Linux-Networking Digest #145, Volume #11 Thu, 13 May 99 21:13:50 EDT
Contents:
Strange network packets ("Wilco Jansen")
Re: DNS blues... ("Mies")
Re: Help me...I've been hacked! ("Mies")
Re: pppd hangs up the modem when no data activity (Braxton Burrsaddle)
Re: tape backups (Remco van den Berg)
Re: PPP: where, how? (.)
Re: How to configure Linux as a Proxy server (Derek Shaw)
Re: newbie-to-lan: cannot ping other box (hazzmat)
ping responds with "unknown protocol icmp" (Jim McDonagh)
Linux with WaveLAN Cards (Nick Walton)
Re: Help me...I've been hacked! ([EMAIL PROTECTED])
Re: Help me...I've been hacked! ([EMAIL PROTECTED])
Windows NT Terminal Server and Linux ("John Hartlove")
Re: tape backups (Johannes Niess)
configuracion de red ("mary")
How do I get fetchmail to just dowmload for one user (Phil Hunt)
Mounting NT shares from Linux automatically... (Darryl L. Pierce)
Re: Samba & Win 9x clients: automatically mapping drives (Michael Balderas)
PPP/2.2 kernel problem.... ("Kevin M. McGinley")
Re: Help me...I've been hacked! ([EMAIL PROTECTED])
Re: DNS blues... (Michael Balderas)
Re: Help me...I've been hacked! (bryan)
----------------------------------------------------------------------------
From: "Wilco Jansen" <[EMAIL PROTECTED]>
Subject: Strange network packets
Date: Thu, 13 May 1999 21:57:43 +0200
After making one or two connection thru my ISDN dial-up adapter, my system
starts sending (and receiving?) strange packets. This results in endless
network connections when there is no reason.
An network trace (tcpdump -i ippp0) show the following results:
23:57:45.006344 0.57.25.77 > 0.0.64.17: (frag 0:0@63512+) [ttl 0]
23:57:45.010911 truncated-ip - 16322 bytes missing!0.69.25.81 > 0.0.64.17:
(frag 25346:16401@63512+) [ttl 0]
23:57:45.501070 k.root-servers.net.domain >
dc2-isdn1507.dial.xs4all.nl.1024: 22448- 0/9/9 (336)
23:57:46.006420 truncated-ip - 21497 bytes missing!0.70.25.82 > 0.0.64.17:
(frag 17708:21541@63512+) [tos 0x41] [ttl 0]
23:57:46.325535 noc.umd.edu.domain > dc2-isdn1507.dial.xs4all.nl.1024:
60809* 1/3/3 (201)
23:57:49.006397 truncated-ip - 689 bytes missing!0.69.25.84 > 0.0.64.17:
(frag 49153:768@63512+) [tos 0x1] [ttl 0]
23:57:54.006377 truncated-ip - 689 bytes missing!0.69.25.86 > 0.0.64.17:
(frag 49153:768@63512+) [tos 0x1] [ttl 0]
23:57:56.086237
Can anyone help me, this is a bit expensive!
Thanks.
------------------------------
From: "Mies" <[EMAIL PROTECTED]>
Subject: Re: DNS blues...
Date: Fri, 14 May 1999 01:53:09 +0300
Well I'd recommend to read the HOWTO. When I needed to put up DNS systems, I
read the HOWTOs, although at first they seemed a bit confusing. The basics
are quite easy after all. And look at the bright side, you'll learn when you
do it all yourself!
Jamie wrote <[EMAIL PROTECTED]>...
>Hi,
> Im a bit confused (too much reading...) I want to setup a couple of
>nameservers, one master (authoritive), one slave. I need to do this so i
>can add virtual hosts. My ISP was willing to help me with one URL, and
>that took over a week (after Internic finished with my name...) so... my
>ISP sucks, i need to do as much as i can, so i dont have to rely on
......
------------------------------
From: "Mies" <[EMAIL PROTECTED]>
Subject: Re: Help me...I've been hacked!
Date: Fri, 14 May 1999 01:48:16 +0300
>bionic::1555:555:The One Who Does it All:/tmp:/bin/bash
>
Okay, so he has an account... well, where did he last log in to your server?
Finger tells that. If he's stupid, he hasn't logged on from a public
computer, rather from his own or from some dialup. If he's from a static IP,
from a PPP connection, it should be easy to track him down (contact his
ISP). If not static, at least you know where he's coming from, and maybe add
his domain to your deny list.
If he's using a public computer, I would say it is quite impossible to track
one down.
>
>
>How the hell did this guy do this, what can I do to protect
>myself and possibly make him pay??
Well, if you can find out who he is, make him pay (not by hacking, but by
money).
But whatever happens, I'd suggest shutting all public services down until
you've found out how he managed to hack in, and then fill the holes in your
security. There are lots of docs out there to help you through it.
>
>Any help is appreciated.
Although I think you already knew these things, but just wanted to make
sure.
>Thanks.
>
>rEdMaN
>
Jusas
------------------------------
From: [EMAIL PROTECTED] (Braxton Burrsaddle)
Subject: Re: pppd hangs up the modem when no data activity
Date: 13 May 1999 03:17:17 GMT
Tom, are you sure it's pppd initiating the hang-up? If you are using
masquerading I would think you would also be using diald. Diald will
hang up the modem after a preset amount of inactivity.
If you are using diald, there is a settings file (it has a whimsical
name like diald.conf) in which you can change these settings. man
diald will tell you the right filenames.
-Greg
On Wed, 12 May 1999 16:52:06, "Tom" <[EMAIL PROTECTED]> say:
> Does anyone know where i should look or what i should put where to stop the
> pppd from hanging up the modem when no data is being transmitted.. i've
> setup the pppd and ip masquerading as per the howto's.. i'm sure its this
> because if i set my win98 pc to poll my mail box it keeps the line up.
> thanks..
[EMAIL PROTECTED] : reply-to bogus, remove z's to construct email
address.
When you have enough clowns, you have a circus.
------------------------------
From: [EMAIL PROTECTED] (Remco van den Berg)
Subject: Re: tape backups
Date: Thu, 13 May 1999 21:04:15 GMT
On Thu, 13 May 1999 13:09:11 -0400, Joshua D Rusch wrote:
>I am looking to implement a tape backup system using a scsi DDS (DAT) drive.
>I want to write a script using cpio to do this. My three concerns are these:
cpio? I always use tar for it, but ok...
>2. Is there a way to have more that one archive on a single tape. All of the
>backup plans in books I've read about involve a different tape for each
>archive. I've briefly read about the mt command, but I'm not sure if this
>(tape positioning) appies to a modern DAT drive....I think it initializes,
>rewinds and all the stuff it needs to do automatically. Also if the mt
>command does apply here, does going to the next file mean going to the end
>of the archive or to a file within the archive.
I've never tried to write more tar backups to one tape but I do know that
there are two devices for one tape:
/dev/st0
/dev/nst0
I think /dev/nst0 is the "no-rewind" device. So using that one in stead of
st0 you can run a second tar command.
>Thanks for any help
>Josh
-Remco
--
============================================================================
Remco van den Berg Admin DSE http://www.dse.nl/
[EMAIL PROTECTED] Linux Certified Systems Engineer
============================================================================
------------------------------
From: . <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: Re: PPP: where, how?
Date: 13 May 1999 14:37:17 -0700
I still cannot get mine working but here are the RTFM I always get. You will
find alot of wannabe 3133t around here with bad attitudes. Just read the faqs
and pray you do not need to ask for help because all you really get is RTFM
(although there are a few kindly souls that help most won't - heaven help you
if it cannot easily be referanced).
http://axion.physics.ubc.ca/ppp-linux.html
http://www.knowplace.org/ppp.html
http://www.redhat.com/support/docs/rhl/PPP-Tips/PPP-Tips.html
http://howto.linuxberg.com/LDP/HOWTO/PPP-HOWTO-6.html#ss6.2
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>Well after a number of installs and partitioning my repartioning, I've
>finally got Linux Red Hat 6.0 installed. Could someone get me going
>toward connecting to my ISP? Thanks for any pointers.
>
>Greg Aeschliman
>Osaka, Japan
------------------------------
From: Derek Shaw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux,comp.os.linux.setup
Subject: Re: How to configure Linux as a Proxy server
Date: Thu, 13 May 1999 21:06:42 GMT
get The Linux Network by Butzen & Hilton. Published by M&T books
(ISBN1-55828-589-X). Available at http://www.amazon.com
Witman Peng wrote:
> Hi, All
>
> I have a Linux box and several Windows machine. I want to all PC can access
> Internet via the Linux box. The Linux box connect to the IPS via a POTS
> modem. Which software should I use? Thanks in advance.
>
> BR,
> Witman Peng
--
Derek Shaw
Business Information Systems
Victoria, BC.
voice: 250-885-2021 fax: 250-386-4060
------------------------------
From: hazzmat <[EMAIL PROTECTED]>
Subject: Re: newbie-to-lan: cannot ping other box
Date: Thu, 13 May 1999 19:54:11 -0400
Hello and hanks for replying!
here is a sample for ping and ifconfig when trying to ping the G3:
[root@BLINKY wpbin]# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
--- 192.168.1.2 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
[root@BLINKY wpbin]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:95:76:F2:07
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:9 Base address:0x300
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:89 errors:0 dropped:0 overruns:0 frame:0
TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:215.78.34.69 P-t-P:209.215.203.137 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:749 errors:0 dropped:0 overruns:0 frame:0
TX packets:670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
Pinging my eth0 address:
[root@BLINKY wpbin]# ping 192.168.1.1
<snip>
--- 192.168.1.1 ping statistics ---
23 packets transmitted, 23 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
....and ifconfig run at the same time :
eth0 Link encap:Ethernet HWaddr 00:40:95:76:F2:07
inet addr:192.168.1.1 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:2 dropped:0 overruns:0
carrier:0
collisions:0 txqueuelen:100
Interrupt:9 Base address:0x300
IRQ10 is open according to /proc/interrupts. But I don't have any configuration
utility (card was second hand) and I don't see any jumpers on it. It worked
when I had 5.1 on my machine, but its starting to look useless now. ISAPNP is
pretty hard to understand from what I hear/read.
Curt wrote:
> What is the result of 'ifconfig'? Is Rx 0?
>
> In general it is not a good idea to use IRQ 9. IRQ9 is used redirects
> interrutps form 2nd interrupt controller to first via IRQ2. Use IRQ 5, 10,
> or 11. Check /proc/interrupts to see what is currently being used. You'll
> probably need to use the DOS based configuration software that came with
> your ne2000 card to set this. Disable PnP too.
>
> hazzmat <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Hello,
> > Redhat 6.0 ISA ne2000 compatible (added at 0x300 base
> > address, irq9 kernel module loads fine at boot) cat 5 cable -> Intel
> > in-bidness 5 port 10base-T hub -> mac g3 10/100 builtin ethernet.
> >
> > I give eth0 address of 192.168.1.1 and give the Mac an address of
> > 192.168.1.2 linux host with the eth0 192.168.1.100 Activate interface in
> > netcfg Ok. Ping loopback-OK. Ping eth0 address OK. That's as far as it
> > goes. Can't ping host IP (should I be able to do that ?) and can't ping
> > the G3's address either.
> >
> > The G3 lights up the LED on the hub seeking the Linux box, so I know
> > packets are leaving the G3. Also, just for fun I tell the G3 to connect
> > to Linux host as though it were a file servert, it returns 'connection
> > refused, try later'-- that's different from the message returned when I
> > try to make it connect to a non-extant IP. On the other hand, there are
> > only very occasional blips on the hub when I try to ping the G3 from the
> > Linux PC. I still can't ping thre G3 if I remove the hub. G3 and Linux
> > host addres are in /etc/hosts.
> >
> > what am I not doing right here? I have the 560 +page Linux Network
> > Toolkit book on hand, and I am stymied. Any help appreciated.
> >
> > --hazzmat
> >
------------------------------
From: [EMAIL PROTECTED] (Jim McDonagh)
Subject: ping responds with "unknown protocol icmp"
Date: Thu, 13 May 1999 21:12:26 GMT
Hello,
I have a little DragonLinux installation. I can telnet and such out
to the network over an ethernet card but I cannot ping.
When i ping it responds with unknown protocol icmp. Where does that
get setup?
thanks in advance,
jim mcdonagh
------------------------------
From: Nick Walton <[EMAIL PROTECTED]>
Crossposted-To: ed.linux
Subject: Linux with WaveLAN Cards
Date: Tue, 11 May 1999 18:18:55 +0100
Has anyone had any success creating a Bridge between two LANs
using the Lucent WaveLAN cards? We would like to go this route,
but Lucent seem unsure whether this will work. We know they've
knobbled the NT drivers so you can't use them as a bridge (so
you've got to buy their WaveBridge thingy)...
Cheers in advance.
Nick
P.S. Please MAIL me with replies, There are about 30 Newsgroups
I'm mailing with help about stuff... and I'm bound to miss something.
--
Nick Walton 3rd year Postgraduate Mailto:[EMAIL PROTECTED]
(work)
http://www.tardis.ed.ac.uk/~aardvark
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help me...I've been hacked!
Date: Thu, 13 May 1999 22:47:29 GMT
In article <[EMAIL PROTECTED]>,
Kyler Jones <[EMAIL PROTECTED]> wrote:
> I was looking around yesterday and I noticed a file :
>
> /sniff.pid
>
> Due to the alarming nature of this file name, I chcked the pid
> and it's owned by:
>
> /usr/sbin/in.sockd
That's not a user. A file can't be "owned" by another file. What on
earth do you mean?
> the next pid is owned by:
>
> /usr/local/sbin/sshd1 -q
The pid to what? Files don't have pids.
> What are these files?
I don't know what in.sockd is, but the second one is sshd. If you
don't know what sshd is, learn [you should be using it instead of telnet
-- there's a good chance that this is how/why you got hacked].
> Further more, there is a file called "tcp.log" in my root, world
> readable, except for some reason root can't see the file, the
If the file is owned by root and is not readable by owner, root will not
be able to read the file. Simply chmod the file to be readable by
owner.
> file contains text characters of all kinds of stuff, including
> passwords, root and all.
...probably sniffed via a telnet or ftp connection.
> I chacked my logs and found the someone port scanned me (I think)
> becauise teh IP address 203.228.126.205 tried all the regular
> services (ftd, imap, pop3, telnet) and each of these attempts
> resultred in an error, eg.:
Turn off ftpd and telnet, and use sshd instead.
> Finally, there is a new user entry in my /etc/passwd file for
>
> bionic::1555:555:The One Who Does it All:/tmp:/bin/bash
>
> How the hell did this guy do this,
Probably a bug in one of the services you have turned on. Or, if you're
connecting to the machine from a remote location, he may have sniffed
your plaintext password sent to ftpd or telnetd.
> what can I do to protect myself
Upgrade to the newest releases of your daemons, and replace ftpd and
telnetd with sshd. If you're running sendmail, GET RID OF IT. Sendmail
is crap, and should be replaced with qmail.
> and possibly make him pay??
Output of `whois -p 203.228.126.205`:
inetnum: 203.228.126.0-203.228.126.255
netname: INJENET
descr: INJE UNIVERSITY
descr: Kyongnam
country: KR
admin-c: Choi Won Ha
tech-c: Lee Dong Kyun
changed: [EMAIL PROTECTED] 970313
source: KRNIC
Contact the administrator for the above network.
> Any help is appreciated.
HTH.
--
-Bill Clark
Systems Architect
ISP Channel
http://locale.ispchannel.com/
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help me...I've been hacked!
Date: Thu, 13 May 1999 23:38:55 GMT
In article <knI_2.24264$[EMAIL PROTECTED]>,
bryan <[EMAIL PROTECTED]> wrote:
> I usually disable ALL but sshd. and even then, I disallow it to root.
Disallowing ssh access to root is just plain silly. *Please* don't tell
me you use `su`? I know it's unlikely, but it is possible for a hacker
to subvert su and gain your root password that way. In any event, it's
*far* more likely that somebody will replace or bypass `su` than it is
for them to subvert ssh. Consider: a hacker gains access to your
"normal" login, adds a directory to the beginning of your path, writes a
script called "su" that spoofs a password request, logs it to a file,
removes itself, and changes your path back. Bingo, root access.
I consider myself to be a ridiculously paranoid person. Whenever
possible, I set up RSARhostsAuthentication between my boxes, and ssh in
as root [then `su` to whatever user I actually want to be]. That's
_the_ most secure possible way to connect to a machine, short of sitting
at the console. No passwords are ever sent over the wire [or even typed
in, for that matter], and security is handled by RSA challenges that,
for all intents and purposes, can be considered unbreakable [yes, I know
people have cracked RSA keys in the past, but any hacker willing to
devote the time and resources to do so deserves access to my box, IMHO.
:)]
With the advent of ssh, all prior security guidelines need to be
modified. `su` [except as root] is *bad*. passwords are *bad*. RSA
authentication is *good*.
--
-Bill Clark
Systems Architect
ISP Channel
http://locale.ispchannel.com/
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: "John Hartlove" <[EMAIL PROTECTED]>
Subject: Windows NT Terminal Server and Linux
Date: Thu, 13 May 1999 21:43:30 GMT
Does anyone know of any NT Terminal Server clients for Linux???
Thanks
John Hartlove
Network Security Manager
Syscomnet
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Johannes Niess)
Subject: Re: tape backups
Date: Thu, 13 May 1999 22:11:50 GMT
"Joshua D Rusch" <[EMAIL PROTECTED]> wrote:
>I am looking to implement a tape backup system using a scsi DDS (DAT) drive.
>I want to write a script using cpio to do this. My three concerns are these:
>1. How bad is it to back up a live file system (especially one that may
>contain several small databases) I'm not sure if I have any other options as
>far as this goes.
>2. Is there a way to have more that one archive on a single tape. All of the
>backup plans in books I've read about involve a different tape for each
>archive. I've briefly read about the mt command, but I'm not sure if this
>(tape positioning) appies to a modern DAT drive....I think it initializes,
>rewinds and all the stuff it needs to do automatically. Also if the mt
>command does apply here, does going to the next file mean going to the end
>of the archive or to a file within the archive.
>3 Also I've read somewhere that cpio cannot back up a smb mount. Is this
>true or has cpio been updated since. I was also thinking about buying BRU
>2000 personal edition, but it says it can't back up a samba mount. Is this
>true??? If the drive is already samba mounted, can't I just back it up as if
>it were a normal part of the filesystem?
>Thanks for any help
>Josh
Amanda is my backup program of choice. It is GPL, with a very helpfull
mailing list, it handles dozends of client computers with a lot of
operating systems (Linux, other Unixes, Windows via Samba), it
distributes your load (one tape might contain a level 0 from one disk
and a level 2 from another), output of a self check is mailed and it
handles tape changers. And Idiot can handle it after setup.
Volunteers for writing a GUI will get a lot of help.
I don't know about a missing feature and it is very reliable. Why
spend money for a backup program with less features?
You can find eveything about it at www.amanda.org
Johannes Niess
------------------------------
From: "mary" <[EMAIL PROTECTED]>
Crossposted-To: es.comp.os.linux
Subject: configuracion de red
Date: 14 May 1999 00:01:29 GMT
estoy intentando configurar mi ordenador portatil con linux para entrar en
el ordenador de un amigo mediante tarjetas de red, el tiene la suya y yo la
mia PCMCIA, pero nos hemos quedado estancados porque no hemos conseguido
realizar ningun tipo dee conexion , hemos mirado how-to�s, man pages,
articulos de revistas pero nada, no hay manera, el caso el que segun todos
estos documentos la cosa parece facil pero no lo hemos conseguido, ni con
el netcfg, ni con el yast de Suse de mi portatil, ni modificando a mano los
archivos de configuracion de una red: etc/hosts, route.conf, network,
netgroup, etc...
agradeceria cualquier tipo de sugerencia que nos ponga en el camino de
conectar nuestros ordenadores. gracias
------------------------------
From: [EMAIL PROTECTED] (Phil Hunt)
Crossposted-To: demon.ip.support.unix,uk.comp.os.linux,comp.mail.misc
Subject: How do I get fetchmail to just dowmload for one user
Date: Thu, 13 May 99 23:10:46 GMT
Reply-To: [EMAIL PROTECTED]
I am using fetchmail to download email from my Demon account.
Currently, it is downloading mail for all users at the account;
I want it to just download email for some users, e.g.
mail addressed to [EMAIL PROTECTED]
Does anyone know how to do this?
Is there any documentation anywhere expalining what all the commands
in .fetchmailrc do? The sample.rcfile that comes with the distribution
is a bit sketchy on some of them.
My .fetchmailrc is:
poll pop3.demon.co.uk
protocol POP3:
localdomains vision25.demon.co.uk
user "vision25"
password "my-pop3-password"
is philh
I have tried replacing the 4th line with:
user "philh+vision25"
but this makes no difference. When I remove the ``is philh'' from the
rc file, and run ``fetchmail --version'', fetchmail returns the same
list of options; does this mean that ``is philh'' is being ignored?
I am using Fetchmail 4.7.5-POP2 under SuSE 6.0 Linux, kernel 2.0.36.
--
Phil [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Darryl L. Pierce)
Subject: Mounting NT shares from Linux automatically...
Date: Tue, 11 May 1999 18:02:27 GMT
Is there an easy way to setup Samba so that it mounts NT resources at startup?
---
Darryl L. Pierce, Software Engineer, Resource Solutions, Int'l
------------------------------
From: mike*no*spam*@yourhelpdesk.com (Michael Balderas)
Crossposted-To: comp.os.linux.misc
Subject: Re: Samba & Win 9x clients: automatically mapping drives
Date: Thu, 13 May 1999 22:22:18 GMT
On Thu, 13 May 1999 21:55:53 GMT, [EMAIL PROTECTED] (Lee
Allen) wrote:
>Under Samba, I (think) I have to "map a network drive" on the Win 9x
>client via point & click. If the client ever boots when the server is
>down (or not available), then the client will display a prompt, "Do
>you want to reconnect the next time you log in?" If the user says
>"No", the mapping is gone, and must be recreated manually.
>
This is the short coming of Windows 9X in any peer-peer network
enviroment using Microsoft's file and print sharing to map shared
resources on remote clients, this is not just related to Samba.
>How can we avoid this problem? Is there some script capability in Win
>9x that remap the drives for us?
>
Short of telling the users to hit yes, I am not aware of any way
around this issue. I get calls from clients all the time who hit "no"
on the "connect next time" prompt instead of yes. To this day the only
resolution I have found is to walk them thru connecting to the share
or fixing it next I was on site. If anyone does have a scripting tool
that will eliminate this issue I'd be interested in knowing as well.
Mike
------------------------------
From: "Kevin M. McGinley" <r1~[EMAIL PROTECTED]>
Subject: PPP/2.2 kernel problem....
Date: Thu, 13 May 1999 09:25:09 -0700
Hello...
I'm having problems with upgrading my kernel from the default 2.0.36
(as shipped with Slink) to a 2.2.x series kernel. When I install a 2.2
kernel
(I've tried 2.2.5 and 2.2.8 so far) pppd dials in, communicates and then
decides
it dosen't want to live anymore...
(Usually after it sends 11 packets and rx's 20 packets(?))
The PPP link never comes up, and dosen't appear in ifconfig.
I know about the old PPP->new kernel problems, which sound virtually
identical to my problem, but I HAVE upgraded my pppd (to 2.3.7),
which is why this is really {puzzling, annoying} me....
I know it's not my dialer script, because it works perfect in 2.0.36.
So, can someone toss me a clue here? :)
Potentially useless info:
Dual P200MMX on a Tyan Tomcat IV
33.6k Rockwell chipset modem
Debian 2.1 (Slink)
TIA!
--Kevin
If you don't see the fnord, it can't eat you.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Help me...I've been hacked!
Date: Fri, 14 May 1999 00:21:22 GMT
Wow
this thread is unbelievable interesting, but one thing : i am a newbie
and have got (had, is done now :-( )
a permanent netconnection as well
So can anyone explain all this in a reply in NEWBIE terms what this is
all about. I know how to use telnet though and that i have a shadow
password file, but that must be about everything i know about security
:-(
I would like to know if people can hack my linuxbox that easy if i dont
shut any ports after i installed Redhat6.0
So someone who feels like he can clearly explain things : try to make
me understand ;-)
Peter Pauwels
--== Sent via Deja.com http://www.deja.com/ ==--
---Share what you know. Learn what you don't.---
------------------------------
From: mike*no*spam*@yourhelpdesk.com (Michael Balderas)
Subject: Re: DNS blues...
Date: Thu, 13 May 1999 23:54:05 GMT
Go to your local Barnes and Noble and pickup "DNS and Bind, 3rd
edition" published by O'reilly & Associates. It'll cost you $32.95
plus tax and it's very informative and pays for itself. You can find
out more information about the book at:
http://www.oreilly.com/catalog/dns3/
I have setup 6 Bind 8.0 servers for multiple Intranet/Internet
pressences with information and configuration help from this book.
Mike
On Fri, 14 May 1999 01:53:09 +0300, "Mies" <[EMAIL PROTECTED]>
wrote:
>Well I'd recommend to read the HOWTO. When I needed to put up DNS systems, I
>read the HOWTOs, although at first they seemed a bit confusing. The basics
>are quite easy after all. And look at the bright side, you'll learn when you
>do it all yourself!
>
>
>Jamie wrote <[EMAIL PROTECTED]>...
>>Hi,
>> Im a bit confused (too much reading...) I want to setup a couple of
>>nameservers, one master (authoritive), one slave. I need to do this so i
>>can add virtual hosts. My ISP was willing to help me with one URL, and
>>that took over a week (after Internic finished with my name...) so... my
>>ISP sucks, i need to do as much as i can, so i dont have to rely on
>......
>
------------------------------
From: bryan <[EMAIL PROTECTED]>
Subject: Re: Help me...I've been hacked!
Date: Thu, 13 May 1999 22:29:36 GMT
hackers usually wipe out all logs. you're lucky you had logs left.
I've often thought about hooking up an old junky dot matrix printer
(what ELSE are they good for these days?) and having all 'significant'
events logged to it. that way, even if the logs are 'rm -rf', you
still have a trace of some kind.
are you running tcpwrappers?
I usually disable ALL but sshd. and even then, I disallow it to root.
Kyler Jones <[EMAIL PROTECTED]> wrote:
: What the hell?
: I thought I was pretty secure, I've turned off a lot
: of servcies, no remote root login, shadow passwords, etc..
: And yet, I'm pretty sure someone has gained entry.
: Here's the scoop:
: I was looking around yesterday and I noticed a file :
: /sniff.pid
: Due to the alarming nature of this file name, I chcked the pid
: and it's owned by:
: /usr/sbin/in.sockd
: the next pid is owned by:
: /usr/local/sbin/sshd1 -q
: What are these files?
: Further more, there is a file called "tcp.log" in my root, world
: readable, except for some reason root can't see the file, the
: file contains text characters of all kinds of stuff, including
: passwords, root and all.
: I chacked my logs and found the someone port scanned me (I think)
: becauise teh IP address 203.228.126.205 tried all the regular
: services (ftd, imap, pop3, telnet) and each of these attempts
: resultred in an error, eg.:
: ipop3d: command stream end of file while reading line...
: or:
: intelnetd: Invalid or incomplete multiple byte or wide character..
: Finally, there is a new user entry in my /etc/passwd file for
: bionic::1555:555:The One Who Does it All:/tmp:/bin/bash
: How the hell did this guy do this, what can I do to protect
: myself and possibly make him pay??
: Any help is appreciated.
: Thanks.
: rEdMaN
--
Bryan
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.networking) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Networking Digest
******************************
