Please unsuscribe.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Tuesday, February 26, 2002 7:44 PM
To: [EMAIL PROTECTED]
Subject: cobalt-security digest, Vol 1 #687 - 13 msgs
Send cobalt-security mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://list.cobalt.com/mailman/listinfo/cobalt-security
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobalt-security digest..."
Today's Topics:
1. SNMP (John Adair)
2. Re: SNMP (Jeff Lovell)
3. Re: SNMP (David Lucas)
4. traffic question (ICDservers.com)
5. Re: Updated RPMS for proftpd, imapd and qpopper (Sergio Araujo)
6. Re: traffic question (Rob)
7. Re: traffic question (AYoung@Home)
8. Re: traffic question (Steve Werby)
9. Re: traffic question (Matthew Nuzum)
10. Autoreply: Re: [cobalt-security] traffic question
([EMAIL PROTECTED])
11. Re: traffic question (Daniel Neuhaus)
12. Re: traffic question (Gerald Waugh)
13. Re: traffic question (AYoung@Home)
--__--__--
Message: 1
From: "John Adair" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Mon, 25 Feb 2002 15:39:17 -0500
Subject: [cobalt-security] SNMP
Reply-To: [EMAIL PROTECTED]
I was wondering if Cobalt is going to put out new SNMP packages for their
products soon?
http://www.cert.org/advisories/CA-2002-03.html
- - -
Opinions expressed do not necessarily represent the views of my employer.
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone, fax or e-mail to the sender without delay. Return this
message or delete this message and any attachment from your system as per
our request. If you are not the intended recipient you must not copy this
message or attachments or disclose the contents to any other person.
--__--__--
Message: 2
Subject: Re: [cobalt-security] SNMP
From: Jeff Lovell <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: 25 Feb 2002 16:23:21 -0800
Reply-To: [EMAIL PROTECTED]
On Mon, 2002-02-25 at 12:39, John Adair wrote:
> I was wondering if Cobalt is going to put out new SNMP packages for their
> products soon?
>
> http://www.cert.org/advisories/CA-2002-03.html
There is verification testing going on with all platforms right now.
There is not threat of remote exploitation as the snmptrapd is not
shipped with the version of snmp on Sun Cobalt appliances. But as we
all know, that doesn't mean that an exploit cannot be crafted. There
should be an official update available soon.
There are unsupported RPMS available from:
ftp://ftp.cobaltnet.com/pub/unsupported
But it should be notes that these RPMS will require command-line
modification to the initscript and snmpd.conf file to work properly.
Jeff
--
Jeff Lovell
Sun Microsystems Inc.
--__--__--
Message: 3
Date: Mon, 25 Feb 2002 18:44:49 -0600
To: [EMAIL PROTECTED]
From: David Lucas <[EMAIL PROTECTED]>
Subject: Re: [cobalt-security] SNMP
Reply-To: [EMAIL PROTECTED]
At 06:23 PM 2/25/2002, you wrote:
>On Mon, 2002-02-25 at 12:39, John Adair wrote:
> > I was wondering if Cobalt is going to put out new SNMP packages for
their
> > products soon?
> >
> > http://www.cert.org/advisories/CA-2002-03.html
>
>There is verification testing going on with all platforms right now.
>There is not threat of remote exploitation as the snmptrapd is not
>shipped with the version of snmp on Sun Cobalt appliances. But as we
>all know, that doesn't mean that an exploit cannot be crafted. There
>should be an official update available soon.
>
>There are unsupported RPMS available from:
>
>ftp://ftp.cobaltnet.com/pub/unsupported
>
>But it should be notes that these RPMS will require command-line
>modification to the initscript and snmpd.conf file to work properly.
>
>Jeff
>--
>Jeff Lovell
>Sun Microsystems Inc.
Thank you Jeff.! We do appreciate you.
--__--__--
Message: 4
From: "ICDservers.com" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Tue, 26 Feb 2002 09:50:31 +0100
Subject: [cobalt-security] traffic question
Reply-To: [EMAIL PROTECTED]
Hi All,
I was wondering if any of you have solved this one yet, as i stil lam
looking for a good option.
The problem is this.
All my hosters get a standard free amount of datatraffic per month, say
1 GB. For normal website hosting this is sufficient, but some of the
hosters generate more traffic and that has to be paid extra. I am now
looking for a tool or whatever that will allow me to track who has
generated how much in a certain month, for billing purposes of course ;)
Also if there is a way to restrict a site to the agreed amount of
traffic ( like the free hosters do ) that would be great.
Anyone any ideas about this ?
Regards,
Peter Broerse
ICDServers
--__--__--
Message: 5
From: "Sergio Araujo" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 26 Feb 2002 12:29:57 +0000
Subject: [cobalt-security] Re: Updated RPMS for proftpd, imapd and qpopper
Reply-To: [EMAIL PROTECTED]
Greetings,
On 24 Feb 2002 10:50:04 -0500
Matthew Nuzum <[EMAIL PROTECTED]> wrote:
> It's a pity IMAP is based on the UW server at all. Would LOVE to have a
> robust e-mail server with built in virtual hosting support that will
> authenticate users to non-system accounts.
Actually, you can, with Stalker's CommuniGate Pro. It's not free, though.
This is not an unbiased oppinion, was we found their messaging solution so
good that we decided to resale it, so contact me directly if you'd like some
more information.
--
S�rgio Ara�jo
3G - NetWorks <[EMAIL PROTECTED]>
Projecto O�sis <[EMAIL PROTECTED]>
Tel: +351 252 374979 Fax: +351 252 317259
In three words I can sum up everything I've learned about life: it goes on.
(Robert Frost)
--__--__--
Message: 6
From: "Rob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 07:42:12 -0600
Reply-To: [EMAIL PROTECTED]
check out Urchin (http://www.urchin.com) it keeps pretty thorough stats
and will and will
calculate the amount due for each customer. free demo too i think.
-Rob
----- Original Message -----
From: "ICDservers.com" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 26, 2002 2:50 AM
Subject: [cobalt-security] traffic question
> Hi All,
>
> I was wondering if any of you have solved this one yet, as i stil lam
> looking for a good option.
>
> The problem is this.
>
> All my hosters get a standard free amount of datatraffic per month, say
> 1 GB. For normal website hosting this is sufficient, but some of the
> hosters generate more traffic and that has to be paid extra. I am now
> looking for a tool or whatever that will allow me to track who has
> generated how much in a certain month, for billing purposes of course ;)
> Also if there is a way to restrict a site to the agreed amount of
> traffic ( like the free hosters do ) that would be great.
>
>
> Anyone any ideas about this ?
>
>
> Regards,
>
> Peter Broerse
> ICDServers
>
>
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--__--__--
Message: 7
Date: Tue, 26 Feb 2002 09:06:36 -0500
Subject: Re: [cobalt-security] traffic question
From: "AYoung@Home" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
on 2/26/02 3:50 AM, ICDservers.com at [EMAIL PROTECTED] wrote:
> Hi All,
>
> I was wondering if any of you have solved this one yet, as i stil lam
> looking for a good option.
>
> The problem is this.
>
> All my hosters get a standard free amount of datatraffic per month, say
> 1 GB. For normal website hosting this is sufficient, but some of the
> hosters generate more traffic and that has to be paid extra. I am now
> looking for a tool or whatever that will allow me to track who has
> generated how much in a certain month, for billing purposes of course ;)
> Also if there is a way to restrict a site to the agreed amount of
> traffic ( like the free hosters do ) that would be great.
>
>
> Anyone any ideas about this ?
If memory servers me right you can set bandwith if that's what you want to
do per IP via the Cobalt GUI (Raq4i).
Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
complete. Of course if you only have 1 IP # then you'll probably not be
able to restrict.
As far as a tracking software or script I'm sure there's something out
there.
aky
--__--__--
Message: 8
From: "Steve Werby" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 09:59:55 -0500
Reply-To: [EMAIL PROTECTED]
"AYoung@Home" <[EMAIL PROTECTED]> wrote:
> If memory servers me right you can set bandwith if that's what you want to
> do per IP via the Cobalt GUI (Raq4i).
>
> Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
> complete. Of course if you only have 1 IP # then you'll probably not be
> able to restrict.
True, but that just limits the throughput rate. From what I understand, the
original poster doesn't want to throttle the throughput rate, just limit the
total traffic during a month by turning the site off or pointing it to a
special page when that traffic total is reached. To answer Peter's
question, I don't think you'll find a solution that stops serving up users'
sites when their traffic hits the quota you've set. If their month to date
traffic is stored in a text file, db, html source code, etc. it would be
fairly easy for a programmer to write a script which looks up that number
and compares it to the quota and takes action. Whether that action is
sending an email, tracking their overage so you can bill them, pointing
their site pages to a special page, shutting down their email, etc. or some
combination of those another script will be needed to perform the action.
If you wanted to point to a special page for example, the script would need
to modify the Apache config file and run a command to reload the config
file. Both will require root privileges and so a script run as root from
cron automatically at whatever frequency makes sense (probably nightly) may
be the way to go. These are the types of software solutions I build for
clients so if you want to discuss with me off-list feel free to contact me
by email or at the # listed on my site.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
--__--__--
Message: 9
Subject: Re: [cobalt-security] traffic question
From: Matthew Nuzum <[EMAIL PROTECTED]>
To: cobalt-security <[EMAIL PROTECTED]>
Date: 26 Feb 2002 10:28:46 -0500
Reply-To: [EMAIL PROTECTED]
Hello, what you're doing is probably what I call "high density
hosting". Lots of low bandwidth sites, in many cases all on the same IP
address. The common characteristic is that there are lots of sites on
each IP address.
I've thought about this myself, and I'll warn you, inability to monitor
and control bandwidth has put many hosting companies out of business.
However, IP based solutions usually don't work well when you have lots
of sites on an IP.
Unfortunately, your real choices are somewhat limited. Using the below
option mentioned by AYoung is good if you want to keep your peak
bandwidth under control, but probably won't help you on a per-site
basis. The throttling mentioned below will keep all sites combined
below a certain point.
What I recommend is saving all of your log files. That means making a
change to your logrotate scripts (in /etc/cron.daily/logrotate I think)
so that your logs are kept. Then, get a good (probably commercial such
as webtrends or similar) log processor. You can then see the bandwidth
used for a site's http traffic.
If you offer e-mail or ftp services, you're going to have to save and
process these logs. I found a tool a while back on sunsite
(http://metalab.unc.edu) that will convert e-mail log files into common
log format so that it can be processed by standard web log processing
tools. ProFTP also supports using the same log format as apache, so it
is easily processed.
An option that won't work (probably) but does provide very good reports
is MRTG. It uses SMTP to poll data from routers ethernet interfaces.
It does reporting on a per IP basis, which once again isn't useful
unless your sites all have their own IP.
Good Luck,
Matt Nuzum
On Tue, 2002-02-26 at 09:06, AYoung@Home wrote:
on 2/26/02 3:50 AM, ICDservers.com at [EMAIL PROTECTED] wrote:
> Hi All,
>
> I was wondering if any of you have solved this one yet, as i stil lam
> looking for a good option.
>
> The problem is this.
>
> All my hosters get a standard free amount of datatraffic per month,
say
> 1 GB. For normal website hosting this is sufficient, but some of the
> hosters generate more traffic and that has to be paid extra. I am now
> looking for a tool or whatever that will allow me to track who has
> generated how much in a certain month, for billing purposes of course
;)
> Also if there is a way to restrict a site to the agreed amount of
> traffic ( like the free hosters do ) that would be great.
>
>
> Anyone any ideas about this ?
If memory servers me right you can set bandwith if that's what you want
to
do per IP via the Cobalt GUI (Raq4i).
Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
complete. Of course if you only have 1 IP # then you'll probably not be
able to restrict.
As far as a tracking software or script I'm sure there's something out
there.
aky
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
--__--__--
Message: 10
To: [EMAIL PROTECTED]
Subject: Autoreply: Re: [cobalt-security] traffic question
From: [EMAIL PROTECTED]
Date: Tue, 26 Feb 2002 16:21:28 +0100
Reply-To: [EMAIL PROTECTED]
Bonjour,
Je ne serait pas atteignable la journ�e du lundi 25 f�vrier au vendredi 1er
mars inclus. Votre message sera trait� en d�but de soir�e. Vous trouverez
ci-apr�s la liste des contacts directs pour les questions urgentes :
Connections � Internet : [EMAIL PROTECTED]
H�bergements/Commercial : [EMAIL PROTECTED]
Compteurs/Scripts/Linux : [EMAIL PROTECTED]
Facturation/Rappels : [EMAIL PROTECTED]
Direction : [EMAIL PROTECTED]
Avec mes meilleures salutations,
Infomaniak Network SA
Fabian Lucchi
Your message reads:
Received: from list.cobalt.com (unverified [63.77.128.170]) by
aristote2.infomaniak.ch
(Rockliffe SMTPRA 4.5.6) with ESMTP id
<[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;
Tue, 26 Feb 2002 16:21:27 +0100
Received: from list.cobalt.com (localhost [127.0.0.1])
by list.cobalt.com (8.9.3/8.9.3) with ESMTP id HAA05268;
Tue, 26 Feb 2002 07:17:16 -0800
Received: from ns2.befriend.com ([207.218.238.21])
by list.cobalt.com (8.9.3/8.9.3) with ESMTP id HAA04799
for <[EMAIL PROTECTED]>; Tue, 26 Feb 2002 07:01:15 -0800
Received: from satellite (pool-209-158-202-143.rich.east.verizon.net
[209.158.202.143])
by ns2.befriend.com (8.10.2/8.10.2) with SMTP id g1QExNM26054
for <[EMAIL PROTECTED]>; Tue, 26 Feb 2002 08:59:23 -0600
Message-ID: <05e901c1bed6$79803a50$9865fea9@satellite>
From: "Steve Werby" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Subject: Re: [cobalt-security] traffic question
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.6
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
List-Help: <mailto:[EMAIL PROTECTED]?subject=help>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>,
<mailto:[EMAIL PROTECTED]?subject=subscribe>
List-Id: Mailing list for users to address network security on Cobalt
products. <cobalt-security.list.cobalt.com>
List-Unsubscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>,
<mailto:[EMAIL PROTECTED]?subject=unsubscribe>
List-Archive: <http://list.cobalt.com/pipermail/cobalt-security/>
Date: Tue, 26 Feb 2002 09:59:55 -0500
"AYoung@Home" <[EMAIL PROTECTED]> wrote:
> If memory servers me right you can set bandwith if that's what you want to
> do per IP via the Cobalt GUI (Raq4i).
>
> Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
> complete. Of course if you only have 1 IP # then you'll probably not be
> able to restrict.
True, but that just limits the throughput rate. From what I understand, the
original poster doesn't want to throttle the throughput rate, just limit the
total traffic during a month by turning the site off or pointing it to a
special page when that traffic total is reached. To answer Peter's
question, I don't think you'll find a solution that stops serving up users'
sites when their traffic hits the quota you've set. If their month to date
traffic is stored in a text file, db, html source code, etc. it would be
fairly easy for a programmer to write a script which looks up that number
and compares it to the quota and takes action. Whether that action is
sending an email, tracking their overage so you can bill them, pointing
their site pages to a special page, shutting down their email, etc. or some
combination of those another script will be needed to perform the action.
If you wanted to point to a special page for example, the script would need
to modify the Apache config file and run a command to reload the config
file. Both will require root privileges and so a script run as root from
cron automatically at whatever frequency makes sense (probably nightly) may
be the way to go. These are the types of software solutions I build for
clients so if you want to discuss with me off-list feel free to contact me
by email or at the # listed on my site.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
--__--__--
Message: 11
Date: Tue, 26 Feb 2002 16:45:16 +0100
From: Daniel Neuhaus <[EMAIL PROTECTED]>
To: Matthew Nuzum <[EMAIL PROTECTED]>
Subject: Re: [cobalt-security] traffic question
Reply-To: [EMAIL PROTECTED]
Matthew Nuzum wrote on 26.02.2002:
> Hello, what you're doing is probably what I call "high density
> hosting". Lots of low bandwidth sites, in many cases all on the same IP
> address. The common characteristic is that there are lots of sites on
> each IP address.
There are two tools available for the RaQ to count the transfer:
Musita: http://www.musita.com
TrafficLight: http://www.raqsupport.net/trafficlight.html
I use Musita on two of my servers and it works fine, but unfortunately
it counts only web-transfer.
Regards,
Daniel
--
free backup-solution for your RaQ:
http://www.dnid.de/cobalt/raqbackup/
--__--__--
Message: 12
From: Gerald Waugh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 10:05:09 -0500
Reply-To: [EMAIL PROTECTED]
On Tue, 26 Feb 2002, Steve Werby wrote:
<snip>
> These are the types of software solutions I build for
> clients so if you want to discuss with me off-list feel free to contact me
> by email or at the # listed on my site.
>
hhhmm! sounds like jeff. is that you steve <smile><grin><smile>
ataboy!
--
Gerald Waugh
--__--__--
Message: 13
Date: Tue, 26 Feb 2002 09:25:05 -0500
Subject: Re: [cobalt-security] traffic question
From: "AYoung@Home" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
on 2/26/02 8:42 AM, Rob at [EMAIL PROTECTED] wrote:
> check out Urchin (http://www.urchin.com) it keeps pretty thorough stats
and
> will and will
> calculate the amount due for each customer. free demo too i think.
>
> -Rob
>
Urchin has a free demo that lasts for 30-days. Easy pkg install via GUI for
Raq's. After the 15-days is $495 for 25-sites $295 for each addlt 25-sites.
aky
--__--__--
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
End of cobalt-security Digest
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
