From wirges@expert.cc.purdue.edu Thu, 31 Aug 2000 16:21:10 -0500 Date: Thu, 31 Aug 2000 16:21:10 -0500 From: Matt wirges@expert.cc.purdue.edu Subject: [PLUG] More *fun* with port forwarding Can anyone explain to me why I cannot access my local webserver through my firewall. What I mean is that my firewall <192.168.0.255, www.domain.com> port forwards to my webserver <192.168.0.1>. From the outside world you can go to www.mydomain.com and get the webserver. However internally when I goto www.mydomain.com (on any computer, including the webserver) it just sits there. -- ============================================================================== | Matthew Wirges | | Systems Administrator, Student, Programmer, Geek. | | Office Phone: [765]464-1148 | | Email: wirges@expert.cc.purdue.edu || sysadmin@sharpwebinnovations.com | | www.sharpwebinnovations.com | ============================================================================== From reh@blacksoul.net Thu, 31 Aug 2000 16:25:02 -0500 (EST) Date: Thu, 31 Aug 2000 16:25:02 -0500 (EST) From: Ryan E. Helfter reh@blacksoul.net Subject: [PLUG] More *fun* with port forwarding Do you have www.domain.com (whichever your domain is) inside your /etc/hosts file? If so, traffic may not be going outside and then back in. And did you set a rule for portforwarding on 192.168.0/24? The /24 rule would be my first guess as to why its not working. ry On Thu, 31 Aug 2000, Matt wrote: > Date: Thu, 31 Aug 2000 16:21:10 -0500 > From: Matt > To: plug@csociety.purdue.edu > Subject: [PLUG] More *fun* with port forwarding > > Can anyone explain to me why I cannot access my local webserver through > my firewall. > What I mean is that my firewall <192.168.0.255, www.domain.com> port > forwards to my webserver <192.168.0.1>. From the outside world you can > go to www.mydomain.com and get the webserver. However internally when I > goto www.mydomain.com (on any computer, including the webserver) it just > sits there. > -- Ryan E. Helfter reh@blacksoul.net Black Soul Networks, LLC -- From porterds@purdue.edu Thu, 31 Aug 2000 16:23:32 -0500 Date: Thu, 31 Aug 2000 16:23:32 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] More *fun* with port forwarding i have run into this problem before too. in the most recent situation it was a very large (2,200 host) network. the firewall was a cisco pix, and it was running nat. i ended up creating internal and external dns servers so that the hostnames would resolve properly for local and external clients. for a small network though i would just edit the host files on local machines to correct the problem. - doug porter Matt wrote: > > Can anyone explain to me why I cannot access my local webserver through > my firewall. > What I mean is that my firewall <192.168.0.255, www.domain.com> port > forwards to my webserver <192.168.0.1>. From the outside world you can > go to www.mydomain.com and get the webserver. However internally when I > goto www.mydomain.com (on any computer, including the webserver) it just > sits there. > -- > ============================================================================== > | Matthew Wirges | > | Systems Administrator, Student, Programmer, Geek. | > | Office Phone: [765]464-1148 | > | Email: wirges@expert.cc.purdue.edu || > sysadmin@sharpwebinnovations.com | > | www.sharpwebinnovations.com | > ============================================================================== > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From cnd@ecn.purdue.edu Fri, 01 Sep 2000 16:04:29 -0500 Date: Fri, 01 Sep 2000 16:04:29 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair What: Computer Organizations Callout Fair When: Thursday, September 7th, 10AM - 2PM Where: MSEE Atrium If you can spare some time to come sit at our table, pass out some flyers, or just come hang out and chat, please stop by. Bring your friends, your family, or your penguin (or little red devil, whichever you please.) -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From andrews@technologist.com Fri, 1 Sep 2000 16:07:31 -0500 Date: Fri, 1 Sep 2000 16:07:31 -0500 From: Will Andrews andrews@technologist.com Subject: [PLUG] Computer Organizations Callout Fair On Fri, Sep 01, 2000 at 04:04:29PM -0500, Christopher N. Deckard wrote: > friends, your family, or your penguin (or little red devil, whichever *smack* I beg to differ. That is called a daemon, not a devil. -- Will Andrews GCS/E/S @d- s+:+ a--- C++ UB++++$ P+ L- E--- W+ N-- !o ?K w--- O- M+ V- PS+ PE++ Y+ PGP+>+++ t++ 5 X+ R+ tv+ b++ DI+++ D+ G++ e>++++ h! r- y? From olenik@purdue.edu Fri, 01 Sep 2000 19:07:36 -0500 Date: Fri, 01 Sep 2000 19:07:36 -0500 From: Hayden Olenik olenik@purdue.edu Subject: [PLUG] Compilation problems I'm trying to compile certain programs involving the playback of DVD's under operating systems used by "hackers" instead of systems sold by monopolies. These progarms that are part of the Linux Video project compiled fine under RH6.2. However, under RH6.9.5, they won't compile, citing errors in pasting or something. Does anyone have binaries for RH6.x? Hayden From wirges@expert.cc.purdue.edu Sat, 02 Sep 2000 16:48:14 -0500 Date: Sat, 02 Sep 2000 16:48:14 -0500 From: matt wirges@expert.cc.purdue.edu Subject: [PLUG] IRC and a IPMASQ Firewall --------------C747214BEBDF4956C8F7245F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Everytime I try to connect to a dalnet server I get autokilled. I have the ip_masq_irc module installed and loaded. I read somewhere that is because the dalnet server cannot get the ident request from the machine that the client is running on and instead gets the firewall. If you have any suggestions or ideas, let me know. If its relevant: I use BitchX most of the time. I have tried using xchat, and on windows boxes mirc. -- ============================================================================== | Matthew Wirges | | Systems Administrator, Student, Programmer, Geek. | | Office Phone: [765]464-1148 | | Email: wirges@expert.cc.purdue.edu || sysadmin@sharpwebinnovations.com | | www.sharpwebinnovations.com | ============================================================================== --------------C747214BEBDF4956C8F7245F Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Everytime I try to connect to a dalnet server I get autokilled.  I have the ip_masq_irc module installed and loaded.  I read somewhere that is because the dalnet server cannot get the ident request from the machine that the client is running on and instead gets the firewall.  If you have any suggestions or ideas, let me know.
If its relevant:  I use BitchX most of the time. I have tried using xchat, and on windows boxes mirc. 
-- 
==============================================================================
| Matthew Wirges                                                             |
| Systems Administrator, Student, Programmer, Geek.                          |
| Office Phone: [765]464-1148                                                |
| Email: wirges@expert.cc.purdue.edu || sysadmin@sharpwebinnovations.com     |
| www.sharpwebinnovations.com                                                |
==============================================================================
  --------------C747214BEBDF4956C8F7245F-- From will@physics.purdue.edu Sat, 2 Sep 2000 19:07:41 -0500 Date: Sat, 2 Sep 2000 19:07:41 -0500 From: Will Andrews will@physics.purdue.edu Subject: [PLUG] IRC and a IPMASQ Firewall On Sat, Sep 02, 2000 at 04:48:14PM -0500, matt wrote: > Everytime I try to connect to a dalnet server I get autokilled. I have Try not connecting to DALnet. ;-) > the ip_masq_irc module installed and loaded. I read somewhere that is > because the dalnet server cannot get the ident request from the machine > that the client is running on and instead gets the firewall. If you > have any suggestions or ideas, let me know. > If its relevant: I use BitchX most of the time. I have tried using > xchat, and on windows boxes mirc. Run an ident server on your NAT box; one that can be configured to provide an ident name when the request doesn't match a client on the machine. Basically it'll return "somename" if a corresponding client username is not found. -- Will Andrews GCS/E/S @d- s+:+ a--- C++ UB++++$ P+ L- E--- W+ N-- !o ?K w--- O- M+ V- PS+ PE++ Y+ PGP+>+++ t++ 5 X+ R+ tv+ b++ DI+++ D+ G++ e>++++ h! r- y? From darth@purdue.edu Sun, 03 Sep 2000 00:14:27 -0500 Date: Sun, 03 Sep 2000 00:14:27 -0500 From: Darth Vader darth@purdue.edu Subject: [PLUG] IRC and a IPMASQ Firewall I have this problem too at the moment. I run Mandrake which comes with pidentd. Most distributions come with some sort of ident server partially setup so see which one you have already. I know pidentd supports masq because I had it working in 6.2 but some idents don't. I lost my setup when I installed Mandrake 7.0 and I can't remember how I set it up before. Has anyone setup pidentd recently and can shed some light on the matter? Jason Will Andrews wrote: > On Sat, Sep 02, 2000 at 04:48:14PM -0500, matt wrote: > > Everytime I try to connect to a dalnet server I get autokilled. I have > > Try not connecting to DALnet. ;-) > > > the ip_masq_irc module installed and loaded. I read somewhere that is > > because the dalnet server cannot get the ident request from the machine > > that the client is running on and instead gets the firewall. If you > > have any suggestions or ideas, let me know. > > If its relevant: I use BitchX most of the time. I have tried using > > xchat, and on windows boxes mirc. > > Run an ident server on your NAT box; one that can be configured to > provide an ident name when the request doesn't match a client on the > machine. Basically it'll return "somename" if a corresponding client > username is not found. > > -- > Will Andrews > GCS/E/S @d- s+:+ a--- C++ UB++++$ P+ L- E--- W+ N-- !o ?K w--- > O- M+ V- PS+ PE++ Y+ PGP+>+++ t++ 5 X+ R+ tv+ b++ DI+++ D+ > G++ e>++++ h! r- y? > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From raj@cerias.purdue.edu Sun, 3 Sep 2000 13:08:09 -0500 (EST) Date: Sun, 3 Sep 2000 13:08:09 -0500 (EST) From: Brian Poole raj@cerias.purdue.edu Subject: [PLUG] IRC and a IPMASQ Firewall Re: [PLUG] IRC and a IPMASQ Firewall I don't know what identd's your distros currently come with, nor how well they support MASQ nor how to set it up even if they do, so I'm not going to try to tell you how to setup pidentd or similar. My personal recommendation would be to grab a daemon that specifically supports identd for MASQed machines. The two most commonly used are oidentd (http://www.numb.org/~odin/), which I have used before and is a very flexible daemon, and midentd (http://p8ur.op.het.net/midentd/), which I have heard good things about. Shouldn't take too long to setup and then you will once again be IRCing in peace. Both of these daemons have a strong aim to support MASQed clients and thus have a good deal of help on it. enjoy, -b (btw, it is still masquerading on Linux, not NAT, NAT comes with the 2.4 kernel :) From cnd@ecn.purdue.edu Sun, 03 Sep 2000 15:53:40 -0500 Date: Sun, 03 Sep 2000 15:53:40 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] reminder - no meeting Reminder that there is NO meeting tomorrow night. Have a great Labor Day. Also, another reminder that Thursday is the Computer Organizations Callout Fair. Come see us or help out. -Chris -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From dresdow@csociety.purdue.edu Mon, 4 Sep 2000 18:33:51 -0500 (EST) Date: Mon, 4 Sep 2000 18:33:51 -0500 (EST) From: weston dresdow@csociety.purdue.edu Subject: [PLUG] Computer Society Callout Come one, Come all! It's the grand event y'all have been waiting for... Purdue Computer Society Fall Callout 2000 when: Thursday, September 7th -- 7:00PM where: EE005 Pizza: Free!!! why: The Csociety is a student organization committed to providing resources aiding computer education outside of the classroom. We accomplish this by sponsoring technical presentations, giving short-courses, and maintaining our own network of computing resources. We currently run an IPv6 development machine, an FTP site containing mirrors of popular open source software, and have several workstations in our office you can use. The Csociety is for anyone interested in Computers. We have several officer positions available including: * Sales * Industrial Relations * Publicity ... and many others. So, come out and join us Thursday. info@csociety.purdue.org http://csociety.purdue.org From heckarsd@purdue.edu Tue, 05 Sep 2000 01:07:23 -0500 Date: Tue, 05 Sep 2000 01:07:23 -0500 From: Seth Heckard heckarsd@purdue.edu Subject: [PLUG] mini-linux I acquired a Cyrix/200 with 32mb of RAM that I would like to put in service as a firewall. It only has a 128mb hard disk and I'm too cheap to buy a larger one. I was looking at the linux router project and while it can do basic firewall needs, I would like a full distribution at my disposal (and I also don't have a floppy drive... too cheap to buy one again). I played with Redhat and Debian tonight -- I got Debian installed however I only have 5MB free and Redhat 6.9 wouldn't even install in less than 400mb. Are there any decent mini-distros? I would like to have all the basic stuff plus a c compiler at least so I could compile new kernels and ssh and the like. Seth From docauerj@purdue.edu Tue, 05 Sep 2000 01:24:27 -0500 Date: Tue, 05 Sep 2000 01:24:27 -0500 From: Alex Docauer docauerj@purdue.edu Subject: [PLUG] mini-linux I would think debian would be the way to go. After reserving about 32 megs for swap, there should be plenty for just a kernel and a shell and maybe some dev tools. Since this is dedicated to a single simple purpose, even some of the packages that are marked as required may not necessarily be so. I'll play with the Debian installer later and see how far I can shave it down. Otherwise, you could just build your own small sytem from scratch and forget the distributions all together, making sure you only have what you absolutely need. Alex Seth Heckard wrote: > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). I played with Redhat and Debian tonight -- I got Debian > installed however I only have 5MB free and Redhat 6.9 wouldn't even > install in less than 400mb. Are there any decent mini-distros? I would > like to have all the basic stuff plus a c compiler at least so I could > compile new kernels and ssh and the like. > > Seth > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From raj@cerias.purdue.edu Tue, 5 Sep 2000 01:24:26 -0500 (EST) Date: Tue, 5 Sep 2000 01:24:26 -0500 (EST) From: Brian Poole raj@cerias.purdue.edu Subject: [PLUG] mini-linux > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and there are cheap people, then there are _CHEAP_ people. You fit into the latter group. ;) > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). I played with Redhat and Debian tonight -- I got Debian > installed however I only have 5MB free and Redhat 6.9 wouldn't even > install in less than 400mb. Are there any decent mini-distros? I would > like to have all the basic stuff plus a c compiler at least so I could > compile new kernels and ssh and the like. > Seth I would really recommend you beg a 500+M hard drive off of someone if you wish to actually be able to compile on this machine. You have to be realistic here.. a quick du shows the linux-2.2.14 dir as 90M, the kernel source compressed is at least 13-14M, bzipped. By the time you add in compilers, linking tools, libraries, etc you are way, way over budget, and thats not even accounting for the rest of the OS or swap space, nor space for your logs to fit in, which any firewalling machine will probably generate.. Now if you think about it, you really don't need compilers on the machine, you can compile the kernel on another i386 machine and send it over the wire. You could also do this for ssh and any other programs. However, I do believe it would ultimately be much cheaper for you to get a cheap IDE drive off of someone, almost everyone has at least one extra laying around. Otherwise you get to endure a constant headache from 'that stupid machine without a compiler'. If you would really like to use that 128M drive, god help you, there are a ton of mini distros around. Look in all of the standard places. http://freshmeat.net/appindex/console/mini%20distributions.html comes to mind.. Debian and Slackware should both be able to be installed in that space, as long as you don't try to get all the goodies in. -b From abhinavk@purdue.edu Tue, 5 Sep 2000 01:57:25 -0500 (EST) Date: Tue, 5 Sep 2000 01:57:25 -0500 (EST) From: kumar.abhinav.1 abhinavk@purdue.edu Subject: [PLUG] New Bie Hi I am a newbie to this mailing list and to the world of linux. I installed redhat 6.1 on my p.c. a cleraon 433 128 mb and intel 810 chipset. I have encountered a series of problems( i know some of you will have a good laugh at them but you got to start some where) This is the first one I have a zoom faxmodem which according to linmodes.com is not a winmodem. BUt Linux does not dtect it. I tried configuring my serial port using the setserial but all it showed was I/O error for all ttys. I did move the rc.serial file to the /dev/rc.d/init.d/ and on booting it assigned some address for my serial ports but not irqs. I don't know which addresses were assigned and how do is assign irqs to those devices? Basically I need to get my modem going .. and have no clue how. Abhi From guffin@guffin.org Tue, 5 Sep 2000 06:53:54 -0500 (EST) Date: Tue, 5 Sep 2000 06:53:54 -0500 (EST) From: Josh Guffin guffin@guffin.org Subject: [PLUG] mini-linux On Tue, 5 Sep 2000, Seth Heckard wrote: > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). I played with Redhat and Debian tonight -- I got Debian > installed however I only have 5MB free and Redhat 6.9 wouldn't even > install in less than 400mb. Are there any decent mini-distros? I would > like to have all the basic stuff plus a c compiler at least so I could > compile new kernels and ssh and the like. > > Seth why use a harddrive at all? ethernet booting works fine, and you can pick up a floppy drive for five bucks. if you're too cheap for five bucks, well sweet baby jesus. =D josh From guffin@guffin.org Tue, 5 Sep 2000 06:57:03 -0500 (EST) Date: Tue, 5 Sep 2000 06:57:03 -0500 (EST) From: Josh Guffin guffin@guffin.org Subject: [PLUG] mini-linux On Tue, 5 Sep 2000, Josh Guffin wrote: > why use a harddrive at all? ethernet booting works fine, and you can pick > up a floppy drive for five bucks. if you're too cheap for five bucks, > well sweet baby jesus. duh what am i talking about. you can keep the kernel in a boot partition on the harddrive and mount /usr, /var, /home, etc. from nfs. easy-cheesy josh From porterds@purdue.edu Tue, 05 Sep 2000 09:41:56 -0500 Date: Tue, 05 Sep 2000 09:41:56 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] mini-linux Seth Heckard wrote: > > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). i am one of seth's friends, and he is not as cheap as he sounds. he just doesn't want to spend (waste) much money on computer stuff for now. i found something that could be very useful called tiny linux. it is a very small distribution which even provides an x server if you choose to install it. they recommended 8 megs of ram or better, and 50 megs disk minimum, 80 for a more functional system. the only downside is that it must be installed from 14 floppies, but you _could_ borrow the floppy drive from your primary computer. http://tiny.seul.org/en/ - doug porter From heckarsd@purdue.edu Tue, 05 Sep 2000 11:38:20 -0500 Date: Tue, 05 Sep 2000 11:38:20 -0500 From: Seth Heckard heckarsd@purdue.edu Subject: [PLUG] mini-linux Doug Porter wrote: > i am one of seth's friends, and he is not as cheap as he sounds. he just > doesn't want to spend (waste) much money on computer stuff for now. Very true! I spent way too much money over the summer (one of the side effects of buying a car is that you have less money in your savings account afterwards...) and I was trying to make this work as is. But, realistically, 128MB will not be enough for a decent setup, so I will probably make my way out to salvage today and see if I can pick up a ~500MB hard disk for a somewhat decent price. Then it should be much more comfortable. It could be worse, when I first got the computer it only had 8MB of RAM! Also, although a perfect computer-based firewall would have no services running on it, I think that I will have to at least run my mail server and DNS server off of the Cyrix. Add in those two and there's no way I'd be able to cram all that in 128MB. > i found something that could be very useful called tiny linux. it is a > very small distribution which even provides an x server if you choose to > install it. they recommended 8 megs of ram or better, and 50 megs disk > minimum, 80 for a more functional system. the only downside is that it > must be installed from 14 floppies, but you _could_ borrow the floppy > drive from your primary computer. Oh, and a word of wisdom... floppy disks are *not* hot-swappable :-) So don't even try it! Computers have a tendency to reboot when the floppy disk cable comes unseated (and then you have to sit through 15 minutes of fscking fun...) Seth From honeycug@purdue.edu Tue, 5 Sep 2000 13:20:49 -0500 (EST) Date: Tue, 5 Sep 2000 13:20:49 -0500 (EST) From: Ret honeycug@purdue.edu Subject: [PLUG] mini-linux > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). I played with Redhat and Debian tonight -- I got Debian > installed however I only have 5MB free and Redhat 6.9 wouldn't even > install in less than 400mb. Are there any decent mini-distros? I would > like to have all the basic stuff plus a c compiler at least so I could > compile new kernels and ssh and the like. > > Seth i would either goto kernel.org and compile your own kernel and then goto freshmeat and get only the utils that you need. also if this is a firewall and you dont have much space then check out NetBSD. garrett From cnd@ecn.purdue.edu Tue, 05 Sep 2000 13:27:31 -0500 Date: Tue, 05 Sep 2000 13:27:31 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Events of the Week Here's a brief list of all of the events going on in PLUG and other related organizations. PLUG Callout Monday, September 11th, 2000 6:30pm - 9:30pm Physics 112 CSWN/IBM Resume Workshop Tuesday, September 5th, 2000 7pm - 9pm MTHW 210 Come get helpful pointers on your resume and free food. Computer Organizations Callout Fair Thursday, September 7th, 2000 10am - 2pm MSEE Atrium Come hang out or help out. Computer Society Callout Thursday, September 7th, 2000 7pm - 9pm EE 005 Come join another cool organization. http://csociety.purdue.org -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From cnd@ecn.purdue.edu Tue, 05 Sep 2000 13:40:48 -0500 Date: Tue, 05 Sep 2000 13:40:48 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Can you donate some time? We need help putting up flyers for the Computer Org Callout Fair on Thursday. If you can help put flyers up in buildings and on sidewalks. If you can help out a little (hour between classes or whatever) we'd appreciate it. Send me mail. -Chris -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From ab@eas.purdue.edu Tue, 05 Sep 2000 14:42:33 -0500 Date: Tue, 05 Sep 2000 14:42:33 -0500 From: A Braunsdorf ab@eas.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair In message <20000901160731.G73638@radon.gryphonsoft.com>, Will Andrews writes: > > *smack* I beg to differ. That is called a daemon, not a devil. Speaking of which, I asked FreeBSD.org for some free swag for my lab, and they sent me some, which is extremely cool, but I'm about five seats short. Anybody got any extra FreeBSD mousepads or machine logo plates? Anybody want any stickers, bumper stickers, or catalogs? (Seventeen machines running FreeBSD in a lab for our students to use. Used to be eight AIX machines. Meteorologists use UNIX!) ab From will@physics.purdue.edu Tue, 5 Sep 2000 15:10:36 -0500 Date: Tue, 5 Sep 2000 15:10:36 -0500 From: Will Andrews will@physics.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair On Tue, Sep 05, 2000 at 02:42:33PM -0500, A Braunsdorf wrote: > Speaking of which, I asked FreeBSD.org for some free swag for my > lab, and they sent me some, which is extremely cool, but I'm about > five seats short. Anybody got any extra FreeBSD mousepads or > machine logo plates? Anybody want any stickers, bumper stickers, > or catalogs? I got extra FreeBSD sticker sheets. I don't really have much cool stuff with FreeBSD logos on them; just CD sets and sticker sheets. :( Sorry Allen... -- Will Andrews GCS/E/S @d- s+:+ a--- C++ UB++++$ P+ L- E--- W+ N-- !o ?K w--- O- M+ V- PS+ PE++ Y+ PGP+>+++ t++ 5 X+ R+ tv+ b++ DI+++ D+ G++ e>++++ h! r- y? From rjune@ims1.imagestream-is.com Tue, 5 Sep 2000 16:43:07 -0500 (EST) Date: Tue, 5 Sep 2000 16:43:07 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] mini-linux I don't know how far down I can get a *real* distro, however I've gotten a router distro down to about 20MB(With gated and ssh and snmp, etc.) :-) so if You want I'll give you a hand setting up something with a compiler and everything. On Tue, 5 Sep 2000, Seth Heckard wrote: > I acquired a Cyrix/200 with 32mb of RAM that I would like to put in > service as a firewall. It only has a 128mb hard disk and I'm too cheap > to buy a larger one. I was looking at the linux router project and > while it can do basic firewall needs, I would like a full distribution > at my disposal (and I also don't have a floppy drive... too cheap to buy > one again). I played with Redhat and Debian tonight -- I got Debian > installed however I only have 5MB free and Redhat 6.9 wouldn't even > install in less than 400mb. Are there any decent mini-distros? I would > like to have all the basic stuff plus a c compiler at least so I could > compile new kernels and ssh and the like. > > Seth > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > From pfitzge1@purdue.edu Tue, 5 Sep 2000 18:21:11 -0500 (EST) Date: Tue, 5 Sep 2000 18:21:11 -0500 (EST) From: patrick.n.fitzgerald.1 pfitzge1@purdue.edu Subject: [PLUG] Computer Organizations Callout Fair On Tue, 5 Sep 2000, A Braunsdorf wrote: > Speaking of which, I asked FreeBSD.org for some free swag for my > lab, and they sent me some, which is extremely cool, but I'm about > five seats short. Anybody got any extra FreeBSD mousepads or > machine logo plates? Anybody want any stickers, bumper stickers, > or catalogs? > I'll take a couple bumper stickers off your hands. I don't think I have any logo plates, but I've probably got some little square stickers about that size with Chuck and "Powered by FreeBSD" if I look around enough. Also, stay tuned for the InstallFest, we usually get tonnes of swag for that. I think my stickers are actually left over from last year's installfest. (I don't have too many machines that can actually claim to be powered by FreeBSD... but once my Linux machine was saved by a FreeBSD boot floppy.) While my car doesn't yet have anything inside it capable of running FreeBSD, it can always serve as a mobile advertisement. I need something to replace the RTFM sticker that got ripped off. Thanks in advance, Patrick N. Fitzgerald Official Plug Videographer and Keeper of the Sacred Flame -- Gravity is a myth, the Earth sucks. --fortune (5) From mpribble@ori.net Tue, 5 Sep 2000 19:28:02 -0500 Date: Tue, 5 Sep 2000 19:28:02 -0500 From: Marv Pribble mpribble@ori.net Subject: [PLUG] Telnet Problem This is a multi-part message in MIME format. ------=_NextPart_000_00B1_01C0176F.6833AE40 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a small home network of 3 machines, 1 with Mandrake 7.0. I can = ping all three machines, run Samba on the linux box and access the = drives on my Windows machines, etc. I cannot get telnet or ftp to run = on the linux box. Even from the linux box, when I 'telnet localhost', = the session starts and I receive messages:=20 Trying 127.0.0.1 Connected to localhost.locadomain Escape character is `^]` Then, after a few seconds, 'Connection closed by foreign host.'. =20 I have verified /etc/services contains the info for inetd to start the = telnet daemon. I can run the telnetd daemon from the command line. If anyone knows why, or could suggest some debugging help, I would = appreciate it. TIA Marv ------=_NextPart_000_00B1_01C0176F.6833AE40 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have a small home network of 3 = machines, 1 with=20 Mandrake 7.0.  I can ping all three machines, run Samba on the = linux box=20 and access the drives on my Windows machines, etc.  I cannot get = telnet or=20 ftp to run on the linux box.  Even from the linux box, when I = 'telnet=20 localhost', the session starts and I receive messages:
Trying 127.0.0.1
Connected to localhost.locadomain
Escape character is `^]`
 
Then, after a few seconds, 'Connection closed by = foreign=20 host.'. 
 
I have verified /etc/services contains the info for inetd to start = the=20 telnet daemon.  I can run the telnetd daemon from the command = line.
 
If anyone knows why, or could suggest some = debugging help,=20 I would appreciate it.
 
TIA
 
Marv
------=_NextPart_000_00B1_01C0176F.6833AE40-- From Biggs@fuzzydice.net Tue, 5 Sep 2000 19:23:53 +0000 (/etc/localtime) Date: Tue, 5 Sep 2000 19:23:53 +0000 (/etc/localtime) From: Matt Vleaminck Biggs@fuzzydice.net Subject: [PLUG] Mandrake boot disk I need a Mandrake boot disk pronto. Thanks. Matt Vleaminck a.k.a. Biggs VR Web Design Co-Owner Primary E-mail: biggs@fuzzydice.net Secondary E-mail: biggs@vrwebdesign.org From Biggs@fuzzydice.net Tue, 5 Sep 2000 19:24:37 +0000 (/etc/localtime) Date: Tue, 5 Sep 2000 19:24:37 +0000 (/etc/localtime) From: Matt Vleaminck Biggs@fuzzydice.net Subject: [PLUG] boot disk 2 that is Mandrake 7.0 by the way :) Matt Vleaminck a.k.a. Biggs VR Web Design Co-Owner Primary E-mail: biggs@fuzzydice.net Secondary E-mail: biggs@vrwebdesign.org From pweber1@purdue.edu Tue, 5 Sep 2000 19:54:01 -0500 (EST) Date: Tue, 5 Sep 2000 19:54:01 -0500 (EST) From: peter pweber1@purdue.edu Subject: [PLUG] streaming audio & a suggestion i'm looking for a way to save streaming audio (most notably RealAudio) to file(s). does such a beast exist? my suggestion is that i think it would be very useful to be able to search the PLUG list archives. this seems like it would be a fairly straightforward thing to get set up, and i for one would find it to be invaluable. peter ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From docauerj@purdue.edu Tue, 05 Sep 2000 19:55:46 -0500 Date: Tue, 05 Sep 2000 19:55:46 -0500 From: Alex Docauer docauerj@purdue.edu Subject: [PLUG] Telnet Problem Did you check your tcp wrappers? Look at /etc/hosts.allow and /etc/hosts.deny hosts.deny should look like: ALL:ALL and hosts.allow should looke something like: ALL:LOCAL ALL: in.telnetd: in.ftpd: Alex Marv Pribble wrote: > I have a small home network of 3 machines, 1 with Mandrake 7.0. I can > ping all three machines, run Samba on the linux box and access the > drives on my Windows machines, etc. I cannot get telnet or ftp to run > on the linux box. Even from the linux box, when I 'telnet localhost', > the session starts and I receive messages:Trying 127.0.0.1Connected to > localhost.locadomainEscape character is `^]` Then, after a few > seconds, 'Connection closed by foreign host.'. I have verified > /etc/services contains the info for inetd to start the telnet daemon. > I can run the telnetd daemon from the command line. If anyone knows > why, or could suggest some debugging help, I would appreciate > it. TIA Marv From mpribble@ori.net Tue, 5 Sep 2000 20:53:49 -0500 Date: Tue, 5 Sep 2000 20:53:49 -0500 From: Marv Pribble mpribble@ori.net Subject: [PLUG] Telnet Problem Alex, I made the changes you suggested and stopped and restarted inetd. Still the same result. Is there a log anywhere or some logging I can turn on to help determine the problem? Marv ----- Original Message ----- From: Alex Docauer To: Marv Pribble Cc: Sent: Tuesday, September 05, 2000 7:55 PM Subject: Re: [PLUG] Telnet Problem > Did you check your tcp wrappers? Look at /etc/hosts.allow and > /etc/hosts.deny > > hosts.deny should look like: > ALL:ALL > > and hosts.allow should looke something like: > ALL:LOCAL > ALL: > in.telnetd: > in.ftpd: > > Alex > > Marv Pribble wrote: > > > I have a small home network of 3 machines, 1 with Mandrake 7.0. I can > > ping all three machines, run Samba on the linux box and access the > > drives on my Windows machines, etc. I cannot get telnet or ftp to run > > on the linux box. Even from the linux box, when I 'telnet localhost', > > the session starts and I receive messages:Trying 127.0.0.1Connected to > > localhost.locadomainEscape character is `^]` Then, after a few > > seconds, 'Connection closed by foreign host.'. I have verified > > /etc/services contains the info for inetd to start the telnet daemon. > > I can run the telnetd daemon from the command line. If anyone knows > > why, or could suggest some debugging help, I would appreciate > > it. TIA Marv > > From docauerj@purdue.edu Tue, 05 Sep 2000 21:02:04 -0500 Date: Tue, 05 Sep 2000 21:02:04 -0500 From: Alex Docauer docauerj@purdue.edu Subject: [PLUG] Telnet Problem One of the logs, I think either messages or security, should say something if the connection attempt is refused. Also, make sure that your dns informatin is set up correctly. TCP wrappers uses dns to verify host information and can get really screwed up if it can't perform a lookup. You may also want to try setting hosts.allow to: ALL:ALL just to see if that's the problem, although I wouldn't reccomend leaving it like that for long. Put a # sign in front of all the other entries. Alex Marv Pribble wrote: > Alex, > > I made the changes you suggested and stopped and restarted inetd. Still the > same result. Is there a log anywhere or some logging I can turn on to help > determine the problem? > > Marv > > ----- Original Message ----- > From: Alex Docauer > To: Marv Pribble > Cc: > Sent: Tuesday, September 05, 2000 7:55 PM > Subject: Re: [PLUG] Telnet Problem > > > Did you check your tcp wrappers? Look at /etc/hosts.allow and > > /etc/hosts.deny > > > > hosts.deny should look like: > > ALL:ALL > > > > and hosts.allow should looke something like: > > ALL:LOCAL > > ALL: > > in.telnetd: > > in.ftpd: > > > > Alex > > > > Marv Pribble wrote: > > > > > I have a small home network of 3 machines, 1 with Mandrake 7.0. I can > > > ping all three machines, run Samba on the linux box and access the > > > drives on my Windows machines, etc. I cannot get telnet or ftp to run > > > on the linux box. Even from the linux box, when I 'telnet localhost', > > > the session starts and I receive messages:Trying 127.0.0.1Connected to > > > localhost.locadomainEscape character is `^]` Then, after a few > > > seconds, 'Connection closed by foreign host.'. I have verified > > > /etc/services contains the info for inetd to start the telnet daemon. > > > I can run the telnetd daemon from the command line. If anyone knows > > > why, or could suggest some debugging help, I would appreciate > > > it. TIA Marv > > > > From cnd@ecn.purdue.edu Tue, 05 Sep 2000 22:39:33 -0500 Date: Tue, 05 Sep 2000 22:39:33 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] streaming audio & a suggestion > i'm looking for a way to save streaming audio (most notably RealAudio) to Try lynx maybe? lynx -s source http://blah > file.rm > my suggestion is that i think it would be very useful to be able to search > the PLUG list archives. this seems like it would be a fairly > straightforward thing to get set up, and i for one would find it to be > invaluable. Are you willing to put in the time??? -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From cnd@ecn.purdue.edu Tue, 05 Sep 2000 22:40:51 -0500 Date: Tue, 05 Sep 2000 22:40:51 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair Computer Organizations Callout Fair MSEE Atrium Thursday, September 7th 10:00-2:00 Come check out all of Purdue's computer related student organizations. Representatives from the Purdue Linux User's Group (PLUG), the Purdue Macintosh User's Group (PUMUG), Purdue SIGgraph, Purdue Computer Society, Purdue Web Development Org., Purdue Perl Mongers, and the Purdue chapter of ACM will all be there to give information and answer questions. -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From wirges@expert.cc.purdue.edu Wed, 06 Sep 2000 00:10:24 -0500 Date: Wed, 06 Sep 2000 00:10:24 -0500 From: Matt wirges@expert.cc.purdue.edu Subject: [PLUG] Telnet Problem Marv, Make sure that your inetd.conf file has these lines in it: ftp stream tcp nowait root /usr/sbin/tcpd in.ftp -l -a telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd If u don't have those lines there, add them. If they are commented out, uncomment them. Make sure you restart inetd! -Matt -- ============================================================================== | Matthew Wirges | | Systems Administrator, Student, Programmer, Geek. | | Office Phone: [765]464-1148 | | Email: wirges@expert.cc.purdue.edu || sysadmin@sharpwebinnovations.com | | www.sharpwebinnovations.com | ============================================================================== > Marv Pribble wrote: > > I have a small home network of 3 machines, 1 with Mandrake 7.0. I can > ping all three machines, run Samba on the linux box and access the > drives on my Windows machines, etc. I cannot get telnet or ftp to run > on the linux box. Even from the linux box, when I 'telnet localhost', > the session starts and I receive messages: > Trying 127.0.0.1 > Connected to localhost.locadomain > Escape character is `^]` > > Then, after a few seconds, 'Connection closed by foreign host.'. > > I have verified /etc/services contains the info for inetd to start the > telnet daemon. I can run the telnetd daemon from the command line. > > If anyone knows why, or could suggest some debugging help, I would > appreciate it. > > TIA > > Marv From sergent@csociety.purdue.edu Tue, 05 Sep 2000 22:44:37 -0700 Date: Tue, 05 Sep 2000 22:44:37 -0700 From: Jonathan Sergent sergent@csociety.purdue.edu Subject: [PLUG] streaming audio & a suggestion > i'm looking for a way to save streaming audio (most notably RealAudio) to > file(s). does such a beast exist? On the client side or on the sender side? --jss. From bhlewis@pythia.cc.purdue.edu 06 Sep 2000 06:40:55 -0500 Date: 06 Sep 2000 06:40:55 -0500 From: Benjamin Lewis bhlewis@pythia.cc.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair A Braunsdorf writes: > Speaking of which, I asked FreeBSD.org for some free swag for my > lab, and they sent me some, which is extremely cool, but I'm about > five seats short. Anybody got any extra FreeBSD mousepads or > machine logo plates? Anybody want any stickers, bumper stickers, > or catalogs? I have at least five of the 1" square FreeBSD logo case plates that I'd be more than happy to donate to your lab. If you let me know where to send them, I can drop them in campus mail tomorrow. -Ben -- Benjamin Lewis Thank goodness modern convenience is a Database Analyst/Programmer thing of the remote future. Purdue University Computing Center -- Pogo, by Walt Kelly bhlewis@purdue.edu From cnd@ecn.purdue.edu Wed, 06 Sep 2000 11:36:01 -0500 Date: Wed, 06 Sep 2000 11:36:01 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] P&G and Hughes P&G and Hughes are in the MSEE Atrium talking with people and taking resumes. It's also P&G Fun Day. I think there are little 'events' going on all over campus. I know there are some out here in the Engineering Mall. Come on over, talk with some people, get a job, or just get some cool free stuff. -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From rjune@ims1.imagestream-is.com Wed, 6 Sep 2000 12:18:24 -0500 (EST) Date: Wed, 6 Sep 2000 12:18:24 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] P&G and Hughes I know people that work for P&G, I've not heard good things about it. On Wed, 6 Sep 2000, Christopher N. Deckard wrote: > P&G and Hughes are in the MSEE Atrium talking with people and taking > resumes. > > It's also P&G Fun Day. I think there are little 'events' going on all > over campus. I know there are some out here in the Engineering Mall. > > Come on over, talk with some people, get a job, or just get some cool > free stuff. > > -Chris > PLUG President > > -- > ---------------------------------------------------------------------- > Christopher N. Deckard | Lead Web Technician > cnd@ecn.purdue.edu | Engineering Computer Network > http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ > ---------------------------------------------------------------------- > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > From doobie@doobie.org Wed, 6 Sep 2000 23:21:53 -0500 (EST) Date: Wed, 6 Sep 2000 23:21:53 -0500 (EST) From: Jason Dubrow doobie@doobie.org Subject: [PLUG] || Execution of perl scripts? Threading? Okay, I've got a question to pose to those perl mongers out there. I need to do multiple things at one time (aka 500+). The problem is that fork() is not very memory conservative, my database starts dying from lack of memory. Anyone know of a good solution, can you do threads in perl? Thanks, Jas From heckarsd@purdue.edu Wed, 6 Sep 2000 23:42:29 -0500 (EST) Date: Wed, 6 Sep 2000 23:42:29 -0500 (EST) From: Seth Heckard heckarsd@purdue.edu Subject: [PLUG] || Execution of perl scripts? Threading? On Wed, 6 Sep 2000, Jason Dubrow wrote: > > Okay, I've got a question to pose to those perl mongers out there. I need > to do multiple things at one time (aka 500+). The problem is that fork() > is not very memory conservative, my database starts dying from lack of > memory. Anyone know of a good solution, can you do threads in perl? > > Thanks, > Jas there are threads in perl, but i don't know if they work reliably yet... i've never used them. if you can get ahold of 'programming perl' 3rd ed. (just came out a month ago or so), chapter 17 has about 20 pages on threads. it's not much, but it might help... seth From mpribble@ori.net Thu, 7 Sep 2000 00:54:08 -0500 Date: Thu, 7 Sep 2000 00:54:08 -0500 From: Marv Pribble mpribble@ori.net Subject: [PLUG] Telnet Problem Alex, Thanks for your help. When you mentioned TCP wrappers, I found the README in /usr/doc/tcp_wrappers and read it. It mentioned 2 helpful programs tcpdchk and tcpdmatch which verify your inetd.conf, hosts.allow, and hosts.deny files. It pointed out several problems and I fixed those. Everything (telnet and ftp) is working now from my local Linux box. I should have known it would work today. My hub died yesterday. Marv From zamboni@cerias.purdue.edu Thu, 07 Sep 2000 08:19:43 -0500 Date: Thu, 07 Sep 2000 08:19:43 -0500 From: Diego Zamboni zamboni@cerias.purdue.edu Subject: [PLUG] || Execution of perl scripts? Threading? doobie@doobie.org said: > Anyone know of a good solution, can you do threads in perl? There is thread support in Perl, but it has to be compiled in, and it is still considered experimental. There is some documentation about them installed with the newer installations of Perl: perldoc Thread perldoc perlthrtut --Diego From cnd@ecn.purdue.edu Thu, 07 Sep 2000 08:41:06 -0500 Date: Thu, 07 Sep 2000 08:41:06 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Computer Organizations Callout Fair TODAY TODAY TODAY TODAY TODAY Computer Organizations Callout Fair MSEE Atrium Thursday, September 7th 10:00-2:00 Come check out all of Purdue's computer related student organizations. Representatives from the Purdue Linux User's Group (PLUG), the Purdue Macintosh User's Group (PUMUG), Purdue SIGgraph, Purdue Computer Society, Purdue Web Development Org., Purdue Perl Mongers, and the Purdue chapter of ACM will all be there to give information and answer questions. -Chris PLUG President -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From heckarsd@purdue.edu Thu, 7 Sep 2000 11:29:21 -0500 (EST) Date: Thu, 7 Sep 2000 11:29:21 -0500 (EST) From: Seth Heckard heckarsd@purdue.edu Subject: [PLUG] x and redhat 6.9.5 i'm running redhat 6.9.5 (pinstripe) and i can't do any remote x sessions with pcxware. gdm is set up properly i think and i have a feeling that it is a problem with my font server (pcxware complains that it can't find all the fonts). other than that, i have no idea :-) anyone run into this before? seth From pweber1@purdue.edu Thu, 7 Sep 2000 11:47:01 -0500 Date: Thu, 7 Sep 2000 11:47:01 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help help! i just found out that someone traced a network attack of some kind to my ip address. this was definitely NOT me, so my best guess is that my machine got cracked and someone used it to launch an attack. how can i figure out what happened? i'm running RH6.1 (i was going to be upgrading to 6.2 as we speak). services include(d): httpd (dumb, i know) ftp ssh afpd (quite insecure, i know) papd (ditto) sendmail and some other stuff i'm not thinking of right now. i have this machine running as a router/firewall, and i guess i *really* need to improve how that's set up.. :) thanks, peter p.s. if one of you filed the complain (the assistant dean of students told me the attack started about 2pm yesterday) please contact me, i really want to figure out what happened! -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From porterds@purdue.edu Thu, 07 Sep 2000 12:03:22 -0500 Date: Thu, 07 Sep 2000 12:03:22 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] help most likely it was ftp... if you were running the wu-ftpd from redhat 6.1 it has a huge root exploit. there are many scripts floating around the net script kiddies use which require no intelligence to use. i was once in a similar situation to you... the assistant dean of students called me and told me they were getting complaints that i was "attempting to break into some computer." of course the lady that calls knows nothing about computers so i told her to get more details. she called me back a week later and read me some lines from a log file. turns out that i was fingering some box, hardly a break in attempt, but that is kind of hard to explain to the lady i was talking to that knew nothing about computers. i haven't heard anything about it since... - doug porter peter wrote: > > help! i just found out that someone traced a network attack of some > kind to my ip address. this was definitely NOT me, so my best guess > is that my machine got cracked and someone used it to launch an > attack. how can i figure out what happened? i'm running RH6.1 (i was > going to be upgrading to 6.2 as we speak). > > services include(d): > > httpd (dumb, i know) > ftp > ssh > afpd (quite insecure, i know) > papd (ditto) > sendmail > > and some other stuff i'm not thinking of right now. i have this > machine running as a router/firewall, and i guess i *really* need to > improve how that's set up.. :) > > thanks, > peter > > p.s. if one of you filed the complain (the assistant dean of students > told me the attack started about 2pm yesterday) please contact me, i > really want to figure out what happened! > -- > ------------------------------------------------------------------ > peter weber "To know that we know what we know, > N9AZ and that we do not know what we do > pweber1@purdue.edu not know, that is true knowledge." > -Confucius > ------------------------------------------------------------------ > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From rjune@ims1.imagestream-is.com Thu, 7 Sep 2000 12:05:57 -0500 (EST) Date: Thu, 7 Sep 2000 12:05:57 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] help You can use rpm to verify that those haven't changed at all rpm --verify use a man rpm to find out what the output means. That would be a possible start. > From pweber1@purdue.edu Thu, 7 Sep 2000 12:07:38 -0500 Date: Thu, 7 Sep 2000 12:07:38 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help i already axed ftp. (i have my brother trying to access from a way off-campus ip.) how can i figure out what outgoing connections were happening during a specific time frame? thanks, peter >most likely it was ftp... if you were running the wu-ftpd from redhat >6.1 it has a huge root exploit. there are many scripts floating around >the net script kiddies use which require no intelligence to use. > >i was once in a similar situation to you... the assistant dean of >students called me and told me they were getting complaints that i was >"attempting to break into some computer." of course the lady that calls >knows nothing about computers so i told her to get more details. she >called me back a week later and read me some lines from a log file. >turns out that i was fingering some box, hardly a break in attempt, but >that is kind of hard to explain to the lady i was talking to that knew >nothing about computers. i haven't heard anything about it since... > >- doug porter > >peter wrote: >> >> help! i just found out that someone traced a network attack of some >> kind to my ip address. this was definitely NOT me, so my best guess >> is that my machine got cracked and someone used it to launch an >> attack. how can i figure out what happened? i'm running RH6.1 (i was >> going to be upgrading to 6.2 as we speak). >> >> services include(d): >> >> httpd (dumb, i know) >> ftp >> ssh >> afpd (quite insecure, i know) >> papd (ditto) >> sendmail >> >> and some other stuff i'm not thinking of right now. i have this >> machine running as a router/firewall, and i guess i *really* need to >> improve how that's set up.. :) >> >> thanks, >> peter >> >> p.s. if one of you filed the complain (the assistant dean of students >> told me the attack started about 2pm yesterday) please contact me, i >> really want to figure out what happened! >> -- >> ------------------------------------------------------------------ >> peter weber "To know that we know what we know, >> N9AZ and that we do not know what we do >> pweber1@purdue.edu not know, that is true knowledge." >> -Confucius >> ------------------------------------------------------------------ >> >> ____________________________________________________ >> The Purdue Linux Users' Group (PLUG) mailing list. >> plug mailing list - plug@csociety.purdue.edu >> http://csociety.ecn.purdue.edu/mailman/listinfo/plug -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From porterds@purdue.edu Thu, 07 Sep 2000 12:15:22 -0500 Date: Thu, 07 Sep 2000 12:15:22 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] help you can try the command "last | grep ftpd". that will show you who logged on to your ftp server since the beginning of this month. you can also check out the /etc/log/xferlog which shows all ftp transfers (up or down). two other log files you should look at in are /var/log/messages and /var/log/secure. but remember, if this person knew what they were doing they could have covered their tracks. i would also check /etc/passwd and look for peculiar accounts, specifically any account with a user id of zero other than root. - doug peter wrote: > > i already axed ftp. (i have my brother trying to access from a way > off-campus ip.) how can i figure out what outgoing connections were > happening during a specific time frame? > > thanks, > peter > > >most likely it was ftp... if you were running the wu-ftpd from redhat > >6.1 it has a huge root exploit. there are many scripts floating around > >the net script kiddies use which require no intelligence to use. > > > >i was once in a similar situation to you... the assistant dean of > >students called me and told me they were getting complaints that i was > >"attempting to break into some computer." of course the lady that calls > >knows nothing about computers so i told her to get more details. she > >called me back a week later and read me some lines from a log file. > >turns out that i was fingering some box, hardly a break in attempt, but > >that is kind of hard to explain to the lady i was talking to that knew > >nothing about computers. i haven't heard anything about it since... > > > >- doug porter > > > >peter wrote: > >> > >> help! i just found out that someone traced a network attack of some > >> kind to my ip address. this was definitely NOT me, so my best guess > >> is that my machine got cracked and someone used it to launch an > >> attack. how can i figure out what happened? i'm running RH6.1 (i was > >> going to be upgrading to 6.2 as we speak). > >> > >> services include(d): > >> > >> httpd (dumb, i know) > >> ftp > >> ssh > >> afpd (quite insecure, i know) > >> papd (ditto) > >> sendmail > >> > >> and some other stuff i'm not thinking of right now. i have this > >> machine running as a router/firewall, and i guess i *really* need to > >> improve how that's set up.. :) > >> > >> thanks, > >> peter > >> > >> p.s. if one of you filed the complain (the assistant dean of students > >> told me the attack started about 2pm yesterday) please contact me, i > >> really want to figure out what happened! > >> -- > >> ------------------------------------------------------------------ > >> peter weber "To know that we know what we know, > >> N9AZ and that we do not know what we do > >> pweber1@purdue.edu not know, that is true knowledge." > >> -Confucius > >> ------------------------------------------------------------------ > >> > >> ____________________________________________________ > >> The Purdue Linux Users' Group (PLUG) mailing list. > >> plug mailing list - plug@csociety.purdue.edu > >> http://csociety.ecn.purdue.edu/mailman/listinfo/plug > > -- > ------------------------------------------------------------------ > peter weber "To know that we know what we know, > N9AZ and that we do not know what we do > pweber1@purdue.edu not know, that is true knowledge." > -Confucius > ------------------------------------------------------------------ From jclewis@purdue.edu Thu, 07 Sep 2000 12:34:15 -0500 Date: Thu, 07 Sep 2000 12:34:15 -0500 From: James Lewis jclewis@purdue.edu Subject: [PLUG] help You should at the very least be running tcplogd and icmplogd so you can tell when outside connection attempts are being made to your computer. peter wrote: > i already axed ftp. (i have my brother trying to access from a way > off-campus ip.) how can i figure out what outgoing connections were > happening during a specific time frame? > > thanks, > peter > > >most likely it was ftp... if you were running the wu-ftpd from redhat > >6.1 it has a huge root exploit. there are many scripts floating around > >the net script kiddies use which require no intelligence to use. > > > >i was once in a similar situation to you... the assistant dean of > >students called me and told me they were getting complaints that i was > >"attempting to break into some computer." of course the lady that calls > >knows nothing about computers so i told her to get more details. she > >called me back a week later and read me some lines from a log file. > >turns out that i was fingering some box, hardly a break in attempt, but > >that is kind of hard to explain to the lady i was talking to that knew > >nothing about computers. i haven't heard anything about it since... > > > >- doug porter > > > >peter wrote: > >> > >> help! i just found out that someone traced a network attack of some > >> kind to my ip address. this was definitely NOT me, so my best guess > >> is that my machine got cracked and someone used it to launch an > >> attack. how can i figure out what happened? i'm running RH6.1 (i was > >> going to be upgrading to 6.2 as we speak). > >> > >> services include(d): > >> > >> httpd (dumb, i know) > >> ftp > >> ssh > >> afpd (quite insecure, i know) > >> papd (ditto) > >> sendmail > >> > >> and some other stuff i'm not thinking of right now. i have this > >> machine running as a router/firewall, and i guess i *really* need to > >> improve how that's set up.. :) > >> > >> thanks, > >> peter > >> > >> p.s. if one of you filed the complain (the assistant dean of students > >> told me the attack started about 2pm yesterday) please contact me, i > >> really want to figure out what happened! > >> -- > >> ------------------------------------------------------------------ > >> peter weber "To know that we know what we know, > >> N9AZ and that we do not know what we do > >> pweber1@purdue.edu not know, that is true knowledge." > >> -Confucius > >> ------------------------------------------------------------------ > >> > >> ____________________________________________________ > >> The Purdue Linux Users' Group (PLUG) mailing list. > >> plug mailing list - plug@csociety.purdue.edu > >> http://csociety.ecn.purdue.edu/mailman/listinfo/plug > > -- > ------------------------------------------------------------------ > peter weber "To know that we know what we know, > N9AZ and that we do not know what we do > pweber1@purdue.edu not know, that is true knowledge." > -Confucius > ------------------------------------------------------------------ > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From calx@purdue.edu Thu, 7 Sep 2000 12:37:46 -0500 (EST) Date: Thu, 7 Sep 2000 12:37:46 -0500 (EST) From: David calx@purdue.edu Subject: [PLUG] help Caution: rant. Don't like rants? Don't read. Extra caution: Chock full of opinion. > p.s. if one of you filed the complain (the assistant dean of students > told me the attack started about 2pm yesterday) please contact me, i > really want to figure out what happened! Yeah, I had someone "file a complaint" last year. The assistant dean, or the representative called me and accused me of ha><0RiN6 some slob's box. After constant questioning, I finally got it out of them that all I did was attempt to ftp into the dork's box. The weenie was running FreeBSD, so I don't think they were completely clueless. They could have looked at those magic logging files and perhaps attempted to contact me. Or they could have used that ipfw thingie that does stuff with "INternet". If anyone here gets "a77a><0r3D", why not check your logs, and write a friendly email to that person. It's rather stupid to go running to the arms of ResNet/PUCC/FBI etc, when chances are it's most likely not a vicious attack. They didn't shut down my damn connection that instant, so what's the point? When has attempting to utilize a bureaucracy worked better than personal interaction? Perhaps those people have a problem with confrontation? Perhaps they truly believe that the "offenders" service will cease the instant they report the "devious" behavior. Sorry about the rant, but I would be really pissed off if I got my service disconnected because I fingered a box (ewww) or ftp'd or www'd or telnet'd etc. It's not a damn port scan, and I didn't try to break in, it was a singular instance. I would be even more pissed off if an attack was launched from my box and no one informed me. Looking at the mail added to the list while I was writing this, I see that I am not the only one who had this happen. I believe that *NIX users are (for the most part) a step above the average computer user, and we all have an inherent curiosity. I think that we can police/protect ourselves much better than the school can. Hmm. Gratuitous use of sarcastic quotations... David From pweber1@purdue.edu Thu, 7 Sep 2000 13:30:00 -0500 Date: Thu, 7 Sep 2000 13:30:00 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help to everyone who has answered: thanks for your help, i'm still working on it, and everything you've given me has been very helpful. (sorry i haven't answered each of you personally, i've gotten a LOT of emails in the last couple of hours!) i've got what i think are some good leads, and i'll post a followup once i get this figured out. (and more questions in the meantime, if i have them! :) thanks, peter -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From docauerj@purdue.edu Thu, 07 Sep 2000 13:43:38 -0500 Date: Thu, 07 Sep 2000 13:43:38 -0500 From: Alex Docauer docauerj@purdue.edu Subject: [PLUG] help Doug Porter wrote: > i was once in a similar situation to you... the assistant dean of > students called me and told me they were getting complaints that i was > "attempting to break into some computer." of course the lady that calls > knows nothing about computers so i told her to get more details. she > called me back a week later and read me some lines from a log file. > turns out that i was fingering some box, hardly a break in attempt, but > that is kind of hard to explain to the lady i was talking to that knew > nothing about computers. i haven't heard anything about it since... Almost the same exact thing happened to me. One day I got a call from the office of the dean of students and they accused me of flooding other people out of irc channels. Apparently a guy broke into my RedHat 6.1 box and was running an irc egg-drop program on my system. I deleted the program, (and the crond scripts that kept reinstalling it), and used rpm -Va to figure out if he changed anything else. As it turned out, he had also modified /bin/login, but I couldn't delete it as the system gave me some error about not being able to unlink it. I couldn't rename it either; all I could do was rename /bin to /bin.old and copy the contents (except login) from bin.old back to bin. It's still a mystery to me why I couldn't remove it, and /bin.old/login still sits there to this day. Anyone have any ideas on why I can't remove it? Alex From defouwj@purdue.edu Thu, 7 Sep 2000 13:55:55 -0500 (EST) Date: Thu, 7 Sep 2000 13:55:55 -0500 (EST) From: Jeff DeFouw defouwj@purdue.edu Subject: [PLUG] help On Thu, 7 Sep 2000, Alex Docauer wrote: > It's still a mystery to me why I couldn't remove it, and > /bin.old/login still sits there to this day. Anyone have any ideas on > why I can't remove it? It probably had the ext2 "immutable" flag set. Do an lsattr /bin.old/login and look for an "i". You can use chattr -i /bin.old/login to remove the flag and then do whatever with it. -- Jeff DeFouw From pweber1@purdue.edu Thu, 7 Sep 2000 14:24:36 -0500 Date: Thu, 7 Sep 2000 14:24:36 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help i've found a few suspicious things. in /var/log/messages: Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" Sep 6 01:26:02 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: Unknown opcode from host 128.211.202.78 Sep 6 02:34:30 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: Unknown opcode from host 128.211.202.78 Sep 6 03:34:31 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: Unknown opcode from host 128.211.202.78 the first one (193.89.248.8) is www.baa.dk and also shows an entry in /var/log/secure (see below). the next 3 entries are also interesting. these are approximately 12 hours before the time they say the 'attack' started. i don't know exactly that this is about other than it has something to do with gdm. i find it interesting that the 3 messages are about an hour apart. in /var/log/secure: Sep 5 16:46:43 hawk-c-019 in.ftpd[11058]: connect from 193.89.248.8 Sep 6 10:19:17 hawk-c-019 in.ftpd[15739]: connect from 168.234.190.4 Sep 6 18:18:48 hawk-c-019 in.ftpd[18885]: connect from 24.168.41.251 the first address is the aforementioned www.baa.dk. the second address won't resolve: [pweber1@mentor pweber1]$ nslookup 168.234.190.4 Server: mentor.cc.purdue.edu Address: 128.210.10.12 *** mentor.cc.purdue.edu can't find 168.234.190.4: Non-existent host/domain and the third is from NYC(?) [pweber1@mentor pweber1]$ nslookup 24.168.41.251 Server: mentor.cc.purdue.edu Address: 128.210.10.12 Name: 24-168-41-251.nyc.rr.com Address: 24.168.41.251 the first two are the ones that really concerns me, since they happened before the time that the 'attack' reportedly started (2pm or so yesterday). so i guess what i have is: 1) 128.211.202.78 tried connecting to gdm about 12 hours before the attack 2) 193.89.248.8 (in Denmark?) connecting almost simultaneously via ssh and ftp before the attack 3) an unresolvable address (168.234.190.4) that connected via ftp before the attack 4) 24.168.41.251 connected via ftp about 4 hours after the attack started does this shed any light on anything? (i'm trying to get the name of the contact that informed the Dean of Students office, so that i get my hands on some useful info. i should be able to get that name in about 2 hours.) thanks again, peter -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From ab@eas.purdue.edu Thu, 07 Sep 2000 14:27:22 -0500 Date: Thu, 07 Sep 2000 14:27:22 -0500 From: A Braunsdorf ab@eas.purdue.edu Subject: [PLUG] help Sounds like you guys need to run something like Tripwire. ab From pweber1@purdue.edu Thu, 7 Sep 2000 14:27:53 -0500 Date: Thu, 7 Sep 2000 14:27:53 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help oops, forgot one piece. there are two entries in /var/log/secure from about 2.5 hours ago. someone in hilltop tried to ftp in, and the connections were refused (ala /etc/hosts.deny) (maybe that was someone on this list who was trying to check my services for me? [he hopes optimistically]) peter -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From psmith@lib.purdue.edu Thu, 7 Sep 2000 14:30:27 -0500 Date: Thu, 7 Sep 2000 14:30:27 -0500 From: Preston Smith psmith@lib.purdue.edu Subject: [PLUG] help On Thu, Sep 07, 2000 at 02:24:36PM -0500, peter (pweber1@purdue.edu) wrote: > i've found a few suspicious things. > > Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" > Sep 6 01:26:02 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 > Sep 6 02:34:30 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 > Sep 6 03:34:31 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 > > the first one (193.89.248.8) is www.baa.dk and also shows an entry in > /var/log/secure (see below). The entire network was portscanned by www.baa.dk the other day, I believe. (All of my boxes at the Libraries were probed) Probably scanned *.purdue.edu... -- Preston M. Smith http://www.lib.purdue.edu/~psmith "History repeats itself only if one does not listen the first time." From sharpa@ecn.purdue.edu Thu, 7 Sep 2000 14:33:43 -0500 (EST) Date: Thu, 7 Sep 2000 14:33:43 -0500 (EST) From: Andrew Sharp sharpa@ecn.purdue.edu Subject: [PLUG] help > in /var/log/messages: > > Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" > Sep 6 01:26:02 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 > Sep 6 02:34:30 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 > Sep 6 03:34:31 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > Unknown opcode from host 128.211.202.78 Hey! Thats the same guy that was bothering me the other day. From my logs:Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Connect from host: www.baa.dk/193.89.248.8 to TCP port: 143 Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Host 193.89.248.8 has been blocked via wrappers with string:"ALL: 193.89.248.8" Andrew From notz@purdue.edu Thu, 7 Sep 2000 14:40:19 -0500 (EST) Date: Thu, 7 Sep 2000 14:40:19 -0500 (EST) From: Patrick K Notz notz@purdue.edu Subject: [PLUG] help Call me crazy, but ("You're a Crazy Butt!") perhaps all of this suggests that a PLUG supported lecture on securing linux boxen would be a valuable event. I know I'd attend. I've been thinking about getting a ResNet ASDL connection at home but I think I'll wait until I learn how to secure my machine a little better. Pat From meuserj@purdue.edu Thu, 7 Sep 2000 14:45:36 -0500 (EST) Date: Thu, 7 Sep 2000 14:45:36 -0500 (EST) From: John C Meuser meuserj@purdue.edu Subject: [PLUG] help > > in /var/log/messages: > > > > Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" > > Sep 6 01:26:02 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > Unknown opcode from host 128.211.202.78 > > Sep 6 02:34:30 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > Unknown opcode from host 128.211.202.78 > > Sep 6 03:34:31 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > Unknown opcode from host 128.211.202.78 > > > Hey! Thats the same guy that was bothering me the other day. From my > logs:Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Connect > from host: www.baa.dk/193.89.248.8 to TCP port: 143 > Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Host > 193.89.248.8 has been blocked via wrappers with string:"ALL: 193.89.248.8" > > Andrew > He tried to get me too: Sep 5 18:08:31 wily-c-071 sshd[24761]: fatal: Timeout before authentication for 193.89.248.8. Should somebody report this or what? John From calx@purdue.edu Thu, 7 Sep 2000 14:49:14 -0500 (EST) Date: Thu, 7 Sep 2000 14:49:14 -0500 (EST) From: David calx@purdue.edu Subject: [PLUG] help > Call me crazy, but ("You're a Crazy Butt!") perhaps all of this > suggests that a PLUG supported lecture on securing linux boxen would > be a valuable event. I know I'd attend. I've been thinking about > getting a ResNet ASDL connection at home but I think I'll wait until I > learn how to secure my machine a little better. Agreed. Just as long as the lecture doesn't turn into a "in order to have true security, you need to use OpenBSD and not change anything" sort of lecture. :) (Nothing against OpenBSD, mind you, I know it's very secure, etc, just that it would be a boring lecture. Sort of like a lecture on getting Windows to crash. :) Could PLUG get some sysadmins from Purdue to speak? It would probably be easier to get some of the people securing our network to talk than anyone from the outside. Then again, I don't know what sort of connections PLUG has. David From calx@purdue.edu Thu, 7 Sep 2000 14:57:01 -0500 (EST) Date: Thu, 7 Sep 2000 14:57:01 -0500 (EST) From: David calx@purdue.edu Subject: [PLUG] help > Should somebody report this or what? Whenever someone from the outside attacks the bio network, the sysadmin can only send email to whoever appears to be responsible and then simply deny access from that host. If it turns out to be a network wide problem (@home), then the entire network is denied. There is a GIANT list of denied IPs for bio, and unfortunately, the response rate to complaints is very, very low. I think that what has been going on in this thread is a really great thing. It helps keep us aware of what others are doing. Perhaps there should be a mailing list for security issues like this? (Is there? I thought there was, but not as specific as this.) BTW, that same person attempted to login to my machines as well. Grrr. David > > > Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" > > > > Hey! Thats the same guy that was bothering me the other day. From my > > logs:Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Connect > > from host: www.baa.dk/193.89.248.8 to TCP port: 143 > > Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Host > > 193.89.248.8 has been blocked via wrappers with string:"ALL: 193.89.248.8" > He tried to get me too: > > Sep 5 18:08:31 wily-c-071 sshd[24761]: fatal: Timeout before > authentication for 193.89.248.8. > > Should somebody report this or what? From lev@purdue.edu Thu, 7 Sep 2000 15:02:44 -0500 Date: Thu, 7 Sep 2000 15:02:44 -0500 From: Lev Gorenstein lev@purdue.edu Subject: [PLUG] help On Thu, 7 Sep 2000, Patrick K Notz wrote: PKN> Call me crazy, but ("You're a Crazy Butt!") perhaps all of this PKN> suggests that a PLUG supported lecture on securing linux boxen would PKN> be a valuable event. I know I'd attend. I certainly second(3F) that. We could also make(1) it in sync(1M) with InstallFest... say, a week after InstallFest. When people get(1) their boxes installed, have a week to play with them and somewhat get familiar - then it'd be a good time to make them secure. Granted, for those who would only do occasional dial-ups it's less of an issue compared to the *DSL'ed people, but still it is an issue. Kind of important one ;-)). Lev -- To hell with HalloWIN! He have HalloUNIX every SUNday! From rajak@purdue.edu Thu, 7 Sep 2000 15:15:23 -0500 (EST) Date: Thu, 7 Sep 2000 15:15:23 -0500 (EST) From: Brian Poole rajak@purdue.edu Subject: [PLUG] help On Thu, 7 Sep 2000, David wrote: > Date: Thu, 7 Sep 2000 14:49:14 -0500 (EST) > From: David > To: Patrick K Notz > Cc: plug@csociety.purdue.edu > Subject: Re: [PLUG] help > > > Call me crazy, but ("You're a Crazy Butt!") perhaps all of this > > suggests that a PLUG supported lecture on securing linux boxen would > > be a valuable event. I know I'd attend. I've been thinking about > > getting a ResNet ASDL connection at home but I think I'll wait until I > > learn how to secure my machine a little better. > > Agreed. Just as long as the lecture doesn't turn into a "in order to have > true security, you need to use OpenBSD and not change anything" sort of > lecture. :) (Nothing against OpenBSD, mind you, I know it's very secure, > etc, just that it would be a boring lecture. Sort of like a lecture on > getting Windows to crash. :) > > Could PLUG get some sysadmins from Purdue to speak? It would probably be > easier to get some of the people securing our network to talk than anyone > from the outside. Then again, I don't know what sort of connections PLUG > has. Truth be told most of the security tips and configuration are pretty basic. It doesn't take an extremely experienced sys admin to know how to keep a machine relatively safe (especially from remote users, local users are another story, and requires a book or two ;) In Linux (and most *nixes for that matter) the common steps are.. 1. Edit /etc/inetd.conf and remove unnecessary services by commenting them out with a '#' then killall -HUP inetd to restart the daemon. 2. Edit your rc.d scripts to stop unnecessary services (rpc.*, sendmail, etc), this is distro specific, there are a couple of different styles, wouldn't take long to show the two main. 3. Setup TCP wrappers if you still have any services running out of inetd (if you don't you can remove it from your rc.d scripts as well, its pointless running it). The interface is simple and easy to block and allow people through with. 4. If you feel like it you can also setup a firewall which is extremely simple these days, there are a hundred firewall scripts for ipchains, some with GUIs included. Specify what services you need on the firewall, what machines that are masqed need specific ports fwded, etc. This is needed to protect other services not run out of inetd, remember TCP wrappers only works by default with inetd services, other services _may_ support it, but normally not by default (eg sshd, httpd, etc) 5. A little lecture on good policy. Don't pick bad passwords, don't let root login remotely (use su), don't give out shells, etc. 6. Install SSH over telnet if possible, it uses encryption which keeps usernames & passwords from being sniffed. There are free Window SSH clients as well, so its not much of a hassle. 7. Try to keep up to date on errata, if you use Redhat sign up for the Redhat security list, if you use Slackware the Slackware's. These are generally pretty low traffic (unlike, say BUGTRAQ) but are still pretty complete. 8. Install file integrity tools such as Tripwire, ViperDB, whatever works for you. It is after the fact security, you don't get notified until something has been changed already, but at least you know and can stop the machine and figure out what happened and keep the attacker from using the machine to springboard to others. If you actually follow these steps you are a very hard nut to crack and most people will just skip over you. Why attack a person with only a ssh port open that is also filtered at the firewall, when you have a person 20 IPs down who is running rpc.statd? After you've done this for a while it doesn't take all that long to secure a machine pretty well, even if it does seem a lot of work right off. I think a full lecture on this would be nice though, as long as the lecturer remembers not to keep it to distro-specific. -b > > David > > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > From rrussel5@purdue.edu Thu, 7 Sep 2000 15:59:38 -0500 Date: Thu, 7 Sep 2000 15:59:38 -0500 From: Alex Russell rrussel5@purdue.edu Subject: [PLUG] help Perchance someone (Chris) could query the CERIAS folks and see if any of them wanted to give a talk like the one suggested earlier? Just a thought, who knows, perhaps a Linux-only admin might give a more relevant talk. Alex +------------------------------------------------+ | Thomson Consumer Electronics www.rca.com | +------------------------------------------------+ | Alex Russell | Desk: (765) 495-8084 | | Web Developer | Cell: (317) 514-8455 | | www.netwindows.org | russella@tce.com | | russella.csoft.net | rrussel5@purdue.edu | | AIM: russcoon | russella@smoke.csoft.net | +------------------------------------------------+ -----Original Message----- From: plug-admin@csociety.purdue.edu [mailto:plug-admin@csociety.purdue.edu]On Behalf Of Lev Gorenstein Sent: Thursday, September 07, 2000 3:03 PM Cc: plug@csociety.purdue.edu Subject: Re: [PLUG] help On Thu, 7 Sep 2000, Patrick K Notz wrote: PKN> Call me crazy, but ("You're a Crazy Butt!") perhaps all of this PKN> suggests that a PLUG supported lecture on securing linux boxen would PKN> be a valuable event. I know I'd attend. I certainly second(3F) that. We could also make(1) it in sync(1M) with InstallFest... say, a week after InstallFest. When people get(1) their boxes installed, have a week to play with them and somewhat get familiar - then it'd be a good time to make them secure. Granted, for those who would only do occasional dial-ups it's less of an issue compared to the *DSL'ed people, but still it is an issue. Kind of important one ;-)). Lev -- To hell with HalloWIN! He have HalloUNIX every SUNday! ____________________________________________________ The Purdue Linux Users' Group (PLUG) mailing list. plug mailing list - plug@csociety.purdue.edu http://csociety.ecn.purdue.edu/mailman/listinfo/plug From zamboni@cerias.purdue.edu Thu, 07 Sep 2000 16:21:28 -0500 Date: Thu, 07 Sep 2000 16:21:28 -0500 From: Diego Zamboni zamboni@cerias.purdue.edu Subject: [PLUG] help >>>>> On Thu, 7 Sep 2000, "Brian" == Brian Poole wrote: Brian> I think a full lecture on this would be nice though, as long as the Brian> lecturer remembers not to keep it to distro-specific. Or better yet, not to keep it OS-specific. Most of the steps you outlined are not Linux-specific, and can very well be applied to *BSD, Solaris, or anything else. The only exception being item 4, since ipchains is not available everywhere, although there are other options (such as ipf, which comes with OpenBSD). --Diego From cnd@ecn.purdue.edu Thu, 07 Sep 2000 16:25:43 -0500 Date: Thu, 07 Sep 2000 16:25:43 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] help David wrote: > Could PLUG get some sysadmins from Purdue to speak? It would probably be > easier to get some of the people securing our network to talk than anyone > from the outside. Then again, I don't know what sort of connections PLUG > has. Oh. I know some people. :-) What kinds of things do you guys want covered and I'll try and get some lightning talks on security. I think that that would be a good way of doing it. Have maybe 5 or 6 people talk on differnet security concepts and present different things on what to do or not do. -Chris PLUG President From raj@cerias.purdue.edu Thu, 7 Sep 2000 16:28:16 -0500 (EST) Date: Thu, 7 Sep 2000 16:28:16 -0500 (EST) From: Brian Poole raj@cerias.purdue.edu Subject: [PLUG] help Agreed. ;) Might make it a bit harder to display visually the differences on BSD, Solaris, and Linux, but most of the steps are indeed common. I'd just be a bit worried about time, after all I'm sure most of us would get a bit carried away and talk about security and its risks for hours :) -b On Thu, 7 Sep 2000, Diego Zamboni wrote: > >>>>> On Thu, 7 Sep 2000, "Brian" == Brian Poole wrote: > > Brian> I think a full lecture on this would be nice though, as long as the > Brian> lecturer remembers not to keep it to distro-specific. > > Or better yet, not to keep it OS-specific. Most of the steps you outlined are > not Linux-specific, and can very well be applied to *BSD, Solaris, or anything > else. The only exception being item 4, since ipchains is not available > everywhere, although there are other options (such as ipf, which comes with > OpenBSD). > > --Diego > From sharpa@ecn.purdue.edu Thu, 7 Sep 2000 16:36:07 -0500 (EST) Date: Thu, 7 Sep 2000 16:36:07 -0500 (EST) From: Andrew Sharp sharpa@ecn.purdue.edu Subject: [PLUG] help > What kinds of things do you guys want covered and I'll try and get some > lightning talks on security. I think that that would be a good way of > doing it. Have maybe 5 or 6 people talk on differnet security concepts > and present different things on what to do or not do. I think a bit about what programs like Tripwire (and others) can do for you. I'm a little hazy in that area. Also a discussion of good firewalling rules would be helpful I'm sure. Then of course, the basic stuff w/inetd, ssh etc. Andrew From pweber1@purdue.edu Thu, 7 Sep 2000 17:21:39 -0500 Date: Thu, 7 Sep 2000 17:21:39 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] Bastille Linux anyone have any experience with this? according to the website it has been updated to deal with RH6.2 and can be run on "non-virgin" systems. ---- from http://www.securityfocus.com/focus/linux/articles/linux-install.html BASTILLE LINUX It is also apt here to consider installing Bastille-Linux (http://www.bastille-linux.org). From the Bastille Linux home page: "The Bastille Hardening script attempts to provide the most secure, yet functional, Redhat 6.0 system available." Bastille Linux is a script that attempts to appropriately harden a Redhat 6.0 system. It acts fairly similar to tools available for other operating systems, such as Titan for Sun Solaris. Presently, Bastille-Linux is only available (and has been thoroughly tested) for Redhat 6.0. However, it should shortly be availble for other versions of Redhat and hopefully other distributions of Linux. If it is available for the version of Linux you are running, it would be wise to download and install this script. Just remember that if you do use Bastille-Linux, it should be performed immediately after Redhat has been installed (ie even before patches are added). -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From olenik@purdue.edu Thu, 07 Sep 2000 17:24:34 -0500 Date: Thu, 07 Sep 2000 17:24:34 -0500 From: Hayden Olenik olenik@purdue.edu Subject: [PLUG] Bastille Linux I'm using Bastille now. It certainly is adaptable, as it seems to be working great, and I'm running RedHat 6.9.5 (Pinstripe). Hayden On Thu, 7 Sep 2000, peter wrote: > Date: Thu, 7 Sep 2000 17:21:39 -0500 > To: plug@csociety.purdue.edu > From: peter > Sender: plug-admin@csociety.purdue.edu > Subject: [PLUG] Bastille Linux > > anyone have any experience with this? according to the website it has > been updated to deal with RH6.2 and can be run on "non-virgin" > systems. > > ---- > > from http://www.securityfocus.com/focus/linux/articles/linux-install.html > > BASTILLE LINUX > > It is also apt here to consider installing Bastille-Linux > (http://www.bastille-linux.org). From the Bastille Linux home page: > "The Bastille > Hardening script attempts to provide the most secure, yet > functional, Redhat 6.0 system available." Bastille Linux is a script > that > attempts to appropriately harden a Redhat 6.0 system. It acts fairly > similar to tools available for other operating systems, such as Titan > for Sun Solaris. Presently, Bastille-Linux is only available (and > has been thoroughly tested) for Redhat 6.0. However, it should shortly > be availble for other versions of Redhat and hopefully other > distributions of Linux. > > If it is available for the version of Linux you are running, it > would be wise to download and install this script. Just remember that > if you > do use Bastille-Linux, it should be performed immediately after > Redhat has been installed (ie even before patches are added). > -- > ------------------------------------------------------------------ > peter weber "To know that we know what we know, > N9AZ and that we do not know what we do > pweber1@purdue.edu not know, that is true knowledge." > -Confucius > ------------------------------------------------------------------ > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From vids@mentor.cc.purdue.edu Thu, 7 Sep 2000 18:08:36 -0500 (EST) Date: Thu, 7 Sep 2000 18:08:36 -0500 (EST) From: Vidyut Samanta (aka vids) vids@mentor.cc.purdue.edu Subject: [PLUG] help On Thu, 7 Sep 2000, Andrew Sharp wrote: > > What kinds of things do you guys want covered and I'll try and get some > > lightning talks on security. I think that that would be a good way of > > doing it. Have maybe 5 or 6 people talk on differnet security concepts > > and present different things on what to do or not do. > > > I think a bit about what programs like Tripwire (and others) can do > for you. I'm a little hazy in that area. Also a discussion of good > firewalling rules would be helpful I'm sure. > > Then of course, the basic stuff w/inetd, ssh etc. > I'd also be interested in Portscan Detectors like Dragon IDS, or Shadow. And also to go a step further on setting up Honeypots. maybe FakeBO or some thing similar. -vids > Andrew > > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > From cnd@ecn.purdue.edu Fri, 08 Sep 2000 09:56:01 -0500 Date: Fri, 08 Sep 2000 09:56:01 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Re: Mandrake 7.1 and assorted issues > I've been tooling around a bit with mandrake 7.1 and I need a few Go Mandrake!! > 1. is there a script that automatically mounts modules at startup? i > need to insmod pegsus.o so I can get the ol' ethernet card running. I think you should be able to put in /etc/conf.modules: alias eth0 pegsus If not, you can put in /etc/rc.d/rc.local: insmode pegsus > 2. I am having troubles with with soundcard. it is a PCI live! value and > all the configuration utils refuse to set it up. what do I do to get > that running? I think you have to get a special kernel from Creative. Not sure on that one. I don't have a live card. I know it works, just never set one up. > 3. I have a lexmark 3200 printer. it is listed as unsupported by the > kernel. ould I get it to run in a genric mode or something like that? Welcome to the wonderful world of Lexmark printers... Only some are supported. If it says it isn't, it's not. Try running, as root, 'printtool'. This will allow you to look through a list of supported printers. If it isn't there, and your on resnet, you can set up your dorm's printer. Most of the dorms have an HP LaserJet 4 MX I think. Hope that helps... -Chris -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From reh@blacksoul.net Fri, 8 Sep 2000 10:06:51 -0500 (EST) Date: Fri, 8 Sep 2000 10:06:51 -0500 (EST) From: Ryan E. Helfter reh@blacksoul.net Subject: [PLUG] Re: Mandrake 7.1 and assorted issues On Fri, 8 Sep 2000, Christopher N. Deckard wrote: > > 3. I have a lexmark 3200 printer. it is listed as unsupported by the > > kernel. ould I get it to run in a genric mode or something like that? HAHA, Chris, I remember that Lexmark Printer... You still have that? man that thing was beautiful when it printed, but never worked under Linux :) Anyway, there is a beta driver for that printer... Go here: http://www.geocities.com/dgordini/ > > Welcome to the wonderful world of Lexmark printers... Only some are > supported. If it says it isn't, it's not. Try running, as root, > 'printtool'. This will allow you to look through a list of supported > printers. If it isn't there, and your on resnet, you can set up your > dorm's printer. Most of the dorms have an HP LaserJet 4 MX I think. > > Hope that helps... > > -Chris > > -- Ryan E. Helfter reh@blacksoul.net Black Soul Networks, LLC -- From olenik@purdue.edu Fri, 08 Sep 2000 10:27:24 -0500 Date: Fri, 08 Sep 2000 10:27:24 -0500 From: Hayden Olenik olenik@purdue.edu Subject: [PLUG] Compilation Problems Hey, I know others here are using RH6.9.5 (Pinstripe), so maybe you can help me with a problem. It seems that every program I try to compile, all of which compiled under RH6.2, have problems compiling. This is usually with an error saying "pasting would not give a valid preprocessing token". Searching google, this seems to be a common problem with gcc 2.95/96 (I have gcc 2.96 as well as all c++ libs v2.96). Has anyone else had this trouble and/or does anyone know how to fix it? Hayden From pweber1@purdue.edu Fri, 8 Sep 2000 10:37:54 -0500 (EST) Date: Fri, 8 Sep 2000 10:37:54 -0500 (EST) From: peter pweber1@purdue.edu Subject: [PLUG] help Those of you who have had complaints filed against you and got more detailed info, how did you go about getting it? I was referred by the ODOS to Jeff Schwab at PDN who could only tell me that it was "port scans against remote computers starting around 2PM Wednesday." peter ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From porterds@purdue.edu Fri, 08 Sep 2000 10:59:17 -0500 Date: Fri, 08 Sep 2000 10:59:17 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] help peter wrote: > > Those of you who have had complaints filed against you and got more > detailed info, how did you go about getting it? I was referred by the ODOS > to Jeff Schwab at PDN who could only tell me that it was "port scans > against remote computers starting around 2PM Wednesday." > > peter well, when i ran into trouble once i didn't get much more information than that. i just asked the original lady that called me to get more info. she told me she would try to get more details and call me back in a few days. when she called back later all she could tell me was the time of the supposed attack and tcp port 79. all i can figure is that i must have been doing some malicious fingering :-) it was probably someone in a dorm who didn't like the fact that i fingered their box once or twice so they childishly reported it to pucc as break in attempt. she told me to call jeff schwab to find out more, and i did, but he never returned my call. i haven't heard anything about it since... i can't believe they even act on port scanning. i get port scanned once or twice a day usually, and i have port scanned several of my friends computers before. hehe, i have even port scanned my own computer from expert.cc before :-) - doug From calx@purdue.edu Fri, 8 Sep 2000 11:49:22 -0500 (EST) Date: Fri, 8 Sep 2000 11:49:22 -0500 (EST) From: David calx@purdue.edu Subject: [PLUG] help > Those of you who have had complaints filed against you and got more > detailed info, how did you go about getting it? I was referred by the ODOS > to Jeff Schwab at PDN who could only tell me that it was "port scans > against remote computers starting around 2PM Wednesday." When the assistant dean, or whomever called, I did most of the talking, asking questions over and over. Asst. Dean: You have been doing bad things. We noticed and "flagged" your file. Me: What bad things? Asst. Dean: Things that are against the computer network usage guidelines. Me: Ok. What did I do? Asst Dean: You attempted to break in to a student's computer. Me: That's strange, since I don't remember trying to do such a thing. Is there any way you could be a bit more specific. I believe that if I am accused of "hacking" I should at least have the right to hear what things I have done. Asst. Dean: (Now getting pissed.) I will look at the report. .... It appears that you were trying to "FTP" into a FreeBSD computer. Me: Are you serious? Asst. Dean: Yes. Me: How is that against network usage policy? Asst. Dean: It irritated the owner of the computer, and they filed a report. Me: Ok. Did I do any damage? Asst. Dean: Not they I can read from the report. Me: So I apparently irritated somebody by attempting unsuccessfully to log in to their ftp server? How is this manevolent? Asst. Dean: (Now getting really impatient) You just shouldn't be messing with things you don't know anything about. Me: (Realizing the futility of the discussion) OK. I will watch myself. At least I knew what I was accused of. I would have been really mad if they didn't tell me. They probably get tons of these and just don't want to deal with explaining what each is about. (At least I hope that's the reason.) Just pester them. :) I believe that you have a right to know considering that it wasn't you intentionally attacking a box. David From rjune@ims1.imagestream-is.com Fri, 8 Sep 2000 12:26:02 -0500 (EST) Date: Fri, 8 Sep 2000 12:26:02 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] Re: Mandrake 7.1 and assorted issues On Fri, 8 Sep 2000, Christopher N. Deckard wrote: > > 1. is there a script that automatically mounts modules at startup? i > > need to insmod pegsus.o so I can get the ol' ethernet card running. > > I think you should be able to put in /etc/conf.modules: > > alias eth0 pegsus That should do it. > > 2. I am having troubles with with soundcard. it is a PCI live! value and > > all the configuration utils refuse to set it up. what do I do to get > > that running? All you should have to do is insmod the emu10k1 module, I've got a Live and that's I'll I had to do. > I think you have to get a special kernel from Creative. Not sure on > that one. I don't have a live card. I know it works, just never set > one up. Chris, no offense intended but what crack were you on when you thought that up? a special kernel to use a sound card? a pox on any company that tries to give out special kernels instead of drivers. From rjune@ims1.imagestream-is.com Fri, 8 Sep 2000 12:26:34 -0500 (EST) Date: Fri, 8 Sep 2000 12:26:34 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] :Cue:Cat Anyone gotten the CueCat to work under Linux/Alpha? From pweber1@purdue.edu Fri, 8 Sep 2000 12:37:15 -0500 Date: Fri, 8 Sep 2000 12:37:15 -0500 From: peter pweber1@purdue.edu Subject: [PLUG] help she wasn't even that helpful with me. said she couldn't get any more info and she actually berated me for spending time worrying about this because i "should be spending that time studying." her logic apparently was that i didn't need to know anything else, all i needed to do was "secure my machine". feh. i don't even know *how* to do a port scan!! >peter wrote: >> >> Those of you who have had complaints filed against you and got more >> detailed info, how did you go about getting it? I was referred by the ODOS >> to Jeff Schwab at PDN who could only tell me that it was "port scans >> against remote computers starting around 2PM Wednesday." >> >> peter > >well, when i ran into trouble once i didn't get much more information >than that. i just asked the original lady that called me to get more >info. she told me she would try to get more details and call me back in >a few days. when she called back later all she could tell me was the >time of the supposed attack and tcp port 79. all i can figure is that i >must have been doing some malicious fingering :-) it was probably >someone in a dorm who didn't like the fact that i fingered their box >once or twice so they childishly reported it to pucc as break in >attempt. she told me to call jeff schwab to find out more, and i did, >but he never returned my call. i haven't heard anything about it >since... > >i can't believe they even act on port scanning. i get port scanned once >or twice a day usually, and i have port scanned several of my friends >computers before. hehe, i have even port scanned my own computer from >expert.cc before :-) > >- doug > >____________________________________________________ >The Purdue Linux Users' Group (PLUG) mailing list. >plug mailing list - plug@csociety.purdue.edu >http://csociety.ecn.purdue.edu/mailman/listinfo/plug -- ------------------------------------------------------------------ peter weber "To know that we know what we know, N9AZ and that we do not know what we do pweber1@purdue.edu not know, that is true knowledge." -Confucius ------------------------------------------------------------------ From pollackc@purdue.edu Fri, 08 Sep 2000 12:37:45 -0500 Date: Fri, 08 Sep 2000 12:37:45 -0500 From: Christopher Alan Pollack pollackc@purdue.edu Subject: [PLUG] :Cue:Cat I have gotten the hardware to work fine. When you scan a barcode, it outputs a string of characters with a very distinct pattern. However I have not messed around with any software stuff yet. Chris (evolution) Pollack Richard June wrote: > > Anyone gotten the CueCat to work under Linux/Alpha? > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From porterds@purdue.edu Fri, 08 Sep 2000 12:44:31 -0500 Date: Fri, 08 Sep 2000 12:44:31 -0500 From: Doug Porter porterds@purdue.edu Subject: [PLUG] :Cue:Cat Christopher Alan Pollack wrote: > > I have gotten the hardware to work fine. When you scan a barcode, it > outputs a string of characters with a very distinct pattern. However I > have not messed around with any software stuff yet. > > Chris (evolution) Pollack did you recently get an alpha chris and not tell me about it? richard was asking whether anyone could get it to work with an alpha, not a dual celeron. - doug > Richard June wrote: > > > > Anyone gotten the CueCat to work under Linux/Alpha? > > > > ____________________________________________________ > > The Purdue Linux Users' Group (PLUG) mailing list. > > plug mailing list - plug@csociety.purdue.edu > > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug From scott@purdue.edu Fri, 8 Sep 2000 13:09:29 -0500 Date: Fri, 8 Sep 2000 13:09:29 -0500 From: Scott Stembaugh scott@purdue.edu Subject: [PLUG] Security Considering the recent dicussions on security has any looked at Securing and Optimizing Linux: Red Hat Edition (http://www.linuxdoc.org/guides.html#securing_linux)? Opinions? --scott From rajak@purdue.edu Fri, 8 Sep 2000 13:15:30 -0500 (EST) Date: Fri, 8 Sep 2000 13:15:30 -0500 (EST) From: Brian Poole rajak@purdue.edu Subject: [PLUG] Security I haven't read it myself, just have to put in the obligatory 'Special editions for specific distros aren't worth reading' bit. Learn to secure a machine or learn to secure Linux, don't learn to secure Redhat. If you are interested in security you should read books that talk about security issues in general, then go and apply it to your specific distro/OS, otherwise you are limiting your knowledge and flexibility. Redhat is undoubtedly one of the most popular Linux distributions, but there are a lot of others and you will not always be using Redhat, so why limit yourself? -b On Fri, 8 Sep 2000, Scott Stembaugh wrote: > Date: Fri, 8 Sep 2000 13:09:29 -0500 > From: Scott Stembaugh > To: plug@csociety.purdue.edu > Subject: [PLUG] Security > > Considering the recent dicussions on security has any looked at Securing and > Optimizing Linux: Red Hat Edition > (http://www.linuxdoc.org/guides.html#securing_linux)? Opinions? > > > --scott From pfitzge1@purdue.edu Fri, 8 Sep 2000 13:22:04 -0500 (EST) Date: Fri, 8 Sep 2000 13:22:04 -0500 (EST) From: patrick.n.fitzgerald.1 pfitzge1@purdue.edu Subject: [PLUG] help On Thu, 7 Sep 2000, John C Meuser wrote: > > > in /var/log/messages: > > > > > > Sep 5 16:46:43 hawk-c-019 sshd[713]: connection from "193.89.248.8" > > > Sep 6 01:26:02 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > > Unknown opcode from host 128.211.202.78 > > > Sep 6 02:34:30 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > > Unknown opcode from host 128.211.202.78 > > > Sep 6 03:34:31 hawk-c-019 gdm[27172]: gdm_xdmcp_decode_packet: > > > Unknown opcode from host 128.211.202.78 > > > > > > Hey! Thats the same guy that was bothering me the other day. From my > > logs:Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Connect > > from host: www.baa.dk/193.89.248.8 to TCP port: 143 > > Sep 5 16:23:23 goatsonparade portsentry[66506]: attackalert: Host > > 193.89.248.8 has been blocked via wrappers with string:"ALL: 193.89.248.8" > > > > Andrew > > > He tried to get me too: > > Sep 5 18:08:31 wily-c-071 sshd[24761]: fatal: Timeout before > authentication for 193.89.248.8. Ooh! Ooh! Me too! Sep 5 16:46:12 phor04 sshd[22907]: log: Connection from 193.89.248.8 port 4435 Sep 5 16:46:12 phor04 sshd[22907]: fatal: Did not receive ident string. Sep 5 16:46:12 phor04 ftpd-BSD[22906]: connect from www.baa.dk earlier in the week... Sep 3 13:32:16 phor04 sshd[21327]: log: Connection from 24.94.206.211 port 2269 Sep 3 13:32:16 phor04 sshd[21327]: fatal: Did not receive ident string. Sep 3 13:32:17 phor04 ftpd-BSD[21328]: connect from wks-94-206-211.kscable.com It's a fact of life. I get portscanned all the time, and there ain't much I can do about it. Keep your daemons few, and your traffic encrypted. OpenBSD looks better and better every day. Patrick F. -- Gravity is a myth, the Earth sucks. --fortune (5) From rajak@purdue.edu Fri, 8 Sep 2000 13:29:07 -0500 (EST) Date: Fri, 8 Sep 2000 13:29:07 -0500 (EST) From: Brian Poole rajak@purdue.edu Subject: [PLUG] Re: Mandrake 7.1 and assorted issues On Fri, 8 Sep 2000, Richard June wrote: > Date: Fri, 8 Sep 2000 12:26:02 -0500 (EST) > From: Richard June > To: Plug > Subject: Re: [PLUG] Re: Mandrake 7.1 and assorted issues > > On Fri, 8 Sep 2000, Christopher N. Deckard wrote: > > > > 1. is there a script that automatically mounts modules at startup? i > > > need to insmod pegsus.o so I can get the ol' ethernet card running. > > > > I think you should be able to put in /etc/conf.modules: /etc/conf.modules is being deprecated in newer modutils, so be forewarned, you should be using /etc/modules.conf, the new modutils will warn you if it detects something it doesnt like, as illustrated below.. modprobe version 2.3.15 Warning: modutils is reading from /etc/modules.conf and ignoring /etc/conf.modules. The use of /etc/conf.modules is deprecated, please remove /etc/conf.modules as soon as possible. Command rm /etc/conf.modules or.. Warning: You do not need a link from /etc/conf.modules to /etc/modules.conf. The use of /etc/conf.modules is deprecated, please remove /etc/conf.modules as soon as possible. Command rm /etc/conf.modules or.. Warning: modutils is reading from /etc/conf.modules because /etc/modules.conf does not exist. The use of /etc/conf.modules is deprecated, please rename /etc/conf.modules to /etc/modules.conf as soon as possible. Command mv /etc/conf.modules /etc/modules.conf > > > > alias eth0 pegsus > That should do it. > > > > 2. I am having troubles with with soundcard. it is a PCI live! value and > > > all the configuration utils refuse to set it up. what do I do to get > > > that running? > All you should have to do is insmod the emu10k1 module, I've got a > Live and that's I'll I had to do. > > > I think you have to get a special kernel from Creative. Not sure on > > that one. I don't have a live card. I know it works, just never set > > one up. > Chris, no offense intended but what crack were you on when you thought > that up? a special kernel to use a sound card? a pox on any company that > tries to give out special kernels instead of drivers. Soundblaster did indeed release a special kernel, although not a complete one. Rather it was a kernel module, which as we all know is part of the kernel. Bad wording agreed, but still essentially correct. At the beginning it was a closed source (binary) module, however they have opensourced the module last I checked. Check out http://opensource.creative.com/ and http://developer.creative.com/linux/ for more information on SB's sound card support in Linux. -b From rjune@ims1.imagestream-is.com Fri, 8 Sep 2000 13:29:35 -0500 (EST) Date: Fri, 8 Sep 2000 13:29:35 -0500 (EST) From: Richard June rjune@ims1.imagestream-is.com Subject: [PLUG] :Cue:Cat Thanks for paying attention Doug :-) Here's the error. drivers/char/char.a(cuecat.o): In function `cuecat_init': cuecat.c(.text+0xb0): undefined reference to `kernel_thread' cuecat.c(.text+0xb4): undefined reference to `kernel_thread' I've added #include to cuecat.c but kernel_thread is still undefined. any ideas? On Fri, 8 Sep 2000, Doug Porter wrote: > Christopher Alan Pollack wrote: > > > > I have gotten the hardware to work fine. When you scan a barcode, it > > outputs a string of characters with a very distinct pattern. However I > > have not messed around with any software stuff yet. > > > > Chris (evolution) Pollack > > did you recently get an alpha chris and not tell me about it? richard > was asking whether anyone could get it to work with an alpha, not a dual > celeron. > > - doug > > > Richard June wrote: > > > > > > Anyone gotten the CueCat to work under Linux/Alpha? > > > > > > ____________________________________________________ > > > The Purdue Linux Users' Group (PLUG) mailing list. > > > plug mailing list - plug@csociety.purdue.edu > > > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > > > > ____________________________________________________ > > The Purdue Linux Users' Group (PLUG) mailing list. > > plug mailing list - plug@csociety.purdue.edu > > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > > ____________________________________________________ > The Purdue Linux Users' Group (PLUG) mailing list. > plug mailing list - plug@csociety.purdue.edu > http://csociety.ecn.purdue.edu/mailman/listinfo/plug > From cnd@ecn.purdue.edu Fri, 08 Sep 2000 13:40:13 -0500 Date: Fri, 08 Sep 2000 13:40:13 -0500 From: Christopher N. Deckard cnd@ecn.purdue.edu Subject: [PLUG] Re: Mandrake 7.1 and assorted issues > > I think you have to get a special kernel from Creative. Not sure on > > that one. I don't have a live card. I know it works, just never set > > one up. > Chris, no offense intended but what crack were you on when you thought > that up? a special kernel to use a sound card? a pox on any company that > tries to give out special kernels instead of drivers. I probably worded that wrong. They used to have binary only drivers that would only work with specific kernels. That is what I was referring to. This was about a year ago, before they opened the code to the drivers (I think they've opened it.) -Chris -- ---------------------------------------------------------------------- Christopher N. Deckard | Lead Web Technician cnd@ecn.purdue.edu | Engineering Computer Network http://triad.dhs.org | http://www.ecn.purdue.edu/ECN/ ---------------------------------------------------------------------- From reh@blacksoul.net Fri, 8 Sep 2000 14:16:27 -0500 (EST) Date: Fri, 8 Sep 2000 14:16:27 -0500 (EST) From: Ryan E. Helfter reh@blacksoul.net Subject: [PLUG] Sun Keyboard Question Does anyone know specifically how to enable the on/off key for the internal speaker on an UltraSparc? I know this sounds like a trivial question, but its just annoying to have MP3's playing through the HK speakers only to be ruined by the internal speaker... Trust me, I have thought about just opening the case and disconnecting it rather than messing with the xmodmap sequence. I have looked all through docs.sun.com and sunsolve.sun.com to no avail... This is not a critical thing that needs to be immediatly resolved... But would appreciated any helpful info. thanks -- Ryan E. Helfter reh@blacksoul.net Black Soul Networks, LLC -- From reh@blacksoul.net Fri, 8 Sep 2000 14:22:27 -0500 (EST) Date: Fri, 8 Sep 2000 14:22:27 -0500 (EST) From: Ryan E. Helfter reh@blacksoul.net Subject: [PLUG] Sun Keyboard Question Nevermind, the /usr/openwin/bin/audiocontrol binary did the trick... sorry to bother you... I emailed the list prematurely... ry On Fri, 8 Sep 2000, Ryan E. Helfter wrote: > Date: Fri, 8 Sep 2000 14:16:27 -0500 (EST) > From: Ryan E. Helfter > To: Purdue Linux Users Group > Subject: [PLUG] Sun Keyboard Question > > Does anyone know specifically how to enable the on/off key for the > internal speaker on an UltraSparc? > > I know this sounds like a trivial question, but its just annoying to have > MP3's playing through the HK speakers only to be ruined by the internal > speaker... Trust me, I have thought about just opening the case and > disconnecting it rather than messing with the xmodmap sequence. > > I have looked all through docs.sun.com and sunsolve.sun.com to no avail... > > This is not a critical thing that needs to be immediatly resolved... But > would appreciated any helpful info. > > thanks > > -- Ryan E. Helfter reh@blacksoul.net Black Soul Networks, LLC -- From malex@purdue.edu Fri, 08 Sep 2000 14:23:11 -0500 Date: Fri, 08 Sep 2000 14:23:11 -0500 From: Oleksandr Moskalenko malex@purdue.edu Subject: [PLUG] OpenBSD woes Hello, I remember that some people mentioned at PLUG meetings that they ran OpenBSD on their firewall boxen. Please if any of you read this help me sort this one out. I FTP installed OpenBSD 2.7 onto a box that ran Mandrake 7.0 for several months. I was going to run ipf/nat/ftpd on this box. However, since the hour 1 troubles started rolling in. Every few hours OBSD segfaults seemingly at random. Last one was this morning when I was working on the configuration of ssh, previous one happened when I was trying to obtain source tree through anonCVS. I can't see a pattern. Last one that I saw gave me a message: uvm_fault (0xe3l8dedf, 0x0, 0, 3) -> 1 kernel: page fault trap, code = 0 stopped at -crfree+0xld decw 0(%edx) I already tried searching OBSD mailing list archives and only found one message with "uvm_fault" in it that wasn't really answered. There was one answer that said that it be hardware related. I am totally lost as I ran linux on this box for more than a half a year and only had some troubles with kernel compilation when I had mixed FPM/EDO memory in it that I rid of. Dmesg output of my machine is listed below. Please give me an advice on what I can do to sort this out. I already dusted the box and reseated all the cards. Then I ran DOS based config utility to set ISA 3Com Etherlink III card to non-plug n' pray and put it onto a fixed IRQ 11. What else can I do. It's working now, but it's been less than a half an hour since I booted it. Thanks, Alex. Begin dmesg ======================================== OpenBSD 2.7 (GENERIC) #25: Sat May 13 18:04:26 MDT 2000 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: F00F bug workaround installed cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 133 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8 real mem = 16363520 (15980K) avail mem = 10575872 (10328K) using 225 buffers containing 921600 bytes (900K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(64) BIOS, date 03/07/96 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82437FX (Triton) PCI/Cache/DRAM" rev 0x01 pcib0 at pci0 dev 7 function 0 "Intel 82371FB (Triton) PCI-ISA" rev 0x02 pciide0 at pci0 dev 7 function 1 "Intel 82371FB (Triton) IDE" rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: can use 32-bit, PIO mode 4, DMA mode 2 wd0: 16-sector PIO, LBA, 3093MB, 6704 cyl, 15 head, 63 sec, 6335280 sectors pciide0: channel 0 interrupting at irq 14 wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 (using DMA data transfers) atapiscsi0 at pciide0 channel 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0: can use 32-bit, PIO mode 4, DMA mode 2 pciide0: channel 1 interrupting at irq 15 cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 (using DMA data transfers) "S3 ViRGE" rev 0x06 at pci0 dev 18 function 0 not configured isa0 at pcib0 isadma0 at isa0 we0: changing IRQ 9 to 3 we0 at isa0 port 0x280/32 iomem 0xd0000/16384 irq 3: SMC8216/SMC8216C (16-bit) we0: address 00:00:c0:eb:79:7f ep0 at isa0 port 0x300/16 irq 11: address 00:20:af:3f:c2:c7, utp/aui (default utp) pcppi0 at isa0 port 0x61 midi0 at pcppi0: sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1: irq 3 already in use vt0 at isa0 port 0x60/16 irq 1: vga 80 col, color, 8 scr, mf2-kbd pms0 at vt0 irq 12 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask c040 netmask c848 ttymask d8ca pctr: 586-class performance counters and user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 ====================================================== END From reh@blacksoul.net Fri, 8 Sep 2000 15:19:29 -0500 (EST) Date: Fri, 8 Sep 2000 15:19:29 -0500 (EST) From: Ryan E. Helfter reh@blacksoul.net Subject: [PLUG] OpenBSD woes After it crashes... If you do a that should bring the machine to debug mode. Then if you type "panic" this should make the machine core out... You can debug from there... Or send it off to the experts... Other than that, I am fresh out of ideas... I would look / read the OpenBSD handbook, as it is full of info. ry On Fri, 8 Sep 2000, Oleksandr Moskalenko wrote: > Date: Fri, 08 Sep 2000 14:23:11 -0500 > From: Oleksandr Moskalenko > To: plug@csociety.purdue.edu > Subject: [PLUG] OpenBSD woes > > > Hello, > > I remember that some people mentioned at PLUG > meetings that they ran OpenBSD on their firewall > boxen. Please if any of you read this help me sort > this one out. > I FTP installed OpenBSD 2.7 onto a box that ran > Mandrake 7.0 for several months. I was going to > run ipf/nat/ftpd on this box. However, since the > hour 1 troubles started rolling in. Every few hours > OBSD segfaults seemingly at random. > Last one was this morning when I was working on the > configuration of ssh, previous one happened when I > was trying to obtain source tree through anonCVS. I > can't see a pattern. Last one that I saw gave me a > message: > > uvm_fault (0xe3l8dedf, 0x0, 0, 3) -> 1 > kernel: page fault trap, code = 0 > stopped at -crfree+0xld decw 0(%edx) > > I already tried searching OBSD mailing list archives > and only found one message with "uvm_fault" in it that > wasn't really answered. There was one answer that said > that it be hardware related. I am totally > lost as I ran linux on this box for more than a half > a year and only had some troubles with kernel compilation > when I had mixed FPM/EDO memory in it that I rid of. > > Dmesg output of my machine is listed below. Please give me > an advice on what I can do to sort this out. I already > dusted the box and reseated all the cards. Then I ran DOS > based config utility to set ISA 3Com Etherlink III card to > non-plug n' pray and put it onto a fixed IRQ 11. What else > can I do. It's working now, but it's been less than a half >