Linux-Misc Digest #289, Volume #24 Thu, 27 Apr 00 06:13:02 EDT
Contents:
Re: NOTICE!! Warning, Warning Under Attack!!! NOTICE!! ("David ..")
microsoft word on linux (Eugenio Rivera)
fetchnews as news (Bob Holtzman)
Re: microsoft word on linux (Michael Hofmann)
Re: microsoft word on linux (Neil)
Re: Linux (Neil)
how to check CDs under Linux ([EMAIL PROTECTED])
How to interpret the output of /usr/bin/free? ([EMAIL PROTECTED])
Re: microsoft word on linux (Jonathan Mendez)
Re: fetchnews as news ("Peter T. Breuer")
Re: How to interpret the output of /usr/bin/free? ("Peter T. Breuer")
Domain not bound....Please help (Jafery)
Linux newbie + Web server (ram)
Re: How Big Will X Grow Today? (Floyd Davidson)
logging into a linux box remotely as root using rsh with no password ("Harry Overs")
Re: logging into a linux box remotely as root using rsh with no password (Michael
Borgwardt)
AutoCAD 2000
Re: Which backup software to use? (Jason Hong)
Re: fetchnews as news (Wolfgang Fritz)
Re: AutoCAD 2000 (Uwe Bonnes)
Re: About Yesterday's attack. (Faux_Pseudo)
Re: I think I have been HACKED!!! (Simon Brooke)
Newbie question on installing linux ("Phil Mossop")
Re: logging into a linux box remotely as root using rsh with no password ("Peter T.
Breuer")
Re: Newbie question on installing linux ("Peter T. Breuer")
----------------------------------------------------------------------------
From: "David .." <[EMAIL PROTECTED]>
Crossposted-To:
redhat.security.general,comp.os.linux.setup,comp.os.linux.questions,alt.linux
Subject: Re: NOTICE!! Warning, Warning Under Attack!!! NOTICE!!
Date: Thu, 27 Apr 2000 00:51:29 -0500
As I said in the email that was returned to me as undeliverable.
This problem started "Yesterday". My system has a better uptime than
this and if it had been going on prior to this I would have known, days,
months, or years ago. I have disconnected and reconnected a couple of
times which automatically gives me a different IP number. A few minutes
after reconnecting it starts again. I have been in contact with the
owner of the other system about this and they are trying to figure the
problem out. I know which port it is coming from I KNOW THE IP NUMBER
AND NAME OF THE SYSTEM!! And also which ports it is trying to connect
to, I have MANY MANY logs to see this. Today it has started over at port
1107 and at the present time is up port 1758 at the time of this
writting. I know it tried to connect as follows
port 3400 15:49:46 4/25/2000
port 3898 18:52:02 4/25/2000 4times between 18:52:02 & 18:52:05
and once at 18:53:35
port 4457 6 times between 20:45:04 & 20:45:49 4/25/2000
port 4458 twice between 20:46:06 & 20:46:07 4/25/2000
port 4457 3 times between 20:46:37 & 20:46:46 4/25/2000
and stopped between 22:57:36 & 23:24:56 4/25/2000
and stopped between 12:07:04 & 12:26:12 4/26/2000
And these are only a few compared to what my logs show.
According to the news article which the owner of the other system was
kind enough to send me.
http://www.cnet.com/category/0-100-200-1760458.html
"Executives said the FBI and the National Infrastructure Protection
Center, a
government-backed computer crime investigation organization, are
investigating the attack."
I run junkbuster, squid, have set my system to ignore ping requests,
have IP spoof protection turned on, and have it set so that it will not
give out OS or kernel version if it is connected to. And yet the ATTACK
continues as I write this. It is checking all ports one by one in order
and at times will stop for approx 27 minutes and then starts again. Even
if it is just an ad bot as you say I DO NOT WANT IT TRYING TO CONNECT TO
MY SYSTEM PERIOD. This is an attack because it has been going on since
yesterday no matter what port it is coming from or trying to connect to.
One of the last messages I recieved from the owner of the other system,
They are beginning to think that it is someone spoofing packets. If this
is true, and I say if, then that would confirm that someone is doing it
for an un-known reason. So the next time you want to just blow off
someone's warning or problems keep it to yourself. Some of us know more
about it than you may realize.
Good-Bye!
Brent Willcox wrote:
>
> >I found these attempts which started today with the first attempt
> >starting before the time shown here in the first line. As you can see
> >they are trying to connect one port at a time in order from 3400 up and
> >at the present time they continue to try diferent ports in numerical
> >order. I have blocked all connections TO and FROM these addresses but my
> >logs and tcpdump show that the attempts continue and were still going
> >when this was posted to redhat.security.general and many other
> >newsgroups.
> >
> >
> >Apr 25 15:49:46 twinscrew kernel: Packet log: input DENY ppp0 PROTO
> 6
> xxx.xxx.xxx.xxx:80 xxx.xxx.xx.xxx:3400 L=40 S=0x00 I=43215 F=0x0000
> ^^ ^^^^
> source port destination (on your machine)
>
> (ip's xxx'ed for privacy purposes)
>
> First of all, RELAX!!! This is NOT a hack attempt!
>
> Take a look at the source port on the first machine. It's port 80.
> (which is http, or WWW)
>
> This was caused by a web request you made. What happened is you
> probably connected to a server using banner advertising (adbot?)
> and you hit "STOP"
>
> The remote server is misconfigured and is trying to hammer
> you. I get this sort of thing sometimes. Usually disconnecting and
> reconnecting a few minutes later solves this problem. (I actually see
> this more often with ZoneAlarm on Windows than IP chains)
>
> The 3400 isn't a known exploit port, its just the random port that
> Netscape (or whatever you were browsing with) chose. The thing that
> causes this for me most often is a Netscape crash.
>
> You might want to contact the admin of the webserver and let them know
> that they are broken in a way that will drive firewall users nuts.
>
> Even if it is a hack attempt, relax. Ipchains is doing its job and
> the requests are getting dropped on the floor.
>
> If you're wondering what a port (source or destination) might be, a
> good reference is http://www.robertgraham.com/pubs/firewall-seen.html
> This answered my question when 3128 showed up being scanned in my
> firewall logs.
>
> (3128 is the default port for the Squid Proxy, btw).
>
> Most "good" port scans by hacking tools don't even show up in the
> firewall log these days. (a'la nmap's "null scan")
>
> -bdw-
> --
> Brent Willcox
> Another BCIS student at the Univ. of North Texas
> mail: bwillcox (at) unt edu
> **When the green flag drops, the bull stops***
--
Registered with the Linux Counter. http://counter.li.org
ID # 123538
------------------------------
From: Eugenio Rivera <[EMAIL PROTECTED]>
Subject: microsoft word on linux
Date: Wed, 26 Apr 2000 23:11:12 -0700
Hi,
Is there a program that allows me to view (not necessarily edit)
a microsoft word document under Linux?
thanks,
Eugenio
------------------------------
From: [EMAIL PROTECTED] (Bob Holtzman)
Subject: fetchnews as news
Date: Wed, 26 Apr 2000 23:30:26 -0700
I'm trying to get leafnode and fetchnews running. Fetchnews can only be
run as news or root. I don't want to connect to the internet as root, but
when I su into news from my user account I'm prompted for a password. I
have no idea what the password is. I've tried setting user I.d. in the
fetchmail permissions and also tried changing ownership to my user name
with no luck.
The question, of course, is how can I step into a phone booth and emerge
a moment later a la superman as news so I can run fetchnews?
--
Bob Holtzman
"If you think you're getting free
lunch, check the price of the beer!"
------------------------------
From: Michael Hofmann <[EMAIL PROTECTED]>
Subject: Re: microsoft word on linux
Date: Thu, 27 Apr 2000 08:18:01 +0200
Eugenio Rivera wrote:
>
> Hi,
>
> Is there a program that allows me to view (not necessarily edit)
> a microsoft word document under Linux?
mswordview
------------------------------
From: Neil <[EMAIL PROTECTED]>
Subject: Re: microsoft word on linux
Date: 26 Apr 2000 23:30:16 PST
Eugenio Rivera <[EMAIL PROTECTED]> wrote:
> Hi,
> Is there a program that allows me to view (not necessarily edit)
> a microsoft word document under Linux?
Word Perfect for Linux, I believe, can open and view Word documents.
I read today in a trade publication that it can actually save documents
as .doc. Of course, WP does cost money. If you are looking for
free software that does this then I am not sure what to suggest.
--
Neil
------------------------------
From: Neil <[EMAIL PROTECTED]>
Subject: Re: Linux
Date: 26 Apr 2000 23:36:29 PST
[EMAIL PROTECTED] wrote:
> How is Linux different from Windows?
In a nutshell Linux is a Unix like operating system that
is free and the source code is open.
Linux, contrary to popular belief, does have windowing systems
where you use a mouse and generally work just like you would in
MS Windows.
Windows is a proprietary Operating System. In contrast to Linux
it is not free and the source code is not available to you.
Many Linux users prefer Linux because it is free, stable (no
Blue Screens of Death), and gives the user freedom to
change things as much or as little as is desired.
--
Neil
------------------------------
From: [EMAIL PROTECTED]
Subject: how to check CDs under Linux
Date: Thu, 27 Apr 2000 06:27:56 GMT
Hi!
I'd like to know a way to check my CDs for defects under Linux. What I
currently do is that I tar the whole CD and wait for errors. Are there
better ways of doing this?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: How to interpret the output of /usr/bin/free?
Date: Thu, 27 Apr 2000 06:34:02 GMT
Hi,
I am trying to interpret the output of "free", in particular on
the following concepts:
* shared memory: memory shared by more than one processes (eg,
image of shared libs), right?
* buffer: how is it different from cache?
* cache: how is it different from buffer?
what is the "-/+ buffers/cache" line trying to tell?
Thanks in advance for any info!
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jonathan Mendez)
Subject: Re: microsoft word on linux
Date: 27 Apr 2000 06:39:54 GMT
>Hi,
>
>Is there a program that allows me to view (not necessarily edit)
>a microsoft word document under Linux?
>
>thanks,
>
>Eugenio
>
AbiWord is a program that doesn't have too many features, but enough for me so
far anyway, and it doesn't seem to have problems opening M$ Word documents at
all as far as I can tell. Search freshmeat.net. :) I have also heard that
StarOffice is M$ compatible, although I have also heard it's a hefty download.
Then again, it has way more than AbiWord does. So depending on your needs,
those are a couple options.
HTH
Jonathan
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: fetchnews as news
Date: 27 Apr 2000 06:33:50 GMT
Bob Holtzman <[EMAIL PROTECTED]> wrote:
: The question, of course, is how can I step into a phone booth and emerge
: a moment later a la superman as news so I can run fetchnews?
man su, sudo, suidexec, suidperl, etc. etc.
something like ..
sudo su news -c fetchnews ....
(or just without the sudo)
Peter
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: How to interpret the output of /usr/bin/free?
Date: 27 Apr 2000 06:46:40 GMT
[EMAIL PROTECTED] wrote:
: Hi,
: I am trying to interpret the output of "free", in particular on
: the following concepts:
: * shared memory: memory shared by more than one processes (eg,
: image of shared libs), right?
yes
: * buffer: how is it different from cache?
It's buffered. I.e. on the way out to the disk and not yet there.
: * cache: how is it different from buffer?
It's cached. I.e. a copy of what has come in from the disk already.
: what is the "-/+ buffers/cache" line trying to tell?
The total used without the buffers and cache included.
Peter
------------------------------
From: Jafery <[EMAIL PROTECTED]>
Subject: Domain not bound....Please help
Date: Thu, 27 Apr 2000 06:46:30 GMT
Hi there,
I have an error message ...YPBINDPROC_DOMAIN : Domain not bound
what does it mean and how to fix it?
Thank you
Jafery
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: ram <[EMAIL PROTECTED]>
Subject: Linux newbie + Web server
Date: Thu, 27 Apr 2000 07:30:04 GMT
Dear all,
I want to set up a web server on Linux, however, I am a newbie to both. Is
there any suggestion for the distribution of the OS and web server.
Thanks in advance.
Raymond Mui
--
Posted via CNET Help.com
http://www.help.com/
------------------------------
From: Floyd Davidson <[EMAIL PROTECTED]>
Subject: Re: How Big Will X Grow Today?
Date: 26 Apr 2000 22:47:47 -0800
[EMAIL PROTECTED] (Stewart Honsberger) wrote:
>
>I've only got 64M in my machine right now, and wish I had atleast 128M.
>
>blackdeath@blackdeath:~ > free
> total used free shared buffers cached
>Mem: 63192 61332 1860 19616 1008 23028
>-/+ buffers/cache: 37296 25896
>Swap: 133016 21732 111284
>
>As you can see, RAM doesn't go very far anymore. :<
You have 24Mb of free RAM that can be used for program execution. That is
more than 1/3rd of your total RAM. It appears to be a good match for you
typical usage, if the above was taken at a representative time.
Of course it *is* nice to have a lot of RAM available for disk buffers
and caching. So there would be some benefit to going to 128Mb, but
you might have a hard time noticing the difference.
Floyd
--
Floyd L. Davidson [EMAIL PROTECTED]
Ukpeagvik (Barrow, Alaska)
------------------------------
From: "Harry Overs" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,comp.os.linux.admin,comp.os.linux.help,comp.os.linux.setup,linux.redhat,linux.redhat.misc,uk.comp.os.linux
Subject: logging into a linux box remotely as root using rsh with no password
Date: Thu, 27 Apr 2000 09:02:22 +0100
I've managed to get all other users but root to log into remote machines
with no password by
1. Setting up /etc/hosts.equiv with trusted hosts
2. Setting ~/.rhost to include trusted users
N.B. This is a standalone network in a secure room used for dev work so
security is not such an issue.
Howver root cannot log in with no password. I've added the mod specified in
the man pages for rshd ( -h ) in /etc/inetd.conf but to no avail.
Does anyone know how to do this, I've been trying for so long, with several
posts, but no-one seems to know how to do this.
Using rh6.1/6.2
Any help would be gratefully appreciated.
Regards
Paul.
------------------------------
From: [EMAIL PROTECTED] (Michael Borgwardt)
Crossposted-To:
comp.os.linux,comp.os.linux.admin,comp.os.linux.help,comp.os.linux.setup,linux.redhat,linux.redhat.misc,uk.comp.os.linux
Subject: Re: logging into a linux box remotely as root using rsh with no password
Date: 27 Apr 2000 08:21:35 GMT
In article <8e8s0f$f9l$[EMAIL PROTECTED]>,
"Harry Overs" <[EMAIL PROTECTED]> writes:
> I've managed to get all other users but root to log into remote machines
> with no password by
>
> 1. Setting up /etc/hosts.equiv with trusted hosts
> 2. Setting ~/.rhost to include trusted users
>
> N.B. This is a standalone network in a secure room used for dev work so
> security is not such an issue.
>
>
> Howver root cannot log in with no password. I've added the mod specified in
> the man pages for rshd ( -h ) in /etc/inetd.conf but to no avail.
>
> Does anyone know how to do this, I've been trying for so long, with several
> posts, but no-one seems to know how to do this.
I'm not sure about rlogin, but with ssh (slogin), it works.
--
Michael "Brazil" Borgwardt --- Member of #WASHU# and Her would-be guinea-pig.
Untiring defender of Washu-chan, Asuka-chan and Elektra-chan.
A Homepage for Elektra: http://www.informatik.tu-muenchen.de/~borgward/
ANT - Animeclub fuer Deutschland: http://www.anime.no.tomodachi.de/
=============== Let`s shake the dew off this lily, shall we ? ===============
------------------------------
From: <[EMAIL PROTECTED]>
Subject: AutoCAD 2000
Date: Thu, 27 Apr 2000 08:30:09 GMT
How can i run Autodesk's AutoCAD 2000 under Linux???
--
Posted via CNET Help.com
http://www.help.com/
------------------------------
From: [EMAIL PROTECTED] (Jason Hong)
Subject: Re: Which backup software to use?
Date: 27 Apr 2000 08:45:07 GMT
I've running BudTool on major servers, however my experience with BudTool is
"Wishes you Good Luck!!!!". I am not saying BudTool does not work, but I
have reasons why I recommend others.
I would go for Veritas or Legato.
======================================================================
Jason Hong, [EMAIL PROTECTED]
Anything But MicroSoft CoPyLeFt@
A penguin is the Computer.
Systems Administrator for Solaris, HP-UX, Linux and Auspex
> BudTool works well but I think it only runs under UNIX systems. I
> don't know if there is a LINTEL version.
>
> Hope this helps,
> Don
>
>
> --
> ********************** You a bounty hunter?
> * Rev. Don McDonald * Man's gotta earn a living.
> * Baltimore, MD * Dying ain't much of a living, boy.
> ********************** "Outlaw Josey Wales"
> http://members.home.net/oldno7
------------------------------
From: Wolfgang Fritz <[EMAIL PROTECTED]>
Subject: Re: fetchnews as news
Date: Thu, 27 Apr 2000 10:24:53 +0200
Bob Holtzman wrote:
>
> I'm trying to get leafnode and fetchnews running. Fetchnews can only be
> run as news or root. I don't want to connect to the internet as root, but
> when I su into news from my user account I'm prompted for a password. I
> have no idea what the password is. I've tried setting user I.d. in the
> fetchmail permissions and also tried changing ownership to my user name
> with no luck.
>
> The question, of course, is how can I step into a phone booth and emerge
> a moment later a la superman as news so I can run fetchnews?
> --
> Bob Holtzman
> "If you think you're getting free
> lunch, check the price of the beer!"
Hi,
root can change to user news without password:
-bash(3)#su - news
news@gurke:~ > whoami
news
news@gurke:~ >
To allow execution of privileged commands by normal users, I prefer sudo
(try man sudo).
Wolfgang
------------------------------
From: Uwe Bonnes <[EMAIL PROTECTED]>
Subject: Re: AutoCAD 2000
Date: 27 Apr 2000 09:12:32 GMT
[EMAIL PROTECTED] wrote:
: How can i run Autodesk's AutoCAD 2000 under Linux???
By using VMWare (http://www.vmware.com) or perhaps Win4Lin (www.trelos.com)
or (experimental) Wine (http://www.winehq.com)
Bye
--
Uwe Bonnes [EMAIL PROTECTED]
Institut fuer Kernphysik Schlossgartenstrasse 9 64289 Darmstadt
========= Tel. 06151 162516 ======== Fax. 06151 164321 ==========
------------------------------
From: [EMAIL PROTECTED] (Faux_Pseudo)
Crossposted-To: comp.os.linux.setup,alt.linux,redhat.general
Subject: Re: About Yesterday's attack.
Reply-To: [EMAIL PROTECTED]
Date: Thu, 27 Apr 2000 09:25:59 GMT
--(Once apon a time, in comp.os.linux.setup,)--
--(Buck Rogers said it like only they can.)--
$> Yesterday I posted a message reguarding an attack on my system and yet
$> removed it after I was able to contact the person in control of the
$> problem.
$
$How do you remove a post? I've always wanted to know the
$answer to this one.
$
$--
$Buck Rogers
$http://www.ic-net.com.au/~dmp
$
$
in slrn you ESC Ctrl+S
but this will not remove all the copys of the post floating on the servers
out there
once you post it its out there forever.
--
._____. ._____.
|<> <>| If I remember to turn it on UIN=66618055 |<> <>|
| | while(sig_sucks != 0) | |
\ " / printf("Clever sig coming soon."); \ " /
\_/ \_/
------------------------------
Crossposted-To: uk.comp.os.linux,comp.os.linux.setup
Subject: Re: I think I have been HACKED!!!
From: Simon Brooke <[EMAIL PROTECTED]>
Date: Thu, 27 Apr 2000 09:32:32 GMT
[EMAIL PROTECTED] (brian moore) writes:
> 1st step: kill any daemons and programs you don't know.
>
> Go through inetd.conf and comment out every line if you don't know what it
> is or why you would run it. If you don't know what it is, you probably
> don't need it running. Look in the the startup scripts to see what sort
> of processes are being started up... again, remove them if you don't know
> why they're there.
Absolutely. Many distros come with things open in the inetd.conf file
(and rc3.d) which are well dodgy. You may very well find that when
you've finished commmenting things out of inetd.conf there's nothing
left, in which case you don't need to run it at all.
Check for any CERT advisories, etc, for the remaining daemons you do
need to run, and upgrade any which have known weaknesses.
--
[EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/
'Victories are not solutions.'
;; John Hume, Northern Irish politician, on Radio Scotland 1/2/95
;; Nobel Peace Prize laureate 1998; few have deserved it so much
------------------------------
From: "Phil Mossop" <[EMAIL PROTECTED]>
Subject: Newbie question on installing linux
Date: Thu, 27 Apr 2000 21:39:45 +1200
Hi there,
I am thinking of installing Linux (probably Mandrake) on to my system. I am
currently running Win98 with 3 relatively same size partitions, C: D: and
E:. I am thinking of making E: for Linux and keeping the other two for
Win98. I do not want to totally remove Windows (just yet), but want to be
able to choose which OS to use at startup.
Some questions:
1. Do you think there are any conceptual problems with this?
2. I have an nVidia TNT2 32Mb graphics card and have heard of some problems
with this under Linux. Will I be in for any surprises if I don't actually
want to play 3d games just yet, but just get Linux running on my system?
I am relatively new to Linux and Unix on a PC, but have a decent back ground
in Unix with X-terminals.
TIA
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux,comp.os.linux.admin,comp.os.linux.help,comp.os.linux.setup,linux.redhat,linux.redhat.misc,uk.comp.os.linux
Subject: Re: logging into a linux box remotely as root using rsh with no password
Date: 27 Apr 2000 09:39:17 GMT
In comp.os.linux.help Harry Overs <[EMAIL PROTECTED]> wrote:
: N.B. This is a standalone network in a secure room used for dev work so
: security is not such an issue.
: Howver root cannot log in with no password. I've added the mod specified in
: the man pages for rshd ( -h ) in /etc/inetd.conf but to no avail.
: Does anyone know how to do this, I've been trying for so long, with several
Use ssh. Configure /etc/sshd_config. Allow login via RSA alone. Set up
.ssh/identity.pub with ssh-keygen and authorized_keys to contain the key
too.
Peter
------------------------------
From: "Peter T. Breuer" <[EMAIL PROTECTED]>
Subject: Re: Newbie question on installing linux
Date: 27 Apr 2000 09:56:21 GMT
Phil Mossop <[EMAIL PROTECTED]> wrote:
: E:. I am thinking of making E: for Linux and keeping the other two for
: Win98. I do not want to totally remove Windows (just yet), but want to be
: able to choose which OS to use at startup.
: Some questions:
: 1. Do you think there are any conceptual problems with this?
Yes . you don't use "a partition" for linux. You remove the partition
and replace it with 4 or 5 linux ones (swap, /, /usr, var, ...). 2GB
of space should be fine.
Also you may have a practical problem. You will have difficulty booting
using the standard boot loader if your partition E: currently starts
above cylinder 1023 on the disk, because the bios cannot jump there.
If that is the case, copy the kernel image to c:\ and add a menu item
to your c:\config.sys that says something like shell=loadlin.exe
vmlinuz root= /dev/hda5 ro, where these options are adapted to your
final configuration. You should find a copy of loadlin.exe in the /root
directory when you have finished the install of linux. Boot from
a floppy if you have trouble.
: 2. I have an nVidia TNT2 32Mb graphics card and have heard of some problems
Never heard of it.
: with this under Linux. Will I be in for any surprises if I don't actually
: want to play 3d games just yet, but just get Linux running on my system?
Look it up in www.xfree86.org. Check to see if there is a driver for
this card.
Peter
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
