Linux-Networking Digest #91, Volume #10 Tue, 2 Feb 99 20:13:38 EST
Contents:
OS Discovery progarm (Dan Davis)
Re: Help with simple manual network configuration (luC)
Network Traffic Analysis Papers? (Greg Herlein)
URGENT HELP: TOken Ring Crossover (Jere Julian - Personal Account)
Re: Romote "root" login ([EMAIL PROTECTED])
Re: Net problem with an AMD PCnet PCI card (newbie question) ([EMAIL PROTECTED])
Wais and Linux ("Luis F. Lacayo")
Re: PPP hangs after lots of data (Spivey)
Netgear isdn modem ("Luis F. Lacayo")
Re: ftp scripts? (Jason Kennemer)
Re: Starting a firewall script. (Spivey)
Re: GTE flamed linux for BillG (Bob)
Re: changing file ownership (Chris Mattern)
Re: Help with simple manual network configuration (Robert Montgomery)
----------------------------------------------------------------------------
From: Dan Davis <[EMAIL PROTECTED]>
Subject: OS Discovery progarm
Date: Tue, 02 Feb 1999 09:02:43 -0500
I once found the source for a program that used ICMP packets to do os
discovery. Anybody know what I'm talking about? I'm trying to find it
again.
Any help is appreciated.
Dan
------------------------------
From: luC <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.install,comp.os.linux.setup,comp.os.linux.redhat
Subject: Re: Help with simple manual network configuration
Date: Tue, 02 Feb 1999 22:35:49 GMT
Robert Montgomery wrote:
> Primary name + domain: CS123456-A.cghh1.ab.wave.home.com
better try: 24.65.228.72.ab.wave.home.com
lucie
==========================================
remove dot + second name to reply directly
------------------------------
From: Greg Herlein <[EMAIL PROTECTED]>
Crossposted-To: comp.dcom.net-management,comp.protocols.tcp-ip,comp.dcom.telecom.tech
Subject: Network Traffic Analysis Papers?
Date: 2 Feb 1999 14:05:35 GMT
Reply-To: [EMAIL PROTECTED]
I'm looking for already-done studies of network traffic. I'm very
interested in the traffic tht typically flows through a router
from a smallish network out onto the Internet. I'm curious about
peak and average load, patterns of use, types of services, etc... in other
other words, I'm interested in more detail than what mrtg provides when
data is collected from a router via snmp.
It occurs to me that there has probably been papers done about this kind
of thing - USENIX presentations, articles, etc. However, a web and
deja news search turned up nothing of value.
If anyone has a pointer to a good article or online data source,
I'd appreciate hearing about it.
Thanks in advance. :)
Greg
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Greg Herlein [EMAIL PROTECTED]
Herlein Engineering www.herlein.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
------------------------------
From: [EMAIL PROTECTED] (Jere Julian - Personal Account)
Subject: URGENT HELP: TOken Ring Crossover
Date: 2 Feb 1999 14:04:22 GMT
Please help! I urgently need a Token Ring Crossover cable pinout. I have 2
machines (router & host) which need to bypass the rest of the LAN. Please email
me at mailto:[EMAIL PROTECTED] asap.
I appologise for the paniced sound of this but I'm at wits end! Anyone with good
tokenring troubleshooting experience, try this one. We came in Monday morning
and the entire TR LAN was down _except_ for about 6 randomly placed nodes.
there should have been more like 40-50 nodes.
Please help
Thanks,
-Jere Julian
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.os.linux,comp.os.linux.admin,comp.os.linux.help,nl.comp.os.linux
Subject: Re: Romote "root" login
Date: 2 Feb 1999 13:33:44 -0000
Reply-To: [EMAIL PROTECTED]
In nl.comp.os.linux fred smith <[EMAIL PROTECTED]> wrote:
> Because if you can't get in directly as root, then you have to compromise
> TWO accounts before you can seriously hack the system instead of just
> one account. I'm no mathematician, but I'd venture a guess that that
> makes it FOUR times as hard to subvert.
it's less than four times, as the username root is already known. if you
don't have finger running, people will have to guess 1 username, two
passwords.
--
Grobbebol's Home | Don't give in to spammers. -o)
http://www.xs4all.nl/~bengel | Use your real e-mail address /\
Linux 2.0.36 on an i586/64 MB | on Usenet. _\_v
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: linux.debian.user,linux.debian.setup,comp.os.linux.setup
Subject: Re: Net problem with an AMD PCnet PCI card (newbie question)
Date: Tue, 02 Feb 1999 15:08:03 GMT
In article <[EMAIL PROTECTED]>,
Omegaman <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (\-ance) writes:
>
> > I'm trying to install Debian 2.0 on a HP-Pentium with an AMD PCnet PCI
> > Ethernet Card but
> > the installer does not recognize the card :-(
> >
> > I read the Ethernet Howto then I tryed to use lance.c driver but the
> > installation failed again (device busy....)
> >
> > Is it an interrupt problem or what?
> > (The card is set with IRQ 11 FCE00-FCFF)
>
> To find out what IRQ's are in use 'cat /proc/interrupts'. Similary
> 'cat /proc/ioports' to determine I/O locations in use. If your cards
> current settings are in use, you can use the information to pick new
> unused ones. This may indeed be your problem and all else may fall
> into place once you check it out.
>
> Here's some additional info on what I did; You might find it useful as
> a short summation.
>
> You may also need to edit a couple of other files. One is
> /etc/modutils/aliases to insert the driver. Examine the file with the
> Ethernet HOWTO nearby and it will be clear what to do. Here's the
> relevant lines from mine:
> #alias for your ethernet card(s)
> alias eth0 3c59x options=3
> alias eth1 tulip
> I have two cards so I load the drivers for both and alias them to eth0
> and eth1 respectively. As you can see, you can add options if
> needed. Reference the Ethernet-Howto as well as documentation for your
> card's driver in the kernel source under Documentation/net/ .
>
> You will also probably need to edit /etc/modules to have your driver
> loaded at startup. make a copy of the original 'cp /etc/modules
> /etc/modules.orig' before editing. Here's my edited /etc/modules:
> # /etc/modules: kernel modules to load at boot time.
> #
> # This file should contain the names of kernel modules that are
> # to be loaded at boot time, one per line. Comments begin with
> # a `#', and everything on the line after them are ignored.
> # An entry named `auto' will cause the system to start kerneld immediately.
> # Kerneld then loads modules on demand. `noauto' disables kerneld completely.
>
> lp
> serial
> ppp
>
> # added by omega 1/5/1999
> 3c59x
> tulip
>
> Last, but not least, you need to set up the interface (ifconfig) and
> the routing. The NET3-HOWTO is the source of info on this. Make a
> backup of your original /etc/init.d/network as we did above for
> /etc/modules and then edit appropriately. Here's mine as a sample:
> #!/bin/sh
> #establish the networks and routing
> ifconfig lo 127.0.0.1
> route add -net 127.0.0.0
>
> #added 1/9/1999
> #for 3c590 internal lan hookup
> ifconfig eth0 192.168.1.3 netmask 255.255.255.0 up
> route add -net 192.168.1.0 netmask 255.255.255.0 eth0
>
> #added 1/9/99
> #for SMC EtherPower PCI (eventual cable modem connection)
> #to be changed at a later date
> ifconfig eth1 192.168.2.1 netmask 255.255.255.0.up
> route add -net 192.168.2.0 netmask 255.255.255.0 eth1
> #eventually all routes through cable rather than diald slip setup
> #route add default gw 192.168.2.1 eth1
>
> --
> -------------(( http://home.gs.verio.net/~omegam ))------------------
> Omegaman<[EMAIL PROTECTED]> | "When they kick out your front door,
> PGP Key fingerprint = | How are you gonna come?
> 6D 31 C3 00 77 8C D1 C2 | With your hands upon your head,
> 59 0A 01 E3 AF 81 94 63 | Or on the trigger of your gun?"
> Send email with "get key" as the| -- The Clash, "Guns of Brixton"
> "Subject:" to get my public key | _London_Calling_ , 1979
> ----------------------------------------------------------------------
>
I have tried adding the /etc/modules file, also tried rebuilding the kernel
with tulip and de4x5 linked (not as loadable modules). On boot, I get the
following message:
/dev/tulip.o: init_module: Device or resource busy
My /etc/conf.modules file:
alias eth0 tulip
options tulip io=0x200 irq=10
Also, if I run tulip_diag with the -p 0x200 flag, it reports a tulip chip at
that address.
I can't get this config to start. Any ideas?
TIA,
Greg
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Luis F. Lacayo" <[EMAIL PROTECTED]>
Subject: Wais and Linux
Date: Tue, 2 Feb 1999 08:18:30 -0600
Hello,
Does anyone know if there is a wais search engine that runs under Linux?
If so where can I find it.
--
Best Regards,
Luis
================
Luis F. Lacayo (312.397.1590)
Ex Libris USA 1653 N. Wells Street
Chicago, IL 60614-6001
http://www.exlibris-usa.com
------------------------------
From: [EMAIL PROTECTED] (Spivey)
Crossposted-To: comp.protocols.ppp
Subject: Re: PPP hangs after lots of data
Date: Tue, 02 Feb 1999 14:22:08 GMT
hOn Sun, 31 Jan 1999 11:14:55 GMT, [EMAIL PROTECTED] (Chris
Croughton) wrote:
>Hi!
>
>I have a problem which I think is something to do with pppd. I can dial
>out fine, I connect to my ISP fine, names resolve OK, and I can start
>doing stuff. Looking at the web, using FTP, ping, telnet, everything
>works.
>
>However, after a while (and particularly when I'm sending a lot of data,
>rather than receiving it) the connection seems to hang. Not hang UP, the
>phone line is still in use and the modems are still talking to each other,
>but nothing gets sent.
>
>It seems to be related to packet size as well, and posibly protocol. The
>first thing to stop are TCP connections (FTP especially), and ping will
>keep on running and getting replies. Then ping stops getting replies
>after a while as well.
>
<snip>
I found this at
http://metalab.unc.edu/pub/Linux/docs/faqs/PPP-FAQ/PPP-FAQ ;
10.4. The ftp transfers seems to be very slow when I do a �get� oper�
ation. The �put� operation is much faster. Why?
Did you specify the option: asyncmap 0 when you ran pppd?
If you forgot the option, the peer must quote (double) all of the
control characters in the range from 00 to 1F (hex). This will result
in a statistical loss of about 12.5% in speed for all of the data
which you receive.
If this is the problem does it create drops in /sbin/ifconfig?
Where/How do I specify _asyncmap 0_ ? I start my connection with
/sbin/ifup ppp0 &.
Thanks,
spivey,
bold @ city-net * c o m
------------------------------
From: "Luis F. Lacayo" <[EMAIL PROTECTED]>
Subject: Netgear isdn modem
Date: Tue, 2 Feb 1999 08:29:10 -0600
Is anyone using the netgear ISDN 128 PPP modem to connect to an internet
service provider at 128K.
Can you send me some details on how you got that to work.
Thanks
--
Best Regards,
Luis
================
Luis F. Lacayo (312.397.1590)
Ex Libris USA 1653 N. Wells Street
Chicago, IL 60614-6001
http://www.exlibris-usa.com
------------------------------
From: Jason Kennemer <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ftp scripts?
Date: Tue, 02 Feb 1999 23:30:39 GMT
Michael Benedict wrote:
> I couldn't find info on this on howto.linuxberg.org or in the man pages,
> so I am wondering if anyone knows how to do ftp scripts (or if they can
> be done). Basically, I am trying to create a shell program that will be
> run daily and update my ip (I am on a dhcp cable modem network) to a
> page on my website. Grabbing the info to do so is easy, but entering
> the ftp program automatically stops the script from completing. I am a
> newbie, but did pretty much the same thing on WinNT fairly easily (by
> calling ftp with an arguement to include a seperate script that ftp
> would run). The current ftp clients installed on my machine are ftp,
> ncftp, and tftp. Any help would be greatly appreciated.
>
> Michael Benedict
> [EMAIL PROTECTED]
another thing you could try, is to do an snmpwalk on the device, and e-mail
the ipaddress variable to yourself at work - it only took a two line script
and an entry in /etc/crontab.Of course, I'm using a Cisco 1604 ISDN router,
and I'm sure you would have to obtain the cable modem MIBS from the vendor.
It's sound complicated, but it's not very difficult, and provides a
challenge.
------------------------------
From: [EMAIL PROTECTED] (Spivey)
Subject: Re: Starting a firewall script.
Date: Wed, 03 Feb 1999 00:43:24 GMT
On Tue, 02 Feb 1999 17:26:57 +0100, Raymond Doetjes
<[EMAIL PROTECTED]> wrote:
>spivey wrote:
>
>> Hello,
>>
>> To Configure my firewall I added to /etc/rc.d/rc.local ;
>> /sbin/depmod -a
>> /sbin/modprobe ip_masq_ftp
>> /sbin/modprobe ip_masq_raudio
>> /sbin/modprobe ip_masq_irc
>> ipfwadm -F -p deny
>> ipfwadm -F -a m -S 10.1.1.0/8 -D 0.0.0.0/0
>>
>> *Should this give me enough security? What about all these
>> cool long scripts that I see?
>> *Is this the proper way to start the fire wall or should I
>> take the above commands and create rc.firewall?
>>
>> Site http://rlz.ne.mediaone.net/linux/firewall/ details
>> installation of rc.firewall. It gives three senerios on how to start
>> the script.
>>
>> *Could someone tell my the differences?
>>
>> DHCP Users
>>
>> Edit /etc/sysconfig/network-scripts/ifdhcpc-done and add the
>> following line to the end
>> of the file:
>>
>>
>> Static IP Users
>>
>> Edit /etc/rc.d/rc.local and add the following line to the end of the
>> file:
>>
>> sh /etc/rc.d/rc.firewall
>>
>> or alternately,
>>
>> Create a new executable script file in /etc/rc.d/init.d and add the
>> following lines:
>>
>> #!/bin/sh
>> sh /etc/rc.d/rc.firewall
>>
>> Create symbolic links to the script in /etc/rc.d/rc3.d and
>> /etc/rc.d/rc5.d. Number the
>> links to execute between inet and named.
>>
>> thanks,
>
>Most certainly.
Sorry but I have to ask. Most certainly What?
>Masquerading is the best form of keeping people of your network behind the
>firewall. FOr the outside world there is no network behind your firewall.
>So the only thing that might be tried to be hacked is your firewall. (Well
>who cares about that).
I thought that masquerading enabled my LAN to talk to the
Internet. To quote the Mini-Howto;
_3. Setting Up IP Masquerade
If your private network contains any vital information,
think carefully before using IP Masquerade. This may be a
GATEWAY for you to get to the Internet, and vice versa for
someone on the other side of the world to get into your net�
work.
I'm asking about ipfwadm. Specifically if the two lines that
I'm useing are enough. When do you need a longer script that blocks
everything and then cuts holes for Usenet, Mail and such.
>
>Raymond
>
So I guess that I'll be in everyones killfile now,
spivey
bold @ city-net @ c om
------------------------------
From: Bob <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.hardware
Subject: Re: GTE flamed linux for BillG
Date: Tue, 02 Feb 1999 10:44:12 -0500
[EMAIL PROTECTED] wrote:
> Jim Harper <[EMAIL PROTECTED]> wrote:
>
> : I think the bigger problem is that places like GTE, and the like, do not
> : want educated users on their systems. People who can install and run
> : Linux are obviously educated and therefore persuaded to go somewhere
> : else for service.
>
> GTE is a half-baked ISP. They are simply a reseller of other internet
> services they bought from other companies. Maybe things have changed
> in the past 9 months when I unsubscribed, but I doubt it.
>
> GTE sells access tokens to UUnet dialins for its customers. Since
> UUnet's dialins have been such a source of spam,
UUnet dialin dynamic IP's wouldn't even return my email or call. UUnet
business-oriented accounts said $300-$400 a month, a different
world. I could get the same for $85 from Crosslink.
Now you tell us why the GTE phone rep said I could keep my
analog ISP for email. It was an an inside joke, and you explain
it---
> most ISPs have
> blacklisted them in the sendmail configuration. If you try to send
> email from your linux box, most if it will bounce back. You have to
> configure your sendmail to forward everything to GTE's mailservers
> which is really ugly unreliable mess of Windows NT machines run by a
> 3rd party that GTE paid to handle their mail service for them.
>
> It gets even worse. All mail you send *MUST* have [EMAIL PROTECTED] in
> the From: address. Your [EMAIL PROTECTED] won't work at all. You
> have to resort to using the clumsy Reply-To: header instead. If you
> don't want people to have your GTE email address you have to use a
> bogus GTE address to get past their email filter which is probably a
> violation of the TOS.
>
> If you want to receive email you will have to wait 30 seconds where
> hopefully one of the WinNT machines will honor your request to
> connect. Then wait another 20 seconds for each email message to crawl
> to your inbox because the mailserver is 12+ hops away in from your
> dialin. It's useless for listserves. Even the GTE employees don't
> trust their own mail service. They use a seperate linux box.
>
> Want usenet? This is the about only service other than the billing
> department they actually own. GTE will throttle back drastically if
> you download more than 20 articles in succession. Apparently they
> want you to read all your news articles online instead of offline,
> assuming they haven't been automatically deleted by their spam
> filters. There are also many assorted posting filters as well. I was
> better off purchasing usenet access from a dedicated usenet provider
Better off? You mean analog dialup for news?
> GTE internet is good for pulling stuff from the web, since it comes
> straight off of the UUnet backbone and not from GTE's internal
> network. The UUnet's dialins always worked great, too bad they give
> you a UUnet IP where you are blacklisted by everyone.
Dollar Store IP.
> Now that there
> is a 100 hour limit, even those who spend all their time surfing the
> web get socked by their lousy policies.
>
> [EMAIL PROTECTED]
100 hour limit? I may as well get Hughes ):{
-Bob
------------------------------
From: Chris Mattern <[EMAIL PROTECTED]>
Subject: Re: changing file ownership
Crossposted-To: comp.security.unix
Date: Tue, 02 Feb 1999 15:42:37 GMT
In comp.security.unix lipsin <[EMAIL PROTECTED]> wrote:
> hi,
> i have a linux box. in it i have users with username containing
> dot, ie foo.john or foo.doe . the root will backup their files every
> now and then. so that, if they accidentally deleted something, the
> admin will be able to retrive it from the back. my problem is that the
> backup file is own by root. and when i move them back to the original
> users directory, i can't chanown back to the orriginal users. and this
> problem only effect users who has dot in their username. the error i
> get is
> # chown foo.john filename
> chown: foo.john: invalid user
> thanks for the help.
As has been pointed out by others, chown is doing this because it has
a "user.group" mode. The answer is to look up the uid of the user in
question and use that. The *best* answer is to find a way to have
usernames without periods in them.
Chris Mattern
------------------------------
From: Robert Montgomery <[EMAIL PROTECTED]>
Crossposted-To: linux.redhat.install,comp.os.linux.setup,comp.os.linux.redhat
Subject: Re: Help with simple manual network configuration
Date: Wed, 03 Feb 1999 00:53:47 GMT
Well, I tried that and I get identical results... Anything else look
wrong?
Thanks.
Rob
luC wrote:
> Robert Montgomery wrote:
>
> > Primary name + domain: CS123456-A.cghh1.ab.wave.home.com
>
> better try: 24.65.228.72.ab.wave.home.com
>
> lucie
>
> ------------------------------------------
> remove dot + second name to reply directly
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
