Linux-Networking Digest #742, Volume #10 Sun, 4 Apr 99 12:13:30 EDT
Contents:
Re: hackers ("David Z. Maze")
Re: [Help] PPP worked but now fails [modem q] (Matt)
Re: [Help] PPP worked but now fails [modem q] (Matt)
2nd DNS server ("Bob Bevins")
Re: Help: tunneling http through home firewall to internal server (Greg Weeks)
Re: Howto add a new network card? ([EMAIL PROTECTED])
Re: Modules question (Heath Harry)
Apache Security (ryanb)
Re: hackers (David M. Cook)
Re: What is the best Linux to install? (Peter Chant)
Re: Howto add a new network card? (Tomasz Sienicki | tsca)
Re: Howto add a new network card? (Tomasz Sienicki | tsca)
telnet and ftp host ("Chis Wilson")
----------------------------------------------------------------------------
From: "David Z. Maze" <[EMAIL PROTECTED]>
Crossposted-To: kingston.os.linux,comp.os.linux.misc
Subject: Re: hackers
Date: 04 Apr 1999 10:31:05 -0400
Not a network question at all, and I've never heard of the kingston.*
heirarchy. Followups set to comp.os.linux.misc.
4bbkt <[EMAIL PROTECTED]> writes:
4bbkt> I'm not much of a hacker but I do use Linux. I'm running
4bbkt> RedHat5.2 and I'm on a LAN connected though cablemodem by an
4bbkt> old 486 with Slackware96. I'm up late working and I notice
4bbkt> things are getting slow. I run top and I see that user:nobody
4bbkt> is running find with PRI 20!!! All of a sudden there's another
4bbkt> process running "make whatis". I killed that and some other
4bbkt> processes including an instance of gawk, I then literrally
4bbkt> pulled the plug on my cablemodem. I looked in /var/log but I
4bbkt> can't find anything. What, if anything,can I do to trace this
4bbkt> hacker?
You didn't find *anything* in, say, /var/log/messages? When things
like this happen on my system, I usually get messages from the cron
daemon. So to disable this massive security hole I...
*coughs*
Oh, sorry. To "trace this hacker", you should look at the source for
the cron package, and probably files in /etc/cron.*. It's a Feature.
What's really going on: there's a reasonably standard program called
'locate' which can find a file somewhere on the system. Once a day,
it needs to create a database of every file installed, so it can find
things quickly. (Compare 'locate file' with 'find / -name file';
which one is quicker?) There's also a reasonably standard program
called 'man', which has as a utility a program called 'whatis'.
('whatis whatis'?) This also has a database, which needs to be
updated once a day.
On my system, I've got cron jobs like this set to run at 5:25 each
morning, a time when I'm fairly unlikely to be awake. Yes, some of
these jobs (especially 'updatedb', which updates the locate database)
generate jobs with a lot of disk activity that run as 'nobody'. Don't
worry about it (or do, if you want, but look at what cron is doing in
this case); it's perfectly normal.
--
David Maze [EMAIL PROTECTED] http://donut.mit.edu/dmaze/
"Hey, Doug, do you mind if I push the Emergency Booth Self-Destruct Button?"
"Oh, sure, Dave, whatever...you _do_ know what that does, right?"
------------------------------
Date: Sun, 04 Apr 1999 15:08:25 +0100
From: Matt <[EMAIL PROTECTED]>
Subject: Re: [Help] PPP worked but now fails [modem q]
Crossposted-To:
comp.os.linux.setup,comp.os.linux.help,comp.os.linux.misc,comp.os.linux.hardware
Andy,
Fixed... I removed the AT&F modem string
and replaced it with ATZ and hey presto it worked fine.
I now have a voice/fax/data 56k v90 modem working under
linux (USR message external).
Many thanks
Matt
Andy Lyttle wrote:
>
> In article <[EMAIL PROTECTED]> , Matt <[EMAIL PROTECTED]> wrote:
>
> > Apr 3 08:15:27 compuserve chat[200]: ATDT08450801000^M^M
> > Apr 3 08:15:27 compuserve chat[200]: CONNECT -- got it
> > Apr 3 08:15:27 compuserve chat[200]: send (^M)
> > Apr 3 08:15:27 compuserve chat[200]: expect (Host Name:)
> > Apr 3 08:15:27 compuserve chat[200]: CSI -- got it
> > Apr 3 08:16:12 compuserve chat[200]: User Id
> > Apr 3 08:16:12 compuserve chat[200]: <user id> -- got it
> >
> > etc etc....
> >
> > Apr 3 08:15:27 compuserve chat[200]: ATDT08450801000^M^M
> > Apr 3 08:15:27 compuserve chat[200]: CONNECT -- got it
> > Apr 3 08:15:27 compuserve chat[200]: send (^M)
> > Apr 3 08:15:27 compuserve chat[200]: expect (Host Name:)
> > Apr 3 08:15:27 compuserve chat[200]: 49333/ARQ^M
> > Apr 3 08:16:12 compuserve chat[200]: ^\@`^N^\^\GG^\G^N^\@
> > Apr 3 08:16:12 compuserve pppd[197]: Connect script failed
> > Apr 3 08:16:12 compuserve pppd[197]: Exit.
> > Apr 3 08:16:12 compuserve chat[200]: alarm
> > Apr 3 08:16:12 compuserve chat[200]: Failed
> > Apr 3 08:17:04 compuserve kernel: PPP: ppp line discipline successfully
> > unregistered
>
> Same modem on both boxen? Same port speed? IRQ settings check out? Looks
> like line noise or something similar... Try swapping cables?
>
> - Andy Lyttle
> [EMAIL PROTECTED]
> http://www.bigfoot.com/~phroggy/
------------------------------
Date: Sun, 04 Apr 1999 15:07:06 +0100
From: Matt <[EMAIL PROTECTED]>
Subject: Re: [Help] PPP worked but now fails [modem q]
Lee,
Good point I removed the AT&F modem string
and replaced it with ATZ and hey presto it worked fine.
I now have a voice/fax/data 56k v90 modem working under
linux (USR message external).
Many thanks
Matt
Lee McKusick wrote:
>
> Matt, Check your modem manual for the specified initialization string,
> compare that string with what minicom does when you use minicom
> to dial up your ISP with the problem modem.
>
> My somewhat oddball Motorola Modem Surfer external modem did strange
> things
> until I removed the ATZ initialization string from my PPP script.
>
> I was able to start Minicom, type ATZ and see trouble.
>
> Without ATZ I was able to manually dial my Internet Service Provider and
> manually go through the connection dialogue and get confidence that the
> connection ought to work.
>
> Another dialup gotcha... the ISP seemed to be failing to catch the first
> character of my login and password text strings. Simple fix: Add five
> blank spaces ahead of my login name and five blank spaces ahead of my
> password in the PPP script.
>
> Matt wrote:
> >
> > Hi,
> >
> > I have PPP working ok on another box and it works fine
> > however I have come accross another problem on this box
> >
> > My modem is a 3com message 56k v90 external
> > Linux SUSE 5.3 (connection vi cua0 (com1).
> >
> >> Apr 3 08:15:27 compuserve chat[200]: ATDT08450801000^M^M
> > Apr 3 08:15:27 compuserve chat[200]: CONNECT -- got it
> > Apr 3 08:15:27 compuserve chat[200]: send (^M)
> > Apr 3 08:15:27 compuserve chat[200]: expect (Host Name:)
> > Apr 3 08:15:27 compuserve chat[200]: 49333/ARQ^M
> > Apr 3 08:16:12 compuserve chat[200]: ^\@`^N^\^\GG^\G^N^\@
> > Apr 3 08:16:12 compuserve pppd[197]: Connect script failed
> > Apr 3 08:16:12 compuserve pppd[197]: Exit.
> > Apr 3 08:16:12 compuserve chat[200]: alarm
> > Apr 3 08:16:12 compuserve chat[200]: Failed
> > Apr 3 08:17:04 compuserve kernel: PPP: ppp line discipline successfully
> > unregistered
>
> -----------== Posted via Newsfeeds.Com, Uncensored Usenet News ==----------
> http://www.newsfeeds.com/ The Largest Usenet Servers in the World!
> ---------== Over 72,000 Groups, Plus Dedicated Binaries Servers ==--------
------------------------------
From: "Bob Bevins" <[EMAIL PROTECTED]>
Subject: 2nd DNS server
Date: Sun, 04 Apr 1999 14:22:12 GMT
Hi all,
In my the company I work for we have a wan across Canada, with a web server
and dns server in toronto.
The DNS server is a redhat box. All the boxes across canada access the
internet via toronto and uses our dns server.
We also have a large wan in the US. Is there a way to use their dns server
in the US as a secondary one, like when our win98 machines request a domain
lookup via browser, that if our dns server doesn't find it the dns server
will check the dns server in the US via internet and return the info to the
win98 box?
Thanks in advance,
[EMAIL PROTECTED]
------------------------------
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Greg Weeks)
Subject: Re: Help: tunneling http through home firewall to internal server
Date: Sun, 4 Apr 1999 09:25:29 -0500
In article <[EMAIL PROTECTED]>,
"J. Mark Shacklette" <[EMAIL PROTECTED]> writes:
> Hi:
>
> I'd like to set up a linux firewall (ipfwadm) and have an http server
> running on a box hidden behind the firewall (no public ip address). I'd
> like to be able to set things up so that from the internet, I could
> connect to the firewall (which has a public ip) and have it "foward"
> http packets to the real http server, and have that server pass results
> back through the firewall to my netscape client on the internet. I've
> been told I want to use something like http tunneling, and that I can
> somehow direct a particular port on the firewall to direct http requests
> to the real internal http server.
>
> The only problem is that I have no earthly idea how to do this, or where
> to start. Any and all suggestions, pointers to howtos and docs, etc.
> would be most welcome and appreciated.
>
> I would also like to have ftp redirected as well. I guess another way
> to put it is I'd like to be able to run an ftpd and httpd from a server
> behind the firewall, but allow selected access to it from the internet.
http is easy.
=================================================
Question:
I want to run a web server inside my Linux IP Masquerade firewall that
can be accessed from the internet. How do I do this.
Standard Answer:
A pin hole allows incoming connection to go through a firewall to an
internal machine for a specific service. There are two ways that I know
of to open a pin hole in an IP Masq Linux firewall without proxying.
Both are mentioned at the IP Masq resource page at
http://ipmasq.cjb.net/ or http://www.tor.shaw.wave.ca/~ambrose/ They are
redir and ipportfw. I tried redir first, and while it works and has the
advantage that you can test it from inside the firewall it has the
disadvantage that the logs on the web server show all connections as
coming from the firewall. ipportfw is a kernel patch and a utility to
change the kernel tables. It's advantages are it's faster and the logs
show the correct source. It's biggest disadvantage is that it's only
testable from outside the firewall. ipportfw information is at
http://www.ox.compsoc.org.uk/~steve/portforwarding.html and redir is at
http://www.geocities.com/SiliconValley/Heights/2288/redir_0.7.orig.tar.gz
Any pin hole poses a security risk as it bypasses your firewall. Use
them with care.
==============================================
The FTP is more difficult. FTP needs two connections. I think the only
way to do it would be with some sort of incoming proxy. I know FTP
needs a proxy for outgoing connections also. The IP Masq in the kernel
comes with the outgoing proxy. If you get it to work I'd be interested
in hearing how. I also haven't spent much time looking at it for FTP.
Greg Weeks
--
http://durendal.tzo.com/greg/
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Howto add a new network card?
Date: Sun, 04 Apr 1999 14:24:44 GMT
In article <01be7e8b$90b9c440$0100a8c0@ntserver>,
"Klas Eliasson" <[EMAIL PROTECTED]> wrote:
> >> Klas Eliasson wrote
> >>[in <01be7ce7$769ad220$0100a8c0@ntserver>]:
>
> >> I have a linux (redhat52) box. And i want to connect it to my
> >> network. I just bought a networkcard (ISA NE2000).
> >>
> >> How do I istall it in linux?
> > >
> >> Do I have to reinstall RedHat?
> >>
> >> I must somehow add the card - but where?
>
> > read Ethernet-HOWTO.
>
> > You don't need to reinstall REDHAT, let it find the card at the
> > boot time, or give the card's irq and base as a parameter at lilo
> > promt (or in conf.modules). RedHat has no problems with ne2000.
>
> WHAT ARE THE PARAMETERS GOING TO LOOK LIKE IN LILO??
> //klas , sweden
>
> > --
> > tsca
> > Tomasz Sienicki <[EMAIL PROTECTED]>
>
>
But I can not find my EtherExpress Pro. Does RedHat not support it?
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: Heath Harry <[EMAIL PROTECTED]>
Subject: Re: Modules question
Date: Sun, 04 Apr 1999 14:37:41 +0000
Reply-To: [EMAIL PROTECTED]
razoon wrote:
> Whats the commandline to see what modules i have loaded?
> tnx
/sbin/lsmod
cheers,
Heath.
------------------------------
From: [EMAIL PROTECTED] (ryanb)
Subject: Apache Security
Date: Sat, 03 Apr 1999 21:01:35 GMT
I am trying to set up my first Apache web server. I have Linux Redhat v5.2 up
and running. I also have Apache installed and it serves. I need to install
some security and set it up though and I can't find much info on that. I was
thinking of setting up ssl on it. That is where you get the "https://" isn't
it? I also had a question on the ".htaccess" files. How do you set one of
those up? I have tried to play with them and deny access to certain IP's and
such, but I can't seem to get it to work. I must have the syntax wrong. One
more quick question I had was how do you set up the directorys for different
users? Here is what I want to do. Lets say my site is "www.redhat.com". I
want another address to be "www.redhat.com/~Some_User". If I make another
directory underneith my /home/httpd/html directory called Some_User, I can't
type in "www.redhat.com/~Some_User" and get the page. I have to actually type
in the name of the file too...index.html. I was under the impression that it
defaulted to index.html. It does for the main site. Any helpful hints would
be appreciated. I do have some knowlege of linux, but have never messed with
web servers. Thanks!
Ryan
------------------------------
From: [EMAIL PROTECTED] (David M. Cook)
Crossposted-To: kingston.os.linux,comp.os.linux.misc
Subject: Re: hackers
Date: Sun, 04 Apr 1999 15:05:42 GMT
On Sun, 04 Apr 1999 05:14:32 +0000, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>sudden there's another process running "make whatis". I
It's just a cronjob that runs weekly. Redhat should document these in their
manual if they don't already. I remember working with slackware at 7:45 in
the morning when the hard drive starting cranking away. I thought I'd been
hacked. That's when slack scheduled the locate database update.
Dave Cook
------------------------------
From: Peter Chant <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.misc,comp.os.linux.setup
Subject: Re: What is the best Linux to install?
Date: Sun, 04 Apr 1999 07:09:11 -0700
==============30CEEF59DC253DC7FBE11F2E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mike Graham wrote:
RedHat is a nice place to start. It has all of the easy touchy feely user
interfaces that make it so easy
to use, but with all distributions, its best to know what one is doing, prior
to going in. I have read Linux Unleashed;
Unix Unleashed; Linux System Administration Handbook, Discover Linux,
etc........................... :)
In my case, I had bought a Unix book, NO LESS, that packaged BSD, as well as
some obscure distribution
called TurboLinux ( mostly marketed in Japan) < www.turbolinux.com >. also <
www.pht.com >. I have also
installed and played with SCO Unixware v.7, which is exceptionally easy to use,
but didn't have the crazy flexibility
of a Linux port!
I've tried Caldera ( I hate KDE! ) , RedHat ( seems like MS Windoze - you ever
checked out their configuration
menu - looks like an Explorer to me!!!) and finally, gone back to TurboLinux.
IMHO, TurboLinux is the most configurable
( like 10 desktops, etc ) the most games, etc.....need I say more?
Distributions aside, its important to buy one, or download one, and play with
it. Read as much as you can about
Linux and then try various configurations until you're happy.
Oh, important: until you get one of your distro's to function properly, it may
be prudent to have a dual boot
configuration, until you finally are happy with your Linux distro.
Peter.
> On Thu, 01 Apr 1999 14:27:59 +0900, Yim,SeongSoo wrote:
> >I realy recommend to start with RedHat.
>
> I agree with that. It seems the most 'mainstream'. I was just on their
> website and it appears that several big players (IBM, COMPAQ, etc.) have
> pumped in some capital to get in on the action. That's a very telling sign.
>
> --
> Mike Graham, [EMAIL PROTECTED]
> Caledon, Ontario, Canada (just NW of Toronto).
>
> Raiser of animals. Weldor of metals. Driver of off-road vehicles.
> Writer of FAQs. Keeper of the faith, and all around okay guy.
>
> <http://www.beeline.ca/personal/mike>
--
///////////////////////////////////////////////////////////
// Peter Chant < [EMAIL PROTECTED]> < [EMAIL PROTECTED]> //
// .'but put your courage to the sticking place'........//
// Forced to use MS at work, qu'est que la choix?......//
==============30CEEF59DC253DC7FBE11F2E
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Mike Graham wrote:
<p>RedHat is a nice place to start. It has all of the easy touchy feely
user interfaces that make it so easy
<br>to use, but with all distributions, its best to know what one is doing,
prior to going in. I have read Linux Unleashed;
<br>Unix Unleashed; Linux System Administration Handbook, Discover
Linux, etc........................... :)
<p>In my case, I had bought a Unix book, NO LESS, that packaged BSD, as
well as some obscure distribution
<br>called TurboLinux ( mostly marketed in Japan) < www.turbolinux.com
>. also < www.pht.com >. I have also
<br>installed and played with SCO Unixware v.7, which is exceptionally
easy to use, but didn't have the crazy flexibility
<br>of a Linux port!
<p>I've tried Caldera ( I hate KDE! ) , RedHat ( seems like MS Windoze
- you ever checked out their configuration
<br>menu - looks like an Explorer to me!!!) and finally, gone back to TurboLinux.
IMHO, TurboLinux is the most configurable
<br>( like 10 desktops, etc ) the most games, etc.....need I say more?
<p>Distributions aside, its important to buy one, or download one, and
play with it. Read as much as you can about
<br>Linux and then try various configurations until you're happy.
<p>Oh, important: until you get one of your distro's to function properly,
it may be prudent to have a dual boot
<br>configuration, until you finally are happy with your Linux distro.
<p>Peter.
<blockquote TYPE=CITE>On Thu, 01 Apr 1999 14:27:59 +0900, Yim,SeongSoo
wrote:
<br>>I realy recommend to start with RedHat.
<p> I agree with that. It seems the most 'mainstream'.
I was just on their
<br>website and it appears that several big players (IBM, COMPAQ, etc.)
have
<br>pumped in some capital to get in on the action. That's a very
telling sign.
<p>--
<br>Mike Graham, [EMAIL PROTECTED]
<br>Caledon, Ontario, Canada (just NW of Toronto).
<p>Raiser of animals. Weldor of metals. Driver of off-road
vehicles.
<br>Writer of FAQs. Keeper of the faith, and all around okay guy.
<p><<a
href="http://www.beeline.ca/personal/mike">http://www.beeline.ca/personal/mike</a>></blockquote>
<pre>--
///////////////////////////////////////////////////////////
// Peter Chant < [EMAIL PROTECTED]> < [EMAIL PROTECTED]>
//
// .'but put your courage to the sticking place'........//
// Forced to use MS at work, qu'est que la choix?......//</pre>
</html>
==============30CEEF59DC253DC7FBE11F2E==
------------------------------
From: [EMAIL PROTECTED] (Tomasz Sienicki | tsca)
Subject: Re: Howto add a new network card?
Date: 4 Apr 1999 15:17:16 GMT
Klas Eliasson wrote
[in <01be7e8b$90b9c440$0100a8c0@ntserver>]:
> > boot time, or give the card's irq and base as a parameter at lilo
> > promt (or in conf.modules). RedHat has no problems with ne2000.
>
> WHAT ARE THE PARAMETERS GOING TO LOOK LIKE IN LILO??
add one line to lilo.conf:
append="ether=11,0x6200,eth0"
first parameter (11) means IRQ
second par (0x6200) means io
But in my case, it's a question of /etc/conf.modules,
which looks like that:
options eth0 io=0x6200 irq=11
alias eth0 ne
Hope that helps.
--
tsca
Tomasz Sienicki <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Tomasz Sienicki | tsca)
Subject: Re: Howto add a new network card?
Date: 4 Apr 1999 15:17:17 GMT
[EMAIL PROTECTED] wrote
[in <7e7sn7$kv2$[EMAIL PROTECTED]>]:
> But I can not find my EtherExpress Pro. Does RedHat not support it?
from Ethernet-HOWTO (read the whole document!):
"The EtherExpressPro10/100B now also has a driver in the current
v2.0 kenrel. For updates and/or support, see the relevant
section in this document."
--
tsca
Tomasz Sienicki <[EMAIL PROTECTED]>
------------------------------
From: "Chis Wilson" <[EMAIL PROTECTED]>
Subject: telnet and ftp host
Date: Sun, 4 Apr 1999 16:18:32 +0100
Hi,
I am reasonably new to linux and have just set up a linux box on a lan to be
an intranet server. I cannot, however, manage to set it up so that I can
remotely FTP or telnet into it. I was wondering if anyone could point me in
the right direction.
I can, however telnet and ftp, on that machine, into 127.0.0.1, loopback,
although the passwords do not work.
I am running redhat 5.1 on an intel p100ish machine.
Thanks,
Chris
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
