300 From: Taras Burko X-Mailer: The Bat! (v1.60m) Reply-To: Taras Burko Organization: Calvaria Ltd. X-Priority: 3 (Normal) Message-ID: <152573680.20020602221104@mail.lviv.ua> To: freebsd-security@FreeBSD.ORG Subject: sysinstall : packages via proxy MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm having "segmentation fault(core dumped)" during INDEX fetch every time I try to install packages using sysinstall. My config: FreeBSD 4.5 inside a firewalled subnet, proxy used: local squid, firewall's proxy, NAT'ed ISP proxy. Any comments? -- Best regards, Taras Burko Admin calvaria.org mailto:burchyk@mail.lviv.ua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 12:19:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 1AB3237B407 for ; Sun, 2 Jun 2002 12:19:28 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020602191927.FKUS11659.rwcrmhc53.attbi.com@blossom.cjclark.org>; Sun, 2 Jun 2002 19:19:27 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g52JJMY33545; Sun, 2 Jun 2002 12:19:22 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 2 Jun 2002 12:19:22 -0700 From: "Crist J. Clark" To: Hajimu UMEMOTO Cc: Drew Tomlinson , security@FreeBSD.ORG Subject: Re: Security Messages re: hosts.allow? Message-ID: <20020602121922.H20911@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> <20020602113409.F20911@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from ume@mahoroba.org on Mon, Jun 03, 2002 at 03:50:33AM +0900 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jun 03, 2002 at 03:50:33AM +0900, Hajimu UMEMOTO wrote: > Hi, > > >>>>> On Sun, 2 Jun 2002 11:34:09 -0700 > >>>>> "Crist J. Clark" said: > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN CNAME dns.camelweb.com.tw. > crist.clark> server1.camelweb.com.tw. 23h59m43s IN A 210.59.224.44 > crist.clark> dns.camelweb.com.tw. 22h47m42s IN A 210.59.224.42 > > crist.clark> 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR server1.camelweb.com.tw. > > crist.clark> But from the looks of it, these DNS entries themselves do not look > crist.clark> malicious. > > No, CNAME RR cannot co-exist with A RR. I didn't say it wasn't broken DNS. I was saying that it does not look like someone is trying to pretend they are someone they are not (which is the reason tcpwrapper produces that kind of warning). -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 13: 0:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp06.wxs.nl (smtp06.wxs.nl [195.121.6.58]) by hub.freebsd.org (Postfix) with ESMTP id 553DF37B404 for ; Sun, 2 Jun 2002 13:00:44 -0700 (PDT) Received: from thuis.wiersma.be ([62.131.207.176]) by smtp06.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id GX3GX502.7ND; Sun, 2 Jun 2002 22:00:41 +0200 Received: from wijnand.thuis.wiersma.be (wijnand.wiersma.be [IPv6:3ffe:b80:ba3:1::2]) by thuis.wiersma.be (8.12.3/8.11.4) with SMTP id g52K0GH1013111; Sun, 2 Jun 2002 22:00:17 +0200 (CEST) Date: Sun, 2 Jun 2002 22:00:47 +0200 From: Wijnand Wiersma To: FreeBSD-security@FreeBSD.org Cc: mawies@conceptsfa.nl Subject: Re: sysinstall : packages via proxy Message-Id: <20020602220047.3009cb1a.freebsd@wiersma.be> In-Reply-To: <152573680.20020602221104@mail.lviv.ua> References: <152573680.20020602221104@mail.lviv.ua> X-Mailer: Sylpheed version 0.7.6 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 2 Jun 2002 22:11:04 +0300 "Taras Burko" wrote: > Hello, > > I'm having "segmentation fault(core dumped)" during INDEX fetch every time > I try to install packages using sysinstall. > > My config: FreeBSD 4.5 inside a firewalled subnet, > proxy used: local squid, firewall's proxy, NAT'ed ISP > proxy. > > Any comments? > Well I have the same problem at work. Same setup: behind a NAT'ed firewall running squid. It started with 4.5-RELEASE. Wijnand To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 13:40:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp06.wxs.nl (smtp06.wxs.nl [195.121.6.58]) by hub.freebsd.org (Postfix) with ESMTP id 7787B37B405 for ; Sun, 2 Jun 2002 13:40:46 -0700 (PDT) Received: from thuis.wiersma.be ([62.131.207.176]) by smtp06.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id GX3IRW00.2IB; Sun, 2 Jun 2002 22:40:44 +0200 Received: from wijnand.thuis.wiersma.be (wijnand.wiersma.be [IPv6:3ffe:b80:ba3:1::2]) by thuis.wiersma.be (8.12.3/8.11.4) with SMTP id g52KeJH1013165; Sun, 2 Jun 2002 22:40:20 +0200 (CEST) Date: Sun, 2 Jun 2002 22:40:52 +0200 From: Wijnand Wiersma To: freebsd-security@freebsd.org Cc: mawies@conceptsfa.nl Subject: Re: sysinstall : packages via proxy Message-Id: <20020602224052.21d36ce8.freebsd@wiersma.be> In-Reply-To: <2309.64.180.9.240.1023049111.squirrel@www.phoenixgate.org> References: <152573680.20020602221104@mail.lviv.ua> <20020602220047.3009cb1a.freebsd@wiersma.be> <2309.64.180.9.240.1023049111.squirrel@www.phoenixgate.org> X-Mailer: Sylpheed version 0.7.6 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 2 Jun 2002 13:18:31 -0700 (PDT) "tom" wrote: > Wijnand Wiersma said: > > RECOMPILE sysinstall from source. > If that doesn't fix you, CVSUP, to stable and then recompile sysinstall. > > That's what we did... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 14:17:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl6-t65.citlink.net [207.173.251.65]) by hub.freebsd.org (Postfix) with ESMTP id E673C37B407 for ; Sun, 2 Jun 2002 14:17:51 -0700 (PDT) Received: from TAGALONG (unknown [192.168.1.27]) by blacklamb.mykitchentable.net (Postfix) with SMTP id C58CFEE540; Sun, 2 Jun 2002 14:17:49 -0700 (PDT) Message-ID: <000e01c20a7a$edf501a0$1b01a8c0@TAGALONG> From: "Drew Tomlinson" To: , "Hajimu UMEMOTO" Cc: References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> <20020602113409.F20911@blossom.cjclark.org> <20020602121922.H20911@blossom.cjclark.org> Subject: Re: Security Messages re: hosts.allow? Date: Sun, 2 Jun 2002 14:17:40 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Crist J. Clark" To: "Hajimu UMEMOTO" Cc: "Drew Tomlinson" ; Sent: Sunday, June 02, 2002 12:19 PM Subject: Re: Security Messages re: hosts.allow? > On Mon, Jun 03, 2002 at 03:50:33AM +0900, Hajimu UMEMOTO wrote: > > Hi, > > > > >>>>> On Sun, 2 Jun 2002 11:34:09 -0700 > > >>>>> "Crist J. Clark" said: > > > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN CNAME dns.camelweb.com.tw. > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN A 210.59.224.44 > > crist.clark> dns.camelweb.com.tw. 22h47m42s IN A 210.59.224.42 > > > > crist.clark> 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR server1.camelweb.com.tw. > > > > crist.clark> But from the looks of it, these DNS entries themselves do not look > > crist.clark> malicious. > > > > No, CNAME RR cannot co-exist with A RR. > > I didn't say it wasn't broken DNS. I was saying that it does not look > like someone is trying to pretend they are someone they are not (which > is the reason tcpwrapper produces that kind of warning). Thanks for your replies. So the bottom line is that someone from this domain attempted to establish a ssh session with my server? This is just a little home server for my amusement and no one other than myself should access it. I guess it might be time to learn about "keys" and restrict access to only myself. Any reading suggestions for an absolute beginner? Thanks again, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 2 15: 1: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id D9C6F37B406 for ; Sun, 2 Jun 2002 15:01:04 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020602220104.IDYP2751.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sun, 2 Jun 2002 22:01:04 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g52M11X34476; Sun, 2 Jun 2002 15:01:01 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sun, 2 Jun 2002 15:01:01 -0700 From: "Crist J. Clark" To: Drew Tomlinson Cc: Hajimu UMEMOTO , security@FreeBSD.ORG Subject: Re: Security Messages re: hosts.allow? Message-ID: <20020602150101.I20911@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <007e01c20a47$7fabb370$1b01a8c0@TAGALONG> <20020602113409.F20911@blossom.cjclark.org> <20020602121922.H20911@blossom.cjclark.org> <000e01c20a7a$edf501a0$1b01a8c0@TAGALONG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000e01c20a7a$edf501a0$1b01a8c0@TAGALONG>; from drew@mykitchentable.net on Sun, Jun 02, 2002 at 02:17:40PM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jun 02, 2002 at 02:17:40PM -0700, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Crist J. Clark" > To: "Hajimu UMEMOTO" > Cc: "Drew Tomlinson" ; > Sent: Sunday, June 02, 2002 12:19 PM > Subject: Re: Security Messages re: hosts.allow? > > > > On Mon, Jun 03, 2002 at 03:50:33AM +0900, Hajimu UMEMOTO wrote: > > > Hi, > > > > > > >>>>> On Sun, 2 Jun 2002 11:34:09 -0700 > > > >>>>> "Crist J. Clark" said: > > > > > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN CNAME > dns.camelweb.com.tw. > > > crist.clark> server1.camelweb.com.tw. 23h59m43s IN A > 210.59.224.44 > > > crist.clark> dns.camelweb.com.tw. 22h47m42s IN A > 210.59.224.42 > > > > > > crist.clark> 42.224.59.210.in-addr.arpa. 9h1m47s IN PTR > server1.camelweb.com.tw. > > > > > > crist.clark> But from the looks of it, these DNS entries > themselves do not look > > > crist.clark> malicious. > > > > > > No, CNAME RR cannot co-exist with A RR. > > > > I didn't say it wasn't broken DNS. I was saying that it does not > look > > like someone is trying to pretend they are someone they are not > (which > > is the reason tcpwrapper produces that kind of warning). > > Thanks for your replies. So the bottom line is that someone from this > domain attempted to establish a ssh session with my server? This is > just a little home server for my amusement and no one other than > myself should access it. I guess it might be time to learn about > "keys" and restrict access to only myself. Any reading suggestions > for an absolute beginner? My best guess is that the host that hit you was compromised and is being used to scan for hosts running vulnerable SSH daemons. Double-check that you were not running a vulnerable version of SSH. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 3 11: 3:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B934837B403 for ; Mon, 3 Jun 2002 11:03:46 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g53I3kE13115 for security@freebsd.org; Mon, 3 Jun 2002 11:03:46 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 3 Jun 2002 11:03:46 -0700 (PDT) Message-Id: <200206031803.g53I3kE13115@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 3 13:37:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id EF4D137B406 for ; Mon, 3 Jun 2002 13:37:17 -0700 (PDT) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g53KbVC68833 for freebsd-security@freebsd.org; Mon, 3 Jun 2002 13:37:31 -0700 (PDT) (envelope-from fasty) Date: Mon, 3 Jun 2002 13:37:31 -0700 From: faSty To: freebsd-security@freebsd.org Subject: odd ipfw rule disappeared Message-ID: <20020603133731.A68689@i-sphere.com> Mail-Followup-To: faSty , freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, I would like know anybody of you guys have problem with ipfw's rule disappeared. When I create a rule of pipe 1 defined "ipfw add 500 pipe 1 ip from domain to any" It working just superb for like few days while that domain is very heavy traffic pretty lot (well over 1 million visit per day). In few days the rule num 500 for pipe 1 disappeared repeat every few days (3 or 4 days). Is that something that cracker resetting my firewall to remove the bandwidth shaper or is that bug in kernel? -fasty -- There was a young fellow named Bliss Whose sex life was strangely amiss, For even with Venus His recalcitrant penis Would never do better than t h i s . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 4 5:27:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from insomnia.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id B233937B400 for ; Tue, 4 Jun 2002 05:27:40 -0700 (PDT) Received: (qmail 29822 invoked by uid 1031); 4 Jun 2002 12:18:28 -0000 Date: Tue, 4 Jun 2002 12:18:28 +0000 From: Bruce M Simpson To: Joshua Coombs Cc: freebsd-security@freebsd.org Subject: Re: Ethernet layer 2 or 1 encryption Message-ID: <20020604121828.O9906@spc.org> Mail-Followup-To: Bruce M Simpson , Joshua Coombs , freebsd-security@freebsd.org References: <20020530162740.E2028@dargo.gwi.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020530162740.E2028@dargo.gwi.net>; from jcoombs@gwi.net on Thu, May 30, 2002 at 04:27:40PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cylink make boxes for this. We could probably do the same with Intel PRO 100/S cards in FreeBSD, but Intel ain't giving out chip docs. BMS On Thu, May 30, 2002 at 04:27:40PM -0400, Joshua Coombs wrote: > I saw this touched on back in 1999 in this list, and am looking to > reopen this particular can of worms. What I'm looking to do is find > some way to transparently encrypt and decrypt all Ethernet traffic going > over a couple of links. The links are point to point, carrying HP To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 4 10:47:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from ai.wu-wien.ac.at (ai.wu-wien.ac.at [137.208.51.154]) by hub.freebsd.org (Postfix) with ESMTP id 73C9437B40C for ; Tue, 4 Jun 2002 10:47:16 -0700 (PDT) Received: (from root@localhost) by ai.wu-wien.ac.at (8.11.3/8.11.3) id g54Hruj05770 for freebsd-security@freebsd.org; Tue, 4 Jun 2002 19:53:56 +0200 (CEST) (envelope-from matuska@wu-wien.ac.at) Received: from ai.wu-wien.ac.at (localhost [127.0.0.1]) by ai.wu-wien.ac.at (8.11.3/8.11.3av) with ESMTP id g54HrsO05759 for ; Tue, 4 Jun 2002 19:53:54 +0200 (CEST) (envelope-from matuska@wu-wien.ac.at) From: "Martin Matuska" To: freebsd-security@freebsd.org Subject: Security fixes in Sendmail 8.12.4 Date: Tue, 4 Jun 2002 19:53:54 +0200 Message-Id: <20020604195354.M27608@wu-wien.ac.at> X-Mailer: Open WebMail 1.64 20020415 X-OriginatingIP: 137.208.107.154 (matus) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Will the Sendmail security fixes introduced in Sendmail 8.12.4 (file locking) be included in 4.6-RELEASE or in the coming bugfix branch RELENG_4_6 first? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 4 10:49: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id CD94937B400 for ; Tue, 4 Jun 2002 10:48:53 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.4/8.12.4) with ESMTP id g54HmrHg063700 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 4 Jun 2002 10:48:53 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.4/8.12.4/Submit) id g54HmrVs063697; Tue, 4 Jun 2002 10:48:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15612.64901.18897.489322@horsey.gshapiro.net> Date: Tue, 4 Jun 2002 10:48:53 -0700 From: Gregory Neil Shapiro To: "Martin Matuska" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security fixes in Sendmail 8.12.4 In-Reply-To: <20020604195354.M27608@wu-wien.ac.at> References: <20020604195354.M27608@wu-wien.ac.at> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org matuska> Will the Sendmail security fixes introduced in Sendmail 8.12.4 matuska> (file locking) be included in 4.6-RELEASE or in the coming bugfix matuska> branch RELENG_4_6 first? They already are via changes to /etc/mail/Makefile and installworld. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 4 10:51:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 8051237B415 for ; Tue, 4 Jun 2002 10:51:05 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.4/8.12.4) with ESMTP id g54Hp5Hg063758 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Tue, 4 Jun 2002 10:51:05 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.4/8.12.4/Submit) id g54Hp4Xn063755; Tue, 4 Jun 2002 10:51:04 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15612.65032.569720.821128@horsey.gshapiro.net> Date: Tue, 4 Jun 2002 10:51:04 -0700 From: Gregory Neil Shapiro To: freebsd-security@FreeBSD.ORG Subject: Re: Security fixes in Sendmail 8.12.4 In-Reply-To: <15612.64901.18897.489322@horsey.gshapiro.net> References: <20020604195354.M27608@wu-wien.ac.at> <15612.64901.18897.489322@horsey.gshapiro.net> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org matuska> Will the Sendmail security fixes introduced in Sendmail 8.12.4 matuska> (file locking) be included in 4.6-RELEASE or in the coming bugfix matuska> branch RELENG_4_6 first? gshapiro> They already are via changes to /etc/mail/Makefile and gshapiro> installworld. I should note however that sendmail is one of many programs that can be DoS'ed via locking. I'd encourage the security officer to sweep through the tree looking for this type of problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 4 11:36:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101]) by hub.freebsd.org (Postfix) with ESMTP id D00C937B401; Tue, 4 Jun 2002 11:36:11 -0700 (PDT) Received: from simoen.sentex.net (pyroxene.sentex.ca [199.212.134.18]) by obsidian.sentex.ca (8.12.2/8.12.2) with ESMTP id g54IaA7U029811; Tue, 4 Jun 2002 14:36:10 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020604143542.03aafa88@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 04 Jun 2002 14:38:41 -0400 To: Gregory Neil Shapiro , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Similar locking bugs (was Re: Security fixes in Sendmail 8.12.4) Cc: mbr@FreeBSD.ORG In-Reply-To: <15612.65032.569720.821128@horsey.gshapiro.net> References: <15612.64901.18897.489322@horsey.gshapiro.net> <20020604195354.M27608@wu-wien.ac.at> <15612.64901.18897.489322@horsey.gshapiro.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: By Sentex Communications (obsidian/20020220) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:51 AM 04/06/2002 -0700, Gregory Neil Shapiro wrote: >I should note however that sendmail is one of many programs that can be >DoS'ed via locking. I'd encourage the security officer to sweep through >the tree looking for this type of problem. Apache and FrontPage seems to have this problem as well. As a non privileged user, just vi /usr/local/etc/apache/httpd.conf While this is the case, none of the frontpage users are able to publish/save files to their respective sites. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 3:50:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by hub.freebsd.org (Postfix) with ESMTP id A0F5A37B401 for ; Wed, 5 Jun 2002 03:50:53 -0700 (PDT) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id MAA04152 for ; Wed, 5 Jun 2002 12:50:52 +0200 (MET DST) Date: Wed, 5 Jun 2002 12:50:52 +0200 (MET DST) From: Mario Pranjic To: Subject: samba and ipfw Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! I have rules for smb like this: # samba add 660 allow tcp from any to me 138,139,445 setup keep-state add 661 pass udp from any 139 to me 139 keep-state But, I can't see NETBIO name or access host by that name. Is there anything else I should open? Thanks! Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 7: 9:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from rack.purplecat.net (rack.purplecat.net [208.133.44.46]) by hub.freebsd.org (Postfix) with ESMTP id 14E6337B405 for ; Wed, 5 Jun 2002 07:08:52 -0700 (PDT) Received: (qmail 56377 invoked from network); 5 Jun 2002 14:09:25 -0000 Received: from unknown (HELO micron) (208.150.25.130) by rack.purplecat.net with SMTP; 5 Jun 2002 14:09:25 -0000 From: "Peter Brezny" To: Subject: currently experiencing some kind of DOS attack? Need help! Date: Wed, 5 Jun 2002 10:09:07 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think i'm experiencng some kind of DOS attack and I need some help pinpointing the bad guys, and cutting them off/reporting them. I've attached a tcpdump that was captured during the latest initial attack. They are coming at 10 minute intervals. The system under attack is 208.133.44.46 The error i'm getting in /var/log/messages: Jun 5 10:05:51 rack /kernel: m_clalloc failed, consider increase NMBCLUSTERS value Jun 5 10:05:51 rack /kernel: xl0: no memory for rx list -- packet dropped! Any help is much appreciated. Peter Brezny Skyrunner.net 09:56:44.778211 208.133.44.46.4181 > 64.90.1.81.25: . ack 1 win 33304 (DF ) 09:56:44.778289 208.133.44.46.4204 > 216.248.13.163.25: S 583871681:583871681(0) win 65535 (DF) 09:56:44.778363 208.133.44.46.4205 > 216.248.13.163.25: S 990811731:990811731(0) win 65535 (DF) 09:56:44.778437 208.133.44.46.4179 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.778509 208.133.44.46.4195 > 12.107.51.89.25: . ack 1 win 33304 ( DF) 09:56:44.778606 208.133.44.46.4135 > 209.130.32.60.25: P 51:80(29) ack 171 win 33304 (DF) 09:56:44.778685 208.133.44.46.4206 > 209.149.145.242.25: S 4218318996:4218318996(0) win 65535 (DF) 09:56:44.778767 208.133.44.46.4207 > 12.18.94.118.25: S 4233576849:4233576849(0) win 65535 (DF) 09:56:44.778844 208.133.44.46.4208 > 66.7.159.141.25: S 2755991554:2755991554(0) win 65535 (DF) 09:56:44.778931 208.133.44.46.53 > 208.133.44.2.53: 15111+ A? lists.wnpt.net. (32) 09:56:44.779019 208.133.44.46.53 > 208.133.44.2.53: 29381+ A? hammer.bw.vallnet.com. (39) 09:56:44.779303 216.141.198.6.25 > 208.133.44.46.4182: S 2677924182:2677924182(0) ack 3722697590 win 8760 (DF) 09:56:44.779412 208.133.44.46.4182 > 216.141.198.6.25: . ack 1 win 65535 (DF) 09:56:44.780186 209.142.136.248.25 > 208.133.44.46.4173: R 1:1(0) ack 1 win 17520 (DF) 09:56:44.782070 216.183.105.175.25 > 208.133.44.46.4184: S 970622662:970622662(0) ack 611002520 win 5792 (DF) 09:56:44.782230 208.133.44.2.53 > 208.133.44.46.53: 39368 1/2/2 A 12.18.94.118 (131) 09:56:44.782304 208.133.44.46.4184 > 216.183.105.175.25: . ack 1 win 33304 (DF) 09:56:44.782681 24.165.200.11.25 > 208.133.44.46.4191: S 2693592169:2693592169(0) ack 2405761779 win 33304 (DF) 09:56:44.782759 208.133.44.46.4209 > 12.18.94.118.25: S 1124694907:1124694907(0) win 65535 (DF) 09:56:44.782841 208.133.44.46.4191 > 24.165.200.11.25: . ack 1 win 33304 ( DF) 09:56:44.783407 208.133.44.2.53 > 208.133.44.46.53: 20554 1/2/2 A 63.85.209.13 (119) 09:56:44.783735 208.0.133.2.25 > 208.133.44.46.4156: P 94:226(132) ack 26 win 8735 (DF) 09:56:44.783820 208.133.44.46.4210 > 63.85.209.13.25: S 2351909802:2351909802(0) win 65535 (DF) 09:56:44.783973 208.133.44.46.4156 > 208.0.133.2.25: P 26:55(29) ack 226 win 65535 (DF) 09:56:44.784436 216.141.198.5.25 > 208.133.44.46.4189: S 3128014607:3128014607(0) ack 3231361719 win 8760 (DF) 09:56:44.784528 64.90.1.81.25 > 208.133.44.46.4192: S 1792359129:1792359129(0) ack 122564349 win 10136 (DF) 09:56:44.784592 208.133.44.46.4189 > 216.141.198.5.25: . ack 1 win 65535 (DF) 09:56:44.784663 208.133.44.46.4192 > 64.90.1.81.25: . ack 1 win 33304 (DF ) 09:56:44.785415 208.133.44.2.53 > 208.133.44.46.53: 10424* 1/3/4 MX[|domain] 09:56:44.786007 208.133.44.46.53 > 208.133.44.2.53: 9865+ A? mail.milanmirrorexchange.com. (46) 09:56:44.786890 208.133.44.2.53 > 208.133.44.46.53: 10699 1/3/4 A 63.238.52.32 (175) 09:56:44.787268 64.12.137.121.25 > 208.133.44.46.4141: P 383:391(8) ack 55 win 33304 (DF) 09:56:44.787376 208.133.44.46.4211 > 63.238.52.89.25: S 822989022:822989022(0) win 65535 (DF) 09:56:44.787529 208.133.44.46.4141 > 64.12.137.121.25: P 55:83(28) ack 391 win 33304 (DF) 09:56:44.787615 64.12.136.121.25 > 208.133.44.46.4134: . ack 8974 win 32768 09:56:44.787689 216.141.198.7.25 > 208.133.44.46.4183: S 2740973361:2740973361(0) ack 3477352929 win 8760 (DF) 09:56:44.787917 208.133.44.2.53 > 208.133.44.46.53: 32840 1/2/2 A 216.248.18.11 (116) 09:56:44.788420 208.133.44.46.4134 > 64.12.136.121.25: . 12642:13166(524) ack 455 win 33012 (DF) 09:56:44.788914 208.133.44.46.4134 > 64.12.136.121.25: . 13166:13690(524) ack 455 win 33012 (DF) 09:56:44.789469 208.133.44.46.4134 > 64.12.136.121.25: . 13690:14214(524) ack 455 win 33012 (DF) 09:56:44.790024 208.133.44.46.4134 > 64.12.136.121.25: . 14214:14738(524) ack 455 win 33012 (DF) 09:56:44.790577 208.133.44.46.4134 > 64.12.136.121.25: . 14738:15262(524) ack 455 win 33012 (DF) 09:56:44.790706 208.133.44.46.4183 > 216.141.198.7.25: . ack 1 win 65535 (DF) 09:56:44.790936 208.133.44.2.53 > 208.133.44.46.53: 65451 1/2/2 A 216.248.18.12 (116) 09:56:44.791024 208.44.30.252.25 > 208.133.44.46.4188: S 1467598258:1467598258(0) ack 1322705327 win 17520 (DF) 09:56:44.791266 208.133.44.2.53 > 208.133.44.46.53: 30931 1/5/5 A[|domain] 09:56:44.791527 208.133.44.46.4188 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.792030 208.44.30.252.25 > 208.133.44.46.4190: S 2949454116:2949454116(0) ack 2714795533 win 17520 (DF) 09:56:44.792102 216.53.195.54.25 > 208.133.44.46.4200: S 414963656:414963656(0) ack 1200813988 win 24616 (DF) 09:56:44.792208 64.12.137.184.25 > 208.133.44.46.4144: . ack 26 win 33304 (DF) 09:56:44.792296 208.133.44.46.4190 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.792399 208.133.44.46.4200 > 216.53.195.54.25: . ack 1 win 33304 (DF) 09:56:44.792540 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 09:56:44.792614 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 09:56:44.793129 208.133.44.46.4134 > 64.12.136.121.25: . 15262:15786(524) ack 455 win 33012 (DF) 09:56:44.793680 208.133.44.46.4134 > 64.12.136.121.25: . 15786:16310(524) ack 455 win 33012 (DF) 09:56:44.794369 208.133.44.46.4134 > 64.12.136.121.25: . 16310:16834(524) ack 455 win 33012 (DF) 09:56:44.794513 208.133.44.46.53 > 208.133.44.2.53: 49539+ A? mx2.mail.twtelecom.net. (40) 09:56:44.795064 64.12.137.184.25 > 208.133.44.46.4144: P 329:383(54) ack 26 win 33304 (DF) 09:56:44.795225 208.133.44.2.53 > 208.133.44.46.53: 23829* 1/2/2 MX[|domain] 09:56:44.795304 205.152.58.3.25 > 208.133.44.46.4158: . ack 55 win 10136 (DF) 09:56:44.795376 64.12.136.121.25 > 208.133.44.46.4134: . ack 12118 win 32768 09:56:44.795924 208.133.44.46.4134 > 64.12.136.121.25: . 16834:17358(524) ack 455 win 33012 (DF) 09:56:44.796419 208.133.44.46.4134 > 64.12.136.121.25: . 17358:17882(524) ack 455 win 33012 (DF) 09:56:44.796918 208.133.44.46.4134 > 64.12.136.121.25: . 17882:18406(524) ack 455 win 33012 (DF) 09:56:44.797408 208.133.44.46.4134 > 64.12.136.121.25: . 18406:18930(524) ack 455 win 33012 (DF) 09:56:44.797895 208.133.44.46.4134 > 64.12.136.121.25: . 18930:19454(524) ack 455 win 33012 (DF) 09:56:44.797994 208.133.44.46.4144 > 64.12.137.184.25: P 26:55(29) ack 383 win 33304 (DF) 09:56:44.798158 208.133.44.46.53 > 208.133.44.2.53: 54617+ A? lucy.multipro.com. (35) 09:56:44.798233 205.152.58.132.25 > 208.133.44.46.4152: . ack 55 win 10136 (DF) 09:56:44.798307 64.12.136.121.25 > 208.133.44.46.4134: . ack 10546 win 32768 09:56:44.798426 206.102.201.11.25 > 208.133.44.46.4199: S 31341815:31341815(0) ack 329832920 win 8760 (DF) 09:56:44.798559 208.133.44.46.4199 > 206.102.201.11.25: . ack 1 win 65535 (DF) 09:56:44.799241 208.133.44.3.53 > 208.133.44.46.53: 15267* 1/3/3 (191) 09:56:44.800389 208.133.44.3.53 > 208.133.44.46.53: 64791* 1/3/3 (194) 09:56:44.801324 208.133.44.46.4212 > 64.75.1.251.25: S 728130978:728130978(0) win 65535 (DF) 09:56:44.803151 209.130.32.61.25 > 208.133.44.46.4136: . ack 51 win 49152 ( DF) 09:56:44.803364 209.130.32.61.25 > 208.133.44.46.4136: P 82:173(91) ack 51 win 49152 (DF) 09:56:44.803482 152.163.224.26.25 > 208.133.44.46.4143: P 329:383(54) ack 26 win 32768 09:56:44.803601 208.133.44.46.4136 > 209.130.32.61.25: P 51:80(29) ack 173 win 33304 (DF) 09:56:44.803695 208.133.44.46.4143 > 152.163.224.26.25: P 26:55(29) ack 383 win 33012 (DF) 09:56:44.804003 12.153.11.240.25 > 208.133.44.46.4177: P 81:121(40) ack 26 win 16535 (DF) 09:56:44.804192 208.133.44.46.4177 > 12.153.11.240.25: P 26:51(25) ack 121 win 32832 (DF) 09:56:44.804430 63.93.245.3.25 > 208.133.44.46.4198: S 143862244:143862244(0) ack 3178198484 win 16352 09:56:44.804611 208.133.44.46.4198 > 63.93.245.3.25: . ack 1 win 65535 (DF) 09:56:44.804743 208.27.252.10.25 > 208.133.44.46.4176: P 118:188(70) ack 26 win 17495 (DF) 09:56:44.804851 205.152.58.1.25 > 208.133.44.46.4157: . ack 55 win 10136 (DF) 09:56:44.806461 149.48.46.26.25 > 208.133.44.46.4140: P 281:322(41) ack 92 win 64296 (DF) 09:56:44.806696 208.133.44.46.4140 > 149.48.46.26.25: P 92:98(6) ack 322 win 32832 (DF) 09:56:44.807059 208.0.133.2.25 > 208.133.44.46.4175: P 1:94(93) ack 1 win 8760 (DF) 09:56:44.807192 203.176.60.186.25 > 208.133.44.46.4166: P 1:77(76) ack 1 win 24616 (DF) 09:56:44.807284 208.133.44.46.4175 > 208.0.133.2.25: P 1:26(25) ack 94 win 65535 (DF) 09:56:44.807413 208.133.44.46.4166 > 203.176.60.186.25: P 1:26(25) ack 77 win 33304 (DF) 09:56:44.807622 208.45.133.107.25 > 208.133.44.46.4180: P 1:68(67) ack 1 win 5840 (DF) 09:56:44.807809 208.133.44.46.4180 > 208.45.133.107.25: P 1:26(25) ack 68 win 65535 (DF) 09:56:44.808143 208.133.44.46.53 > 208.133.44.2.53: 4340+ ANY? care-communications.com. (41) 09:56:44.809188 204.78.60.100.25 > 208.133.44.46.4150: P 101:131(30) ack 26 win 17495 (DF) 09:56:44.809257 216.145.68.3.25 > 208.133.44.46.4174: S 809889280:809889280(0) ack 2587056518 win 17520 (DF) 09:56:44.809360 207.69.235.6.25 > 208.133.44.46.4138: P 104:133(29) ack 26 win 16535 To: Subject: RE: currently experiencing some kind of DOS attack? Need help! Date: Wed, 5 Jun 2002 11:16:06 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Discovered this is not a DOS attack, Thanks for your consideration. Looks like my qmail install is sending things out faster than my network card can handle?... Thanks again, Peter Brezny Skyrunner.net -----Original Message----- From: Peter Brezny [mailto:pbrezny@purplecat.net] Sent: Wednesday, June 05, 2002 10:09 AM To: freebsd-net@freebsd.org Subject: currently experiencing some kind of DOS attack? Need help! I think i'm experiencng some kind of DOS attack and I need some help pinpointing the bad guys, and cutting them off/reporting them. I've attached a tcpdump that was captured during the latest initial attack. They are coming at 10 minute intervals. The system under attack is 208.133.44.46 The error i'm getting in /var/log/messages: Jun 5 10:05:51 rack /kernel: m_clalloc failed, consider increase NMBCLUSTERS value Jun 5 10:05:51 rack /kernel: xl0: no memory for rx list -- packet dropped! Any help is much appreciated. Peter Brezny Skyrunner.net 09:56:44.778211 208.133.44.46.4181 > 64.90.1.81.25: . ack 1 win 33304 (DF ) 09:56:44.778289 208.133.44.46.4204 > 216.248.13.163.25: S 583871681:583871681(0) win 65535 (DF) 09:56:44.778363 208.133.44.46.4205 > 216.248.13.163.25: S 990811731:990811731(0) win 65535 (DF) 09:56:44.778437 208.133.44.46.4179 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.778509 208.133.44.46.4195 > 12.107.51.89.25: . ack 1 win 33304 ( DF) 09:56:44.778606 208.133.44.46.4135 > 209.130.32.60.25: P 51:80(29) ack 171 win 33304 (DF) 09:56:44.778685 208.133.44.46.4206 > 209.149.145.242.25: S 4218318996:4218318996(0) win 65535 (DF) 09:56:44.778767 208.133.44.46.4207 > 12.18.94.118.25: S 4233576849:4233576849(0) win 65535 (DF) 09:56:44.778844 208.133.44.46.4208 > 66.7.159.141.25: S 2755991554:2755991554(0) win 65535 (DF) 09:56:44.778931 208.133.44.46.53 > 208.133.44.2.53: 15111+ A? lists.wnpt.net. (32) 09:56:44.779019 208.133.44.46.53 > 208.133.44.2.53: 29381+ A? hammer.bw.vallnet.com. (39) 09:56:44.779303 216.141.198.6.25 > 208.133.44.46.4182: S 2677924182:2677924182(0) ack 3722697590 win 8760 (DF) 09:56:44.779412 208.133.44.46.4182 > 216.141.198.6.25: . ack 1 win 65535 (DF) 09:56:44.780186 209.142.136.248.25 > 208.133.44.46.4173: R 1:1(0) ack 1 win 17520 (DF) 09:56:44.782070 216.183.105.175.25 > 208.133.44.46.4184: S 970622662:970622662(0) ack 611002520 win 5792 (DF) 09:56:44.782230 208.133.44.2.53 > 208.133.44.46.53: 39368 1/2/2 A 12.18.94.118 (131) 09:56:44.782304 208.133.44.46.4184 > 216.183.105.175.25: . ack 1 win 33304 (DF) 09:56:44.782681 24.165.200.11.25 > 208.133.44.46.4191: S 2693592169:2693592169(0) ack 2405761779 win 33304 (DF) 09:56:44.782759 208.133.44.46.4209 > 12.18.94.118.25: S 1124694907:1124694907(0) win 65535 (DF) 09:56:44.782841 208.133.44.46.4191 > 24.165.200.11.25: . ack 1 win 33304 ( DF) 09:56:44.783407 208.133.44.2.53 > 208.133.44.46.53: 20554 1/2/2 A 63.85.209.13 (119) 09:56:44.783735 208.0.133.2.25 > 208.133.44.46.4156: P 94:226(132) ack 26 win 8735 (DF) 09:56:44.783820 208.133.44.46.4210 > 63.85.209.13.25: S 2351909802:2351909802(0) win 65535 (DF) 09:56:44.783973 208.133.44.46.4156 > 208.0.133.2.25: P 26:55(29) ack 226 win 65535 (DF) 09:56:44.784436 216.141.198.5.25 > 208.133.44.46.4189: S 3128014607:3128014607(0) ack 3231361719 win 8760 (DF) 09:56:44.784528 64.90.1.81.25 > 208.133.44.46.4192: S 1792359129:1792359129(0) ack 122564349 win 10136 (DF) 09:56:44.784592 208.133.44.46.4189 > 216.141.198.5.25: . ack 1 win 65535 (DF) 09:56:44.784663 208.133.44.46.4192 > 64.90.1.81.25: . ack 1 win 33304 (DF ) 09:56:44.785415 208.133.44.2.53 > 208.133.44.46.53: 10424* 1/3/4 MX[|domain] 09:56:44.786007 208.133.44.46.53 > 208.133.44.2.53: 9865+ A? mail.milanmirrorexchange.com. (46) 09:56:44.786890 208.133.44.2.53 > 208.133.44.46.53: 10699 1/3/4 A 63.238.52.32 (175) 09:56:44.787268 64.12.137.121.25 > 208.133.44.46.4141: P 383:391(8) ack 55 win 33304 (DF) 09:56:44.787376 208.133.44.46.4211 > 63.238.52.89.25: S 822989022:822989022(0) win 65535 (DF) 09:56:44.787529 208.133.44.46.4141 > 64.12.137.121.25: P 55:83(28) ack 391 win 33304 (DF) 09:56:44.787615 64.12.136.121.25 > 208.133.44.46.4134: . ack 8974 win 32768 09:56:44.787689 216.141.198.7.25 > 208.133.44.46.4183: S 2740973361:2740973361(0) ack 3477352929 win 8760 (DF) 09:56:44.787917 208.133.44.2.53 > 208.133.44.46.53: 32840 1/2/2 A 216.248.18.11 (116) 09:56:44.788420 208.133.44.46.4134 > 64.12.136.121.25: . 12642:13166(524) ack 455 win 33012 (DF) 09:56:44.788914 208.133.44.46.4134 > 64.12.136.121.25: . 13166:13690(524) ack 455 win 33012 (DF) 09:56:44.789469 208.133.44.46.4134 > 64.12.136.121.25: . 13690:14214(524) ack 455 win 33012 (DF) 09:56:44.790024 208.133.44.46.4134 > 64.12.136.121.25: . 14214:14738(524) ack 455 win 33012 (DF) 09:56:44.790577 208.133.44.46.4134 > 64.12.136.121.25: . 14738:15262(524) ack 455 win 33012 (DF) 09:56:44.790706 208.133.44.46.4183 > 216.141.198.7.25: . ack 1 win 65535 (DF) 09:56:44.790936 208.133.44.2.53 > 208.133.44.46.53: 65451 1/2/2 A 216.248.18.12 (116) 09:56:44.791024 208.44.30.252.25 > 208.133.44.46.4188: S 1467598258:1467598258(0) ack 1322705327 win 17520 (DF) 09:56:44.791266 208.133.44.2.53 > 208.133.44.46.53: 30931 1/5/5 A[|domain] 09:56:44.791527 208.133.44.46.4188 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.792030 208.44.30.252.25 > 208.133.44.46.4190: S 2949454116:2949454116(0) ack 2714795533 win 17520 (DF) 09:56:44.792102 216.53.195.54.25 > 208.133.44.46.4200: S 414963656:414963656(0) ack 1200813988 win 24616 (DF) 09:56:44.792208 64.12.137.184.25 > 208.133.44.46.4144: . ack 26 win 33304 (DF) 09:56:44.792296 208.133.44.46.4190 > 208.44.30.252.25: . ack 1 win 33304 (DF) 09:56:44.792399 208.133.44.46.4200 > 216.53.195.54.25: . ack 1 win 33304 (DF) 09:56:44.792540 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 09:56:44.792614 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 09:56:44.793129 208.133.44.46.4134 > 64.12.136.121.25: . 15262:15786(524) ack 455 win 33012 (DF) 09:56:44.793680 208.133.44.46.4134 > 64.12.136.121.25: . 15786:16310(524) ack 455 win 33012 (DF) 09:56:44.794369 208.133.44.46.4134 > 64.12.136.121.25: . 16310:16834(524) ack 455 win 33012 (DF) 09:56:44.794513 208.133.44.46.53 > 208.133.44.2.53: 49539+ A? mx2.mail.twtelecom.net. (40) 09:56:44.795064 64.12.137.184.25 > 208.133.44.46.4144: P 329:383(54) ack 26 win 33304 (DF) 09:56:44.795225 208.133.44.2.53 > 208.133.44.46.53: 23829* 1/2/2 MX[|domain] 09:56:44.795304 205.152.58.3.25 > 208.133.44.46.4158: . ack 55 win 10136 (DF) 09:56:44.795376 64.12.136.121.25 > 208.133.44.46.4134: . ack 12118 win 32768 09:56:44.795924 208.133.44.46.4134 > 64.12.136.121.25: . 16834:17358(524) ack 455 win 33012 (DF) 09:56:44.796419 208.133.44.46.4134 > 64.12.136.121.25: . 17358:17882(524) ack 455 win 33012 (DF) 09:56:44.796918 208.133.44.46.4134 > 64.12.136.121.25: . 17882:18406(524) ack 455 win 33012 (DF) 09:56:44.797408 208.133.44.46.4134 > 64.12.136.121.25: . 18406:18930(524) ack 455 win 33012 (DF) 09:56:44.797895 208.133.44.46.4134 > 64.12.136.121.25: . 18930:19454(524) ack 455 win 33012 (DF) 09:56:44.797994 208.133.44.46.4144 > 64.12.137.184.25: P 26:55(29) ack 383 win 33304 (DF) 09:56:44.798158 208.133.44.46.53 > 208.133.44.2.53: 54617+ A? lucy.multipro.com. (35) 09:56:44.798233 205.152.58.132.25 > 208.133.44.46.4152: . ack 55 win 10136 (DF) 09:56:44.798307 64.12.136.121.25 > 208.133.44.46.4134: . ack 10546 win 32768 09:56:44.798426 206.102.201.11.25 > 208.133.44.46.4199: S 31341815:31341815(0) ack 329832920 win 8760 (DF) 09:56:44.798559 208.133.44.46.4199 > 206.102.201.11.25: . ack 1 win 65535 (DF) 09:56:44.799241 208.133.44.3.53 > 208.133.44.46.53: 15267* 1/3/3 (191) 09:56:44.800389 208.133.44.3.53 > 208.133.44.46.53: 64791* 1/3/3 (194) 09:56:44.801324 208.133.44.46.4212 > 64.75.1.251.25: S 728130978:728130978(0) win 65535 (DF) 09:56:44.803151 209.130.32.61.25 > 208.133.44.46.4136: . ack 51 win 49152 ( DF) 09:56:44.803364 209.130.32.61.25 > 208.133.44.46.4136: P 82:173(91) ack 51 win 49152 (DF) 09:56:44.803482 152.163.224.26.25 > 208.133.44.46.4143: P 329:383(54) ack 26 win 32768 09:56:44.803601 208.133.44.46.4136 > 209.130.32.61.25: P 51:80(29) ack 173 win 33304 (DF) 09:56:44.803695 208.133.44.46.4143 > 152.163.224.26.25: P 26:55(29) ack 383 win 33012 (DF) 09:56:44.804003 12.153.11.240.25 > 208.133.44.46.4177: P 81:121(40) ack 26 win 16535 (DF) 09:56:44.804192 208.133.44.46.4177 > 12.153.11.240.25: P 26:51(25) ack 121 win 32832 (DF) 09:56:44.804430 63.93.245.3.25 > 208.133.44.46.4198: S 143862244:143862244(0) ack 3178198484 win 16352 09:56:44.804611 208.133.44.46.4198 > 63.93.245.3.25: . ack 1 win 65535 (DF) 09:56:44.804743 208.27.252.10.25 > 208.133.44.46.4176: P 118:188(70) ack 26 win 17495 (DF) 09:56:44.804851 205.152.58.1.25 > 208.133.44.46.4157: . ack 55 win 10136 (DF) 09:56:44.806461 149.48.46.26.25 > 208.133.44.46.4140: P 281:322(41) ack 92 win 64296 (DF) 09:56:44.806696 208.133.44.46.4140 > 149.48.46.26.25: P 92:98(6) ack 322 win 32832 (DF) 09:56:44.807059 208.0.133.2.25 > 208.133.44.46.4175: P 1:94(93) ack 1 win 8760 (DF) 09:56:44.807192 203.176.60.186.25 > 208.133.44.46.4166: P 1:77(76) ack 1 win 24616 (DF) 09:56:44.807284 208.133.44.46.4175 > 208.0.133.2.25: P 1:26(25) ack 94 win 65535 (DF) 09:56:44.807413 208.133.44.46.4166 > 203.176.60.186.25: P 1:26(25) ack 77 win 33304 (DF) 09:56:44.807622 208.45.133.107.25 > 208.133.44.46.4180: P 1:68(67) ack 1 win 5840 (DF) 09:56:44.807809 208.133.44.46.4180 > 208.45.133.107.25: P 1:26(25) ack 68 win 65535 (DF) 09:56:44.808143 208.133.44.46.53 > 208.133.44.2.53: 4340+ ANY? care-communications.com. (41) 09:56:44.809188 204.78.60.100.25 > 208.133.44.46.4150: P 101:131(30) ack 26 win 17495 (DF) 09:56:44.809257 216.145.68.3.25 > 208.133.44.46.4174: S 809889280:809889280(0) ack 2587056518 win 17520 (DF) 09:56:44.809360 207.69.235.6.25 > 208.133.44.46.4138: P 104:133(29) ack 26 win 16535 ; Wed, 5 Jun 2002 09:23:57 -0700 (PDT) Received: (qmail 10705 invoked by uid 1001); 5 Jun 2002 16:23:57 -0000 Date: Wed, 5 Jun 2002 12:23:57 -0400 From: "Peter C. Lai" To: Mario Pranjic Cc: freebsd-security@FreeBSD.ORG Subject: Re: samba and ipfw Message-ID: <20020605122357.D10653@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mario.pranjic@irb.hr on Wed, Jun 05, 2002 at 12:50:52PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org you forgot UDP 137 /etc/services shows: netbios-ns 137/tcp #NETBIOS Name Service netbios-ns 137/udp #NETBIOS Name Service netbios-dgm 138/tcp #NETBIOS Datagram Service netbios-dgm 138/udp #NETBIOS Datagram Service netbios-ssn 139/tcp #NETBIOS Session Service netbios-ssn 139/udp #NETBIOS Session Service You really don't need 445 either, unless you are routing Active Directory associated traffic. The network neighborhood functionality is a function of nmbd, or NETBIOS Name Service, hence you can't access machines by name if you block 137. i'm going to pull a kris and say this isn't an exactly security related question :) On Wed, Jun 05, 2002 at 12:50:52PM +0200, Mario Pranjic wrote: > Hi! > > I have rules for smb like this: > # samba > add 660 allow tcp from any to me 138,139,445 setup keep-state > add 661 pass udp from any 139 to me 139 keep-state > > > But, I can't see NETBIO name or access host by that name. > > Is there anything else I should open? > > Thanks! > > Mario Pranjic, dipl.ing. > sistem administrator > Knjiznica, Institut Rudjer Boskovic > ------------------------------------- > e-mail: mario.pranjic@irb.hr > ICQ: 72059629 > tel: +385 1 45 60 954 (interni: 1293) > ------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 9:52:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 872FE37B403 for ; Wed, 5 Jun 2002 09:52:44 -0700 (PDT) Received: (qmail 5053 invoked by uid 0); 5 Jun 2002 16:52:39 -0000 Received: from i-zr05.fem.tu-ilmenau.de (HELO supernova) (141.24.45.170) by mail.gmx.net (mp007-rz3) with SMTP; 5 Jun 2002 16:52:39 -0000 Date: Wed, 5 Jun 2002 18:53:05 +0200 From: Andreas Pinkert X-Mailer: The Bat! (v1.53d) Reply-To: Andreas Pinkert Organization: - X-Priority: 3 (Normal) Message-ID: <1816023992.20020605185305@gmx.net> To: freebsd-security@FreeBSD.ORG Subject: IPSec: FreeBSD / Win2k MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello everyone, I have a FreeBSD system in a VMWare under Windows 2000. No I try to connect these systems with IPSec. I do this obviously not for security reasons, but to check, if and how I can get the two systems interoperate. I have a working connection. Cool heh? ;-) But there is a serious problem: When I start negotiations on the FreeBSD system, an SA will be established, but after about 15 seconds racoon crashes with a segmentation fault. So packets will be encrypted an decryptet correctly, only the racoon daemon is down. (and will not handle timeouts, etc) This does not happen when I start the negotiations on the Windows system. I updated to racoon-20020507a but the crashing continues. Any hints? regards, Andreas Pinkert. My racoon.conf: path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; log debug2; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } timer { counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. phase1 30 sec; phase2 15 sec; } remote 141.24.45.170 # win2k { situation identity_only; identifier address; exchange_mode main, aggressive; lifetime time 5 min; passive off; nonce_size 16; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 8 hour; encryption_algorithm 3des; authentication_algorithm hmac_md5; compression_algorithm deflate; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 10: 7:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from hamlet.d2si.com (hamlet.paw-in-eye.net [63.224.10.2]) by hub.freebsd.org (Postfix) with ESMTP id 25FEC37B406 for ; Wed, 5 Jun 2002 10:07:54 -0700 (PDT) Received: from hamlet.d2si.com (localhost.d2si.com [127.0.0.1]) by hamlet.d2si.com (8.12.3/8.11.4) with ESMTP id g55H7mxq096564; Wed, 5 Jun 2002 12:07:48 -0500 (CDT) (envelope-from alec@hamlet.d2si.com) Received: (from alec@localhost) by hamlet.d2si.com (8.12.3/8.12.3/Submit) id g55H7l1e096563; Wed, 5 Jun 2002 12:07:47 -0500 (CDT) From: Alec Kloss Date: Wed, 5 Jun 2002 12:07:47 -0500 To: Andreas Pinkert Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPSec: FreeBSD / Win2k Message-ID: <20020605120747.B96493@hamlet.d2si.com> References: <1816023992.20020605185305@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1816023992.20020605185305@gmx.net>; from the_supernova@gmx.net on Wed, Jun 05, 2002 at 06:53:05PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've found racoon-20020426a tends to crash when run in the foreground; in the background it seems to work fine. On 2002-06-05 18:53, Andreas Pinkert wrote: > Hello everyone, > > I have a FreeBSD system in a VMWare under Windows 2000. No I try to connect > these systems with IPSec. I do this obviously not for security reasons, but to > check, if and how I can get the two systems interoperate. > > I have a working connection. Cool heh? ;-) > > But there is a serious problem: > When I start negotiations on the FreeBSD system, an SA will be established, but > after about 15 seconds racoon crashes with a segmentation fault. > So packets will be encrypted an decryptet correctly, only the racoon daemon is > down. (and will not handle timeouts, etc) > > This does not happen when I start the negotiations on the Windows system. > > I updated to racoon-20020507a but the crashing continues. > > Any hints? > --- chop --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 10:21:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 8BF7F37B405 for ; Wed, 5 Jun 2002 10:21:43 -0700 (PDT) Received: (qmail 10820 invoked by uid 0); 5 Jun 2002 17:21:37 -0000 Received: from i-zr05.fem.tu-ilmenau.de (HELO supernova) (141.24.45.170) by mail.gmx.net (mp016-rz3) with SMTP; 5 Jun 2002 17:21:37 -0000 Date: Wed, 5 Jun 2002 19:22:03 +0200 From: Andreas Pinkert X-Mailer: The Bat! (v1.53d) Reply-To: Andreas Pinkert Organization: - X-Priority: 3 (Normal) Message-ID: <507762241.20020605192203@gmx.net> To: Alec Kloss Cc: freebsd-security@FreeBSD.ORG Subject: Re[2]: IPSec: FreeBSD / Win2k In-Reply-To: <20020605120747.B96493@hamlet.d2si.com> References: <1816023992.20020605185305@gmx.net> <20020605120747.B96493@hamlet.d2si.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org AK> I've found racoon-20020426a tends to crash when run in the foreground; AK> in the background it seems to work fine. It crashes also in the background. but thanks, Andreas Pinkert To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 11:16:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 02A9037B403 for ; Wed, 5 Jun 2002 11:16:19 -0700 (PDT) Received: (qmail 16611 invoked by uid 0); 5 Jun 2002 18:16:14 -0000 Received: from p50910121.dip0.t-ipconnect.de (HELO mail.gsinet.sittig.org) (80.145.1.33) by mail.gmx.net (mp015-rz3) with SMTP; 5 Jun 2002 18:16:14 -0000 Received: (qmail 49737 invoked from network); 5 Jun 2002 18:00:00 -0000 Received: from shell.gsinet.sittig.org (192.168.11.153) by mail.gsinet.sittig.org with SMTP; 5 Jun 2002 18:00:00 -0000 Received: (from sittig@localhost) by shell.gsinet.sittig.org (8.11.3/8.11.3) id g55Hxrk49712 for freebsd-security@FreeBSD.ORG; Wed, 5 Jun 2002 19:59:53 +0200 (CEST) (envelope-from sittig) Date: Wed, 5 Jun 2002 19:59:53 +0200 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: samba and ipfw Message-ID: <20020605195953.V1494@shell.gsinet.sittig.org> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mario.pranjic@irb.hr on Wed, Jun 05, 2002 at 12:50:52PM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 05, 2002 at 12:50 +0200, Mario Pranjic wrote: > > I have rules for smb like this: > # samba > add 660 allow tcp from any to me 138,139,445 setup keep-state > add 661 pass udp from any 139 to me 139 keep-state ^^^ ^^^ This is a typo, isn't it? netbios-ns uses 137/udp. And it mostly is run in broadcast mode, so I don't know how the "me" keywords disturbes (is too strict). As usual: When you have problems with your filter rules add a default rule logging packets before denying them or use your favourite sniffer tool (like tcpdump(8) which comes with the base system) to see what's spoken. Isn't this a FAQ? virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 13:46:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from omta04.mta.everyone.net (sitemail3.everyone.net [216.200.145.37]) by hub.freebsd.org (Postfix) with ESMTP id 0EAC137B407; Wed, 5 Jun 2002 13:45:43 -0700 (PDT) Received: from sitemail.everyone.net (dsnat [216.200.145.62]) by omta04.mta.everyone.net (Postfix) with ESMTP id DE74F4FD3D; Wed, 5 Jun 2002 13:45:42 -0700 (PDT) Received: by sitemail.everyone.net (Postfix, from userid 99) id AEE962756; Wed, 5 Jun 2002 13:45:42 -0700 (PDT) Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Wed, 5 Jun 2002 13:45:42 -0700 (PDT) From: Muhammad Faisal Rauf Danka To: "Peter Brezny" , freebsd-net@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: currently experiencing some kind of DOS attack? Need help! Reply-To: mfrd@attitudex.com X-Originating-Ip: [202.5.134.230] Message-Id: <20020605204542.AEE962756@sitemail.everyone.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It looks like either distributed port scanning via source port 25. Or maybe a stealth scan, which send spoofed syn packets along with the real sender's packet in order to confuse the victim that who actually scanned. Are you using any firewall? and proper mailing list for such an event is freebsd-security@freebsd.org Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk --- "Peter Brezny" wrote: >I think i'm experiencng some kind of DOS attack and I need some help >pinpointing the bad guys, and cutting them off/reporting them. > >I've attached a tcpdump that was captured during the latest initial attack. >They are coming at 10 minute intervals. > >The system under attack is 208.133.44.46 > >The error i'm getting in /var/log/messages: >Jun 5 10:05:51 rack /kernel: m_clalloc failed, consider increase >NMBCLUSTERS value >Jun 5 10:05:51 rack /kernel: xl0: no memory for rx list -- packet dropped! > >Any help is much appreciated. > >Peter Brezny >Skyrunner.net > > >09:56:44.778211 208.133.44.46.4181 > 64.90.1.81.25: . ack 1 win 33304 > (DF >) >09:56:44.778289 208.133.44.46.4204 > 216.248.13.163.25: S >583871681:583871681(0) win 65535 ,nop,nop,timestamp 119714228 0> (DF) >09:56:44.778363 208.133.44.46.4205 > 216.248.13.163.25: S >990811731:990811731(0) win 65535 ,nop,nop,timestamp 119714228 0> (DF) >09:56:44.778437 208.133.44.46.4179 > 208.44.30.252.25: . ack 1 win 33304 > (DF) >09:56:44.778509 208.133.44.46.4195 > 12.107.51.89.25: . ack 1 win 33304 > ( >DF) >09:56:44.778606 208.133.44.46.4135 > 209.130.32.60.25: P 51:80(29) ack 171 >win 33304 9191680> (DF) >09:56:44.778685 208.133.44.46.4206 > 209.149.145.242.25: S >4218318996:4218318996(0) win 65535 e 1,nop,nop,timestamp 119714228 0> (DF) >09:56:44.778767 208.133.44.46.4207 > 12.18.94.118.25: S >4233576849:4233576849(0) win 65535 ,nop,nop,timestamp 119714228 0> (DF) >09:56:44.778844 208.133.44.46.4208 > 66.7.159.141.25: S >2755991554:2755991554(0) win 65535 ,nop,nop,timestamp 119714228 0> (DF) >09:56:44.778931 208.133.44.46.53 > 208.133.44.2.53: 15111+ A? >lists.wnpt.net. (32) >09:56:44.779019 208.133.44.46.53 > 208.133.44.2.53: 29381+ A? >hammer.bw.vallnet.com. (39) >09:56:44.779303 216.141.198.6.25 > 208.133.44.46.4182: S >2677924182:2677924182(0) ack 3722697590 win 8760 60> (DF) >09:56:44.779412 208.133.44.46.4182 > 216.141.198.6.25: . ack 1 win 65535 >(DF) >09:56:44.780186 209.142.136.248.25 > 208.133.44.46.4173: R 1:1(0) ack 1 win >17520 (DF) >09:56:44.782070 216.183.105.175.25 > 208.133.44.46.4184: S >970622662:970622662(0) ack 611002520 win 5792 0,nop,nop,timestamp 814152703 119714222,nop,wscale 0> (DF) >09:56:44.782230 208.133.44.2.53 > 208.133.44.46.53: 39368 1/2/2 A >12.18.94.118 (131) >09:56:44.782304 208.133.44.46.4184 > 216.183.105.175.25: . ack 1 win 33304 >> (DF) >09:56:44.782681 24.165.200.11.25 > 208.133.44.46.4191: S >2693592169:2693592169(0) ack 2405761779 win 33304 op,timestamp 53982485 119714224,nop,wscale 1,mss 1460> (DF) >09:56:44.782759 208.133.44.46.4209 > 12.18.94.118.25: S >1124694907:1124694907(0) win 65535 ,nop,nop,timestamp 119714229 0> (DF) >09:56:44.782841 208.133.44.46.4191 > 24.165.200.11.25: . ack 1 win 33304 > ( >DF) >09:56:44.783407 208.133.44.2.53 > 208.133.44.46.53: 20554 1/2/2 A >63.85.209.13 (119) >09:56:44.783735 208.0.133.2.25 > 208.133.44.46.4156: P 94:226(132) ack 26 >win 8735 (DF) >09:56:44.783820 208.133.44.46.4210 > 63.85.209.13.25: S >2351909802:2351909802(0) win 65535 ,nop,nop,timestamp 119714229 0> (DF) >09:56:44.783973 208.133.44.46.4156 > 208.0.133.2.25: P 26:55(29) ack 226 win >65535 (DF) >09:56:44.784436 216.141.198.5.25 > 208.133.44.46.4189: S >3128014607:3128014607(0) ack 3231361719 win 8760 60> (DF) >09:56:44.784528 64.90.1.81.25 > 208.133.44.46.4192: S >1792359129:1792359129(0) ack 122564349 win 10136 imestamp 348692855 119714224,nop,wscale 0,mss 1460> (DF) >09:56:44.784592 208.133.44.46.4189 > 216.141.198.5.25: . ack 1 win 65535 >(DF) >09:56:44.784663 208.133.44.46.4192 > 64.90.1.81.25: . ack 1 win 33304 > (DF >) >09:56:44.785415 208.133.44.2.53 > 208.133.44.46.53: 10424* 1/3/4 >MX[|domain] >09:56:44.786007 208.133.44.46.53 > 208.133.44.2.53: 9865+ A? >mail.milanmirrorexchange.com. (46) >09:56:44.786890 208.133.44.2.53 > 208.133.44.46.53: 10699 1/3/4 A >63.238.52.32 (175) >09:56:44.787268 64.12.137.121.25 > 208.133.44.46.4141: P 383:391(8) ack 55 >win 33304 119714225> (DF) >09:56:44.787376 208.133.44.46.4211 > 63.238.52.89.25: S >822989022:822989022(0) win 65535 op,nop,timestamp 119714229 0> (DF) >09:56:44.787529 208.133.44.46.4141 > 64.12.137.121.25: P 55:83(28) ack 391 >win 33304 243325248> (DF) >09:56:44.787615 64.12.136.121.25 > 208.133.44.46.4134: . ack 8974 win 32768 >25> >09:56:44.787689 216.141.198.7.25 > 208.133.44.46.4183: S >2740973361:2740973361(0) ack 3477352929 win 8760 60> (DF) >09:56:44.787917 208.133.44.2.53 > 208.133.44.46.53: 32840 1/2/2 A >216.248.18.11 (116) >09:56:44.788420 208.133.44.46.4134 > 64.12.136.121.25: . 12642:13166(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.788914 208.133.44.46.4134 > 64.12.136.121.25: . 13166:13690(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.789469 208.133.44.46.4134 > 64.12.136.121.25: . 13690:14214(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.790024 208.133.44.46.4134 > 64.12.136.121.25: . 14214:14738(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.790577 208.133.44.46.4134 > 64.12.136.121.25: . 14738:15262(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.790706 208.133.44.46.4183 > 216.141.198.7.25: . ack 1 win 65535 >(DF) >09:56:44.790936 208.133.44.2.53 > 208.133.44.46.53: 65451 1/2/2 A >216.248.18.12 (116) >09:56:44.791024 208.44.30.252.25 > 208.133.44.46.4188: S >1467598258:1467598258(0) ack 1322705327 win 17520 460,nop,wscale 0,nop,nop,timestamp 0 0> (DF) >09:56:44.791266 208.133.44.2.53 > 208.133.44.46.53: 30931 1/5/5 A[|domain] >09:56:44.791527 208.133.44.46.4188 > 208.44.30.252.25: . ack 1 win 33304 > (DF) >09:56:44.792030 208.44.30.252.25 > 208.133.44.46.4190: S >2949454116:2949454116(0) ack 2714795533 win 17520 460,nop,wscale 0,nop,nop,timestamp 0 0> (DF) >09:56:44.792102 216.53.195.54.25 > 208.133.44.46.4200: S >414963656:414963656(0) ack 1200813988 win 24616 ,timestamp 248050614 119714226,nop,wscale 0,mss 1460> (DF) >09:56:44.792208 64.12.137.184.25 > 208.133.44.46.4144: . ack 26 win 33304 > > (DF) >09:56:44.792296 208.133.44.46.4190 > 208.44.30.252.25: . ack 1 win 33304 > (DF) >09:56:44.792399 208.133.44.46.4200 > 216.53.195.54.25: . ack 1 win 33304 > >(DF) >09:56:44.792540 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 >225> >09:56:44.792614 64.12.136.121.25 > 208.133.44.46.4134: . ack 10022 win 32768 >225> >09:56:44.793129 208.133.44.46.4134 > 64.12.136.121.25: . 15262:15786(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.793680 208.133.44.46.4134 > 64.12.136.121.25: . 15786:16310(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.794369 208.133.44.46.4134 > 64.12.136.121.25: . 16310:16834(524) >ack 455 win 33012 9714230 1156210109> (DF) >09:56:44.794513 208.133.44.46.53 > 208.133.44.2.53: 49539+ A? >mx2.mail.twtelecom.net. (40) >09:56:44.795064 64.12.137.184.25 > 208.133.44.46.4144: P 329:383(54) ack 26 >win 33304 1 119714225> (DF) >09:56:44.795225 208.133.44.2.53 > 208.133.44.46.53: 23829* 1/2/2 >MX[|domain] >09:56:44.795304 205.152.58.3.25 > 208.133.44.46.4158: . ack 55 win 10136 > >(DF) >09:56:44.795376 64.12.136.121.25 > 208.133.44.46.4134: . ack 12118 win 32768 >225> >09:56:44.795924 208.133.44.46.4134 > 64.12.136.121.25: . 16834:17358(524) >ack 455 win 33012 9714230 1156210110> (DF) >09:56:44.796419 208.133.44.46.4134 > 64.12.136.121.25: . 17358:17882(524) >ack 455 win 33012 9714230 1156210110> (DF) >09:56:44.796918 208.133.44.46.4134 > 64.12.136.121.25: . 17882:18406(524) >ack 455 win 33012 9714230 1156210110> (DF) >09:56:44.797408 208.133.44.46.4134 > 64.12.136.121.25: . 18406:18930(524) >ack 455 win 33012 9714230 1156210110> (DF) >09:56:44.797895 208.133.44.46.4134 > 64.12.136.121.25: . 18930:19454(524) >ack 455 win 33012 9714230 1156210110> (DF) >09:56:44.797994 208.133.44.46.4144 > 64.12.137.184.25: P 26:55(29) ack 383 >win 33304 187499961> (DF) >09:56:44.798158 208.133.44.46.53 > 208.133.44.2.53: 54617+ A? >lucy.multipro.com. (35) >09:56:44.798233 205.152.58.132.25 > 208.133.44.46.4152: . ack 55 win 10136 >> (DF) >09:56:44.798307 64.12.136.121.25 > 208.133.44.46.4134: . ack 10546 win 32768 >225> >09:56:44.798426 206.102.201.11.25 > 208.133.44.46.4199: S >31341815:31341815(0) ack 329832920 win 8760 >(DF) >09:56:44.798559 208.133.44.46.4199 > 206.102.201.11.25: . ack 1 win 65535 >(DF) >09:56:44.799241 208.133.44.3.53 > 208.133.44.46.53: 15267* 1/3/3 (191) >09:56:44.800389 208.133.44.3.53 > 208.133.44.46.53: 64791* 1/3/3 (194) >09:56:44.801324 208.133.44.46.4212 > 64.75.1.251.25: S >728130978:728130978(0) win 65535 p,nop,timestamp 119714231 0> (DF) >09:56:44.803151 209.130.32.61.25 > 208.133.44.46.4136: . ack 51 win 49152 > ( >DF) >09:56:44.803364 209.130.32.61.25 > 208.133.44.46.4136: P 82:173(91) ack 51 >win 49152 19714221> (DF) >09:56:44.803482 152.163.224.26.25 > 208.133.44.46.4143: P 329:383(54) ack 26 >win 32768 985 119714223> >09:56:44.803601 208.133.44.46.4136 > 209.130.32.61.25: P 51:80(29) ack 173 >win 33304 7067072> (DF) >09:56:44.803695 208.133.44.46.4143 > 152.163.224.26.25: P 26:55(29) ack 383 >win 33012 1 1156952985> (DF) >09:56:44.804003 12.153.11.240.25 > 208.133.44.46.4177: P 81:121(40) ack 26 >win 16535 119714228> (DF) >09:56:44.804192 208.133.44.46.4177 > 12.153.11.240.25: P 26:51(25) ack 121 >win 32832 41316743> (DF) >09:56:44.804430 63.93.245.3.25 > 208.133.44.46.4198: S >143862244:143862244(0) ack 3178198484 win 16352 >09:56:44.804611 208.133.44.46.4198 > 63.93.245.3.25: . ack 1 win 65535 (DF) >09:56:44.804743 208.27.252.10.25 > 208.133.44.46.4176: P 118:188(70) ack 26 >win 17495 119714228> (DF) >09:56:44.804851 205.152.58.1.25 > 208.133.44.46.4157: . ack 55 win 10136 > >(DF) >09:56:44.806461 149.48.46.26.25 > 208.133.44.46.4140: P 281:322(41) ack 92 >win 64296 119714227> (DF) >09:56:44.806696 208.133.44.46.4140 > 149.48.46.26.25: P 92:98(6) ack 322 win >32832 30419760> (DF) >09:56:44.807059 208.0.133.2.25 > 208.133.44.46.4175: P 1:94(93) ack 1 win >8760 (DF) >09:56:44.807192 203.176.60.186.25 > 208.133.44.46.4166: P 1:77(76) ack 1 win >24616 19714218> (DF) >09:56:44.807284 208.133.44.46.4175 > 208.0.133.2.25: P 1:26(25) ack 94 win >65535 (DF) >09:56:44.807413 208.133.44.46.4166 > 203.176.60.186.25: P 1:26(25) ack 77 >win 33304 396223055> (DF) >09:56:44.807622 208.45.133.107.25 > 208.133.44.46.4180: P 1:68(67) ack 1 win >5840 (DF) >09:56:44.807809 208.133.44.46.4180 > 208.45.133.107.25: P 1:26(25) ack 68 >win 65535 (DF) >09:56:44.808143 208.133.44.46.53 > 208.133.44.2.53: 4340+ ANY? >care-communications.com. (41) >09:56:44.809188 204.78.60.100.25 > 208.133.44.46.4150: P 101:131(30) ack 26 >win 17495 119714225> (DF) >09:56:44.809257 216.145.68.3.25 > 208.133.44.46.4174: S >809889280:809889280(0) ack 2587056518 win 17520 ,wscale 0,eol> (DF) >09:56:44.809360 207.69.235.6.25 > 208.133.44.46.4138: P 104:133(29) ack 26 >win 16535 30245 packets received by filter >4276 packets dropped by kernel > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 17: 1: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by hub.freebsd.org (Postfix) with ESMTP id 5DD8637B403 for ; Wed, 5 Jun 2002 17:01:04 -0700 (PDT) Received: from spark.techno.pagans (spark.techno.pagans [4.61.202.145]) by spork.pantherdragon.org (Postfix) with ESMTP id 111D2471DA; Wed, 5 Jun 2002 17:01:03 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by spark.techno.pagans (Postfix) with ESMTP id C3123FEBE; Wed, 5 Jun 2002 17:01:00 -0700 (PDT) Message-ID: <3CFEA63C.F2B42654@pantherdragon.org> Date: Wed, 05 Jun 2002 17:01:00 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mario Pranjic Cc: freebsd-security@FreeBSD.ORG Subject: Re: samba and ipfw References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mario Pranjic wrote: > # samba > add 660 allow tcp from any to me 138,139,445 setup keep-state > add 661 pass udp from any 139 to me 139 keep-state SMB uses tcp 139 to/from 1024-65535 and udp 137,138 to/from any. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 5 22:19:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from aklsmtp.advgroup.co.nz (mail.pec.co.nz [203.97.46.17]) by hub.freebsd.org (Postfix) with SMTP id 205DC37B401 for ; Wed, 5 Jun 2002 22:19:20 -0700 (PDT) Received: FROM aklexch1.akl.advgroup.co.nz BY aklsmtp.advgroup.co.nz ; Thu Jun 06 17:25:46 2002 +1200 Received: from SUPPORT_TEST ([172.25.60.204]) by aklexch1.akl.advgroup.co.nz with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id MJT0NPZG; Thu, 6 Jun 2002 17:29:56 +1200 From: "Patrick Brennan" To: freebsd-security@freebsd.org Date: Thu, 6 Jun 2002 17:19:28 +1200 MIME-Version: 1.0 Subject: MPD & MPPE LCP not converging Reply-To: patrickb@advantagegroup.co.nz Message-ID: <3CFF99A0.22805.16AA502@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello all, Has anyone had problems with MPD and MPPE (win2K clients - 128bit SP 2) before? I would appear that the CCP phase of the negotiation is not-converging and we are completely stumped as to why this is the case. I have not been able to find any similar problems in the newsgroups. I have tried various combinations of acccept/yes/enable to the same end. Also I have commented out the accept encryption line as this appeared to be for DES (with this line in, then the ECP layer would try to come up and of course fail). Here is my configuration: default: load pptp0 pptp0: new -i ng0 pptp0 pptp0 log +all set bundle disable multilink set bundle enable compression #set bundle accept encryption set bundle enable crypt-reqd set iface disable on-demand set iface enable proxy-arp set ipcp ranges 172.25.150.254/32 172.25.150.1/32 set ipcp dns 202.20.64.18 202.20.64.19 set ipcp nbns 172.25.1.1 172.25.1.2 set ipcp accept vjcomp set link accept acfcomp protocomp set link no pap chap set link enable chap set link keep-alive 10 60 set ccp accept mppc set ccp accept mpp-compress set ccp accept mpp-e40 set ccp accept mpp-e128 set ccp accept mpp-stateless Here is an extract from the MPD log file: May 27 18:00:00 elmo newsyslog[93828]: logfile turned over May 28 11:08:34 elmo mpd: mpd: PPTP connection from 172.25.0.253:1028 May 28 11:08:34 elmo mpd: pptp0: attached to connection with 172.25.0.253:1028 May 28 11:08:34 elmo mpd: [pptp0] IFACE: Open event May 28 11:08:34 elmo mpd: [pptp0] IPCP: Open event May 28 11:08:34 elmo mpd: [pptp0] IPCP: state change Initial --> Starting May 28 11:08:34 elmo mpd: [pptp0] IPCP: LayerStart May 28 11:08:34 elmo mpd: [pptp0] IPCP: Open event May 28 11:08:34 elmo mpd: [pptp0] bundle: OPEN event in state CLOSED May 28 11:08:34 elmo mpd: [pptp0] opening link "pptp0"... May 28 11:08:34 elmo mpd: [pptp0] link: OPEN event May 28 11:08:34 elmo mpd: [pptp0] LCP: Open event May 28 11:08:34 elmo mpd: [pptp0] LCP: state change Initial --> Starting May 28 11:08:34 elmo mpd: [pptp0] LCP: LayerStart May 28 11:08:34 elmo mpd: [pptp0] device: OPEN event in state DOWN May 28 11:08:34 elmo mpd: [pptp0] attaching to peer's outgoing call May 28 11:08:34 elmo mpd: [pptp0] device is now in state OPENING May 28 11:08:34 elmo mpd: [pptp0] device: UP event in state OPENING May 28 11:08:34 elmo mpd: [pptp0] device is now in state UP May 28 11:08:34 elmo mpd: [pptp0] link: UP event May 28 11:08:34 elmo mpd: [pptp0] link: origination is remote May 28 11:08:34 elmo mpd: [pptp0] LCP: Up event May 28 11:08:34 elmo mpd: [pptp0] LCP: state change Starting --> Req-Sent May 28 11:08:34 elmo mpd: [pptp0] LCP: phase shift DEAD --> ESTABLISH May 28 11:08:34 elmo mpd: [pptp0] LCP: SendConfigReq #11 May 28 11:08:34 elmo mpd: ACFCOMP May 28 11:08:34 elmo mpd: PROTOCOMP May 28 11:08:34 elmo mpd: MRU 1500 May 28 11:08:34 elmo mpd: MAGICNUM 29b18f16 May 28 11:08:34 elmo mpd: AUTHPROTO CHAP MSOFTv2 May 28 11:08:35 elmo mpd: pptp0-0: ignoring SetLinkInfo May 28 11:08:35 elmo mpd: [pptp0] LCP: rec'd Configure Request #0 link 0 (Req-Sent) May 28 11:08:35 elmo mpd: MAGICNUM 10e451b7 May 28 11:08:35 elmo mpd: PROTOCOMP May 28 11:08:35 elmo mpd: ACFCOMP May 28 11:08:35 elmo mpd: CALLBACK May 28 11:08:35 elmo mpd: Not supported May 28 11:08:35 elmo mpd: MP MRRU 1614 May 28 11:08:35 elmo mpd: ENDPOINTDISC [LOCAL] f8 07 e5 8a f0 63 45 41 8d 92 9f 8d d5 75 5d 4d 00 00 00 01 May 28 11:08:35 elmo mpd: [pptp0] LCP: SendConfigRej #0 May 28 11:08:35 elmo mpd: CALLBACK May 28 11:08:35 elmo mpd: MP MRRU 1614 May 28 11:08:35 elmo mpd: [pptp0] LCP: rec'd Configure Request #1 link 0 (Req-Sent) May 28 11:08:35 elmo mpd: MAGICNUM 10e451b7 May 28 11:08:35 elmo mpd: PROTOCOMP May 28 11:08:35 elmo mpd: ACFCOMP May 28 11:08:35 elmo mpd: ENDPOINTDISC [LOCAL] f8 07 e5 8a f0 63 45 41 8d 92 9f 8d d5 75 5d 4d 00 00 00 01 May 28 11:08:35 elmo mpd: [pptp0] LCP: SendConfigAck #1 May 28 11:08:35 elmo mpd: MAGICNUM 10e451b7 May 28 11:08:35 elmo mpd: PROTOCOMP May 28 11:08:35 elmo mpd: ACFCOMP May 28 11:08:35 elmo mpd: ENDPOINTDISC [LOCAL] f8 07 e5 8a f0 63 45 41 8d 92 9f 8d d5 75 5d 4d 00 00 00 01 May 28 11:08:35 elmo mpd: [pptp0] LCP: state change Req-Sent --> Ack-Sent May 28 11:08:36 elmo mpd: [pptp0] LCP: SendConfigReq #12 May 28 11:08:36 elmo mpd: ACFCOMP May 28 11:08:36 elmo mpd: PROTOCOMP May 28 11:08:36 elmo mpd: MRU 1500 May 28 11:08:36 elmo mpd: MAGICNUM 29b18f16 May 28 11:08:36 elmo mpd: AUTHPROTO CHAP MSOFTv2 May 28 11:08:37 elmo mpd: pptp0-0: ignoring SetLinkInfo May 28 11:08:37 elmo mpd: [pptp0] LCP: rec'd Configure Ack #12 link 0 (Ack-Sent) May 28 11:08:37 elmo mpd: ACFCOMP May 28 11:08:37 elmo mpd: PROTOCOMP May 28 11:08:37 elmo mpd: MRU 1500 May 28 11:08:37 elmo mpd: MAGICNUM 29b18f16 May 28 11:08:37 elmo mpd: AUTHPROTO CHAP MSOFTv2 May 28 11:08:37 elmo mpd: [pptp0] LCP: state change Ack-Sent --> Opened May 28 11:08:37 elmo mpd: [pptp0] LCP: phase shift ESTABLISH --> AUTHENTICATE May 28 11:08:37 elmo mpd: [pptp0] LCP: auth: peer wants nothing, I want CHAP May 28 11:08:37 elmo mpd: [pptp0] CHAP: sending CHALLENGE May 28 11:08:37 elmo mpd: [pptp0] LCP: LayerUp May 28 11:08:37 elmo mpd: [pptp0] LCP: rec'd Ident #2 link 0 (Opened) May 28 11:08:37 elmo mpd: MESG: MSRASV5.00 May 28 11:08:37 elmo mpd: [pptp0] LCP: rec'd Ident #3 link 0 (Opened) May 28 11:08:37 elmo mpd: MESG: MSRAS-1-BRETTK May 28 11:08:37 elmo mpd: [pptp0] CHAP: rec'd RESPONSE #1 May 28 11:08:37 elmo mpd: Name: "ch1" May 28 11:08:37 elmo mpd: Peer name: "ch1" May 28 11:08:37 elmo mpd: Response is valid May 28 11:08:37 elmo mpd: [pptp0] CHAP: sending SUCCESS May 28 11:08:37 elmo mpd: [pptp0] LCP: authorization successful May 28 11:08:37 elmo mpd: [pptp0] LCP: phase shift AUTHENTICATE --> NETWORK May 28 11:08:37 elmo mpd: [pptp0] up: 1 link, total bandwidth 64000 bps May 28 11:08:37 elmo mpd: [pptp0] IPCP: Up event May 28 11:08:37 elmo mpd: [pptp0] IPCP: state change Starting --> Req-Sent May 28 11:08:37 elmo mpd: [pptp0] IPCP: SendConfigReq #3 May 28 11:08:37 elmo mpd: IPADDR 172.25.150.254 May 28 11:08:37 elmo mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid May 28 11:08:37 elmo mpd: [pptp0] rec'd unexpected protocol CCP on link 0, rejecting May 28 11:08:37 elmo mpd: [pptp0] IPCP: rec'd Configure Request #5 link 0 (Req-Sent) May 28 11:08:37 elmo mpd: IPADDR 0.0.0.0 May 28 11:08:37 elmo mpd: NAKing with 172.25.150.1 May 28 11:08:37 elmo mpd: PRIDNS 0.0.0.0 May 28 11:08:37 elmo mpd: NAKing with 202.20.64.18 May 28 11:08:37 elmo mpd: PRINBNS 0.0.0.0 May 28 11:08:37 elmo mpd: NAKing with 172.25.1.1 May 28 11:08:37 elmo mpd: SECDNS 0.0.0.0 May 28 11:08:37 elmo mpd: NAKing with 202.20.64.19 May 28 11:08:37 elmo mpd: SECNBNS 0.0.0.0 May 28 11:08:37 elmo mpd: NAKing with 172.25.1.2 May 28 11:08:37 elmo mpd: [pptp0] IPCP: SendConfigNak #5 May 28 11:08:37 elmo mpd: IPADDR 172.25.150.1 May 28 11:08:37 elmo mpd: PRIDNS 202.20.64.18 May 28 11:08:37 elmo mpd: PRINBNS 172.25.1.1 May 28 11:08:37 elmo mpd: SECDNS 202.20.64.19 May 28 11:08:37 elmo mpd: SECNBNS 172.25.1.2 May 28 11:08:37 elmo mpd: [pptp0] IPCP: rec'd Configure Reject #3 link 0 (Req-Sent) May 28 11:08:37 elmo mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid May 28 11:08:37 elmo mpd: [pptp0] IPCP: SendConfigReq #4 May 28 11:08:37 elmo mpd: IPADDR 172.25.150.254 May 28 11:08:38 elmo mpd: [pptp0] IPCP: rec'd Configure Request #6 link 0 (Req-Sent) May 28 11:08:38 elmo mpd: IPADDR 172.25.150.1 May 28 11:08:38 elmo mpd: 172.25.150.1 is OK May 28 11:08:38 elmo mpd: PRIDNS 202.20.64.18 May 28 11:08:38 elmo mpd: PRINBNS 172.25.1.1 May 28 11:08:38 elmo mpd: SECDNS 202.20.64.19 May 28 11:08:38 elmo mpd: SECNBNS 172.25.1.2 May 28 11:08:38 elmo mpd: [pptp0] IPCP: SendConfigAck #6 May 28 11:08:38 elmo mpd: IPADDR 172.25.150.1 May 28 11:08:38 elmo mpd: PRIDNS 202.20.64.18 May 28 11:08:38 elmo mpd: PRINBNS 172.25.1.1 May 28 11:08:38 elmo mpd: SECDNS 202.20.64.19 May 28 11:08:38 elmo mpd: SECNBNS 172.25.1.2 May 28 11:08:38 elmo mpd: [pptp0] IPCP: state change Req-Sent --> Ack-Sent May 28 11:08:38 elmo mpd: [pptp0] IPCP: rec'd Configure Ack #4 link 0 (Ack-Sent) May 28 11:08:38 elmo mpd: IPADDR 172.25.150.254 May 28 11:08:38 elmo mpd: [pptp0] IPCP: state change Ack-Sent --> Opened May 28 11:08:38 elmo mpd: [pptp0] IPCP: LayerUp May 28 11:08:38 elmo mpd: 172.25.150.254 -> 172.25.150.1 May 28 11:08:38 elmo mpd: [pptp0] IFACE: Up event May 28 11:08:38 elmo mpd: [pptp0] exec: /sbin/ifconfig ng0 172.25.150.254 172.25.150.1 netmask 0xffffffff -link0 May 28 11:08:38 elmo mpd: [pptp0] exec: /usr/sbin/arp -s 172.25.150.1 0:90:27:98:a4:fd pub May 28 11:08:38 elmo mpd: [pptp0] IFACE: Up event May 28 12:33:12 elmo mpd: [pptp0] LCP: no reply to 1 echo request(s) May 28 12:33:22 elmo mpd: [pptp0] LCP: no reply to 2 echo request(s) May 28 12:33:32 elmo mpd: [pptp0] LCP: no reply to 3 echo request(s) May 28 12:33:42 elmo mpd: [pptp0] LCP: no reply to 4 echo request(s) May 28 12:33:52 elmo mpd: [pptp0] LCP: no reply to 5 echo request(s) May 28 12:33:52 elmo mpd: [pptp0] LCP: peer not responding to echo requests May 28 12:33:52 elmo mpd: [pptp0] LCP: LayerFinish May 28 12:33:52 elmo mpd: [pptp0] LCP: LayerStart May 28 12:33:52 elmo mpd: [pptp0] LCP: state change Opened --> Starting May 28 12:33:52 elmo mpd: [pptp0] LCP: phase shift NETWORK --> DEAD May 28 12:33:52 elmo mpd: [pptp0] up: 0 links, total bandwidth 9600 bps May 28 12:33:52 elmo mpd: [pptp0] IPCP: Down event May 28 12:33:52 elmo mpd: [pptp0] IPCP: state change Opened --> Starting May 28 12:33:52 elmo mpd: [pptp0] IPCP: LayerDown May 28 12:33:52 elmo mpd: [pptp0] IFACE: Down event May 28 12:33:52 elmo mpd: [pptp0] exec: /usr/sbin/arp -d 172.25.150.1 May 28 12:33:52 elmo mpd: [pptp0] exec: /sbin/ifconfig ng0 down delete -link0 May 28 12:33:52 elmo mpd: [pptp0] LCP: LayerDown May 28 12:33:52 elmo mpd: [pptp0] device: CLOSE event in state UP May 28 12:33:52 elmo mpd: pptp0-0: clearing call May 28 12:33:52 elmo mpd: pptp0-0: killing channel May 28 12:33:52 elmo mpd: [pptp0] PPTP call terminated May 28 12:33:52 elmo mpd: [pptp0] IFACE: Close event May 28 12:33:52 elmo mpd: [pptp0] IPCP: Close event May 28 12:33:52 elmo mpd: [pptp0] IPCP: state change Starting --> Initial May 28 12:33:52 elmo mpd: [pptp0] IPCP: LayerFinish May 28 12:33:52 elmo mpd: [pptp0] IFACE: Close event May 28 12:33:52 elmo mpd: pptp0: closing connection with 172.25.0.253:1028 May 28 12:33:52 elmo mpd: [pptp0] IFACE: Close event May 28 12:33:52 elmo mpd: [pptp0] device is now in state CLOSING May 28 12:33:52 elmo mpd: [pptp0] bundle: CLOSE event in state OPENED May 28 12:33:52 elmo mpd: [pptp0] closing link "pptp0"... May 28 12:33:52 elmo mpd: [pptp0] device: OPEN event in state CLOSING May 28 12:33:52 elmo mpd: [pptp0] device is now in state CLOSING May 28 12:33:52 elmo mpd: [pptp0] link: CLOSE event May 28 12:33:52 elmo mpd: [pptp0] LCP: Close event May 28 12:33:52 elmo mpd: [pptp0] LCP: state change Starting --> Initial May 28 12:33:52 elmo mpd: [pptp0] LCP: LayerFinish May 28 12:33:52 elmo mpd: [pptp0] device: DOWN event in state CLOSING May 28 12:33:52 elmo mpd: [pptp0] device is now in state DOWN May 28 12:33:52 elmo mpd: [pptp0] link: DOWN event May 28 12:33:52 elmo mpd: [pptp0] LCP: Down event May 28 12:33:52 elmo mpd: [pptp0] device: DOWN event in state DOWN May 28 12:33:52 elmo mpd: [pptp0] device is now in state DOWN May 28 12:33:52 elmo mpd: [pptp0] link: DOWN event May 28 12:33:52 elmo mpd: [pptp0] LCP: Down event May 28 12:33:52 elmo mpd: [pptp0] device: CLOSE event in state DOWN May 28 12:33:52 elmo mpd: [pptp0] device is now in state DOWN May 28 12:33:52 elmo mpd: [pptp0] device: OPEN event in state DOWN May 28 12:33:52 elmo mpd: [pptp0] pausing 9 seconds before open May 28 12:33:52 elmo mpd: [pptp0] device is now in state DOWN May 28 12:33:52 elmo mpd: [pptp0] device: OPEN event in state DOWN May 28 12:33:52 elmo mpd: [pptp0] device is now in state DOWN May 28 12:33:55 elmo mpd: pptp0: no reply to StopCtrlConnRequest after 3 sec May 28 12:33:55 elmo mpd: pptp0: killing connection with 172.25.0.253:1028 May 28 12:34:01 elmo mpd: [pptp0] device: OPEN event in state DOWN May 28 12:34:01 elmo mpd: [pptp0] pptp originate option is not enabled May 28 12:34:01 elmo mpd: [pptp0] device is now in state OPENING May 28 12:34:01 elmo mpd: [pptp0] device: DOWN event in state OPENING May 28 12:34:01 elmo mpd: [pptp0] device is now in state DOWN May 28 12:34:01 elmo mpd: [pptp0] link: DOWN event May 28 12:34:01 elmo mpd: [pptp0] LCP: Down event Thanks Patrick Brennan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 1:32:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from nippur.irb.hr (nippur.irb.hr [161.53.128.127]) by hub.freebsd.org (Postfix) with ESMTP id 4F60137B401 for ; Thu, 6 Jun 2002 01:32:38 -0700 (PDT) Received: from localhost (keeper@localhost) by nippur.irb.hr (8.9.3/8.9.3) with ESMTP id KAA06241; Thu, 6 Jun 2002 10:32:32 +0200 (MET DST) Date: Thu, 6 Jun 2002 10:32:32 +0200 (MET DST) From: Mario Pranjic To: Cc: Subject: Re: samba and ipfw In-Reply-To: <20020605122357.D10653@cowbert.2y.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 5 Jun 2002, Peter C. Lai wrote: > Date: Wed, 5 Jun 2002 12:23:57 -0400 > From: Peter C. Lai > Reply-To: peter.lai@uconn.edu > To: Mario Pranjic > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: samba and ipfw > > you forgot UDP 137 > /etc/services shows: > netbios-ns 137/tcp #NETBIOS Name Service > netbios-ns 137/udp #NETBIOS Name Service > netbios-dgm 138/tcp #NETBIOS Datagram Service > netbios-dgm 138/udp #NETBIOS Datagram Service > netbios-ssn 139/tcp #NETBIOS Session Service > netbios-ssn 139/udp #NETBIOS Session Service > > You really don't need 445 either, unless you are > routing Active Directory associated traffic. > > The network neighborhood functionality is a function > of nmbd, or NETBIOS Name Service, hence you can't access > machines by name if you block 137. I've modified my rules: 00660 allow tcp from any to me 137,138,139,445 keep-state setup 00661 allow udp from any 139 to me 139 keep-state 00662 allow udp from any to me 137 I added port 137 (tcp and udp) Still, I can't access machine from windows box. On FreeBSD there is no problem: mount_smbfs -I servername //user@smbserver/share /mntpoint Master browser is one linux box and it cannot see my samba server under firewall. Maybe I've made some othe mistake? Of course, I can access machine by name via http, ssh, ftp... Anybody knowns what I did wrong? Thanks! Mario Pranjic, dipl.ing. sistem administrator Knjiznica, Institut Rudjer Boskovic ------------------------------------- e-mail: mario.pranjic@irb.hr ICQ: 72059629 tel: +385 1 45 60 954 (interni: 1293) ------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 5:27:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from vinyl2.sentex.ca (vinyl2.sentex.ca [199.212.134.13]) by hub.freebsd.org (Postfix) with ESMTP id F0DAA37B401 for ; Thu, 6 Jun 2002 05:27:27 -0700 (PDT) Received: from house.sentex.net (cage.simianscience.com [64.7.134.1]) (authenticated bits=0) by vinyl2.sentex.ca (8.12.3/8.12.2) with ESMTP id g56CRJdd018147 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Thu, 6 Jun 2002 08:27:21 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020606082232.076034e0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 06 Jun 2002 08:25:22 -0400 To: patrickb@advantagegroup.co.nz From: Mike Tancsa Subject: Re: MPD & MPPE LCP not converging Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <3CFF99A0.22805.16AA502@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 05:19 PM 6/6/2002 +1200, Patrick Brennan wrote: >Hello all, > >Has anyone had problems with MPD and MPPE (win2K clients - >128bit SP 2) before? I would appear that the CCP phase of the I have found that to disable software compression on client workstation often helps. Also, make sure the clients PPTP software really works. e.g. make them connect to another win2k box. I have found in some cases, windows has a habit of messing up the correct versions of DLLs and you end up with a box that cannot connect. Also, there are certain revs of Win98 that just will NOT connect ever without appropriate fixes from MS. Good luck, this seems like such a fragile way to network.... Thank you MS :-( ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 8:11: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from arthur.intraceptives.com.au (arthur.intraceptives.com.au [203.22.72.70]) by hub.freebsd.org (Postfix) with SMTP id 8ABE637B409 for ; Thu, 6 Jun 2002 08:10:56 -0700 (PDT) Received: (qmail 99978 invoked by uid 20006); 6 Jun 2002 15:10:55 -0000 Received: from wwlists@intraceptives.com.au by arthur.intraceptives.com.au by uid 20003 with qmail-scanner-1.12 (uvscan: v4.1.40/v4206. spamassassin: 2.20. . Clear:. Processed in 0.350165 secs); 06 Jun 2002 15:10:55 -0000 Received: from wks-pc1.intraceptives.com.au (HELO athelon.intraceptives.com.au) (203.22.72.32) by arthur.intraceptives.com.au with SMTP; 6 Jun 2002 15:10:54 -0000 Message-Id: <5.1.0.14.2.20020607010653.061a9690@arthur.intraceptives.com.au> X-Sender: wwlists@arthur.intraceptives.com.au X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 07 Jun 2002 01:11:46 +1000 To: freebsd-security@FreeBSD.ORG From: Warren Welch Subject: IPSec (IKE negotiation) on alias interface. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I've got a problem where I'm trying to get Racoon to do IKE negotiation on an external interface with an alias IP address. Unfortunately, it seems that for whatever reason, if Racoon (20020507a) initiates the negotiation, (always the case in this environment), something causes it to always assume the source IP address of the primary address on the interface. Any ideas? Thanks in advance, Warren wwelch@intracpetives.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 12:25:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id 0B88937B407 for ; Thu, 6 Jun 2002 12:25:43 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020606192542.MLRP1024.sccrmhc01.attbi.com@blossom.cjclark.org>; Thu, 6 Jun 2002 19:25:42 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g56JPec93572; Thu, 6 Jun 2002 12:25:40 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 6 Jun 2002 12:25:40 -0700 From: "Crist J. Clark" To: Gerhard Sittig Cc: freebsd-security@FreeBSD.org Subject: Re: samba and ipfw Message-ID: <20020606122540.B93321@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <20020605195953.V1494@shell.gsinet.sittig.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020605195953.V1494@shell.gsinet.sittig.org>; from Gerhard.Sittig@gmx.net on Wed, Jun 05, 2002 at 07:59:53PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 05, 2002 at 07:59:53PM +0200, Gerhard Sittig wrote: > On Wed, Jun 05, 2002 at 12:50 +0200, Mario Pranjic wrote: > > > > I have rules for smb like this: > > # samba > > add 660 allow tcp from any to me 138,139,445 setup keep-state > > add 661 pass udp from any 139 to me 139 keep-state > ^^^ ^^^ > > This is a typo, isn't it? netbios-ns uses 137/udp. And it > mostly is run in broadcast mode, so I don't know how the "me" > keywords disturbes (is too strict). 'me' does not match broadcast addresses. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 12:27:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id A2C7937B403 for ; Thu, 6 Jun 2002 12:27:43 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020606192743.MOEC1024.sccrmhc01.attbi.com@blossom.cjclark.org>; Thu, 6 Jun 2002 19:27:43 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g56JRgG93589; Thu, 6 Jun 2002 12:27:42 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 6 Jun 2002 12:27:41 -0700 From: "Crist J. Clark" To: Andreas Pinkert Cc: Alec Kloss , freebsd-security@FreeBSD.ORG Subject: Re: IPSec: FreeBSD / Win2k Message-ID: <20020606122741.C93321@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <1816023992.20020605185305@gmx.net> <20020605120747.B96493@hamlet.d2si.com> <507762241.20020605192203@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <507762241.20020605192203@gmx.net>; from the_supernova@gmx.net on Wed, Jun 05, 2002 at 07:22:03PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 05, 2002 at 07:22:03PM +0200, Andreas Pinkert wrote: > AK> I've found racoon-20020426a tends to crash when run in the foreground; > AK> in the background it seems to work fine. > > It crashes also in the background. Get a core file. It can be debugged like any other userland app. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 12:41:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by hub.freebsd.org (Postfix) with SMTP id 0120137B401 for ; Thu, 6 Jun 2002 12:41:36 -0700 (PDT) Received: (qmail 11944 invoked by uid 0); 6 Jun 2002 19:41:35 -0000 Received: from i-zr05.fem.tu-ilmenau.de (HELO supernova) (141.24.45.170) by mail.gmx.net (mp016-rz3) with SMTP; 6 Jun 2002 19:41:35 -0000 Date: Thu, 6 Jun 2002 21:42:01 +0200 From: Andreas Pinkert X-Mailer: The Bat! (v1.53d) Reply-To: Andreas Pinkert Organization: - X-Priority: 3 (Normal) Message-ID: <412984211.20020606214201@gmx.net> To: "Crist J. Clark" Cc: "Crist J. Clark" , Alec Kloss , freebsd-security@FreeBSD.ORG Subject: Re[2]: IPSec: FreeBSD / Win2k In-Reply-To: <20020606122741.C93321@blossom.cjclark.org> References: <1816023992.20020605185305@gmx.net> <20020605120747.B96493@hamlet.d2si.com> <507762241.20020605192203@gmx.net> <20020606122741.C93321@blossom.cjclark.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >> It crashes also in the background. CJC> Get a core file. It can be debugged like any other userland app. I have never done anything like that. And I have no idea how i could do it. Can I send the file to you? regards, Andreas Pinkert. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 14:37:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id D132F37B400 for ; Thu, 6 Jun 2002 14:37:14 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020606213713.STHM1024.sccrmhc01.attbi.com@blossom.cjclark.org>; Thu, 6 Jun 2002 21:37:13 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g56LbCK94070; Thu, 6 Jun 2002 14:37:12 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Thu, 6 Jun 2002 14:37:12 -0700 From: "Crist J. Clark" To: Andreas Pinkert Cc: Alec Kloss , freebsd-security@FreeBSD.ORG Subject: Re: IPSec: FreeBSD / Win2k Message-ID: <20020606143712.F93321@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <1816023992.20020605185305@gmx.net> <20020605120747.B96493@hamlet.d2si.com> <507762241.20020605192203@gmx.net> <20020606122741.C93321@blossom.cjclark.org> <412984211.20020606214201@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <412984211.20020606214201@gmx.net>; from the_supernova@gmx.net on Thu, Jun 06, 2002 at 09:42:01PM +0200 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jun 06, 2002 at 09:42:01PM +0200, Andreas Pinkert wrote: > >> It crashes also in the background. > CJC> Get a core file. It can be debugged like any other userland app. > > I have never done anything like that. > And I have no idea how i could do it. Is it not dumping core when it crashes presently? Don't you see anything in your logs about racoon crashing or quitting? > Can I send the file to you? I've never looked at the racoon internals. You are better off trying to contact racoon developers. But be careful who you give it to, a core dump would contain your keying material in plaintext. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 14:56:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from prima.connect1.ca (prima.connect1.ca [216.138.233.232]) by hub.freebsd.org (Postfix) with ESMTP id 2183137B401 for ; Thu, 6 Jun 2002 14:56:34 -0700 (PDT) Received: from connect1.ca (localhost.connect1.ca [127.0.0.1]) by prima.connect1.ca (Postfix) with SMTP id A5DD864C01; Thu, 6 Jun 2002 17:54:51 -0400 (EDT) Received: from 216.254.135.133 (SquirrelMail authenticated user franka) by www.connect1.ca with HTTP; Thu, 6 Jun 2002 17:54:51 -0400 (EDT) Message-ID: <37649.216.254.135.133.1023400491.squirrel@www.connect1.ca> Date: Thu, 6 Jun 2002 17:54:51 -0400 (EDT) Subject: Re: Subnet Security From: "BSD Security" To: In-Reply-To: <3CFA5A6C.000009.72128@ns.interchange.ca> References: <3CFA5A6C.000009.72128@ns.interchange.ca> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: Reply-To: bsdsecurity@connect1.ca X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org First off, The way you want to do your routing is not a good idea. Routing works by the most specific route, in this case you have two networks on two interfaces that share the same IP space by overlapping at some point. you overlap at 192.168.79.112-127. That is on xl0. Yet you are saying at the same time that the network 192.168.79.0-255 is on fxp1. This is poor networking and should not be implemented. First off, if someone tries to send trafic to 192.168.79.112, you will not get a responce because that is the network boundary address for your network on xl0. Like I said before the more specific route always takes precedence. so if you setup a machine on the fxp1 network with the IP 192.168.79.112, then you will get a resonse only from within that network because it is a local broadcast, but if you are outside that fxp1 network and you want to access the 79.112 machine that is sitting in the fxp1 interface, it won't happen. You should reconfigure your network layout before you start doing anything else. What you should do is get an idea of how many IP's you need on the secure and the non secure segment. Then make sure you subnet at the proper boundaries. I am not sure if they way you set this up will work on the freebsd machine, but if you did this in a router and you were routing these blocks this way you screw a lot of things up in terms of proper access. It is not how you do things. For your case, you may be lucky and get it to work, but they way you are doing it is not the right way to network. That is just as bad as assigning the same IP address to two machines on the same network. Michael Richards said: > I've got a firewall and need to set up a subnet so the servers on it > have a much more restrictive ruleset than the other subnet. I'm not > 100% sure how to do it but here is the info. > > firewall: > outside > fxp0 -> 192.168.72.31 netmask 0xffffffc0 gw 192.168.72.1 > fxp1 -> 192.168.79.1 netmask 0xffffff00 > xl0 -> 192.168.79.120 netmask 0xfffffff0 > > secure webserver: > fxp0 -> 192.168.79.112 netmask ??? gw ??? > We own a /24 block of IPs represented here as 192.168.79/24. For > historical reasons the secure subnet I'm trying to set up here is > stuck in the middle of the range. > > The machines are all plugged into the same switch as well as the > firewall's fxp1 and xl0. xl0 is to be the secure one and it's set up > as a vlan. The ports for the secure servers will be tagged as the same > vlan as xl0 is plugged into. > > Here is what I'm wondering: > a) Is this scheme possible with the netmasks I've defined? It would > seem that 192.168.79.1 overlaps 192.168.79.120 in terms of netmasks. > Does FreeBSD simply use the interface with the most restrictive > netmask? > b) what netmask and gw should I be using for the secure webserver? c) > will routing figure this out automagically or would it need to be > statically defined? If so how? > > thanks > > -Michael > _________________________________________________________________ > http://fastmail.ca/ - Fast Secure Web Email for Canadians To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 15:44:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mg.hk5.outblaze.com (202-77-181-23.outblaze.com [202.77.181.23]) by hub.freebsd.org (Postfix) with ESMTP id 15DA237B401 for ; Thu, 6 Jun 2002 15:44:43 -0700 (PDT) Received: from ws1.hk3.outblaze.com (202-77-181-49.outblaze.com [202.77.181.49]) by mg.hk5.outblaze.com (8.11.2/8.11.2) with SMTP id g56Mig516228 for ; Thu, 6 Jun 2002 22:44:42 GMT Received: (qmail 3928 invoked by uid 1001); 6 Jun 2002 22:44:41 -0000 Message-ID: <20020606224441.3927.qmail@kichimail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 4.104 (Entity 4.117) Received: from [24.164.17.2] by ws1.hk3.outblaze.com with http for gregcampbelle@kichimail.com; Fri, 07 Jun 2002 06:44:41 +0800 From: "Greg Campbelle" To: InternetUsers@a.com Date: Fri, 07 Jun 2002 06:44:41 +0800 Subject: What is your daughter or husbund REALLY doing online? version=rdk460 X-Originating-Ip: 24.164.17.2 X-Originating-Server: ws1.hk3.outblaze.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Want to know what your daughter or husbund is really doing online? Catch A Sneak spy software secretly records every key pressed on your computer, and also saves a screenshot every minute when mouse activity is detected. Catch A Sneak is completely invisible, even when control-alt-delete is pressed. It is extremely easy to install and use. Free Trial available. For more information visit: http://geocities.com/catchasneak . version=rdk460 -- _______________________________________________ Get your free email from http://www.kichimail.com Powered by Outblaze To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 15:46:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 7DC5237B403; Thu, 6 Jun 2002 15:45:53 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id M2L7DMRN; Fri, 7 Jun 2002 01:47:50 +0300 Received: (from max@localhost) by vega.vega.com (8.11.6/8.11.3) id g56Mjq319565; Fri, 7 Jun 2002 01:45:52 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) From: Maxim Sobolev Message-Id: <200206062245.g56Mjq319565@vega.vega.com> Subject: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs To: security@FreeBSD.org Date: Fri, 7 Jun 2002 01:45:52 +0300 (EEST) Cc: current@FreeBSD.org X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've just noticed that something wrong with the new tar in the base system (1.13.25) - when extracting some archives it creates 777 dirs, while permissions in the archive itself are OK (for example GNU make make-3.79.1.tar.gz - top level dir gets 777 as well as several other lowel level dirs). The issue is under investigation. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 17: 6: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 79DF737B405; Thu, 6 Jun 2002 17:05:53 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id M2L7DMS5; Fri, 7 Jun 2002 03:07:50 +0300 Received: (from max@localhost) by vega.vega.com (8.11.6/8.11.3) id g5705qA19868; Fri, 7 Jun 2002 03:05:52 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) From: Maxim Sobolev Message-Id: <200206070005.g5705qA19868@vega.vega.com> Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs To: sobomax@FreeBSD.org (Maxim Sobolev) Date: Fri, 7 Jun 2002 03:05:51 +0300 (EEST) Cc: security@FreeBSD.org, current@FreeBSD.org In-Reply-To: from "Maxim Sobolev" at Jun 07, 2002 01:45:52 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Hi, > > I've just noticed that something wrong with the new tar in the base > system (1.13.25) - when extracting some archives it creates 777 dirs, > while permissions in the archive itself are OK (for example GNU make > make-3.79.1.tar.gz - top level dir gets 777 as well as several > other lowel level dirs). The issue is under investigation. Should be solved now. Stupid GNU folks for some reason decided that when tar is executed as uid 0 then by default umask(2) should not be applied to files and dirs being extracted. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 17:15: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from 12-234-22-238.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by hub.freebsd.org (Postfix) with ESMTP id 762F337B40D for ; Thu, 6 Jun 2002 17:15:01 -0700 (PDT) Received: from master.gorean.org (master.gorean.org [10.0.0.2]) by 12-234-22-238.client.attbi.com (8.12.3/8.12.3) with ESMTP id g570EvXN048223; Thu, 6 Jun 2002 17:14:57 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (doug@localhost) by master.gorean.org (8.12.3/8.12.3/Submit) with ESMTP id g570EuJK005559; Thu, 6 Jun 2002 17:14:57 -0700 (PDT) Date: Thu, 6 Jun 2002 17:14:56 -0700 (PDT) From: Doug Barton To: Patrick Brennan Cc: freebsd-security@FreeBSD.org Subject: Re: MPD & MPPE LCP not converging In-Reply-To: <3CFF99A0.22805.16AA502@localhost> Message-ID: <20020606171416.O4933-100000@master.gorean.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 6 Jun 2002, Patrick Brennan wrote: > Hello all, > > Has anyone had problems with MPD and MPPE (win2K clients - > 128bit SP 2) before? I would appear that the CCP phase of the > negotiation is not-converging and we are completely stumped as to > why this is the case. I have not been able to find any similar > problems in the newsgroups. Pardon my ignorance, but how is this in any way related to freebsd security? -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 18:43:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.6]) by hub.freebsd.org (Postfix) with ESMTP id A1BFB37B401; Thu, 6 Jun 2002 18:43:11 -0700 (PDT) Received: from localhost (trevor@localhost) by blues.jpj.net (8.11.6/8.11.6) with ESMTP id g571h6601663; Thu, 6 Jun 2002 21:43:06 -0400 (EDT) Date: Thu, 6 Jun 2002 21:43:06 -0400 (EDT) From: Trevor Johnson To: Maxim Sobolev Cc: security@FreeBSD.ORG, Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs In-Reply-To: <200206062245.g56Mjq319565@vega.vega.com> Message-ID: <20020606210833.W28206-100000@blues.jpj.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I've just noticed that something wrong with the new tar in the base > system (1.13.25) - when extracting some archives it creates 777 dirs, > while permissions in the archive itself are OK (for example GNU make > make-3.79.1.tar.gz - top level dir gets 777 as well as several > other lowel level dirs). The issue is under investigation. The latest version on ftp://ftp.gnu.org/gnu/tar/ is 1.13. The ones on ftp://alpha.gnu.org/gnu/tar/ (and everything else on that site) are considered unstable. I suppose it's too late to suggest tar 1.13 as a starting point, but maybe this could be kept in mind when importing other GNU products. -- Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 19:28:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by hub.freebsd.org (Postfix) with ESMTP id 55F4837B407; Thu, 6 Jun 2002 19:28:31 -0700 (PDT) Received: (from dan@localhost) by dan.emsphone.com (8.12.3/8.12.3) id g572SUmu049645; Thu, 6 Jun 2002 21:28:30 -0500 (CDT) (envelope-from dan) Date: Thu, 6 Jun 2002 21:28:30 -0500 From: Dan Nelson To: Trevor Johnson Cc: Maxim Sobolev , security@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs Message-ID: <20020607022829.GF21901@dan.emsphone.com> References: <200206062245.g56Mjq319565@vega.vega.com> <20020606210833.W28206-100000@blues.jpj.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020606210833.W28206-100000@blues.jpj.net> User-Agent: Mutt/1.3.99i X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In the last episode (Jun 06), Trevor Johnson said: > > I've just noticed that something wrong with the new tar in the base > > system (1.13.25) - when extracting some archives it creates 777 dirs, > > while permissions in the archive itself are OK (for example GNU make > > make-3.79.1.tar.gz - top level dir gets 777 as well as several > > other lowel level dirs). The issue is under investigation. > > The latest version on ftp://ftp.gnu.org/gnu/tar/ is 1.13. The ones on > ftp://alpha.gnu.org/gnu/tar/ (and everything else on that site) are > considered unstable. I suppose it's too late to suggest tar 1.13 as a > starting point, but maybe this could be kept in mind when importing other > GNU products. Tar 1.13 is 3 years old, and has many bugs (incremental backups are unusable, for example). -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 19:37: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id E730837B406; Thu, 6 Jun 2002 19:36:56 -0700 (PDT) Received: (from brett@localhost) by lariat.org (8.9.3/8.9.3) id UAA11642; Thu, 6 Jun 2002 20:36:47 -0600 (MDT) Date: Thu, 6 Jun 2002 20:36:47 -0600 (MDT) From: Brett Glass Message-Id: <200206070236.UAA11642@lariat.org> To: DougB@FreeBSD.ORG, patrickb@advantagegroup.co.nz Subject: Re: MPD & MPPE LCP not converging Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020606171416.O4933-100000@master.gorean.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It's related to security because it involves situations in which encryption is inserted into PPP at the CCP (compression) layer. We really should find a way to pay Brian Somers & Co. to implement protocols that do both encryption AND compression rather than just one or the other.... It's good to have both, especially in wireless applications. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 20: 5:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 0A2C837B401; Thu, 6 Jun 2002 20:05:20 -0700 (PDT) Received: from pool0131.cvx40-bradley.dialup.earthlink.net ([216.244.42.131] helo=mindspring.com) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 17GA3p-0002BI-00; Thu, 06 Jun 2002 20:05:10 -0700 Message-ID: <3D0022C2.8BB6BBE3@mindspring.com> Date: Thu, 06 Jun 2002 20:04:34 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Dan Nelson Cc: Trevor Johnson , Maxim Sobolev , security@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs References: <200206062245.g56Mjq319565@vega.vega.com> <20020606210833.W28206-100000@blues.jpj.net> <20020607022829.GF21901@dan.emsphone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dan Nelson wrote: > Tar 1.13 is 3 years old, and has many bugs (incremental backups are > unusable, for example). On the flip side, I hear it respects the umask when running as root... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 21:38:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by hub.freebsd.org (Postfix) with ESMTP id 69ADE37B404 for ; Thu, 6 Jun 2002 21:38:47 -0700 (PDT) Received: from FreeBSD.org (socks1.yahoo.com [216.145.50.200]) by mail-relay1.yahoo.com (Postfix) with ESMTP id EB5238B5DF; Thu, 6 Jun 2002 21:38:46 -0700 (PDT) Message-ID: <3D0038D4.18F8DCD2@FreeBSD.org> Date: Thu, 06 Jun 2002 21:38:44 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.6-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: patrickb@advantagegroup.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: MPD & MPPE LCP not converging References: <200206070236.UAA11642@lariat.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > > It's related to security because it involves situations in which encryption > is inserted into PPP at the CCP (compression) layer. Sorry, that's an application problem, not a security problem. We try to keep -security limited to a fairly narrow topic area. We get a lot of complaints about too much noise on the mailing lists. That's a situation that won't improve unless we take the steps to improve it. -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 6 23: 8:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id DE4B437B40B; Thu, 6 Jun 2002 23:07:59 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id M2L7DMW7; Fri, 7 Jun 2002 09:09:58 +0300 Received: (from max@localhost) by vega.vega.com (8.11.6/8.11.3) id g57682M20849; Fri, 7 Jun 2002 09:08:02 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) From: Maxim Sobolev Message-Id: <200206070608.g57682M20849@vega.vega.com> Subject: Re: WARNING! New GNU Tar in 5-CURRENT could erroneously create world writeable dirs To: sobomax@FreeBSD.org (Maxim Sobolev) Date: Fri, 7 Jun 2002 09:08:02 +0300 (EEST) Cc: sobomax@FreeBSD.org (Maxim Sobolev), security@FreeBSD.org, current@FreeBSD.org In-Reply-To: from "Maxim Sobolev" at Jun 07, 2002 03:05:51 AM X-Mailer: ELM [version 2.5 PL5] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > > > > Hi, > > > > I've just noticed that something wrong with the new tar in the base > > system (1.13.25) - when extracting some archives it creates 777 dirs, > > while permissions in the archive itself are OK (for example GNU make > > make-3.79.1.tar.gz - top level dir gets 777 as well as several > > other lowel level dirs). The issue is under investigation. > > Should be solved now. Stupid GNU folks for some reason decided that > when tar is executed as uid 0 then by default umask(2) should not be > applied to files and dirs being extracted. That said, anybody who runs 5.0-CURRENT with the new tar is advised to clean up all ports' WRKDIRs she might have, to avoid being trojaned by a local user. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 2:14:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from pqmail.cogeco.ca (mail.cgocable.ca [216.221.81.39]) by hub.freebsd.org (Postfix) with ESMTP id 6701C37B404 for ; Fri, 7 Jun 2002 02:14:49 -0700 (PDT) Received: from ME (244-61.tr.cgocable.ca [24.226.244.61]) by pqmail.cogeco.ca (Postfix) with SMTP id 214BFCD72A; Fri, 7 Jun 2002 05:12:35 -0400 (EDT) From: trish.tipperman@cgocable.com Subject:Re: Thanks for replying X-Priority: 1 (Highest) Reply-To: trish.tipperman@cgocable.com X-Mailer: Microsoft Outlook Express 5.00.2615.200 MIME-Version: 1.0 Content-type: multipart/mixed; boundary="#MYBOUNDARY#" Message-Id: <20020607091235.214BFCD72A@pqmail.cogeco.ca> Date: Fri, 7 Jun 2002 05:12:35 -0400 (EDT) To: undisclosed-recipients: ; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --#MYBOUNDARY# Content-Type: text/plain; charset=ansi Content-Transfer-Encoding: 8bit Hey, How is it going? Thanks for looking at my ad on yahoo. Here is the picture of me you were asking about. http://web.where.org/trish . I hope you understand the position I am in. Hope to hear from you soon. *hugz* Trishy --#MYBOUNDARY#-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 6:54:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from bmyster.com (dsl-006.sacoriver.net [65.162.190.7]) by hub.freebsd.org (Postfix) with ESMTP id 3831537B406 for ; Fri, 7 Jun 2002 06:54:33 -0700 (PDT) Received: from bmyster.com (www@localhost.bmyster.com [127.0.0.1]) by bmyster.com (8.12.2/8.12.2) with SMTP id g57E1J4l017005 for ; Fri, 7 Jun 2002 10:01:19 -0400 (EDT) From: Brent Bailey Received: from 208.130.43.208 (SquirrelMail authenticated user misterb) by bmyster.com with HTTP; Fri, 7 Jun 2002 10:01:19 -0400 (EDT) Message-ID: <2365.208.130.43.208.1023458479.squirrel@bmyster.com> Date: Fri, 7 Jun 2002 10:01:19 -0400 (EDT) Subject: help with IPFW & natd advanced stateful rules To: X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.6) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org IM running FBSD 4.5 R ..with simple/stateful firewall rules IE "established/setup"...Is there a example or howto of the advanced stateful rules anywhere ?? IE "check-state/keep-state " any help is greatly appreciated Thanks in advance :-) Brent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 13: 1:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id 76F4937B40D for ; Fri, 7 Jun 2002 13:00:39 -0700 (PDT) Received: from dc.cis.okstate.edu (localhost [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.6) with ESMTP id g57K0Uw62438 for ; Fri, 7 Jun 2002 15:00:33 -0500 (CDT) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200206072000.g57K0Uw62438@dc.cis.okstate.edu> Reply-To: martin@dc.cis.okstate.edu To: freebsd-security@FreeBSD.ORG Subject: nsupdate not working at all with keys. Date: Fri, 07 Jun 2002 15:00:30 -0500 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have posted this message to the bind discussion list and to the FreeBSD questions list with no response so my apologies to anyone who has already read this. I am trying to get nsupdate to work in order to be able to use ddns with bind9.2.1. When I call nsupdate -d -k /var/named/keys:key_name_file I get no other result than dst_read_key: error reading key . The /var/named/keys directory is there and the key_name_file pair is in that directory, no question about it. The system is using FreeBSD4.5 and another Freebsd4.5 platform shows precisely the same behavior. The -d flag for nsupdate does not provide any more information and I do get the same error if the files are removed from the key-holding directory so it sounds as if nsupdate isn't finding the files. The documentation on the ISC web site in the FAQ's section is clear and shows the following example: Nominum Resources FAQs (p18 of 20) > Then, you will need to copy both key files into a location on the > client system. (using /var/named/tsig as example). Finally, you need > to run the command: > nsupdate -k /var/named/tsig:tsig-key. I do all that and get dst_read_key: error reading key no matter whether the files are there or not on two different systems. Has anybody else seen this behavior? I am running out of things to try. The lack of any responses tells me that I am either doing something so stupid as to not deserve a response or that this does not happen often. I don't have access to a non-Freebsd platform to try the same command on. I suspect I have misinterpreted an instruction and have run out of things to try. Many thanks for any constructive ideas. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 15:15:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx7.roble.com (mx7.roble.com [206.40.34.7]) by hub.freebsd.org (Postfix) with ESMTP id E41FA37B40A for ; Fri, 7 Jun 2002 15:15:04 -0700 (PDT) Date: Fri, 7 Jun 2002 15:15:03 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Pine 4.44 Privacy Patch Message-ID: <20020607151320.C46348-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Problem description: The Pine email client allows users to define the "From:" address independent of their Unix username. This is an indispensable feature for help desks and other role accounts. Unfortunately, user names and/or ids can still be leaked due to Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine versions earlier than 4.44 may also insert the Unix username into other envelope and header fields. Solution: Applying the following patch to pine 4.4 will cause {X-}Sender: headers to be omitted. Users may also need to define a remote "smtp-server" to prevent certain local MTAs from inserting this information. Other details on changing Pine's "From:" line are detailed in the FAQ at: http://www.washington.edu/pine/faq/config.html#9.5 To apply this patch, download the source code from: ftp://ftp.cac.washington.edu/pine/ Unpack (tar xzvf ...) and cd into the source directory, apply the patch (patch < patch_file_name) and recompile per the documentation. Disclaimers: This patch has been tested under Solaris and FreeBSD operating systems using the gcc compiler, however, no warranty is made regarding its accuracy or reliability. Use it at your own risk. Pine and Pico are registered trademarks of the University of Washington. No commercial use of these trademarks may be made without prior written permission of the University of Washington. Pine, Pico, and Pilot software and its included text are Copyright 1989-2002 by the University of Washington. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ PS. Anyone interested in submitting this as a port patch? -------------------------------------------------------------------- --- pine/send.c.orig Tue Jan 8 12:59:37 2002 +++ pine/send.c Sat Mar 9 09:17:08 2002 @@ -3989,12 +3989,15 @@ outgoing->return_path = rfc822_cpy_adr(outgoing->from); + /* * Don't ever believe the sender that is there. * If From doesn't look quite right, generate our own sender. */ + /**** fix u-washington anti-privacy loophole if(outgoing->sender) mail_free_address(&outgoing->sender); + /**** /* * If the LHS of the address doesn't match, or the RHS @@ -4003,6 +4006,7 @@ * * Don't add a personal_name since the user can change that. */ + /**** fix u-washington anti-privacy loophole if(!outgoing->from || !outgoing->from->mailbox || strucmp(outgoing->from->mailbox, ps_global->VAR_USER_ID) != 0 @@ -4014,6 +4018,7 @@ outgoing->sender->mailbox = cpystr(ps_global->VAR_USER_ID); outgoing->sender->host = cpystr(ps_global->hostname); } + /**** /*----- Message is edited, now decide what to do with it ----*/ if(editor_result & (COMP_SUSPEND | COMP_GOTHUP | COMP_CANCEL)){ -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 15:25:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from skynet.stack.nl (insgate.stack.nl [131.155.140.2]) by hub.freebsd.org (Postfix) with ESMTP id A9EEF37B400 for ; Fri, 7 Jun 2002 15:25:11 -0700 (PDT) Received: from dragon.stack.nl (dragon.stack.nl [2001:610:1108:5011:202:b3ff:fe17:a4cb]) by skynet.stack.nl (Postfix) with ESMTP id 3D9924011; Sat, 8 Jun 2002 00:25:47 +0200 (CEST) Received: by dragon.stack.nl (Postfix, from userid 1600) id A20E8988A; Sat, 8 Jun 2002 00:21:37 +0200 (CEST) Date: Sat, 8 Jun 2002 00:21:37 +0200 From: Dean Strik To: Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch Message-ID: <20020607222137.GB91889@dragon.stack.nl> References: <20020607151320.C46348-100000@roble.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020607151320.C46348-100000@roble.com> User-Agent: Mutt/1.3.99i X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Roger Marquis wrote: > Problem description: > > The Pine email client allows users to define the "From:" > address independent of their Unix username. This is an > indispensable feature for help desks and other role accounts. > > Unfortunately, user names and/or ids can still be leaked due to > Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine > versions earlier than 4.44 may also insert the Unix username > into other envelope and header fields. Rewriting the From: header can hardly be called a decent privacy measure. Note that some MTAs (including postfix, dunno about others) add similar information anyway. If this is an issue for people, then they shouldn't use their personal accounts. Period. -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 15:41: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 0E06237B401 for ; Fri, 7 Jun 2002 15:40:59 -0700 (PDT) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Fri, 7 Jun 2002 15:40:58 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF5C8@goofy.epylon.lan> From: "DiCioccio, Jason" To: 'Roger Marquis' , security@FreeBSD.ORG Subject: RE: Pine 4.44 Privacy Patch Date: Fri, 7 Jun 2002 15:40:57 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am I crazy or do his comments EVER get closed? Looks wrong to me. - --- pine/send.c.orig Tue Jan 8 12:59:37 2002 +++ pine/send.c Sat Mar 9 09:17:08 2002 @@ -3989,12 +3989,15 @@ outgoing->return_path = rfc822_cpy_adr(outgoing->from); + /* * Don't ever believe the sender that is there. * If From doesn't look quite right, generate our own sender. */ + /**** fix u-washington anti-privacy loophole if(outgoing->sender) mail_free_address(&outgoing->sender); + /**** /* * If the LHS of the address doesn't match, or the RHS @@ -4003,6 +4006,7 @@ * * Don't add a personal_name since the user can change that. */ + /**** fix u-washington anti-privacy loophole if(!outgoing->from || !outgoing->from->mailbox || strucmp(outgoing->from->mailbox, ps_global->VAR_USER_ID) != 0 @@ -4014,6 +4018,7 @@ outgoing->sender->mailbox = cpystr(ps_global->VAR_USER_ID); outgoing->sender->host = cpystr(ps_global->hostname); } + /**** /*----- Message is edited, now decide what to do with it - ----*/ if(editor_result & (COMP_SUSPEND | COMP_GOTHUP | COMP_CANCEL)){ - -----Original Message----- From: Roger Marquis [mailto:marquis@roble.com] Sent: Friday, June 07, 2002 3:15 PM To: security@FreeBSD.ORG Subject: Pine 4.44 Privacy Patch Problem description: The Pine email client allows users to define the "From:" address independent of their Unix username. This is an indispensable feature for help desks and other role accounts. Unfortunately, user names and/or ids can still be leaked due to Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine versions earlier than 4.44 may also insert the Unix username into other envelope and header fields. Solution: Applying the following patch to pine 4.4 will cause {X-}Sender: headers to be omitted. Users may also need to define a remote "smtp-server" to prevent certain local MTAs from inserting this information. Other details on changing Pine's "From:" line are detailed in the FAQ at: http://www.washington.edu/pine/faq/config.html#9.5 To apply this patch, download the source code from: ftp://ftp.cac.washington.edu/pine/ Unpack (tar xzvf ...) and cd into the source directory, apply the patch (patch < patch_file_name) and recompile per the documentation. Disclaimers: This patch has been tested under Solaris and FreeBSD operating systems using the gcc compiler, however, no warranty is made regarding its accuracy or reliability. Use it at your own risk. Pine and Pico are registered trademarks of the University of Washington. No commercial use of these trademarks may be made without prior written permission of the University of Washington. Pine, Pico, and Pilot software and its included text are Copyright 1989-2002 by the University of Washington. - -- Roger Marquis Roble Systems Consulting http://www.roble.com/ PS. Anyone interested in submitting this as a port patch? - -------------------------------------------------------------------- - --- pine/send.c.orig Tue Jan 8 12:59:37 2002 +++ pine/send.c Sat Mar 9 09:17:08 2002 @@ -3989,12 +3989,15 @@ outgoing->return_path = rfc822_cpy_adr(outgoing->from); + /* * Don't ever believe the sender that is there. * If From doesn't look quite right, generate our own sender. */ + /**** fix u-washington anti-privacy loophole if(outgoing->sender) mail_free_address(&outgoing->sender); + /**** /* * If the LHS of the address doesn't match, or the RHS @@ -4003,6 +4006,7 @@ * * Don't add a personal_name since the user can change that. */ + /**** fix u-washington anti-privacy loophole if(!outgoing->from || !outgoing->from->mailbox || strucmp(outgoing->from->mailbox, ps_global->VAR_USER_ID) != 0 @@ -4014,6 +4018,7 @@ outgoing->sender->mailbox = cpystr(ps_global->VAR_USER_ID); outgoing->sender->host = cpystr(ps_global->hostname); } + /**** /*----- Message is edited, now decide what to do with it - ----*/ if(editor_result & (COMP_SUSPEND | COMP_GOTHUP | COMP_CANCEL)){ - -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPQE5BjKUHizV76d/EQL+agCgtuIL5U/0HGqADJRDa3sST5o7phcAn3/9 LBbh3+oghYTLhbEFrxiKvAt8 =mT/v -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 15:43:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id C7C2737B401; Fri, 7 Jun 2002 15:43:17 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA23230; Fri, 7 Jun 2002 16:43:05 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook may make your system susceptible to Internet worms. If you value your time, privacy, or data, do not use Microsoft e-mail clients or browsers. Message-Id: <4.3.2.7.2.20020607164221.00b22660@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 07 Jun 2002 16:43:02 -0600 To: Doug Barton From: Brett Glass Subject: Re: MPD & MPPE LCP not converging Cc: patrickb@advantagegroup.co.nz, freebsd-security@FreeBSD.org In-Reply-To: <3D0038D4.18F8DCD2@FreeBSD.org> References: <200206070236.UAA11642@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 10:38 PM 6/6/2002, Doug Barton wrote: >> It's related to security because it involves situations in which encryption >> is inserted into PPP at the CCP (compression) layer. > >Sorry, that's an application problem, not a security problem. I'm sorry, but I disagree. When security software fails to work, it's a security problem. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 16:10:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-56.dsl.lsan03.pacbell.net [63.207.60.56]) by hub.freebsd.org (Postfix) with ESMTP id BC8D437B405; Fri, 7 Jun 2002 16:10:14 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 13B9F66EBA; Fri, 7 Jun 2002 16:10:13 -0700 (PDT) Date: Fri, 7 Jun 2002 16:10:13 -0700 From: Kris Kennaway To: Brett Glass Cc: Doug Barton , patrickb@advantagegroup.co.nz, freebsd-security@FreeBSD.org Subject: Re: MPD & MPPE LCP not converging Message-ID: <20020607161013.A72786@xor.obsecurity.org> References: <200206070236.UAA11642@lariat.org> <3D0038D4.18F8DCD2@FreeBSD.org> <4.3.2.7.2.20020607164221.00b22660@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <4.3.2.7.2.20020607164221.00b22660@localhost>; from brett@lariat.org on Fri, Jun 07, 2002 at 04:43:02PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Jun 07, 2002 at 04:43:02PM -0600, Brett Glass wrote: > At 10:38 PM 6/6/2002, Doug Barton wrote: > > >> It's related to security because it involves situations in which encryption > >> is inserted into PPP at the CCP (compression) layer. > > > >Sorry, that's an application problem, not a security problem. > > I'm sorry, but I disagree. When security software fails to work, > it's a security problem. I should know better than to respond to one of your emails, but here is the list charter: -- FREEBSD-SECURITY Security issues FreeBSD computer security issues (DES, Kerberos, known security holes and fixes, etc). This is a technical mailing list for which strictly technical content is expected. -- The last sentence is intended to be read as "...as opposed to a forum for support questions": -- FREEBSD-QUESTIONS User questions This is the mailing list for questions about FreeBSD. You should not send ``how to'' questions to the technical lists unless you consider the question to be pretty technical. -- Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 16:12:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id BAEF237B406; Fri, 7 Jun 2002 16:12:08 -0700 (PDT) Received: (from root@localhost) by lariat.org (8.9.3/8.9.3) id RAA23495; Fri, 7 Jun 2002 17:12:05 -0600 (MDT) Date: Fri, 7 Jun 2002 17:12:05 -0600 (MDT) From: Brett Glass Message-Id: <200206072312.RAA23495@lariat.org> To: brett@lariat.org, kris@obsecurity.org Subject: Re: MPD & MPPE LCP not converging Cc: DougB@FreeBSD.org, freebsd-security@FreeBSD.org, patrickb@advantagegroup.co.nz In-Reply-To: <20020607161013.A72786@xor.obsecurity.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That wasn't a support question. It was a rather technical bug report. Of course, I expect that some folks will use the list (inappropriately, I might add) to "pile on" me as they've done in the past rather than to address the problem. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 16:16:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-56.dsl.lsan03.pacbell.net [63.207.60.56]) by hub.freebsd.org (Postfix) with ESMTP id 0850B37B403; Fri, 7 Jun 2002 16:16:29 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6F47C66EBA; Fri, 7 Jun 2002 16:16:28 -0700 (PDT) Date: Fri, 7 Jun 2002 16:16:28 -0700 From: Kris Kennaway To: Brett Glass Cc: kris@obsecurity.org, DougB@FreeBSD.org, freebsd-security@FreeBSD.org, patrickb@advantagegroup.co.nz Subject: Re: MPD & MPPE LCP not converging Message-ID: <20020607161627.A73261@xor.obsecurity.org> References: <20020607161013.A72786@xor.obsecurity.org> <200206072312.RAA23495@lariat.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200206072312.RAA23495@lariat.org>; from brett@lariat.org on Fri, Jun 07, 2002 at 05:12:05PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 07, 2002 at 05:12:05PM -0600, Brett Glass wrote: > That wasn't a support question. It was a rather technical bug report. I wasn't commenting about the initial question (which I didn't read), but your apparent assertion that anything to do with security is on-topic. Support questions about security, like the ever-popular "How do I use IPFW?" absolutely do not belong here. Kris --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9AT7LWry0BWjoQKURAs7xAJ0RcR3Q78GfIVuD7aeKk1aitw9J9QCdHRMK MnDG4hIBA6LsRrR/zpcixGc= =l4Uh -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 7 18:11:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id E458E37B405 for ; Fri, 7 Jun 2002 18:11:10 -0700 (PDT) Received: from dc.cis.okstate.edu (localhost [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.6) with ESMTP id g581B5w51411 for ; Fri, 7 Jun 2002 20:11:05 -0500 (CDT) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200206080111.g581B5w51411@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: nsupdate not working at all with keys. Date: Fri, 07 Jun 2002 20:11:05 -0500 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I did get an answer and it is something everyone should watch for if they install bind9.2.1 . The port is fine but a few of the executables such as nsupdate end up in /usr/local/bin instead of /usr/local/sbin where the older nsupdate lives. Bind and dig on the other hand replace the older applications so they are okay. The new port puts man pages in /usr/local/man where as the older port had the same pages in /usr/share/man which makes your documentation out of sync. Just move the suspect man pages somewhere else or delete them if you are brave and chmod -x the left-over executables so they don't chime in when they shouldn't and things work a lot better. Martin McCormick WB5AGZ Stillwater, OK OSU Center for Computing and Information Services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 4:41: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.tuxfamily.net (mx-out.t2.tuxfamily.net [80.67.179.7]) by hub.freebsd.org (Postfix) with ESMTP id 38C2537B403 for ; Sat, 8 Jun 2002 04:40:59 -0700 (PDT) Received: from [127.0.0.1] by mx1.tuxfamily.net with smtp (Exim 3.20 #1) id 17GeaP-0007D1-00 for security@FreeBSD.ORG; Sat, 08 Jun 2002 13:40:49 +0200 Date: Sat, 08 Jun 2002 13:40:49 +0200 (CEST) From: list-master@tuxfamily.org To: security@FreeBSD.ORG Subject: OooOps Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org lo ! Ici le gestionnaire de mailing listes. Je ne connais pas cette liste : ntp-subscribe@tuxfamily.net. I'm the mailing list master. I don't know this list: ntp-subscribe@tuxfamily.net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 15:12:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail-relay1.yahoo.com (mail-relay1.yahoo.com [216.145.48.34]) by hub.freebsd.org (Postfix) with ESMTP id 7643337B403 for ; Sat, 8 Jun 2002 15:12:39 -0700 (PDT) Received: from FreeBSD.org (12-234-90-219.client.attbi.com [12.234.90.219]) by mail-relay1.yahoo.com (Postfix) with ESMTP id 2F9588B5BB; Sat, 8 Jun 2002 15:12:39 -0700 (PDT) Message-ID: <3D028157.28F86BD7@FreeBSD.org> Date: Sat, 08 Jun 2002 15:12:39 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.79 [en] (X11; U; FreeBSD 4.6-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch References: <20020607151320.C46348-100000@roble.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Roger Marquis wrote: > > Problem description: > > The Pine email client allows users to define the "From:" > address independent of their Unix username. This is an > indispensable feature for help desks and other role accounts. > > Unfortunately, user names and/or ids can still be leaked due to > Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine > versions earlier than 4.44 may also insert the Unix username > into other envelope and header fields. I've reviewed that patch, and I don't like it for a few reasons. Not the least of which is that it is less than complete, and may give the user a false sense of "security." -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 15:36:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from 12-234-22-238.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by hub.freebsd.org (Postfix) with ESMTP id C760D37B404 for ; Sat, 8 Jun 2002 15:36:27 -0700 (PDT) Received: from master.gorean.org (master.gorean.org [10.0.0.2]) by 12-234-22-238.client.attbi.com (8.12.3/8.12.3) with ESMTP id g58MaPXN071684; Sat, 8 Jun 2002 15:36:26 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (doug@localhost) by master.gorean.org (8.12.3/8.12.3/Submit) with ESMTP id g58MaPG3011385; Sat, 8 Jun 2002 15:36:25 -0700 (PDT) Date: Sat, 8 Jun 2002 15:36:25 -0700 (PDT) From: Doug Barton To: Martin McCormick Cc: freebsd-security@FreeBSD.org Subject: Re: nsupdate not working at all with keys. In-Reply-To: <200206080111.g581B5w51411@dc.cis.okstate.edu> Message-ID: <20020608153338.T11359-100000@master.gorean.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 7 Jun 2002, Martin McCormick wrote: > I did get an answer and it is something everyone should > watch for if they install bind9.2.1 . > > The port is fine but a few of the executables such as > nsupdate end up in /usr/local/bin instead of /usr/local/sbin > where the older nsupdate lives. I think you mean /usr/sbin, which is where the nsupdate binary is installed on the system. Neither BIND port installs nsupdate in /usr/local/sbin. > The new port puts man pages in /usr/local/man where as > the older port had the same pages in /usr/share/man which makes > your documentation out of sync. I'm not sure what you mean by "the older port" here. System man pages are in /usr/share/man, ports pages are in /usr/local/man. I'm currently working on a knob to the BIND ports to install themselves over the top of the system, that may help with the confusion, but then again it may make it worse... who knows. -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 16: 5: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx7.roble.com (mx7.roble.com [206.40.34.7]) by hub.freebsd.org (Postfix) with ESMTP id 388B737B404 for ; Sat, 8 Jun 2002 16:04:59 -0700 (PDT) Date: Sat, 8 Jun 2002 16:04:58 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch In-Reply-To: <3D028157.28F86BD7@FreeBSD.org> Message-ID: <20020608160053.I40521-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org DiCioccio, Jason wrote: >Am I crazy or do his comments EVER get closed? Looks wrong to me That's because it's a patch, not a comment. If you don't modify comment endings they don't show up in the patch. See diff (1) for details. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 20:46: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 27C6037B401 for ; Sat, 8 Jun 2002 20:45:58 -0700 (PDT) Received: from hades.hell.gr (patr530-b179.otenet.gr [212.205.244.187]) by mailsrv.otenet.gr (8.12.3/8.12.3) with ESMTP id g593jlZN028425; Sun, 9 Jun 2002 06:45:49 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.3/8.12.3) with ESMTP id g593jkUP098514; Sun, 9 Jun 2002 06:45:46 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.3/8.12.3/Submit) id g5934cC4089159; Sun, 9 Jun 2002 06:04:38 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Sun, 9 Jun 2002 06:04:36 +0300 From: Giorgos Keramidas To: Roger Marquis Cc: security@FreeBSD.org Subject: Re: Pine 4.44 Privacy Patch Message-ID: <20020609030436.GB79791@hades.hell.gr> References: <3D028157.28F86BD7@FreeBSD.org> <20020608160053.I40521-100000@roble.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020608160053.I40521-100000@roble.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-06-08 16:04 -0700, Roger Marquis wrote: > DiCioccio, Jason wrote: > >Am I crazy or do his comments EVER get closed? Looks wrong to me > > That's because it's a patch, not a comment. If you don't modify > comment endings they don't show up in the patch. See diff (1) for > details. Can you elaborate on this? My diff(1) manpage seems to have absolutely no comments for comments... $ man 1 diff | col -b | fgrep comment $ Moreover, here's a demo that shows comments pose no problem for diff output. No problem at all: $ cat > foo /* * A comment. */ $ cat > foo2 /* * A comment. * Yet another comment. */ $ diff -u foo foo2 --- foo Sun Jun 9 06:01:29 2002 +++ foo2 Sun Jun 9 06:01:47 2002 @@ -1,3 +1,4 @@ /* * A comment. + * Yet another comment. */ Please do not state things that make well known programs, like diff, look like they have some bug or misfeature, without providing details. Especially on a list that's supposed to be a -security list. - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 8 22:32:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from ool-18bacefa.dyn.optonline.net (ool-18bacefa.dyn.optonline.net [24.186.206.250]) by hub.freebsd.org (Postfix) with ESMTP id A08E037B404; Sat, 8 Jun 2002 22:32:37 -0700 (PDT) Received: from ool-18bacefa.dyn.optonline.net (localhost [127.0.0.1]) by ool-18bacefa.dyn.optonline.net (8.12.3/8.12.3) with ESMTP id g595WSOq078832; Sun, 9 Jun 2002 01:32:28 -0400 (EDT) (envelope-from cbr@ool-18bacefa.dyn.optonline.net) Received: (from cbr@localhost) by ool-18bacefa.dyn.optonline.net (8.12.3/8.12.3/Submit) id g595WScp078829; Sun, 9 Jun 2002 01:32:28 -0400 (EDT) From: Christopher Rued MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15618.59499.943442.924916@ool-18bacefa.dyn.optonline.net> Date: Sun, 9 Jun 2002 01:32:27 -0400 To: Giorgos Keramidas Cc: Roger Marquis , security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch In-Reply-To: <20020609030436.GB79791@hades.hell.gr> References: <3D028157.28F86BD7@FreeBSD.org> <20020608160053.I40521-100000@roble.com> <20020609030436.GB79791@hades.hell.gr> X-Mailer: VM 7.03 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >>>>> "GK" == Giorgos Keramidas writes: GK> On 2002-06-08 16:04 -0700, Roger Marquis wrote: >> DiCioccio, Jason wrote: >Am I crazy or >> do his comments EVER get closed? Looks wrong to me >> >> That's because it's a patch, not a comment. If you don't >> modify comment endings they don't show up in the patch. See >> diff (1) for details. GK> Can you elaborate on this? My diff(1) manpage seems to have GK> absolutely no comments for comments... I think what he meant was that what was provided was a diff, not a source file, and that the reason comment endings do not appear in the diff output is that the lines on which the comment endings appear were not changed. I don't think this is really on-topic for -security anymore. -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message