Linux-Networking Digest #692, Volume #9 Sun, 27 Dec 98 23:13:29 EST
Contents:
Re: Reverse DNS lookup with IP Masquerading (Michael Fuhr)
Re: kppp and slow connects (Marc)
Linux PPP to Annex v/s Cisco terminal server (Ashok Aiyar)
Re: NetGear config problem (tat ming sze)
Re: win95/98 RAS use only PAP/CHAP? (vs login/password) (Job eisses)
Re: Q:DNS and pppd ... how? (Marc)
Re: PPP problem (Marc)
Re: ppp daemon died unexpectedly ([EMAIL PROTECTED])
receiving email on linux ([EMAIL PROTECTED])
firewall tool for linux? (Jan Stifter)
Re: Intel EtherExpress Pro/100B Problem (rks)
Re: How to enable networking support, especiallyTCP/IP??? (Paul Triolo)
Bare Bones Network Monitor (Barry Grussling)
Re: ip_masq - Netmeeting module?? ([EMAIL PROTECTED])
Receive serial link is not 8-bit clean (Tyler Dinh)
Re: what exactly is SYN flood? (Joe Shaw)
Re: Adding IP Tunnel Devices (Rick Orwig)
Re: Networking Linux and Windows (Paul Triolo)
Re: Connecting to the @Home network/General network configuration (Paul Triolo)
dialing up problem[redhat] ("Grace")
Re: firewall tool for linux? ("NoneYa")
Re: firewall tool for linux? (Paul B. Brown)
firewall tool for linux? (Jan Stifter)
Re: firewall tool for linux? (Paul B. Brown)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Michael Fuhr)
Subject: Re: Reverse DNS lookup with IP Masquerading
Date: 27 Dec 1998 19:07:11 -0700
Colin Durocher <[EMAIL PROTECTED]> writes:
> I just networked the computers in my home and set up ip_masquerading so
> that the kids' computers could use my cable modem internet access. I'm
> now wondering if there is a program available (or alternatively, one I
> could write) that will allow me to monitor the names of the websites
> that are accessed through that connection. I figure there must be some
> way of keeping a list of the external ip addresses that are accessed and
> then doing a reverse DNS lookup to find the names. From there, I could
> just scan for certain keywords.
1. Use packet filters to deny the kids' computers direct access
to the Internet.
2. Set up a proxy (e.g., Squid) on the machine that can still reach
the Internet.
3. Configure the kids' browsers to use the proxy.
4. Spy^H^H^Hmonitor the proxy log files as desired. With Squid you
could also use ACLs or a redirector to prohibit access to certain
sites.
--
Michael Fuhr
http://www.fuhr.net/~mfuhr/
------------------------------
From: Marc <[EMAIL PROTECTED]>
Subject: Re: kppp and slow connects
Date: Sun, 27 Dec 1998 22:26:02 GMT
==============77E7DD2249573C9C1630F097
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Under the settings for kPPP there is a modem section, check the max speed, if that
does not work then where you can add optioins to the ppd add the option to tell
the pppd to connect at 57600 (I forget the syntax, a man pppd will provide this
insight)
[EMAIL PROTECTED] wrote:
> In reference to the below posts, I have the same problem but have a temporary
> work-around. I use ppp-2.3.5 on a Slackware system and put ppp-on and
> ppp-off on the desktop where I like them and go from there. It would be
> nice to use the native files though. I changed the modem string to the
> one I use with 2.3.5, that gives consistent 49333 connections with
> a generic USR No.5687 Plug and Pray modem. Thank heavens for isapnp!
>
> If anyone can figure it out I'd be much obliged.
>
> Best regards,
> Kurt Savegnago
> use this address if replying [EMAIL PROTECTED]
>
> In article <[EMAIL PROTECTED]>,
> "Ian Payne" <[EMAIL PROTECTED]> wrote:
> >
> > Greig McGill wrote in message <75bkhj$tf0$[EMAIL PROTECTED]>...
> > >Hi.
> > >
> > >I've just configured RH5.2 with KDE and all is rocking along
> > >nicely...except...
> > >I can't get kppp to connect to my ISP at anything above 9600.
> > >If I use the ifup ppp0 method of starting pppd it works fine...but I'd like
> > >the nice kppp front end for myself and my users.
> > >
> >
> > That makes two of us.
> >
> > On my RH5.1 system using netcfg or wmppp (under Window Maker) I can connect
> > at 40-44k consistently.
> >
> > I installed KDE and setup kppp, but it only connects at 9600. If I watch the
> > log file it show CARRIER 44000 but only CONNECT 9600.
> >
> >
>
> -----------== Posted via Deja News, The Discussion Network ==----------
> http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
==============77E7DD2249573C9C1630F097
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<CENTER>Under the settings for kPPP there is a modem section, check the
max speed, if that does not work then where you can add optioins to the
ppd add the option to tell the pppd to connect at 57600 (I forget
the syntax, a man pppd will provide this insight)</CENTER>
<P><BR>
<P>[EMAIL PROTECTED] wrote:
<BLOCKQUOTE TYPE=CITE>In reference to the below posts, I have the same
problem but have a temporary
<BR>work-around. I use ppp-2.3.5 on a Slackware system and put ppp-on
and
<BR>ppp-off on the desktop where I like them and go from there. It
would be
<BR>nice to use the native files though. I changed the modem string
to the
<BR>one I use with 2.3.5, that gives consistent 49333 connections with
<BR>a generic USR No.5687 Plug and Pray modem. Thank heavens for
isapnp!
<P>If anyone can figure it out I'd be much obliged.
<P>
Best regards,
<BR>
Kurt Savegnago
<BR>use this address if replying [EMAIL PROTECTED]
<P>In article <[EMAIL PROTECTED]>,
<BR> "Ian Payne" <[EMAIL PROTECTED]> wrote:
<BR>>
<BR>> Greig McGill wrote in message <75bkhj$tf0$[EMAIL PROTECTED]>...
<BR>> >Hi.
<BR>> >
<BR>> >I've just configured RH5.2 with KDE and all is rocking along
<BR>> >nicely...except...
<BR>> >I can't get kppp to connect to my ISP at anything above 9600.
<BR>> >If I use the ifup ppp0 method of starting pppd it works fine...but
I'd like
<BR>> >the nice kppp front end for myself and my users.
<BR>> >
<BR>>
<BR>> That makes two of us.
<BR>>
<BR>> On my RH5.1 system using netcfg or wmppp (under Window Maker) I can
connect
<BR>> at 40-44k consistently.
<BR>>
<BR>> I installed KDE and setup kppp, but it only connects at 9600. If
I watch the
<BR>> log file it show CARRIER 44000 but only CONNECT 9600.
<BR>>
<BR>>
<P>-----------== Posted via Deja News, The Discussion Network ==----------
<BR><A
HREF="http://www.dejanews.com/">http://www.dejanews.com/</A>
Search, Read, Discuss, or Start Your Own</BLOCKQUOTE>
</HTML>
==============77E7DD2249573C9C1630F097==
------------------------------
From: [EMAIL PROTECTED] (Ashok Aiyar)
Crossposted-To: comp.dcom.modems
Subject: Linux PPP to Annex v/s Cisco terminal server
Date: 28 Dec 1998 02:10:02 GMT
Reply-To: [EMAIL PROTECTED]
My ISP has two terminal servers -- one Annex and the other - Cisco.
I have a k56flex modem and make k56flex connections when I dial into
either server. In both cases I use the same ppp-options file, and do
not specify either an MTU or an MRU. The MTU in both cases is
negotiated to be 1500 bytes. This works fine when I dial into the
Cisco terminal server.
When I dial into the Annex, and the MTU is set to be 1500 I get lots
of RX-ERR when I look at the ppp0 interface. If I manually set the
MTU to be smaller, specifically to be 1006 bytes, I don't get any
errors with the Annex server.
Why is this? I imagine there is something different about the
configuration of the Annex versus the Cisco terminal servers. What
is it? Is it something that I configure during the ppp negotiation?
Curious,
Ashok
--
Ashok Aiyar, Ph.D.
McArdle Laboratory for Cancer Research
http://aiyar.home.ml.org
------------------------------
From: tat ming sze <[EMAIL PROTECTED]>
Subject: Re: NetGear config problem
Date: Sun, 27 Dec 1998 21:10:45 -0500
GenaBlu wrote:
> Hello!
>
> I just installed Linux RedHat 5.1 in a new server (AMD K6/350 MHz/8.2 GB HD/64
> MB RAM). The configuration went very smoothly until I rebooted. I have an
> Ethernet NetGear adapter. I chose the 'tulip' chip set for compatibility, same
> as my other Linux boxes. The IP configuration parameters are accurate. Every
> time I boot, and every few seconds afterward I get the message:
>
> eth0: transmit timed out, status 06061000, CSR12 00000035, resetting...
>
> I obviously can't ping this server nor connect from it to the rest of my net.
> Please help?
>
> Thanks!
>
> G.
I had same problem when I used RH 5.1 on my Pentium II machine. I just updated to
5.2, all the problems disappeared. I think the problem is related to the "tulip"
drive given by RH on the 5.1 version.
sze
------------------------------
From: Job eisses <[EMAIL PROTECTED]>
Subject: Re: win95/98 RAS use only PAP/CHAP? (vs login/password)
Date: Sun, 27 Dec 1998 22:43:14 +0100
carlitos wrote:
>
> Hello, hello.
>
> I've got a linux box that can establish PPP conections with others with
> a login/password request (usually it receives phonecalls, but you can
> remotely change the uugetty.ttyS to make it phone you) but I would like
> to connect to/from a win95/98 PC. Should I necesarily use PAP? Will I
> have many problems with RAS? Is there any other PPP client/server better
> for this out there?
>
> Thanks
With the "ms-chap 80" changes built into PPP i can dial into NT Ras.
All info is in the PPP source distrib. -job
------------------------------
From: Marc <[EMAIL PROTECTED]>
Subject: Re: Q:DNS and pppd ... how?
Date: Mon, 28 Dec 1998 02:11:20 GMT
Sven Ewald wrote:
> Hi out there,
>
> It seems that I do need to get my DNS IP(s) when dialing
> in, just like MS-DOS 95 does.
> According to the PPP HowTo, this is not possible:
the way 95 does? this is correct :) the way linux does is another story! :)
>
> >As previously mentioned, Linux cannot set its name server IP number in >the way
>that MS Windows 95 does. So you
> >must insist (politely) that your ISP provide you with this information!
> According to the ISP-Support there is a software that can do it, but
> they just support MS-customers
BULLPOOP! (I am refraining from using the actual wording as not to offend anyone :) )
all they need to do is
provide you with the ip addresses of the nameservers if they say they can't do that
then they are idiot
> I tried other DNS, but their ******* firewall did not like it.
> I doubt that a "firewall" was preventing you from accessing the DNS server,,it
>is more likely that if you
> were trying to use someone elses DNS servers that they are set to only allow certain
>ip's to access,,
but to save you the trouble I did an nslookup on gmx.de for you,,here are the
nameservers
gmx.de nameserver = dalx1.nacamar.de internet address = 194.162.141.17
gmx.de nameserver = ns.gmx.net internet address = 195.63.104.1
gmx.de nameserver = ns.nacamar.net internet address = 194.162.162.194
Hope this helps,,if gmx.de is not the ISP you are trying to connect to then email me
with the domain you are trying
to connect to and I can get you the nameserver numbers :)
Marc
remove the Z's when responding to get my email addderss! :)
>
> (Please respond via e-mail as well, thank you)
> Sven
>
> --
> __/__/ Sven Ewald
> _/__/ email: [EMAIL PROTECTED]
> /__/ phone: +49-(0)241-4877-0
> __/ smail: Krakaustrasse 2 52064 Aachen
------------------------------
From: Marc <[EMAIL PROTECTED]>
Subject: Re: PPP problem
Date: Sun, 27 Dec 1998 22:50:26 GMT
Is your ISP using NT for authentication????if so then you need to set it up for
a CHAP authentication.if not then try using a terminal program (such asd
minicom) to dial to the ISP and see if you are getting a login prompt, iff not
then your ISP is using chap. if you do get a prompt then login manually using
your username and password once your passwordis accepted then you should see
something like
"ppp session from x.x.x.x beggining" then a whole bunch of gibberish (if you see
this then the prob is most likely not the authentication) if it gives you wierd
promots like "username" instead of "login" etc,,then you will need to set up
some form of script to get authenticated. search the web for the PPP how to's
I believe they are at
ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/
if you are not getting on the syetem when the pppd is starting then is will
not "see" a ppp session and the pppd will crap out. (usually accompined by one
of several messages "The pppd deamon died unexpectedly" or "pppd timeout" or
something like that ) as to setting up your modem,,,you should not have to set
up much aside from makeing sure that the dialer (wheather you are using kppp
minicom etc..) is pointing to the correct device and that it is being intialized
with a proper command set. usually the default options will work. what I do is
set up a soft link between my modem which is /dev/cua1 (com2) and /dev/modem
which is easier to remember ;) aside from that just make sure that any flow
control is set for Xon/Xoff and all should be ok,,personally I find that Kppp
(KDEs prog) is very user friendly and works with just about anything
Let me know if this helps..
Marc
ps remove the Z's from my emil address to get the real address :)_
Andrew L. Kopec wrote:
> I have installed Caldera's OpenLinux 1.3. I tried to
> configure PPP using vi command as shown on the instructions from the manual
> and books, using KDE's PPP program, and X Window's X-ISP but nothing seem to
> work.
>
> According to both KDE and X-ISP, I was able to connect to my ISP server but
> dropped to dead after 30 seconds. I am not exactly sure what's wrong.
>
> I discovered that my modem was not set up so I had to run LISA to set it up
> but found that a few modems are listed.
>
> I sent the e-mail to my ISP administrator and he said that he's not familiar
> with LINUX. He said that several of his LINUX customers are connecting to
> his server without any problem. He gave me the procedure to make sure how
> to set up PPP properly. It's the same method I use to set it up in Windows
> 98/98 and NT. I don't have any problem with 95/98 and NT so far.
>
> I am going to give you the information about my modem and ISP's settings.
>
> My modem is USR Sportster 33.6 internal. (It's not in LISA so I tried both
> Hayes comptabile and not on the list)
>
> My ISP -- IPs are automatically assigned so it has to be dynamic IP.
> Only DNS entries are required (there's 2 entries) and I am
> postivie they are correct.
> Domain name and host name are required to be entered along
> with DNS entries.
>
> I am using XON/XOFF handshake instead of RTC/STC(?). I have tried both but
> no luck.
>
> I have set the speed to 38400 instead of 57600.
>
> Any suggestion? I can't wait to run PPP via LINUX.
>
> Later!
>
> --andrew
>
> PS: My e-mail address is [EMAIL PROTECTED] Thanks!
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.linux,alt.os.linux
Subject: Re: ppp daemon died unexpectedly
Date: Mon, 28 Dec 1998 02:28:02 GMT
In article <[EMAIL PROTECTED]>,
Marc <[EMAIL PROTECTED]> wrote:
> Usually this is caused by the fact that your ISP is using something like an NT
> server for remote authentication, NT and certain other boxes have no login
> prompt they use the challenge handshake authentication protocol (Trust
> microsoft to come up with something like this ;) ) if this is the case then
> you need to set up a connection to use CHAP (I'm not exactly sure how to do
> it,,I beleive that KPPP allows you to choose CHAP as a authentication method
> in the account setup) but that is what was causing that error for me.
> unfortunatly the way I solved it was to switch ISP's :)
>
> Hope this helps, I'd be glad to help ya any way I can,,,remove the Z's from my
> email address to get my real address !
>
> Marc
>
> Tom Hennen wrote:
>
> > Every time pppd runs I get the error ppp daemon died unexpectedly, it does
> > not matter if I use 'netcfg' or 'Kppp' or 'ezppp' I always get that error.
> > If anyone can help me I would appreciate it.
> >
> > (Please respond via e-mail as well, thank you)
> > --
> > Tom Hennen III
> > On TRACK www.on-track.org
> > [EMAIL PROTECTED]
> > [EMAIL PROTECTED]
>
>
I dial up to an isp I know uses NT, and I use XISP on Linux, it gives me no
problems... I am still waiting to hear why there seems to be a negative
opinion of XISP also, BTW..... -- XIXIXLEZIT: LIGHT OF TRUTH, SPLENDOR AND
GREATNESS HE WHO ANNEXED ALT.NUKE FRANCE AND THREW IT BACK AS IT WAS UNWORTHY
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux.setup
Subject: receiving email on linux
Date: Mon, 28 Dec 1998 01:19:49 GMT
Hi.
I'm setting up a little web site that I will have directly connected to the
Internet at all times.
As far as receiving emails is concerned, can anyone point me to FAQs or any
other info on how mail agents and such things as IMAP/POP tie together?
To give an example, if I decide to setup an IMAP server, does this server
need sendmail or some other agent to function with the only thing that is
does being the organisation of mail messages, folders and users (a bit like
procmail), or is it a self contained package that would be responsible for
accepting email connections from the outside as well as handling users and
their folders?
Additionally, as far as security is concerned, my small LAN will be hiding
behind a firewall. But since mail will have to come in somehow I presume that
a port has to be left open for it. Is port 25 the only port that I need to
leave open?
The only security whole I know related to this is people from the outside
telneting to my mail port and sending emails to others, or somehow sending a
local file like /etc/passwd to themselves (although I can't think what good
that would be with a firewall that denies telnet and ftp or anything other
than DNS queries, port 80 traffic and mail ???).
Can anyone briefly mention other nasty things to keep me up at night?
:)
Thanks in advance for any replies.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
Subject: firewall tool for linux?
From: Jan Stifter <[EMAIL PROTECTED]>
Date: 27 Dec 1998 01:22:46 GMT
Crossposted-To:
news.software.nntp,alt.gothic,soc.culture.jewish,uk.test,sybase.public.jconnect,comp.security.firewalls
"BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL BACKSTREET BULLDOGS
!!!
------------------------------
From: rks <[EMAIL PROTECTED]>
Crossposted-To:
comp.os.linux.misc,comp.os.linux.questions,comp.os.linux.setup,comp.os.linux.hardware
Subject: Re: Intel EtherExpress Pro/100B Problem
Date: Sun, 27 Dec 1998 14:55:56 +0100
Reply-To: [EMAIL PROTECTED]
Hello Doug,
I have also a cablemodem and a Intel EtherExpress Pro/100 and it works fine.
Did you connect this networkcard directly to the cablemodem? If you connect
by the hub it won't work because most ISP check for the MAC-address of your
NIC. At least my ISP. Did you configure your NIC to use 10Mb and not 100Mb?
Doug Goldstein wrote:
> I just recently got into Linux for my company. I got the task of setting
> up our web server on the network. Which we have the Intel EtherExpress
> Pro/100B cards and Intel InBusiness Hubs. I purchased a book including
> RedHat 5.1 and installed it along with the card. Rebuilt the kernel so
> it's a driver. Only problem is that during booting up the card is
> detected and passes all the tests. But our network is connected to the
> web via a cable modem so this server needs to connect to the DHCP server
> to get an IP address. But for some reason everytime it tries during boot
> up it fails. I was required to get a different DHCP client called
> rrDHCPcd, cause that's what works with the cable provider. Try as I do I
> can not get it to connect to the server. Nor when I type /sbin/ifconfig
> does the eth0 device show up. The eth0 does show when typing cat
> /proc/net/dev. If there is anyone that can help I'd really appreciate
> it. Or if there is any other info I need to provide just tell me.
> Thanks.
>
> Doug Goldstein
> [EMAIL PROTECTED]
------------------------------
From: Paul Triolo <[EMAIL PROTECTED]>
Subject: Re: How to enable networking support, especiallyTCP/IP???
Date: Sun, 27 Dec 1998 20:35:52 -0500
You have TCP/IP support. You must add the DNS name(s) of
your ISP to the nameserver list. Run netcfg (under X) then
add the DNS IPs under hosts....
------------------------------
Date: Sun, 27 Dec 1998 17:28:55 -0800
From: Barry Grussling <[EMAIL PROTECTED]>
Subject: Bare Bones Network Monitor
Hi,
Is their a good network monitor that I can install
on my linux box and have it create a log file of
all the url's visited by a particular user on
a masquerade system? Thanks in advance.
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ip_masq - Netmeeting module??
Date: Mon, 28 Dec 1998 01:23:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Why not though? I would be interested in a little explination... "Any type of
> video conferencing app..."
>
> Ryan J. McDonough wrote:
>
> > As far as I know, there isn't. Ant type of video conferencing app will
> > not work with IP Masquerading.
This is not quite true. Cu-Seeme (both WP and Cornell) work well with IP
Masquerading.
Netmeeting, and iVisit don't, though I've heard the folks at iVisit are
working on that.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Tyler Dinh <[EMAIL PROTECTED]>
Subject: Receive serial link is not 8-bit clean
Date: Sun, 27 Dec 1998 19:25:47 -0800
Hi,
I have tried to setup ppp connection to Earthlink, so far I got it to
connect, but after a few seconds, here is what I got
chat[] Receive serial link is not 8-bit clean:
chat[] Problem: all had bit 7 set to 0
How do I fix this problem??
Thank you
Tyler
------------------------------
Crossposted-To: comp.security.unix
From: Joe Shaw <[EMAIL PROTECTED]>
Subject: Re: what exactly is SYN flood?
Date: Sun, 27 Dec 1998 19:38:49 -0600
On Sun, 27 Dec 1998 [EMAIL PROTECTED] wrote:
> what exactly is 'SYN flood'?
> I saw a few messages about it on my Linux(es) (Red Hat 5.1 and 5.2)
TCP uses a three way handshake to establish connections between two
machines. Here's how it works:
1: The client sends a TCP packet with the SYN (synchronize sequence
numbers) flag set, a destination port the clinet wishes to connect to, and
the clients initial sequence number .
2: The server responds with a SYN containing the server's inital sequeqnce
number and acknowledges the clients SYN by ACK'ing the clients initial
sequence number plus one. This is referred to as SYN/ACK (both a SYN and
an ACK to the first SYN are sent in one segment).
3: The client acknowledges this SYN from the server by acking the server's
initial sequence number plus one. This is referred to as ACK.
Client Host
------ ----
-----[SYN]----->
<--[SYN/ACK]----
-----[ACK]----->
With this done, you now how a TCP connection opened.
What Synflooding does is sends hundreds/thousands of spoofed TCP SYN's to
a port on a victim host in hopes that it will be able to fill the
incoming connection queue so that the victim machine will stop answering
connections on that port. Since the packets are forged, the SYN/ACK phase
of the connection is met with nothing, so the half open TCP connections
are left in the queue to time out at whatever timeout the OS has set.
When you flood a port with enough SYN's it causes a Denial of Service.
> here is a sample:
>
> Dec 26 19:47:24 ndx kernel: Warning: possible SYN flood from 206.138.123.456
> on 206.138.123.456:19000. Sending cookies.
Since your kernel reported to syslog that it detected a possible SYN flood
attempt, you should already be protected by one of the two ways Linux is
capable of defending against SYN floods. They are SYN cookies and RST
cookies, both written by Erik Schenk (http://www.dna.lth.se/~erics/) and
appear in kernel versions 2.0.30 and later.
I also noticed you obscured the IP address by munging the last two octets.
Did you intentionally make the source and destination octets the same or
where they from different machines initially? Also, since it's on a high
port, it could have been several failed attempts to access and eggdrop bot
or user app that triggered the response. It should only be a problem if
you see tons of these in syslog followed by "Message repeated X times."
However, if these are mailicious, the source address is most likely
spoofed and the best you can do is feel safe that your kernel is already
capable of dealing with them.
> dangerous?
> what could I do to protect my makina from the bad guys?
Already protected. However, I suggest getting the latest kernel version
(2.0.36) and compiling it. Be sure to install SYN cookies in the network
section of the config.
> Thanks,
>
> Otis
--
Joseph Shaw - [EMAIL PROTECTED]
NetAdmin/Security - Insync Internet Services
Free UNIX advocate - "I hack, therefore I am."
------------------------------
From: Rick Orwig <[EMAIL PROTECTED]>
Subject: Re: Adding IP Tunnel Devices
Date: Sun, 27 Dec 1998 21:46:43 -0600
If anyone is remotely interested. I found what I was looking for. To
add more
tunnels you have to edit the Space.c file in /usr/src/linux/drivers/net.
Rick
Rick Orwig wrote:
> Does anyone know what it takes to add more devices to the tunneling?
> I'm currently limited to tunl0 and tunl1. I've looked at the file
> new_tunnel.c
> and others but have not been able to pin down where the limitation is
> coming in.
>
> Any insight would be greatly appreciated.
>
> Rick
>
> [EMAIL PROTECTED]
------------------------------
From: Paul Triolo <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: Re: Networking Linux and Windows
Date: Sun, 27 Dec 1998 20:41:11 -0500
Todd,
I just finally accomplished what you are trying to do. Its
not hard. You need to have your eth0 interface running on
the Linux box. Then add the DNS IP addresses of your ISP to
the nameserver list (run netcfg and add the IP addresses
under hosts, namerservers, also make sure that under
routing, IP forwarding is enabled). Set your default
gateway to the IP address of your Win95 machine. Make sure
you have assigned an IP address to your Win95 machine, under
Network, protocols, IP address....
Good luck....
------------------------------
From: Paul Triolo <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.help
Subject: Re: Connecting to the @Home network/General network configuration
Date: Sun, 27 Dec 1998 20:45:37 -0500
Have you entered the DNS IP addresses of your ISP into
netcfg?? Also, enable IP forwarding under routing......this
should do the trick....
------------------------------
From: "Grace" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: dialing up problem[redhat]
Date: Fri, 25 Dec 1998 10:34:33 +0800
�ڦbinstall redhat5.2 ��, in "Network Configuration",
there are three choices:
1. Keep the current IP configureation
2. Reconfigure network now
3. Don't set up networking
I choose 3, is it the main factor making me failed in using modem
to dialing up to school, Since I configure my modem
in Linuxconf, enter all phone no.,modem port,login name and
password in PPP configuration and push "test",
no dialing up sound heard. Please help.
------------------------------
Subject: Re: firewall tool for linux?
From: "NoneYa" <[EMAIL PROTECTED]>
Date: 27 Dec 1998 02:28:45 GMT
Crossposted-To:
news.software.nntp,alt.gothic,soc.culture.jewish,uk.test,sybase.public.jconnect,comp.security.firewalls
"BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL BACKSTREET BULLDOGS
!!!
------------------------------
Subject: Re: firewall tool for linux?
From: [EMAIL PROTECTED] (Paul B. Brown)
Date: 27 Dec 1998 02:28:09 GMT
Crossposted-To:
news.software.nntp,alt.gothic,soc.culture.jewish,uk.test,sybase.public.jconnect,comp.security.firewalls
"BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL BACKSTREET BULLDOGS
!!!
------------------------------
Subject: firewall tool for linux?
From: Jan Stifter <[EMAIL PROTECTED]>
Date: 27 Dec 1998 02:29:32 GMT
Crossposted-To:
news.software.nntp,alt.gothic,soc.culture.jewish,uk.test,sybase.public.jconnect,comp.security.firewalls
"BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL BACKSTREET BULLDOGS
!!!
------------------------------
Subject: Re: firewall tool for linux?
From: [EMAIL PROTECTED] (Paul B. Brown)
Date: 27 Dec 1998 02:29:14 GMT
Crossposted-To:
news.software.nntp,alt.gothic,soc.culture.jewish,uk.test,sybase.public.jconnect,comp.security.firewalls
"BICUSPID" BARRY BOUWSMA BORINGLY BITES BIG BAD BRITISH BISEXUAL BACKSTREET BULLDOGS
!!!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
