Re: [gentoo-user] checksumming files
Am Freitag, 5. Dezember 2008 19:48:18 schrieb Mick: On Thursday 04 December 2008, Heinrichs, Dirk (EXT-Capgemini - DE/Dusseldorf) wrote: Did you make sure the chunks are transfered in binary mode? Aha!! Since the split chunks were part of a video file I assumed that it would be binary - and I understand that the default type (for tnftp) is binary? BTW, most modern FTP clients have a resume option, so there's no need to split. Yes, tnftp has the 'reget' command but I can't find a 'reput', or 'resume'? It also has 'restart': [...] but I am not sure how this works exactly. Would anyone be clued up on the intricacies of tnftp? Unfortunately not, never heard of it before. Anything else I could try? ncftp. This one also comes with ncftpget and ncftpput command line utilities. They use binary transfer as default and have resume capabilities. HTH... Dirk
[gentoo-user] Re: modules in use
Paul Hartman [EMAIL PROTECTED] writes: [ ... ] (good input, thanks posters) Paul wrote: Yes, I think the only real solution is to remove things and see what breaks. So is there consensus here that Pauls' comment above is right? »Q« choose the example of his wireless module I see the same kind of thing, using alsa instead of oss. But Whatever the 0's mean, the output of lsmod won't be enough to help the OP, who really wants to be able to tell what modules are *needed*. Does that same thing apply to any network driver module? If I have started eth0; will the `0' in lsmod come and go as its used?
[gentoo-user] Re: modules in use
»Q« [EMAIL PROTECTED] writes: I see the same kind of thing, using alsa instead of oss. But Whatever the 0's mean, the output of lsmod won't be enough to help the OP, who really wants to be able to tell what modules are *needed*. $ lsmod | grep iwl iwl4965 185000 0 mac80211 112076 1 iwl4965 It's certainly possible that my wireless driver is not being used by anything at any given microsecond, but this post won't get off my computer without that driver being used. I see something in lsmod that really is confusing: lsmod Module Size Used by [...] ipv6 220812 16 [...] And I have ipv6 set negative (-ipv6) in /make.conf So very unlikely anything but other non-used modules make up the 16.
[gentoo-user] Re: modules in use
Harry Putnam [EMAIL PROTECTED] writes: I see something in lsmod that really is confusing: lsmod Module Size Used by [...] ipv6 220812 16 [...] And I have ipv6 set negative (-ipv6) in /make.conf So very unlikely anything but other non-used modules make up the 16. s/un// whooopps should have said likely
Re: [gentoo-user] Re: modules in use
On Sat, 06 Dec 2008 02:51:02 +0200 Nikos Chantziaras [EMAIL PROTECTED] wrote: Neil Bothwick wrote: On Fri, 5 Dec 2008 22:32:23 +0100, Sebastian Günther wrote: The third column of lsmod is headed with Used by and consists of a number and a list of modules which use it. Everything with a 0 is not used. Not true. Anything with a 0 is not used by another module. That's not the same as not used. I think a 0 indicates that it's not used at all. Can't be true. I have the following lines in /proc/modules: usbhid 41184 0 - Live 0x8802d000 usbkbd 6336 0 - Live 0x88007000 usbmouse 4736 0 - Live 0x88042000 All have 0 in the third column, but they are obviously used as i am typing this. Just an observation, cheers.
[gentoo-user] Re: modules in use
On Sat, 06 Dec 2008 02:51:02 +0200 Nikos Chantziaras [EMAIL PROTECTED] wrote: Neil Bothwick wrote: On Fri, 5 Dec 2008 22:32:23 +0100, Sebastian Günther wrote: The third column of lsmod is headed with Used by and consists of a number and a list of modules which use it. Everything with a 0 is not used. Not true. Anything with a 0 is not used by another module. That's not the same as not used. I think a 0 indicates that it's not used at all. Can't be true. I have the following lines in /proc/modules: usbhid 41184 0 - Live 0x8802d000 usbkbd 6336 0 - Live 0x88007000 usbmouse 4736 0 - Live 0x88042000 All have 0 in the third column, but they are obviously used as i am typing this. Just an observation, cheers.
[gentoo-user] gparted - safe on NTFS hardware RAID?
Anyone have any knowledge about this? Would it be mostly an issue of finding a Linux driver for the hardware card or does it work at all? I'd like to make some room on an existing windows machine for Gentoo. Thanks, Mark
Re: [gentoo-user] gparted - safe on NTFS hardware RAID?
On Sat, 6 Dec 2008 09:25:01 -0800 Mark Knecht [EMAIL PROTECTED] wrote: Anyone have any knowledge about this? Would it be mostly an issue of finding a Linux driver for the hardware card or does it work at all? If it is genuine hardware RAID linux should just see it as a single device, so that should not be a problem as I understand it. RobbieAB signature.asc Description: PGP signature
Re: [gentoo-user] gparted - safe on NTFS hardware RAID?
On Sat, Dec 6, 2008 at 9:53 AM, Robert Bridge [EMAIL PROTECTED] wrote: On Sat, 6 Dec 2008 09:25:01 -0800 Mark Knecht [EMAIL PROTECTED] wrote: Anyone have any knowledge about this? Would it be mostly an issue of finding a Linux driver for the hardware card or does it work at all? If it is genuine hardware RAID linux should just see it as a single device, so that should not be a problem as I understand it. RobbieAB Yes, this is consistent with what I'm reading, and I believe both RAIDs are hardware RAID. One is RAID-5, the other is RAID-0 or 1, not sure which. I'll check later. Thanks, Mark
Re: [gentoo-user] Re: Buying a low-cost printer for Linux
On Fri, Dec 5, 2008 at 8:08 AM, Grant Edwards [EMAIL PROTECTED] wrote: On 2008-12-05, Peter Humphrey [EMAIL PROTECTED] wrote: I've had an HP LaserJet 1200 for about 4-5 years now. I only print once or twice a month, and I've never had a single problem. It's still on the original toner cartridge, and I don't think I've even got through an entire ream of paper yet. [...] And my Kyocera FS1020D is similarly lightly loaded with no ill effects. Comes with its own .ppd file and does double-sided out of the box. Best printer I've had for years. I forgot to mention that before the LaserJet, I had a B/W Canon bubble-jet. It too was only used once or twice a month, and I don't think I ever got more than a few pages per ink cartridge using the Canon. The cartridges would clog up and stop working while still 99% full. -- Grant Edwards Hi all, After reading through this thread again, doing some online study and sending my dad out to find out what he could buy locally he found Sam's Club has this HP Color LaserJet for $280 which has specs that look pretty good to me: http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/18972-18972-3328060-15077-3328070-3422465.html Main items: Recommended monthly print volume 250 to 1,000 pages Cartridges 4 (1 each black, cyan, magenta, yellow) Print languages, standard HP PCL 6, HP PCL 5c, HP postscript level 3 emulation, Hybrid print path Memory, standard 96 MB Memory, maximum 352 MB Power consumption ENERGY STAR(R) qualified I get different info at different sites about the interfaces. Apparently the ni version has the network interface also. I've never set up a printer for Cups that only had a network connection. I guess that's not impossible, right? Anyway, do these specs look reasonable to others? I MUST have good/excellent driver support. The printer is located 350 miles away. My 80 year old dad has to buy it, unpack it, set it up and plug it in before I can do anything. Would others think this is a reasonable printer to try and do this with? His Epson inkjet has died and he wants printing this weekend if possible. He has no problems with the price. It's listed as working perfectly in Linuxprinters.org's database: http://www.openprinting.org/show_printer.cgi?recnum=HP-Color_LaserJet_CP1518ni Thanks, Mark
Re: [gentoo-user] Re: modules in use
On Sat, 06 Dec 2008 02:51:02 +0200, Nikos Chantziaras wrote: Not true. Anything with a 0 is not used by another module. That's not the same as not used. ath_pci 196472 0 So I am sending this over my wireless connection without using the wireless module. If the 0 means it is truly unused, I could rmmod it and not notice any difference. -- Neil Bothwick This project is so important, we can't let things that are more important interfere with it. signature.asc Description: PGP signature
[gentoo-user] Re: modules in use
Neil Bothwick wrote: On Sat, 06 Dec 2008 02:51:02 +0200, Nikos Chantziaras wrote: Not true. Anything with a 0 is not used by another module. That's not the same as not used. ath_pci 196472 0 So I am sending this over my wireless connection without using the wireless module. If the 0 means it is truly unused, I could rmmod it and not notice any difference. Why don't you try?
[gentoo-user] Setting Putty window title to currently executing command
I seem to remember ssh'ing into an old Gentoo box and having the window title change to the currently executing command. For instance, when emerging something that had 10 packages, the title would show something like emerging (4 of 10) perl_something_or_other I'm not sure whether I was using screen at the time, or not. I'm not even positive I was using Putty (I might have been on another 'nix). Can anyone help me out? Thanks, festus -- I just want to break even. pgpqML3Sc9TyT.pgp Description: PGP signature
[gentoo-user] boot to console (text) mode
Sorry for the lamer question but apparently things have changed since the days when putting default 3 in /etc/inittab would make the OS boot to text (console) mode. I'm running a vmappliance of gentoo-2008.0 from June and attempting to bring it up to date. Its setup to run xfce on boot. Looking at the output of rc-update I saw xdm set for boot. Removed xdm from any runlevel and went to set inittab to default to runlevel 3 but find it already is and has been id:3:initdefault But still on a reboot it goes to xfce desktop. What have I overlooked?
Re: [gentoo-user] Re: modules in use
On Sat, 06 Dec 2008 21:53:46 +0200, Nikos Chantziaras wrote: ath_pci 196472 0 So I am sending this over my wireless connection without using the wireless module. If the 0 means it is truly unused, I could rmmod it and not notice any difference. Why don't you try? If I did, you'd never see the result... % sudo rmmod -v ath_pci rmmod ath_pci, wait=no % ping 192.168.1.8 connect: Network is unreachable -- Neil Bothwick WinErr 011: Window open - Do not look outside signature.asc Description: PGP signature
[gentoo-user] Ridiculous nagging problem unable to ping
I've had this silly problem for mnths and have posted on it here some time ago. I've thoroughly exhausted my meager knowledge and attempted any fixes suggested here. I'm running an uptodate 2008.0 (not the vmware I posted about in another thread) my main desktop at home. I have simple assigned IPs throught home lan with 5 regular machines and several experimental vmwares running in windows XP machines. All sitting behind a netgear FVS-318 None and I mean absolutely none of those other machines have any trouble pinging out to the internet. I'm at a loss now as to what else to check. The machine itself has no firewall setup at all. The router is something of a firewall but no other machines have this problem. I've checked and rechecked for any kind of blocking on the Netgear for outbound and there simpley is none in place. So it must be something peculiar about this one machine. It seems there would be some diagnostic or several that would pinpoint this problem but again I'm at a loss. basic network setup from netstat -nr: Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 127.0.0.1 255.0.0.0 UG0 0 0 lo 0.0.0.0 192.168.0.200.0.0.0 UG0 0 0 eth0 What else can I do to uncover the blockage?
Re: [gentoo-user] boot to console (text) mode
Harry Putnam wrote: Sorry for the lamer question but apparently things have changed since the days when putting default 3 in /etc/inittab would make the OS boot to text (console) mode. I'm running a vmappliance of gentoo-2008.0 from June and attempting to bring it up to date. Its setup to run xfce on boot. Looking at the output of rc-update I saw xdm set for boot. Removed xdm from any runlevel and went to set inittab to default to runlevel 3 but find it already is and has been id:3:initdefault But still on a reboot it goes to xfce desktop. What have I overlooked? You may want to check /etc/rc.conf and make sure it is not starting there. I'm assuming you want to boot to the default level but just not wanting the GUI to start. You may want search for softlevel and add that to your boot loader. This sort of depends on why you are doing this and if it is a often used thing or just once in a blue moon. You can create a custom boot level and have a boot line for that, I think you can still do that. Things are changing so much and fast I can't keep up. :/ Hope that helps. Dale :-) :-)
[gentoo-user] LVM2 log file puzzle
At start-up shut-down, lines appear on screen : /var/log/lvm2.log : fopen failed : No such file or directory When I check for the file I get : root:537 log pwd /var/log root:538 log ls -l lvm2.log -rw-rw-rw- 1 root root 116194 2007-11-02 04:49 lvm2.log root:539 log file lvm2.log lvm2.log: ASCII text It seems it was written when I set up LVM on this machine in 2007 , but hasn't been accessible since then. Is the problem that /var is not mounted at these moments ? root:535 log df Filesystem 1K-blocks Used Available Use% Mounted on ... /dev/mapper/lvm-var2097084647704 1449380 31% /var If so, what is the correct way out of the jam ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Setting Putty window title to currently executing command
On Sat, Dec 6, 2008 at 3:11 PM, John J. Foster [EMAIL PROTECTED] wrote: I seem to remember ssh'ing into an old Gentoo box and having the window title change to the currently executing command. For instance, when emerging something that had 10 packages, the title would show something like emerging (4 of 10) perl_something_or_other I'm not sure whether I was using screen at the time, or not. I'm not even positive I was using Putty (I might have been on another 'nix). Can anyone help me out? I use PuTTY on Windows and the title updates as you described. I don't think I had to do anything special to accomplish it. Paul
Re: [gentoo-user] Setting Putty window title to currently executing command
On Sat, Dec 06, 2008 at 03:58:36PM -0600, Paul Hartman wrote: On Sat, Dec 6, 2008 at 3:11 PM, John J. Foster [EMAIL PROTECTED] wrote: I seem to remember ssh'ing into an old Gentoo box and having the window title change to the currently executing command. For instance, when emerging something that had 10 packages, the title would show something like emerging (4 of 10) perl_something_or_other I'm not sure whether I was using screen at the time, or not. I'm not even positive I was using Putty (I might have been on another 'nix). Can anyone help me out? I use PuTTY on Windows and the title updates as you described. I don't think I had to do anything special to accomplish it. Thanks Paul, but mine doesn't do it anymore. I'm ssh'ing to 2 different Gentoo boxes, one is a VM on my wifes XP box and the other is a just rebuilt Gentoo workstation. Think this could have anything to do with the Bash configuration? Thanks, festus -- I just want to break even. pgpxZGDwGKSok.pgp Description: PGP signature
Re: [gentoo-user] LVM2 log file puzzle
On Saturday 06 December 2008 23:40:15 Philip Webb wrote:
At start-up shut-down, lines appear on screen :
/var/log/lvm2.log : fopen failed : No such file or directory
When I check for the file I get :
root:537 log pwd
/var/log
root:538 log ls -l lvm2.log
-rw-rw-rw- 1 root root 116194 2007-11-02 04:49 lvm2.log
root:539 log file lvm2.log
lvm2.log: ASCII text
It seems it was written when I set up LVM on this machine in 2007 ,
but hasn't been accessible since then.
Is the problem that /var is not mounted at these moments ?
root:535 log df
Filesystem 1K-blocks Used Available Use% Mounted on
...
/dev/mapper/lvm-var2097084647704 1449380 31% /var
If so, what is the correct way out of the jam ?
I left mine at the defaults settings, thusly
log {
# Controls the messages sent to stdout or stderr.
# There are three levels of verbosity, 3 being the most verbose.
verbose = 0
# Should we send log messages through syslog?
# 1 is yes; 0 is no.
syslog = 1
# Should we log error and debug messages to a file?
# By default there is no log file.
#file = /var/log/lvm2.log
# Should we overwrite the log file each time the program is run?
# By default we append.
overwrite = 0
# What level of log messages should we send to the log file and/or syslog?
# There are 6 syslog-like log levels currently in use - 2 to 7 inclusive.
# 7 is the most verbose (LOG_DEBUG).
level = 0
Seems this is adequate to get around your dilemma
--
alan dot mckinnon at gmail dot com
Re: [gentoo-user] Setting Putty window title to currently executing command
On Sat, Dec 6, 2008 at 4:04 PM, John J. Foster [EMAIL PROTECTED] wrote: On Sat, Dec 06, 2008 at 03:58:36PM -0600, Paul Hartman wrote: On Sat, Dec 6, 2008 at 3:11 PM, John J. Foster [EMAIL PROTECTED] wrote: I seem to remember ssh'ing into an old Gentoo box and having the window title change to the currently executing command. For instance, when emerging something that had 10 packages, the title would show something like emerging (4 of 10) perl_something_or_other I'm not sure whether I was using screen at the time, or not. I'm not even positive I was using Putty (I might have been on another 'nix). Can anyone help me out? I use PuTTY on Windows and the title updates as you described. I don't think I had to do anything special to accomplish it. Thanks Paul, but mine doesn't do it anymore. I'm ssh'ing to 2 different Gentoo boxes, one is a VM on my wifes XP box and the other is a just rebuilt Gentoo workstation. Think this could have anything to do with the Bash configuration? Make sure you do not have notitles set in /etc/make.conf -- i think it disables the feature you're trying to get. I also think there may be .screenrc options to control this... in my /etc/screenrc i have: # special xterm hardstatus: use the window title. termcapinfo xterm 'hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007' Thanks, Paul
[gentoo-user] QoS and tc
Hi list, I'm trying to set up some sort of QoS for my small network. I've got a pretty slow 512kb/256kb ADSL line and I'd like to have it managed better. All the examples I have found[1] talk a lot about outbound..or inbound, but not both. The problem is that my upstream bandwidth is half that of my downstream. Can anyone point me to some guides or anything for setting up tc QoS on one interface but in two different directions (and with two different rulesets). Appreciate any help Thanks Matt [1]http://lartc.org/howto/lartc.cookbook.fullnat.intro.html
[gentoo-user] Re: boot to console (text) mode
Dale [EMAIL PROTECTED] writes: You may want to check /etc/rc.conf and make sure it is not starting there. I'm assuming you want to boot to the default level but just not wanting the GUI to start. You may want search for softlevel and add that to your boot loader. Thanks... yes /etc/rc.conf was the culprit What I see about softlevel, using google ,it appears to be more involved than what I need. It must be a tool in a larger package since eix doesn't know about it on up to date portage, but I see mention of it with google. This sort of depends on why you are doing this and if it is a often used thing or just once in a blue moon. It's been my practice for many years to boot into text mode since more often than not, what I need to do can be done comfortably there. So I've always choosen to use startx as needed. That will now be possible since I can now control what happens with ~/.xinitrc. Another old practice I've clung to.
[gentoo-user] totem build failure on profile change
Hi all, I have a machine that was running a 2007 profile. I switched it to 2008.0/desktop and proceeded to do updates. The updates completed but revdep-rebuild wanted to rebuild a few things where I ended with one failure - totem. Now, I'm trying to understand what's failed. I don't know what 'krb5' is. Best guess from eix is 'kerberos' which isn't currently installed, or so it seems. gandalf ~ # eix -c krb5 [N] app-crypt/mit-krb5 (1.6.3-r4): MIT Kerberos V [N] sys-auth/pam_krb5 (3.10): Kerberos 5 PAM Authentication Module Found 2 matches. gandalf ~ # Hrre's the flags for totem: gandalf ~ # emerge -pv totem These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] media-video/totem-2.22.2-r1 USE=bluetooth gnome python -debug -galago -lirc -nautilus -nsplugin -nvtv -seamonkey -tracker -xulrunner 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB gandalf ~ # I tried turning off the bluetooth flag but it failed the same way. Anyone recognize the problem? Cheers, Mark SNIP d-2.0.so -lpthread -lrt /usr/lib/libxml2.so -lz -lm /usr/lib/libglib-2.0.so /usr/lib/libXrandr.so /usr/lib/libXrender.so /usr/lib/libXxf86vm.so /usr/lib/libXtst.so /usr/lib/libXext.so /usr/lib/libX11.so /usr/lib/libXau.so /usr/lib/libXdmcp.so -ldl /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/../../../../i686-pc-linux-gnu/bin/ld: cannot find -lkrb5 collect2: ld returned 1 exit status make[5]: *** [bvw-test] Error 1 make[5]: Leaving directory `/var/tmp/portage/media-video/totem-2.22.2-r1/work/totem-2.22.2/src/backend' make[4]: *** [all] Error 2 make[4]: Leaving directory `/var/tmp/portage/media-video/totem-2.22.2-r1/work/totem-2.22.2/src/backend' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/var/tmp/portage/media-video/totem-2.22.2-r1/work/totem-2.22.2/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/var/tmp/portage/media-video/totem-2.22.2-r1/work/totem-2.22.2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/media-video/totem-2.22.2-r1/work/totem-2.22.2' make: *** [all] Error 2 * * ERROR: media-video/totem-2.22.2-r1 failed. * Call stack: * ebuild.sh, line 49: Called src_compile * environment, line 2799: Called gnome2_src_compile * environment, line 2140: Called die * The specific snippet of code: * emake || die compile failure * The die message: * compile failure SNIP
Re: [gentoo-user] QoS and tc
Le Saturday 06 December 2008 23:50:33 Matt Harrison, vous avez écrit : Hi list, I'm trying to set up some sort of QoS for my small network. I've got a pretty slow 512kb/256kb ADSL line and I'd like to have it managed better. All the examples I have found[1] talk a lot about outbound..or inbound, but not both. The problem is that my upstream bandwidth is half that of my downstream. Can anyone point me to some guides or anything for setting up tc QoS on one interface but in two different directions (and with two different rulesets). Appreciate any help Thanks Matt [1]http://lartc.org/howto/lartc.cookbook.fullnat.intro.html Hi, I have set up QoS on my gateway with uses an ADSL connection. I have done this using Shorewall, it works well and there is a great howto here : http://www.shorewall.net/traffic_shaping.htm . I have done the same before using only iptables and tc rules following lartc guide, but i think it is easiest with shorewall and enough powerfull for your needs. Regards, Paul Ezvan
Re: [gentoo-user] Re: boot to console (text) mode
Harry Putnam wrote: Dale [EMAIL PROTECTED] writes: You may want to check /etc/rc.conf and make sure it is not starting there. I'm assuming you want to boot to the default level but just not wanting the GUI to start. You may want search for softlevel and add that to your boot loader. Thanks... yes /etc/rc.conf was the culprit What I see about softlevel, using google ,it appears to be more involved than what I need. It must be a tool in a larger package since eix doesn't know about it on up to date portage, but I see mention of it with google. You may not need this but a little more info may be helpful someday. http://forums.gentoo.org/viewtopic-p-4133027.html#4133027 softlevel isn't a software package but a command that can be passed from the bootloader to the kernel. You should get a better picture when you read that thread. I hope anyway. Glad you got it working like you wanted tho. Dale :-) :-)
[gentoo-user] Re: Buying a low-cost printer for Linux
On 2008-12-06, Mark Knecht [EMAIL PROTECTED] wrote: After reading through this thread again, doing some online study and sending my dad out to find out what he could buy locally he found Sam's Club has this HP Color LaserJet for $280 which has specs that look pretty good to me: Color laser printers are great for things like maps, charts, diagrams, and graphs, but I've never seen one that did a decent job with photos. [However, itq has been at least a year since I looked at printers.] So if printing photos is a requirement, make sure the printer in question does a good enough job for you. In my experience, any HP that does postscript will work great with Linux. You may want to confirm that there's a .ppd file for that model so that CUPS can take advantage of all the bells and whistles (e.g. selecting resolution, paper source, controlling duplexing, etc.). -- Grant
Re: [gentoo-user] Curious pattern in log files from ssh...
On Fri, Dec 5, 2008 at 10:05 AM, Evgeniy Bushkov [EMAIL PROTECTED] wrote: Adam Carter пишет: Also take a note that there are no known-compromised hosts What about hosts listed in RBLs? http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists. It would be interesting to see if how much correlation there is between ssh brute forcing bots and the contents of the various lists. It's just interesting. But I don't trust them enough. I don't know how these lists were composed. We've periodically seen viruses outbreaks, some computers IPs could get into lists because of trojans and so on. One day you won't reach your server from your own home computer... The fact that a lot of 'compromised hosts' are home users with providers like comcast, verizon, etc lends another trouble as well... dynamic IPs mean that the next person with the luck of the draw in getting that IP can't reach your servers either, and if *you* happen to be that person, no reasonable whitelist will ever get you back in from that location until you get another IP. because ANY IP can be forged. Its easy enough to forge a SYN, but to setup a session so you can make a password guessing attempt requires that you also get the packets back from the server, which is an order of magnitude more difficult. Ever since OSes have implemented well chosen initial sequence numbers, spoofing of TCP sessions has become very difficult. I agree but as admin I prefer to think about many things worse than they really are. If something wrong is possible it's better to avoid it beforehand. Best regards, Evgeniy B. Careful with that line of thinking... you'll inevitably come to the conclusion that there's no hope and you're better off just turning the system off, unplugging it from the wall, and locking it into a very sturdy vault deep beneath a very solid mountain! (until you ponder yourself insane over the security risks that exist even then, let alone the impact on usability) -- Poison [BLX] Joshua M. Murphy
