Date: Thu, 10 Jun 1999 12:12:51 -0700 From: "Richard Childers" <rchilders@hamquist.com> To: "Dmitriy Bokiy" <ratebor@cityline.ru> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Newbie questions: DoS & xinetd Message-ID: <37600E33.9A11E641@hamquist.com> References: <18819.990610@cityline.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I see a lot of postings that contain good, but not thoroughly
researched, questions.
I would like to propose the following to everyone.
Before you post to any list asking any UNIX questions about any system
where you have "root" access, are responsible for administering it, or
installed the system, and want to ask about "Topic X", do yourself and
everyone else a favor, and use the find(1) command to search for
relevant information.
For instance, if I wanted to search for all occurrences of the string
"net.inet.ip.redirect", I would do:
# find / -type f -exec grep -i "net.inet.ip.redirect" {} \; -print
Doing so (you may wish to redirect the output into a temporary file, to
keep binary from scrawling across your screen), you will see that the
following files reference this string:
/usr/src/share/doc/smm/01.setup/5.t
/usr/src/share/doc/smm/01.setup/spell.OK
/var/db/kvm_kernel.db
The file /usr/src/share/doc/smm/01.setup/5.t appears to be a text file,
containing documentation describing how to comprehensively configuring
network interfaces; unfortunately, despite some twenty years of
wrestling with roff(1), nroff(1) and troff(1), I was unable to get this
file to print out properly.
I *was* able to print it out as both ASCII and PostScript files,
successfully, but some syntax errors in the top of the file keep it from
being interpreted correctly, such that it emerges missing the first few
paragraphs or pages and is thus of marginal use. You should not let the
fact that the file is impossible to feed to troff(1) stop you, however,
there is still some interesting information in the file, and it is not
unreadable.
(Commands used were:
cat /usr/src/share/doc/smm/01.setup/5.t | groff -Tascii
cat /usr/src/share/doc/smm/01.setup/5.t | groff -Tps
cat /usr/src/share/doc/smm/01.setup/5.t | nroff -ms
cat /usr/src/share/doc/smm/01.setup/5.t | nroff -man
... as I iterated through various utilities in search of the best
output; '-man' isn't too bad.)
Back to our thread ... you'll note that as a result of our search we may
also have noticed that there is a directory called
/usr/src/share/doc/smm/01.setup/, and another called
/usr/src/share/doc/smm/, which may also contain useful information;
searching these directories, we may also find other keywords to search
for, akin to "net.inet.ip.redirect"; through a recursive process, it is
possible to quickly build up a list of related keywords and documents
which will do much to increase the scope of your understanding of the
issues at hand.
(Think of it as reinventing 'man -k', or 'apropos'; and believe me,
sometimes manual pages are not installed, or are not installed in the
"correct" place, or your $MANPATH variable is undefined; find(1) is one
of the most powerful tools a UNIX administrator can have, and it should
be one of your favorite manual pages; its use incorporates intimate
understanding of UNIX filesystems, inode structures, and file
permissions and can be used to cut right through confused situations
like a hot knife through warm butter.)
I hope this diatribe (as some might call it :-) has been useful in
better understanding how to squeeze every drop of available information
from your FreeBSD installation; here's hoping this leads to better
questions, as well as better answers.
FreeBSD's documentation is a little scattered; but it's generally there.
Just look. Sure, maybe you didn't install the 'docs' module; or the
'src' module. But at least *look*; then you'll know what's there, and
when someone tells you they found it in /usr/src/somewhere, at least
you'll have an idea of why you could not find the documents ... and what
to do, to correct the situation.
And, remember ... use find(1). It's your friend; the closest thing to a
Swiss knife in the panopoly of UNIX commands, short of Perl; it's an
administrator's best friend, more important than your security dongle,
even.
(-:
-- richard
Richard Childers
Senior UNIX Systems Administrator & Chief Bottle Washer
Hambrecht & Quist, LLC
(415) 439-3838
Dmitriy Bokiy wrote:
>
> Hi all,
>
> 1)I've been wondering how FreeBSD (3.1-Stable, inetd - some_version -
> how is it obtained?) can handle these DoS attacks: ICMP Redirect,SYN Flood.
>
> Specifically I`m interested in knowing about those kernels variables
> and inetd options which are known to change the default behavior.
> I found this: net.inet.ip.redirect=1. Is it bad?
>
> 2)Is it worth moving to/making use of xinetd?
>
> Thanks for any bit of information.
>
> - Dmitriy
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37600E33.9A11E641>