Re: ipchains
did any of you consider using the icq masuerading module along with a masquerading firewall, in order to hide the local IP addresses? you can find the link to this module's page on the IP masquerading HOWTO. this module's doc describes an option to replace the local ("secret" :) ) IP with the IP of the masquerade server (the linux firewall). the module doesn't support the new protocol introduced with ICQ2000 - only the older protocols. ofcoure, you need to trust this module in order to use it (thought the source code is not very large - about 1165 lines of code). -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Looking for ADSL subscribers in Givatayim
Try to install ethereal and see what is going on the line. Dani On Mon, 25 Dec 2000, Omer Efraim wrote: > Dani Arbel wrote: > > > > Did you install according to the HOWTO-ADSL-BEZEQ ? > > Dani > Yes, the installation is irellevant, as the problem > is not at this end. I've also tried OpenBSD/Win2k/Win98SE. > This is the same problem I mailed the list about recently. > > > > > On Mon, 25 Dec 2000, Omer Efraim wrote: > > > > > Sorry to bother the list with such nonsense, but I cannot > > > think of another way to do that (Bezeq said they'll help, > > > but no go so far). > > > > > > As to the matter at hand: I'm looking for other > > > ADSL subscribers in Givatayim. I have a problem with > > > my ADSL connection, and have already ruled out the > > > possibility that it's a problem at my end or the ISP's > > > (as I tried several, as well as using various default > > > configurations and different computers/NICs/OSs at my > > > end). That leaves Bezeq. > > > > > > Having spoken to Bezeq, I know that there is a single > > > RedBack router at Givatayim, and I have cause to believe > > > it (or it's configuration) is the source of the problem. > > > > > > In order to verify this, I need some help testing from > > > other subscribers in the Givatayim area. > > > > > > I would appreciate any reference to such people - if you > > > such a person, you are probably also touched/will be touched > > > by this issue. > > > > > > Thank you. > > > > > > -- > > > /-- Omer Efraim ---\ > > > /--- [EMAIL PROTECTED] (remove spam_me) \ > > > | I can picture in my mind a world without war, a world | > > > | without hate. And I can picture us attacking that world, | > > > | because they'd never expect it.| > > > \-- Jack Handey, Deep Thoughts / > > > > > > = > > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > > the word "unsubscribe" in the message body, e.g., run the command > > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > > > > -- > /-- Omer Efraim ---\ > /--- [EMAIL PROTECTED] (remove spam_me) \ > | I can picture in my mind a world without war, a world | > | without hate. And I can picture us attacking that world, | > | because they'd never expect it.| > \-- Jack Handey, Deep Thoughts / > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
what firewall was installed that was protecting the ICQ clients? how was it configured? are you sure there was no trojan installed anywhere? how about icq homepage? I know this feature had some trouble before. It is very hard for me to believe such an issue missed bugtraq.. Ishay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of System1 Sent: Monday, December 25, 2000 5:50 PM To: 'Nadav Har'El'; 'Alon Oz' Cc: System1; 'Hetz Ben Hamo'; [EMAIL PROTECTED] Subject: RE: ipchains this is not correct. with simple UDP sniffer you can find the victim private IP. with bit more complex tools you can even scan the inside network. I dont know how much attention this issue got on mailing lists such as BugTraq but I saw how its being made with very simple tools. the ICQ version I am talking about is ICQ 2000 versions. Ill say it again ICQ create direct connection this means it passes the firewall by opening ports higher than 1024 so its a problem to block it cause I cant block this ports. for me to know that people from outside the office network can find out ips like 10.10.1.x is enough to choose block the ICQ. so the solution I found was to block the output to the whole domain login.icq.com so users cant make login. and hope there are no other servers they can login to with ICQ. as for Nadav Har'El request for more data. I didnt saw anything on this issue at BugTraq I dont think many knows about this. The person who show us this vulnerability didnt say where he found it. but we saw how he make it. Moran. -Original Message- From: Nadav Har'El [mailto:[EMAIL PROTECTED]] Sent: Monday, December 25, 2000 5:26 PM To: Alon Oz Subject: Re: ipchains Sure enough, _no_ packet is ever sent out of the firewall with either of the "secret" addresses, so that ICQ will only know the firewall's (publicly known) address. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
AO>> But if icq.com(example) got my packet and know my "secret" intranet AO>> addresses Oh, yeah, those defined in top-secret RFC1918? 10.1.1.1? 10.10.1.1? 192.168.1.1? 172.16.1.1? Am I l33t haxx0r already? Guess how many pings is it going to take me to know each internet-accessible address on your network after knowing one by looking up your mailserver? -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425/\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: PostgreSQL & Hebrew Charset
On Mon, 25 Dec 2000, Ben-Nes Michael wrote: > Hi > > does any one know if postgresl (7) support hebrew charset ? (sorting, > group ... ) > If so, what is the way to enable it ? Can't give you a direct answer, but: Does pgsql uses localized glibc functions? see locale (7). If so: set the LANG (or just some appropriate LC_* vars) to "he" (or "he_IL" or whatever) Although setting the language for the whole process may not be desirable for such an application. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Xkb
On Mon, 25 Dec 2000, Oren Held wrote: > Hi > > Sorry for the lame question.. but where can I get Xkb from ? what binary > package of Xfree ? I tried what I thought it is in, but it's not there. Xkb is an extention to the X11 protocol. It is supported by XFree. You can explicitly disable Xkb support, but I figure you don't). xkbcomp is a program that can compile a keyboard map using that extention API , and optionally apply it to a display. setxkbmap is a program that orders the X server to compile a map (implemented using xkbcomp at the X server side). Some of the Xkb front-ends use setxkb, as it has a convinient command-line interface. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
S>> the first step is using udp sniffer. UDP sniffer on what? S>> after that you have tools you can find on the web to preform scans in the S>> network of the victim. How? Can you name one such tool? S>> you must have direct connection to the user for that. (I think its ICQ S>> default). ICQ doesn't need any connection at all, except for sending files. But even having direct connection, it's pretty hard for me to see how you can portscan some host using it. Could you please elaborate? -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425/\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
S>> using ICQ remote attacker is able to make full port scan on networks behind S>> the firewall. How exactly one does that? Can you elaborate? -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425/\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Nadav Har'El wrote: > > On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains": > > The ICQ protocol reveals the real IP of the computer running the client, > > so even if you use GNU replacements it doesn't matter. > > So what? Unless you have a completely-proxy-firewall (block everything and > allow only application proxies), whatever packets you let through (be they http, > ftp, or icq) carry the IP address of the machine behind the firewall. But > so what? If you use globally addressable IP addresses, face the consequences... > ARIN or RIPE will contain your address range and attackers can use that to > try the attack on every one of your addresses; Alternatively, if you use NAT > hen all outgoing packets will be given one IP address anyway, and your > argument is (at least as I see it) false. But if icq.com(example) got my packet and know my "secret" intranet addresses (NAT ofcourse, for security) or someone (attacker in potent) got it through ICQ..I'm not (very) afraid to be attacked form icq.com, but i cannot trust an icq user. > Case in point: > I set up a firewall at home that is delibratly open to ICQ (through-server > messages only). The firewall does NAT for a couple of machines, each of them > with a different IP address (from a reserved area of the address space). > Sure enough, _no_ packet is ever sent out of the firewall with either of > the "secret" addresses, so that ICQ will only know the firewall's (publicly > known) address. the icq client sends the ip of the machine running the client. It's part of the protocol, just check. > > > This "feature" opens a window for "crackers" to use various firewall > > penetrating/piercing techniques. > > This seems to me like "security by obscurity": all the crackers know is the > IP address of ICQ using machines. How to use that in an attack that isn't > possible by simply attacking all your addresses is beyond me. An "attack" doesn't have to be DoS, read my lines, I'm talkin about firewall penetrating techniques == attackers who are trying to get into the intranet. -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: PostgreSQL & Hebrew Charset
On Monday 25 December 2000 19:12, Ben-Nes Michael wrote: > Hi > > does any one know if postgresl (7) support hebrew charset ? (sorting, > group ... ) > If so, what is the way to enable it ? I haven't used Postgres 7, but unless they changed the internals very seriously, it is supposed to support Hebrew, if you have the locale installed on your machine (iw_IL locale, if I'm not mistaken). Note that Postgres has to be compiled with --enable-locale. Then, you have to set the proper environment variables to have locale affect the operation of the client (or the server - if you want the default to be Hebrew). Not that there is much difference between using ISO-8859-1 or ISO-8859-8 for this purpose, since unlike mySQL, all Postgres queries are case-sensitive - so if you don't have Hebrew locale installed, you can settle for 8859-1. Just take care not to use "C" - I think it's a 7-bit locale and won't like your Hebrew. http://postgresql.readysetnet.com/devel-corner/docs/admin/charset.htm#LOCALE Herouth ÝØ unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
AO>> The ICQ protocol reveals the real IP of the computer running the client, AO>> so even if you use GNU replacements it doesn't matter. AO>> This "feature" opens a window for "crackers" to use various firewall AO>> penetrating/piercing techniques. If the computer is behind the firewall, most chances you will get IP of the firewall. Now, IP of the company's firewall is not the secret you can keep - you leave it all over the Internet each time you connect out. -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425/\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
NH>> So what? Unless you have a completely-proxy-firewall (block NH>> everything and allow only application proxies), whatever packets NH>> you let through (be they http, ftp, or icq) carry the IP address NH>> of the machine behind the firewall. But so what? If you use I give you address of a machine behind a firewall. It's 10.1.4.12. Now what you gonna do? Intranet IPs do not carry any information except of the mood of the sysadmin who configured them. Take random intranet IP and you have a good chance hitting some machine. And what? -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-3-9316425/\ JRRT LotR. http://sharat.co.il/frodo/ whois:!SM8333 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Looking for ADSL subscribers in Givatayim
Dani Arbel wrote: > > Did you install according to the HOWTO-ADSL-BEZEQ ? > Dani Yes, the installation is irellevant, as the problem is not at this end. I've also tried OpenBSD/Win2k/Win98SE. This is the same problem I mailed the list about recently. > > On Mon, 25 Dec 2000, Omer Efraim wrote: > > > Sorry to bother the list with such nonsense, but I cannot > > think of another way to do that (Bezeq said they'll help, > > but no go so far). > > > > As to the matter at hand: I'm looking for other > > ADSL subscribers in Givatayim. I have a problem with > > my ADSL connection, and have already ruled out the > > possibility that it's a problem at my end or the ISP's > > (as I tried several, as well as using various default > > configurations and different computers/NICs/OSs at my > > end). That leaves Bezeq. > > > > Having spoken to Bezeq, I know that there is a single > > RedBack router at Givatayim, and I have cause to believe > > it (or it's configuration) is the source of the problem. > > > > In order to verify this, I need some help testing from > > other subscribers in the Givatayim area. > > > > I would appreciate any reference to such people - if you > > such a person, you are probably also touched/will be touched > > by this issue. > > > > Thank you. > > > > -- > > /-- Omer Efraim ---\ > > /--- [EMAIL PROTECTED] (remove spam_me) \ > > | I can picture in my mind a world without war, a world | > > | without hate. And I can picture us attacking that world, | > > | because they'd never expect it.| > > \-- Jack Handey, Deep Thoughts / > > > > = > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > the word "unsubscribe" in the message body, e.g., run the command > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > -- /-- Omer Efraim ---\ /--- [EMAIL PROTECTED] (remove spam_me) \ | I can picture in my mind a world without war, a world | | without hate. And I can picture us attacking that world, | | because they'd never expect it.| \-- Jack Handey, Deep Thoughts / = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Xkb
Hi Sorry for the lame question.. but where can I get Xkb from ? what binary package of Xfree ? I tried what I thought it is in, but it's not there. Thanks, Oren. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Are real modem extincted ?
On Sun, 24 Dec 2000, David Hananel wrote: | WHAT? | In kernel 2.4.0 winmodems should work? should I donno which exact modems it would work should be any pctel chiped modem. | Are you sure? | It's called an unstable kernel, Why? What makes it unstable? I want linux to it's not unstable it's the test of the stable. they have one bug they can't figure out and it would change something in the API and since you can't change API in stable relase they wait.(please don't ask which bug;) | work with my wimmodem If I will install kernel 2.4.0, will it work? Welp try it. I mean just compile the kernel and see if it would work at worse case you wasted few hours.(thinking of it if you think compiling a new kernel is a waste of time you probebly got the wrong OS.. nothing much the pleasure of watching the new features while you move across the xconfig) | David Ely = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Are real modem extincted ?
hmm am too tired to look the exact place where it says it. but drivers/pci/pci.ids 134d PCTel Inc 7890 HSP MicroModem 56 7891 HSP MicroModem 56 134d 0001 HSP MicroModem 56 7892 HSP MicroModem 56 7893 HSP MicroModem 56 7894 HSP MicroModem 56 7895 HSP MicroModem 56 7896 HSP MicroModem 56 7897 HSP MicroModem 56 they acknoladge thier existance;) Ely Levy System group Hebrew University Jerusalem Israel On Sun, 24 Dec 2000, Matan Ziv-Av wrote: | | > WHAT? | > In kernel 2.4.0 winmodems should work? | > Are you sure? | > It's called an unstable kernel, Why? What makes it unstable? I want linux to | > work with my wimmodem If I will install kernel 2.4.0, will it work? | | It's unrelated to kernel 2.4. Probably your winmodem has a | (proprietary) linux driver. Search at www.linmodems.org | | | -- | Matan Ziv-Av. [EMAIL PROTECTED] | | | = | To unsubscribe, send mail [EMAIL PROTECTED] with | the word "unsubscribe" in the message body, e.g., run the command | echo unsubscribe | mail [EMAIL PROTECTED] | | = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, 25 Dec 2000, System1 wrote: > the first step is using udp sniffer. > after that you have tools you can find on the webto preform scans in the > network of the victim. > you must have direct connection to the user for that. (I think its ICQ > default). Is that correct? Then you can make sure there is no direct connection (and thus all illegal requsts are filtered out) Is your connection a masqurading one? If so: disable any socks proxy, and the icq client can'y listen on a port (it can still rercieve messages from the server, and can still send files, but not recive files). If not: I figure you need an icq proxy for that. I know one is availble from mirabilis, but considering that: (a) it costs money and (b) they are the ones who wrote that client, so would you trust them, I'm not so sure this is the proxy you would choose. Is there any alternative proxy? -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Looking for ADSL subscribers in Givatayim
Did you install according to the HOWTO-ADSL-BEZEQ ? Dani On Mon, 25 Dec 2000, Omer Efraim wrote: > Sorry to bother the list with such nonsense, but I cannot > think of another way to do that (Bezeq said they'll help, > but no go so far). > > As to the matter at hand: I'm looking for other > ADSL subscribers in Givatayim. I have a problem with > my ADSL connection, and have already ruled out the > possibility that it's a problem at my end or the ISP's > (as I tried several, as well as using various default > configurations and different computers/NICs/OSs at my > end). That leaves Bezeq. > > Having spoken to Bezeq, I know that there is a single > RedBack router at Givatayim, and I have cause to believe > it (or it's configuration) is the source of the problem. > > In order to verify this, I need some help testing from > other subscribers in the Givatayim area. > > I would appreciate any reference to such people - if you > such a person, you are probably also touched/will be touched > by this issue. > > Thank you. > > -- > /-- Omer Efraim ---\ > /--- [EMAIL PROTECTED] (remove spam_me) \ > | I can picture in my mind a world without war, a world | > | without hate. And I can picture us attacking that world, | > | because they'd never expect it.| > \-- Jack Handey, Deep Thoughts / > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
actually icq 2000 pass the firewall by letting you open the port it uses the same protocl as aim now.. Ely Levy System group Hebrew University Jerusalem Israel On Mon, 25 Dec 2000, System1 wrote: | this is not correct. | with simple UDP sniffer you can find the victim private IP. | with bit more complex tools you can even scan the inside network. | I dont know how much attention this issue got on mailing lists such as | BugTraq | but I saw how its beingmade with very simple tools. | the ICQ version I am talking about is ICQ 2000 versions. | Ill say it again ICQ create direct connection this means it passes the | firewall by opening ports higher than 1024 so its a problem to block it | cause I cant block this ports. | for me to know that people from outside the office network can find out ips | like 10.10.1.x is enough to choose block the ICQ. | so the solution I found was to block the output to the whole domain | login.icq.com so users cant make login. | and hope there are no other servers they can login to with ICQ. | | as for Nadav Har'El request for more data. I didnt saw anything on this | issue at BugTraq I dont think many knows about this. | The person who show us this vulnerability didnt say where he found it. but | we saw how he make it. | | Moran. | | | | -Original Message- | From: Nadav Har'El [mailto:[EMAIL PROTECTED]] | Sent: Monday, December 25, 2000 5:26 PM | To: Alon Oz | Subject: Re: ipchains | | Sure enough, _no_ packet is ever sent out of the firewall with either of | the "secret" addresses, so that ICQ will only know the firewall's (publicly | known) address. | | | | | | = | To unsubscribe, send mail to [EMAIL PROTECTED] with | the word "unsubscribe" in the message body, e.g., run the command | echo unsubscribe | mail [EMAIL PROTECTED] | | = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendmail
port 110 is pop3 not sendmail.. adding another book to the pile tal?;) on redhat 7 /etc/xinetd.d/ipop3 I think edit it to run any other linux /etc/inetd.conf uncommand the line Ely Levy System group Hebrew University Jerusalem Israel On Sun, 24 Dec 2000, Joe wrote: | Maybe /hosts.deny ? | - Original Message - | From: "Amir Tal" <[EMAIL PROTECTED]> | To: "Iglu" <[EMAIL PROTECTED]> | Sent: Saturday, December 23, 2000 5:58 PM | Subject: Sendmail | | | > hi list, | > | > when telneting to localhost on port 25, sendmail reply's. | > when trying to port 110, i get : | > | > Trying 127.0.0.1... | > telnet: Unable to connect to remote host: Connection refused | > | > the port is listed at /etc/services , and sendmail is able to send | messages | > to the outside world. | > can anyone direct me what to check ? | > | > | > | >_|_|_Best Regard's , | > ( ) * Amir Tal, | > /v\ / System Administrator | > /( )XIntercomp Ltd. | >(m_m) fax : 09-9526170 | > | | ICQ : 15748705 | > | (_)_ __Office : 09-9526993. | > | | | '_ \| | | \ \/ / | > | | | | | | |_| |>< | > |_)_|_|_| |_|\__,_/_/\ | > visit us at www.legacy2web.com. | > | > | > | > = | > To unsubscribe, send mail to [EMAIL PROTECTED] with | > the word "unsubscribe" in the message body, e.g., run the command | > echo unsubscribe | mail [EMAIL PROTECTED] | > | > | | = | To unsubscribe, send mail to [EMAIL PROTECTED] with | the word "unsubscribe" in the message body, e.g., run the command | echo unsubscribe | mail [EMAIL PROTECTED] | | = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
PostgreSQL & Hebrew Charset
Hi does any one know if postgresl (7) support hebrew charset ? (sorting, group ... ) If so, what is the way to enable it ? -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Are real modem extincted ?
From: <[EMAIL PROTECTED]> To: "Oren Held" <[EMAIL PROTECTED]> Cc: "Linux-IL" <[EMAIL PROTECTED]> Sent: Monday, December 25, 2000 8:54 AM > > > It's unrelated to kernel 2.4. Probably your winmodem has a > > > (proprietary) linux driver. Search at www.linmodems.org > > > > Almost no winmodem has an 'external' linux driver. I still didn't hear > > about this 2.4.0 support.. but about the drivers from linmodems.org, the > > only REAL, open sourced driver is for lucent modems. all the others are > > binaries that works only with a specific (usually very old) version of the > > kernel. > > It seems that PCtel, Lucent, and Cirrus Logic have linux drivers, which > makes most modems supported. Cirrus drivers are also free. Well. the PCtel drivers won't compile with every ditribution. The Lucent drivers won't work with all kernels. There will always be issues with this stuff, I have tried almost every type of winmodem and I am on the Linmodem mailing list. You are simply better off just getting a hardware modem. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, Dec 25, 2000, System1 wrote about "ipchains": > the first step is using udp sniffer. > after that you have tools you can find on the web to preform scans in the > network of the victim. > you must have direct connection to the user for that. (I think its ICQ > default). > > Moran. Ok... I see you're feeding us the real problem a spoonful at a time ;) A direct connection also doesn't work under NAT (unless you have a special masquarading feature that changes the content of packets), and because it uses non-well-known ports, it's also hard to set up for a mostly-blocking packet filter firewall (a firewall that blocks everything except predefined ports/hosts). So you can prevent non-hacker users from using direct connection (with a mostly-blocking firewall) while letting them use the through-server connection. BTW, since you still haven't told us all the details of this vulnerability, I have to ask another question: Does it depend on the attacker sending the victim packets with false source-address (e.g., making it look like other addresses behind the firewall)? If so, such false packets are easy to stop at the firewall, and this because a non-problem. If, however, the false IP address comes from ICQ's server inside a packet, then it's a problem, but I don't see how the attacker can use that data... Can you point us to some URL about this ICQ problem? -- Nadav Har'El| Monday, Dec 25 2000, 28 Kislev 5761 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |Linux: Because rebooting is for adding http://nadav.harel.org.il |new hardware. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: rsh problems
On Mon, 25 Dec 2000, Erez Doron wrote: When you use rsh without a command, it uses rlogin. Please send us your /etc/inetd.conf configuration, and also check it yourself (on the receiving host). If you are able to use strace, you can also debug both the rsh client on the calling side, and the in.rshd daemon on the receiving side. --Ariel > HI > > I'm using the 'rsh'command to execute command on a remote computer: > when i issue: > local> rsh remote echo hello > > it waits for a lot of time and tells me: > poll: protocol failure in circuit setup > > but if i do only 'rsh remote' and then ' echohello' it works ! > > any idea ? > > thanks > erez. > > > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
this is not correct. with simple UDP sniffer you can find the victim private IP. with bit more complex tools you can even scan the inside network. I dont know how much attention this issue got on mailing lists such as BugTraq but I saw how its being made with very simple tools. the ICQ version I am talking about is ICQ 2000 versions. Ill say it again ICQ create direct connection this means it passes the firewall by opening ports higher than 1024 so its a problem to block it cause I cant block this ports. for me to know that people from outside the office network can find out ips like 10.10.1.x is enough to choose block the ICQ. so the solution I found was to block the output to the whole domain login.icq.com so users cant make login. and hope there are no other servers they can login to with ICQ. as for Nadav Har'El request for more data. I didnt saw anything on this issue at BugTraq I dont think many knows about this. The person who show us this vulnerability didnt say where he found it. but we saw how he make it. Moran. -Original Message- From: Nadav Har'El [mailto:[EMAIL PROTECTED]] Sent: Monday, December 25, 2000 5:26 PM To: Alon Oz Subject: Re: ipchains Sure enough, _no_ packet is ever sent out of the firewall with either of the "secret" addresses, so that ICQ will only know the firewall's (publicly known) address. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ipchains
-Original Message- From: System [mailto:[EMAIL PROTECTED]] Sent: Monday, December 25, 2000 5:13 PM To: 'Ishay Sommer' Subject: RE: ipchains the first step is using udp sniffer. after that you have tools you can find on the web to preform scans in the network of the victim. you must have direct connection to the user for that. (I think its ICQ default). Moran. -Original Message- From: Ishay Sommer [mailto:[EMAIL PROTECTED]] Sent: Monday, December 25, 2000 4:50 PM To: 'System1' Cc: [EMAIL PROTECTED] Subject: RE: ipchains can you point us out to this tool? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of System1 Sent: Monday, December 25, 2000 4:42 PM To: 'Hetz Ben Hamo' Cc: [EMAIL PROTECTED] Subject: RE: ipchains using ICQ remote attacker is able to make full port scan on networks behind the firewall. If ICQ gives people the ability to make scans of my servers that are behind firewall I dont want it here. its only troubles. as you can understand we are blocking ICQ not because the files option. (at least trying to block it) Moran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo Sent: Monday, December 25, 2000 4:34 PM To: System1 Cc: [EMAIL PROTECTED] Subject: Re: ipchains Well, if I was a sys admin, then I would allow ICQ.. BUT, I would prevent the ports that needed to send/receive files or chat (these are the ports in the confguration menu)... Blocking ICQ messages seems harder and harder - you can even configure ICQ to send messages with port 80, 21,23, 25, 110 and some other ports - depends how smart is the end user... Ofcourse, you can just rule out usage in your company :) Hetz System1 wrote: > > its not so easy , i blocked while ago port 5194 (icq login port) but today i > found users still able to connect. > so i made port scan on login.icq.com and found that they have above 100 > ports you can login to incase your admin locks you out :) > so what i did was adding the following rule: > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i > $OUTERIF -j DENY > $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i > $OUTERIF -j DENY > > and to block aol messanger (another client with security bugs which allows > remote attacker take full control of users systems) > > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0: -i > $OUTERIF -j DENY > > Moran. -- Hetz Ben Hamo Hardware Research dept. Aduva Inc. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains": > The ICQ protocol reveals the real IP of the computer running the client, > so even if you use GNU replacements it doesn't matter. So what? Unless you have a completely-proxy-firewall (block everything and allow only application proxies), whatever packets you let through (be they http, ftp, or icq) carry the IP address of the machine behind the firewall. But so what? If you use globally addressable IP addresses, face the consequences... ARIN or RIPE will contain your address range and attackers can use that to try the attack on every one of your addresses; Alternatively, if you use NAT hen all outgoing packets will be given one IP address anyway, and your argument is (at least as I see it) false. Case in point: I set up a firewall at home that is delibratly open to ICQ (through-server messages only). The firewall does NAT for a couple of machines, each of them with a different IP address (from a reserved area of the address space). Sure enough, _no_ packet is ever sent out of the firewall with either of the "secret" addresses, so that ICQ will only know the firewall's (publicly known) address. > This "feature" opens a window for "crackers" to use various firewall > penetrating/piercing techniques. This seems to me like "security by obscurity": all the crackers know is the IP address of ICQ using machines. How to use that in an attack that isn't possible by simply attacking all your addresses is beyond me. -- Nadav Har'El| Monday, Dec 25 2000, 28 Kislev 5761 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |I had a lovely evening. Unfortunately, http://nadav.harel.org.il |this wasn't it. - Groucho Marx = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Ishay Sommer wrote: > > email headers sent via smtp include the original ip from which the message > sent from > Not if you make a few changes to the mailer (checked on qmail/sendmail) -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
can you point us out to this tool? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of System1 Sent: Monday, December 25, 2000 4:42 PM To: 'Hetz Ben Hamo' Cc: [EMAIL PROTECTED] Subject: RE: ipchains using ICQ remote attacker is able to make full port scan on networks behind the firewall. If ICQ gives people the ability to make scans of my servers that are behind firewall I dont want it here. its only troubles. as you can understand we are blocking ICQ not because the files option. (at least trying to block it) Moran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo Sent: Monday, December 25, 2000 4:34 PM To: System1 Cc: [EMAIL PROTECTED] Subject: Re: ipchains Well, if I was a sys admin, then I would allow ICQ.. BUT, I would prevent the ports that needed to send/receive files or chat (these are the ports in the confguration menu)... Blocking ICQ messages seems harder and harder - you can even configure ICQ to send messages with port 80, 21,23, 25, 110 and some other ports - depends how smart is the end user... Ofcourse, you can just rule out usage in your company :) Hetz System1 wrote: > > its not so easy , i blocked while ago port 5194 (icq login port) but today i > found users still able to connect. > so i made port scan on login.icq.com and found that they have above 100 > ports you can login to incase your admin locks you out :) > so what i did was adding the following rule: > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i > $OUTERIF -j DENY > $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i > $OUTERIF -j DENY > > and to block aol messanger (another client with security bugs which allows > remote attacker take full control of users systems) > > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0: -i > $OUTERIF -j DENY > > Moran. -- Hetz Ben Hamo Hardware Research dept. Aduva Inc. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Well, if I was a sys admin, then I would allow ICQ.. BUT, I would prevent the ports that needed to send/receive files or chat (these are the ports in the confguration menu)... Blocking ICQ messages seems harder and harder - you can even configure ICQ to send messages with port 80, 21,23, 25, 110 and some other ports - depends how smart is the end user... Ofcourse, you can just rule out usage in your company :) Hetz System1 wrote: > > its not so easy , i blocked while ago port 5194 (icq login port) but today i > found users still able to connect. > so i made port scan on login.icq.com and found that they have above 100 > ports you can login to incase your admin locks you out :) > so what i did was adding the following rule: > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i > $OUTERIF -j DENY > $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i > $OUTERIF -j DENY > > and to block aol messanger (another client with security bugs which allows > remote attacker take full control of users systems) > > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0: -i > $OUTERIF -j DENY > > Moran. -- Hetz Ben Hamo Hardware Research dept. Aduva Inc. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Nadav Har'El wrote: > > On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains": > > using ICQ remote attacker is able to make full port scan on networks behind > > the firewall. > > If ICQ gives people the ability to make scans of my servers that are behind > > firewall I dont want it here. its only troubles. > > as you can understand we are blocking ICQ not because the files option. (at > > least trying to block it) > > > > Moran. > > Saying "its only troubles" is way too simplistic. Users are using it because > they need it, like it, or whatever, and as you noticed, will make various > attempts to circumvent your firewall to keep it going. To them, ICQ is not > trouble - to them _you_ are trouble :) > > I'm curious - which part of ICQ allows an attacker to do port scans on machines > behind the firewall? Is this a feature (bug) of their client, or some basic > feature (bug) of they way the ICQ protocol works? > > P.S. I'm also behind a firewall that doesn't let ICQ through. I have a simple > solution: log in to a "normal" machine outside the firewall (ssh is allowed > through), and run micq (a textual client). You can also try searching for > an ICQ application-proxy for your firewall (I don't know if one exists, though > writing one that works for the simple cases seems easy enough). > > The ICQ protocol reveals the real IP of the computer running the client, so even if you use GNU replacements it doesn't matter. This "feature" opens a window for "crackers" to use various firewall penetrating/piercing techniques. -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains": > using ICQ remote attacker is able to make full port scan on networks behind > the firewall. > If ICQ gives people the ability to make scans of my servers that are behind > firewall I dont want it here. its only troubles. > as you can understand we are blocking ICQ not because the files option. (at > least trying to block it) > > Moran. Saying "its only troubles" is way too simplistic. Users are using it because they need it, like it, or whatever, and as you noticed, will make various attempts to circumvent your firewall to keep it going. To them, ICQ is not trouble - to them _you_ are trouble :) I'm curious - which part of ICQ allows an attacker to do port scans on machines behind the firewall? Is this a feature (bug) of their client, or some basic feature (bug) of they way the ICQ protocol works? P.S. I'm also behind a firewall that doesn't let ICQ through. I have a simple solution: log in to a "normal" machine outside the firewall (ssh is allowed through), and run micq (a textual client). You can also try searching for an ICQ application-proxy for your firewall (I don't know if one exists, though writing one that works for the simple cases seems easy enough). -- Nadav Har'El| Monday, Dec 25 2000, 28 Kislev 5761 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |My password is my dog's name. His name http://nadav.harel.org.il |is a#j!4@h, but I change it every month. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: ipchains
using ICQ remote attacker is able to make full port scan on networks behind the firewall. If ICQ gives people the ability to make scans of my servers that are behind firewall I dont want it here. its only troubles. as you can understand we are blocking ICQ not because the files option. (at least trying to block it) Moran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo Sent: Monday, December 25, 2000 4:34 PM To: System1 Cc: [EMAIL PROTECTED] Subject: Re: ipchains Well, if I was a sys admin, then I would allow ICQ.. BUT, I would prevent the ports that needed to send/receive files or chat (these are the ports in the confguration menu)... Blocking ICQ messages seems harder and harder - you can even configure ICQ to send messages with port 80, 21,23, 25, 110 and some other ports - depends how smart is the end user... Ofcourse, you can just rule out usage in your company :) Hetz System1 wrote: > > its not so easy , i blocked while ago port 5194 (icq login port) but today i > found users still able to connect. > so i made port scan on login.icq.com and found that they have above 100 > ports you can login to incase your admin locks you out :) > so what i did was adding the following rule: > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i > $OUTERIF -j DENY > $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i > $OUTERIF -j DENY > > and to block aol messanger (another client with security bugs which allows > remote attacker take full control of users systems) > > $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0: -i > $OUTERIF -j DENY > > Moran. -- Hetz Ben Hamo Hardware Research dept. Aduva Inc. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, Dec 25, 2000, System1 wrote about "ipchains": > its not so easy , i blocked while ago port 5194 (icq login port) but today i > found users still able to connect. >.. > and to block aol messanger (another client with security bugs which allows > remote attacker take full control of users systems) What do you mean "another" client? Do you mean to imply that ICQ's client also has such a vulerability? Which version? Also, since this is a Linux group after all, you won't be surprised that many of us use non-official clients like licq or micq, which don't share any bugs with ICQ's official client. So I urge you to rethink blocking ICQ. Unless you have a very strong justification (e.g., you run a school network and the kids have been using ICQ for trafficking drugs), then the block will just annoy your users, with no real security benefit (will you also delete Microsoft Outlook from every computer when a VB virus is on the loose? Or more to the point, completely block port 25 when such a virus is spreading?) -- Nadav Har'El| Monday, Dec 25 2000, 28 Kislev 5761 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |A professor is one who talks in someone http://nadav.harel.org.il |else's sleep. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ipchains
its not so easy , i blocked while ago port 5194 (icq login port) but today i found users still able to connect. so i made port scan on login.icq.com and found that they have above 100 ports you can login to incase your admin locks you out :) so what i did was adding the following rule: $IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i $OUTERIF -j DENY $IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i $OUTERIF -j DENY and to block aol messanger (another client with security bugs which allows remote attacker take full control of users systems) $IPCHAINS -A output -p tcp -s $REMOTENET -d login.oscar.aol.com 0: -i $OUTERIF -j DENY Moran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alon Oz Sent: Monday, December 25, 2000 2:56 PM To: Jonathan Ben-Avraham Cc: ILUG Subject: Re: ipchains Jonathan Ben-Avraham wrote: > > On Mon, 25 Dec 2000, Alon Oz wrote: > > > Jonathan Ben-Avraham wrote: > > > > > > On Mon, 25 Dec 2000, Alon Oz wrote: > > > > > > > Jonathan Ben-Avraham wrote: > > > > > > > > > > On Mon, 25 Dec 2000, System1 wrote: > > > > > > > > > > > > > > > > > Hi, > > > > > > we are using here IPChains Firewall. > > > > > > Is there anyway to block complete domain such as *.icq.com ? > > > > > > > > > > No, not with ipchains, because -s accepts only a hostname, network address > > > > > or plain IP address > > > > > > > > > You dig all the domains under icq.com and add block rules for it in a > > > > loop. > > > > > > Very nice. > > > How do I write the loop? > > > > 1. I just checked icq.com and you cannot dig the domains under it. > > 2. You have another option: nslookup icq.com returns 3 ip addresses, > >scan these blocks for .icq.com pattern and block the ones you find, > >it's not perfect but it's better than nothing > >and i assume it will solve your problem. > >You can write the script with any scriping language > >(you can search the web for shell scripting tutorial) > > Ok, but my experience with these IP's is that they change every year or > so. So isn't it better to block at the service level and not at the IP > level? A bit more logical, but you asked about blocking the domain :). Block all the icq ports and that's it. -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Jonathan Ben-Avraham wrote: > > On Mon, 25 Dec 2000, Alon Oz wrote: > > > Jonathan Ben-Avraham wrote: > > > > > > On Mon, 25 Dec 2000, Alon Oz wrote: > > > > > > > Jonathan Ben-Avraham wrote: > > > > > > > > > > On Mon, 25 Dec 2000, System1 wrote: > > > > > > > > > > > > > > > > > Hi, > > > > > > we are using here IPChains Firewall. > > > > > > Is there anyway to block complete domain such as *.icq.com ? > > > > > > > > > > No, not with ipchains, because -s accepts only a hostname, network address > > > > > or plain IP address > > > > > > > > > You dig all the domains under icq.com and add block rules for it in a > > > > loop. > > > > > > Very nice. > > > How do I write the loop? > > > > 1. I just checked icq.com and you cannot dig the domains under it. > > 2. You have another option: nslookup icq.com returns 3 ip addresses, > >scan these blocks for .icq.com pattern and block the ones you find, > >it's not perfect but it's better than nothing > >and i assume it will solve your problem. > >You can write the script with any scriping language > >(you can search the web for shell scripting tutorial) > > Ok, but my experience with these IP's is that they change every year or > so. So isn't it better to block at the service level and not at the IP > level? A bit more logical, but you asked about blocking the domain :). Block all the icq ports and that's it. -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
OT: Looking for ADSL subscribers in Givatayim
Sorry to bother the list with such nonsense, but I cannot think of another way to do that (Bezeq said they'll help, but no go so far). As to the matter at hand: I'm looking for other ADSL subscribers in Givatayim. I have a problem with my ADSL connection, and have already ruled out the possibility that it's a problem at my end or the ISP's (as I tried several, as well as using various default configurations and different computers/NICs/OSs at my end). That leaves Bezeq. Having spoken to Bezeq, I know that there is a single RedBack router at Givatayim, and I have cause to believe it (or it's configuration) is the source of the problem. In order to verify this, I need some help testing from other subscribers in the Givatayim area. I would appreciate any reference to such people - if you such a person, you are probably also touched/will be touched by this issue. Thank you. -- /-- Omer Efraim ---\ /--- [EMAIL PROTECTED] (remove spam_me) \ | I can picture in my mind a world without war, a world | | without hate. And I can picture us attacking that world, | | because they'd never expect it.| \-- Jack Handey, Deep Thoughts / = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, 25 Dec 2000, Alon Oz wrote: > Jonathan Ben-Avraham wrote: > > > > On Mon, 25 Dec 2000, System1 wrote: > > > > > > > > Hi, > > > we are using here IPChains Firewall. > > > Is there anyway to block complete domain such as *.icq.com ? > > > > No, not with ipchains, because -s accepts only a hostname, network address > > or plain IP address > > > You dig all the domains under icq.com and add block rules for it in a > loop. Very nice. How do I write the loop? - yba > (man dig, man $YOUR_FAVORATE_SHELL) > > > EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ TclTek Ltd. =}-ooO--U--Ooo---{= - [EMAIL PROTECTED] - tel: +972.52.670.353, http://www.tcltek.co.il - = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
Jonathan Ben-Avraham wrote: > > On Mon, 25 Dec 2000, System1 wrote: > > > > > Hi, > > we are using here IPChains Firewall. > > Is there anyway to block complete domain such as *.icq.com ? > > No, not with ipchains, because -s accepts only a hostname, network address > or plain IP address > You dig all the domains under icq.com and add block rules for it in a loop. (man dig, man $YOUR_FAVORATE_SHELL) -- Alon Oz, Aduva Research Team, Mailto: [EMAIL PROTECTED] -- A proud member in the Evil Linux cyberterrorist hackers (ELCH) organization A who can launch Denial of Service attacks against the embedded devices in your 6-slice toaster with advanced pingflood Open Source classified exploit codes hidden inside strongly encrypted Russian mafia pornography that innocent American children download from online gambling web sites located in the Northern Mariana Islands = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ipchains
On Mon, 25 Dec 2000, System1 wrote: > > Hi, > we are using here IPChains Firewall. > Is there anyway to block complete domain such as *.icq.com ? No, not with ipchains, because -s accepts only a hostname, network address or plain IP address You can block mail from complete domains using qmail, sendmail and exim. You can block web pages from complete domains using apache You can block telnet, ftp and other services that use inetd/xinetd using tcp wrappers (/etc/host.deny) Regards, - yba > > Moran. > > = > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ TclTek Ltd. =}-ooO--U--Ooo---{= - [EMAIL PROTECTED] - tel: +972.52.670.353, http://www.tcltek.co.il - = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: rsh problems
Erez Doron wrote: > > HI > > I'm using the 'rsh' command to execute command on a remote computer: > when i issue: > local> rsh remote echo hello > > it waits for a lot of time and tells me: > poll: protocol failure in circuit setup > > but if i do only 'rsh remote' and then ' echo hello' it works ! > > any idea ? > > thanks > erez. I had just the same problem, but I cant remember how it was finally solved... ;-) Can you post the NIC cards models, kernel version (and special related drivers used) special networking HW on the way between the two machines, etc' etc' relevant information ? Boaz. -- /"\ \ / ASCII Ribbon Campaign x Against HTML Mail / \ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
ipchains
Hi, we are using here IPChains Firewall. Is there anyway to block complete domain such as *.icq.com ? Moran. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
rsh problems
HI I'm using the 'rsh' command to execute command on a remote computer: when i issue: local> rsh remote echo hello it waits for a lot of time and tells me: poll: protocol failure in circuit setup but if i do only 'rsh remote' and then ' echo hello' it works ! any idea ? thanks erez. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendmail
On Sun, 24 Dec 2000, Henry Ficher wrote: > On Saturday 23 December 2000 17:58, Amir Tal wrote: > > when telneting to localhost on port 25, sendmail reply's. > > when trying to port 110, i get : > > > > Trying 127.0.0.1... > > telnet: Unable to connect to remote host: Connection refused > > > > the port is listed at /etc/services , and sendmail is able to send messages > > to the outside world. > > can anyone direct me what to check ? > > Yea. See that you have the telnet server installed and check if it's enabled > in /etc/inetd.conf. henry - you seem to have misread his question. he is trying to telnet into port _110_ (which is supposed to be the pop3 daemon's default port). not into port 25 (which is the telnet server's default port). he needs to check if he has a pop3 server installed or not. not a telnet server. its either not installed, or its entry is not marked properly in '/etc/inetd.conf'. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]