Linux-Networking Digest #851, Volume #10 Wed, 14 Apr 99 06:13:37 EDT
Contents:
Re: Who understands /etc/pam.d ???? (Ian Westcott)
Re: PPP problems dialing up (Silviu Minut)
SMC1211 Driver -- unresolved dependency! (Jeffrey Rice)
Is this Port Scanning? (Nick B.)
Re: TCP Stalls After ~100k ("Russell S. DiPesa")
Re: Can I do this from a laptop? ("Belgarion")
Re: Writing my first script, Help (Johannes Kremsner)
IP chain rule syntax Question/Problem ([EMAIL PROTECTED])
Re: how to get mrtg working ("Curt")
Re: Static NAT with Linux (Michael Hasenstein)
Mailing list <-> newsgroups ? (Marcin Kasperski)
Kortex (Pol Dupont)
Re: Importance of securing systems ("Gary Cameron")
Re: Dial on demand: undesired connections ("Belgarion")
Re: loadlin for linux? (Julian King)
Setting up for multiple ISPs ("Philip Nelson")
root shutdown using telnet ? ("RJHM van den Bergh")
Unix ONLY (i.e., Anti-MicroSoft) ISP that offers xDSL (Randy Sandberg)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Ian Westcott)
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup
Subject: Re: Who understands /etc/pam.d ????
Date: 14 Apr 1999 02:35:34 GMT
Jon Slater ([EMAIL PROTECTED]) wrote:
: I am trying to remotely run a shell on my Linux box.
:
: I can rlogin, ftp, telnet, ping, but I can't "rsh hostname command".
:
: The /var/log/message file tells me:
:
: Apr 12 13:34 hostname PAM_PWDB[1391]: 1 authentication failure
:
: Does anyone understand the PAM authentication stuff enough to explain to
: me why I can't rexec to my Linux box?
:
: I'm running RedHat 5.2 (2.0.36) on a Pentium II/333Mz/32Meg machine.
:
: Any help would be GREATLY appreciated!
:
: Thanks in advance!
Are the usernames you're using the same on both machines?
I'll explain the fields in /etc/pam.d/rsh:
auth required /lib/security/pam_rhosts_auth.so
# This line requires that a valid .rhosts file be set up on the server. See
# rcmd(3) for a better explanation. The format for a .rhosts file is:
# hostname.domainname username
auth required /lib/security/pam_nologin.so
# This denies access if the /etc/nologin file exists.
account required /lib/security/pam_pwdb.so
# This validates the password that was sent.
session required /lib/security/pam_pwdb.so
# This writes a record of the login in various log files.
I strongly suggest you not use rsh at all, but install ssh instead.
--
Ian Westcott Rakarra@IRC
ez042914 --or-- itlm013 @peseta.ucdavis.edu [EMAIL PROTECTED]
--------------------------------------------------------------------
"Demon's blood and dragon fire, falling on my wings.
Racing to the battle in the sky and ancient gods are
calling me I hear them when they sing,
of all the heroes who wait for me to die."
------------------------------
From: Silviu Minut <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,comp.os.linux.setup,comp.protocols.ppp
Subject: Re: PPP problems dialing up
Date: Wed, 14 Apr 1999 02:51:39 -0400
Eric Marquez wrote:
> Going by the PPP-HOWTO file I was able to test pppd with minicom but
> after configuring the ppp-on, ppp-on-dialer, ppp-off.
> When I issue the command
> pppd debug file options.myserver /dev/ttyS1 115200\
> >ppp-on &
> pppd: unrecognized optoin 'ppp-on'
> ------------------------------------------------------------------------
Something's wrong in what you're saying, but nevermind. If you got your modem
to work properly, then configure ppp using netcfg.
>control-panel then click on network configuration.
This is will automatically create the ppp scripts you need.
Exactly how to do this is described in the RH manual. It is on the RH CD,
look for a directory called rhmanual.
This is the best reference, because it is specific for RH.
------------------------------
From: Jeffrey Rice
Subject: SMC1211 Driver -- unresolved dependency!
Date: Tue, 13 Apr 1999 20:54:43 -0400
Hi,
I have an SMC1211 PCI Ethernet card... maybe that's problem number
1.
I believe that the RealTek 8129/39 drivers can be used instead, or
so the source I got says. So I'm trying to get rtl8139.c to compile
properly, but it's a pain. The command I'm using (from the file) is
gcc -DMODULE -D__KERNEL__ -Wall -Wstrict-prototypes -O6 -c rtl8139.c '[
-f /usr/src/linux/include/linux/modversions.h ] && echo -DMODVERSIONS
However, I get a message saying modversions isn't found. I don't
understand that, because I can it is there. Without it, I get an
unresolved dependency when I boot up.
Anyone out there have this card working who can please give me some
help?? cc by email if you don't mind.
Jeff
------------------------------
From: Nick B. <[EMAIL PROTECTED]>
Subject: Is this Port Scanning?
Date: Tue, 13 Apr 1999 23:29:51 GMT
Hi guys,
I just wanted to ask those experienced in network security if the following
"edited" region, copied from my /var/log/messages file, is what it looks like
to be port scanned? I "edited" the copy to protect the innocent, so I've
made the following changes:
<my-machine> = substitution for the actual name of my firewalling Linux
machine <offending-IP> = substitution for the actual IP address
(www.xxx.yyy.zzz) of the external machine <my-IP> = substitution for the
actual IP address (www.xxx.yyy.zzz) of my machine
Below is the "edited" region of my /var/log/messages file:
====================================================================== Apr 11
03:50:48 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:4762
<my-IP>:110 L=44 S=0x00 I=6175 F=0x0000 T=45 Apr 11 03:50:51 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:4762 <my-IP>:110 L=44 S=0x00
I=6309 F=0x0000 T=46 Apr 11 03:50:53 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:6139 <my-IP>:79 L=44 S=0x00 I=6385 F=0x0000 T=46 Apr 11
03:50:56 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:6139
<my-IP>:79 L=44 S=0x00 I=6512 F=0x0000 T=46 Apr 11 03:50:57 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:7326 <my-IP>:23 L=44 S=0x00
I=6575 F=0x0000 T=46 Apr 11 03:51:01 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:7326 <my-IP>:23 L=44 S=0x00 I=6680 F=0x0000 T=46 Apr 11
03:51:02 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:9081
<my-IP>:143 L=44 S=0x00 I=6746 F=0x0000 T=46 Apr 11 03:51:06 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:9081 <my-IP>:143 L=44 S=0x00
I=6846 F=0x0000 T=46 Apr 11 03:51:07 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:10679 <my-IP>:53 L=44 S=0x00 I=6914 F=0x0000 T=46 Apr 11
03:51:11 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:10679
<my-IP>:53 L=44 S=0x00 I=7009 F=0x0000 T=46 Apr 11 03:51:13 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:12321 <my-IP>:635 L=44 S=0x00
I=7079 F=0x0000 T=46 Apr 11 03:51:16 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:12321 <my-IP>:635 L=44 S=0x00 I=7167 F=0x0000 T=46 Apr 11
03:51:18 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:12647
<my-IP>:143 L=44 S=0x00 I=7226 F=0x0000 T=46 Apr 11 03:51:21 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:12647 <my-IP>:143 L=44 S=0x00
I=7328 F=0x0000 T=46 Apr 11 03:51:28 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:14925 <my-IP>:110 L=44 S=0x00 I=7555 F=0x0000 T=46 Apr 11
03:51:31 <my-machine> kernel: IP fw-in deny eth0 TCP <offending-IP>:14925
<my-IP>:110 L=44 S=0x00 I=7656 F=0x0000 T=46 Apr 11 03:51:32 <my-machine>
kernel: IP fw-in deny eth0 TCP <offending-IP>:16413 <my-IP>:110 L=44 S=0x00
I=7719 F=0x0000 T=46 Apr 11 03:51:36 <my-machine> kernel: IP fw-in deny eth0
TCP <offending-IP>:16413 <my-IP>:110 L=44 S=0x00 I=7823 F=0x0000 T=46
======================================================================
It sort of looks like to me that someone at <offending-IP> was testing access
every few seconds from a number of different ports from <offending-IP> to
<my-IP> on a number of priviledged ports including 110 (POP), 79 (finger), 23
(telnet), 143 (IMAP), 53 (DNS), and 635 (RLZ DBase).
Is this a proper interpretation? If so, what should I do to better protect my
machine? What should I do to check if they actually succeeded in breaching my
firewall? (I mean, all I logged was their failures, not their successes.) Is
there anything else I should do, such as trying to contact the administrator
of the <offending-IP> machine?
Thanks,
Nick B.
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Russell S. DiPesa" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: TCP Stalls After ~100k
Date: 13 Apr 1999 21:30:24 GMT
What did you do about the cable modem problem? My boss is having the same
problem with his cable modem. He gets about half of the way through large
transfers (e-mail or ftp) and is kicked off. Is there a configurable
timeout in the modem or in the ftp or pop3 server?
------------------------------
From: "Belgarion" <[EMAIL PROTECTED]>
Subject: Re: Can I do this from a laptop?
Date: Tue, 13 Apr 1999 18:17:14 -0700
Samba would be your best bet for file sharing, but a null modem just won't
do unless you are just sharing small files and don't care about speed.
X will beat the desktop machine to death with 8 megs of ram, even if it is
just running as a server. But yes, you can do it, with X server software
(look for Xwin32) and the 'xhost' command on your linux box.
Erik
Ng, Choon Hooi wrote in message
<[EMAIL PROTECTED]>...
>I am trying to network my laptop, but not sure if I can do this. Okay,
>this is what I want to do.
>
>Desktop: 486 8Meg, running RH 5.1, with 3Com 10BT NIC installed
>Laptop, Pentium120 8Meg, running Win95, with no NIC.
>
>I want to be able to share files stored in the desktop from the laptop,
>perhaps something like the Samba. I did try connect the desktop from my
>laptop thro a null modem cable. Works great as far as using it as a text
>terminal. But what I really want to do is, the laptop is to run Win95,
>but able to get/share some files located in the destop running Linux,
>and maybe run some x-windows applications. Yes, I know I can just buy a
>pcmcia nic and stick it in, but I am considering other alternatives at
>the moment.
>
>Any idea how can I do this? Any help is appreciated.
>
>rgds,
> ch
>
>
>
------------------------------
Date: Wed, 14 Apr 1999 08:52:35 +0200
From: Johannes Kremsner <[EMAIL PROTECTED]>
Subject: Re: Writing my first script, Help
RensFunHog wrote:
>
> I am trying to write a script. I am using vi. In just a test I enter vi
> practice, I insert one line like ls, then I escape,enter :x to save file.
> Then to verify I run cat practice and view the text line. Then I enter
> "chmod +x practice" without the quotes. This should create an executable
> file. If I type "practice" I get an echo command not found. I have gone over
> this time and time, but can't find what I'm doing wrong. I even started
> xwindows and looked at the file permissions in xfm, and they showed
> executable. Any ideas??
try:
vi practice
enter
#!/bin/sh
ls
ESC
:wq .. to save end exit
chmod 755 practice to make the file world executable
./practice
sers,
johannes
--
University of Art and industrial Design
Center for Informatics Services (ZID) Mr. Ing. Johannes Kremsner
Hauptplatz 8, 4020 Linz Austria
Europe - Earth - 1432para. Universe
Tel. +43-(0)732-7898-262 * Fax +43-(0)732-783508
mailto:[EMAIL PROTECTED] * http://www.ufg.ac.at/zid/
****************************************************************
for EU citizens only:
have a look at http://www.politik-digital.de/spam/
------------------------------
From: [EMAIL PROTECTED]
Subject: IP chain rule syntax Question/Problem
Date: Tue, 13 Apr 1999 21:42:06 GMT
I have ipchains working on 2.2.3 SUSE box and have www,ssh,irc,icq etc
working. But the problem lies in the NNTP server from ISP I wish to get
usenet from. I have gave the address at the start of the script and
NEWS_SERVER=""
Now the chain rule:
#NNTP NEWS client (119)
# ----------------------
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $NEWS_SERVER 119 \
-d $IPADDR $UNPRIVPORTS -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR $UNPRIVPORTS \
-d $NEWS_SERVER 119 -j ACCEPT
Does anyone see anything wrong with the chain rule syntax? Any information
would be greatly appreciated. Oh and yes the address of the usenet server is
correct and it is up as it returns a ping. Thanx GSM
============= Posted via Deja News, The Discussion Network ============
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
------------------------------
From: "Curt" <[EMAIL PROTECTED]>
Subject: Re: how to get mrtg working
Date: Tue, 13 Apr 1999 23:54:09 -0500
Is SNMP enabled on your router?
Byron White wrote in message
<01be85df$3c84f420$[EMAIL PROTECTED]>...
>guru,.
>
>I am new to the linux/ networking tools. I need to get this working to
>monitor the traffic of a cico router. The following is what it looks like
>in my mrtg.cfg
>
>
>WorkDir: /u/bwhite/rpt/mrtg
>
>######################################################################
># Description:
># Contact:
># System Name:
># Location:
>#.....................................................................
>Target[r1]: 161:[EMAIL PROTECTED]
>MaxBytes[r1]: 64000
>Title[r1]: Traffic Analysis Router
>PageTop[r1]: <H1>Stats for our Router</H1>
>
>
>
>the following is the error message that i got
>
>/mrtg-2.7.2/run> ./mrtg mrtg.cfg
>SNMP Error:
>no response received
>SNMPv1_Session (remote host: "204.119.2.248" [204.119.2.248].161
> community: "public"
> request ID: 1917557773
> PDU bufsize: 8000 bytes
> timeout: 2s
> retries: 5
> backoff: 1)
>SNMPGET Problem for ifInOctets.161 ifOutOctets.161 sysUptime sysName
>ifDescr.161
> on [EMAIL PROTECTED]
>SNMPGET: Failed to reach target: "161:[EMAIL PROTECTED]". I tried
>multiple ti
>mes!
>
>I am trying to resolve this problem and wondered if you could help.
>
>Bwhite
------------------------------
From: Michael Hasenstein <[EMAIL PROTECTED]>
Subject: Re: Static NAT with Linux
Date: Wed, 14 Apr 1999 09:42:15 +0200
Luca Filipozzi wrote:
>...
> there's also a utility called ipnatadm that you could look for
>
> personally, i'd stick with ipfwadm
????
What kind of a statement is that? ipnatadm controls static NAT, ipfwadm
control firewalling and the special dynamic NAT called masquerading in
Linux. Two completely different purposes. If you want to control static
NAT you can't 'stick with ipnatadm'.
To static NAT: 2.2.x has a very efficient static NAT as part of the
routing.
The very first static NAT patch for Linux, 2.0 and 2.2, is at
http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
There are links to information about the 2.2-NAT as well (because tke
kernel-docu in Configure.help for Kusnetzow's NAT mistakenly points to
my website).
--
Michael Hasenstein
http://www.csn.tu-chemnitz.de/~mha/
Private Pilot (ASEL) since 1998
------------------------------
From: Marcin Kasperski <[EMAIL PROTECTED]>
Subject: Mailing list <-> newsgroups ?
Date: Wed, 14 Apr 1999 10:32:17 +0200
I use inn+suck for replicating a bunch of newgroups on small server in
my organization used for a few people.
I would like also to replicate on this news server some mailing lists
(with bugtraq as first) - so that the message received from mailing
lists are automatically loaded into my inn and posts send to inn are
automatically forwarded to mailing list.
I have the general idea how to do it (procmail + inews on the receiver
side, feed with mail in newsfeeds) but:
- I suspect that there is some header editing needed - what need to be
done ?
- Maybe someone has already done it ? I'd be grateful for software
links, sample configuration files and scripts etc.
Thanks in advance.
-- Marcin Kasperski Marcin.Kasperski<at>softax.com.pl
-- marckasp<at>friko6.onet.pl
-- Moje pogl�dy s� moimi pogl�dami, nikogo poza mn� nie reprezentuj�.
-- (My opinions are just my opinions.)
------------------------------
From: Pol Dupont <[EMAIL PROTECTED]>
Subject: Kortex
Date: Wed, 14 Apr 1999 10:54:41 +0200
Hi.
I got a Kortex 56k PCtel bus PCI modem card
Does anybody know this modem ???????
I got Red Hat 5.1 and kernel 2.2.0, and I can't run my modem... what's
the init string ? where to put it ?
------------------------------
From: "Gary Cameron" <[EMAIL PROTECTED]>
Subject: Re: Importance of securing systems
Date: Tue, 13 Apr 1999 21:58:26 -0400
Since you can read the addresses it is coming from, you should send a
nastygram to their ISP if you detect frequent breakin attempts from the same
source... That is exactly what I do to spammers. They always have a
"remove" notice, but that only tells them that they have found a legitimate
address they can sell to other spammers. I send the "remove" notice to
their ISPs, and it almost always works - the postmaster at their ISP usually
e-mails back to tell be the spammer has had their account disconnected. The
overwhelming majority of ISPs are NOT spam or hacker friendly. In the
latter case, they can probably be held legally liable if they know somebody
is using their service for illegal activity and do nothing about it.
If the attempts are more than a one time random probing, and you really
have solid evidence somebody is trying to hack your machine, then you can
snip the relevent portion of your log as you did here, and email it to
abuse@theirisp or postmaster@theirisp or root@theirisp. Chances are, they
will get their plug pulled pronto.
<< Snip >>>
>
>Here are the attempts extracted from the log file(s). As you can see,
>they come from all over:
>
>Feb 8 01:11:45 becca in.telnetd[26424]: refused connect from 24.113.59.205
>Feb 8 07:07:12 becca in.telnetd[27763]: refused connect from
[EMAIL PROTECTED]
>Feb 8 07:07:12 becca in.telnetd[27764]: refused connect from
[EMAIL PROTECTED]
.
.
.
<< Rest of list snipped >>
------------------------------
From: "Belgarion" <[EMAIL PROTECTED]>
Subject: Re: Dial on demand: undesired connections
Date: Tue, 13 Apr 1999 18:29:21 -0700
Sean OC wrote in message <[EMAIL PROTECTED]>...
>Hello,
> I have Redhat 5.2 with kernel 2.0.36 running on a Micron 266Mhz
>PPro. I have a surfboard 1000 internal cable modem and an external USR
>33.6 modem. I have tried both PPPD's (ver 2.3.5) demand option and diald
>(0.16.5a). Both approaches seem to dial up fine. However, both also
>continually dial and I can't track down why. I have 2 pcs and a mac
>running tcp/ip (all statically assigned). I would of course like to have
>any of the three workstations get access to the internet dynamically.
Here are some things that you might want to check:
1) Windows automatically establishing network connections?
2) daemons on the linux box (particularily mail, dhcp clients, any kind
of polling daemon) polling out at intervals?
3) CRON. something (like sendmail) might be starting itself from there.
If anything, I would almost bet it's #2 or a combination of 2 and 3,
considering that you already checked the first one... I know a few people
with win98 systems that get the "connect to" dialog for no particular
reason, no intentional network connection to be established.
Not too familiar with named/bind so I really can't answer that question,
as much as I wish I could. :)
Erik
------------------------------
From: Julian King <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup,comp.os.linux.setup,ucam.comp.linux
Subject: Re: loadlin for linux?
Date: Wed, 14 Apr 1999 09:59:53 +0100
"J.E. Scott" wrote:
>
> Hi,
>
> is there an equivalent of loadlin that runs _from_ linux? What I want to
> do is make a small linux distribution that susses out various local
> parameters, and then downloads and runs the real linux from the network.
I don't think you can do precisely what you are suggesting, but you
should be able to create a kernel that will boot on just about any
machine by making use of the modules. Then in principle, by using some
unique element for the machine (ethernet address?) or unique aspect of
that class of machine you can tailor the rc chain to do things dependant
upon that. You could get it to download stuff, but it might be easier
to get it to NFS mount stuff. That way you can boot up a minimal system
which mounts what it needs, and then, if necessary, copies stuff to the
local machine. There are all sort of strange things you can do. I don't
know of anything (apart from mond linux) which does anything similar, and
certainly nothing pre-packaged.
Julian
--
Julian King
Computer Officer, University of Cambridge, Unix Support
------------------------------
From: "Philip Nelson" <[EMAIL PROTECTED]>
Date: Wed, 14 Apr 1999 08:54:06 +0100 (BST)
Reply-To: "Philip Nelson" <[EMAIL PROTECTED]>
Subject: Setting up for multiple ISPs
I have a need to set up the ability to connect to multiple ISPs,
I've got the first one working (all the various config files set up correctly -
resolv.conf, chap-secrets / pap-secrets, options).
But can I put the second ISPs details into the same configuration files and still get
it to work for both ?
Example config files would be great.
TIA
Philip Nelson
([EMAIL PROTECTED])
Using OS/2 Warp and PMINews
------------------------------
From: "RJHM van den Bergh" <[EMAIL PROTECTED]>
Crossposted-To: alt.os.linux
Subject: root shutdown using telnet ?
Date: Wed, 14 Apr 1999 11:35:49 +0200
Hi,
I'm using a RedHat 5.1
and can't do a shutdown using telnet.
I do su to root.
But the shutdown process seems to kill its own process.
The system does return (stops) with the bash prompt.
Currently that isn't a real problem
the server is on a local network.
But over a few time it is located somewhere else.
Then I do have to drive an hour just to do a reboot.
Thanks for any reply
Rob,
[EMAIL PROTECTED]
([EMAIL PROTECTED])
------------------------------
From: Randy Sandberg <[EMAIL PROTECTED]>
Subject: Unix ONLY (i.e., Anti-MicroSoft) ISP that offers xDSL
Date: Tue, 13 Apr 1999 17:33:58 -0700
Hello,
Okay, if this question has been asked before I'm sorry. Please don't
flame me too hard. I'm new at this stuff. Anyway, being that I really
don't like MicroSoft and that I'd much prefer to give my hard earned
cash to an ISP that runs NON-MS services. I need your help. I'm looking
for an ISP in the Northern California (408) area that can provide xDSL
services. Right now I'm with EarthLink. I'm not sure what they are
running. Their tech said it was a tightly guarded secret. And if that
weren't enough, they won't be offering xDSL for a while so I'm looking
for someone else.
* My info:
Area code: 408
Prefix: 245
Thanx in advance for any helpful info you might send my way :-)
--
Randy Sandberg <[EMAIL PROTECTED]>
Understanding is always the understanding of a smaller problem
in relation to a bigger problem. -- P.D. Ouspensky
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
