Hi all !
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
have a LAN and be able to get data on how many MB each host downloaded
for billing purposes.
Any help much appreciated
Marcel
--
To
The simplest way - is to LOG packets using IPTABLES.
My friends from Internet-provider are doing so.
Another way is to use proxy-servers (like SQUID).
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
Is there any docs / FAQs on apache re: stopping bots accessing it. At
the moment, one of the worms keeps trying to access
/winnt/system32/cmd.exe even though it doesn't exist on debian (or
unixfor that matter).
I suppose it's a waste of bandwidth as it keeps cropping up every few
Hi,
Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing. Is there any way
to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block
msg.pgp
Description: PGP message
On Tue, Dec 04, 2001 at 11:25:50PM -0500, Robert Ruzbacky wrote:
Is there any docs / FAQs on apache re: stopping bots accessing it. At
the moment, one of the worms keeps trying to access
/winnt/system32/cmd.exe even though it doesn't exist on debian (or
unixfor that matter).
I am also
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than
That's majorly overkill when there's access controls in squid itself. Why
take a sledgehammer to break a nut.
--
ian
- Original Message -
From: Rishi L Khan [EMAIL PROTECTED]
To: Chris Harrison [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; 'Debian Security'
[EMAIL PROTECTED]
Sent: Tuesday,
martin f krafft [EMAIL PROTECTED] writes:
* William R. Ward [EMAIL PROTECTED] [2001.11.29 18:00:40-0800]:
Question: Is it generally considered secure enough to sudo a bash
script like your sucpaliases? Or should a C equivalent be written
instead?
no. especially not the quick'n'dirty
* William R. Ward [EMAIL PROTECTED] [2001-12-04 11:56]:
Yes, it is difficult, but if one is conscientious enough about
checking all the environment variables and such it can be done.
For oneliners, maybe. But even there it's hard. YMMV. I can find
better things than trying to secure shell
ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
37/tcp opentime
66/tcp opensql*net
Gerfried Fuchs writes:
* William R. Ward [EMAIL PROTECTED] [2001-12-04 11:56]:
Because the thread originated there.
I haven't seen it before here. Do you really mean
[EMAIL PROTECTED] and not [EMAIL PROTECTED]?
Those are two totally different things Maybe you have to resend
your message
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well,111 is the portmap port..carefully,its a gate for intrusion with
rpc attacks..
you must disable portmap. try something like update-rc -f remove
portmap or
update-rc -f portmap remove i forgot..
if that doesn work try blocking ports vias
J. Paul Bruns-Bielkowicz [[EMAIL PROTECTED]] wrote:
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
37/tcp
On Tue, 4 Dec 2001, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
Well, you're not actually DIABLING anythingin /etc/services. That file is
just
(2001-12-04) J. Paul Bruns-Bielkowicz sed :
| Hi,
| I disabled all but a few ports in /etc/services, but I have
| tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
| ESTABLISHED
| when I netstat my machine. What exactly does this mean? I just want
| 25/tcp opensmtp
/etc/services doesn't control services. The only function of this file is to
translate between port numbers and service names. Commenting stuff in there
doesn't help. What you need is to figure out what processes are keeping the
ports open and shut down all the unneeded ones. In this case you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
J. Paul Bruns-Bielkowick:
Port 111 is sunrpc. I forgot the exact name of the package that
leaves this open (perhaps someone else can recall it). If you
type 'netstat -p' (as root) you will see which programs have
which ports open. For the quick
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp
[EMAIL PROTECTED] (William R. Ward) writes:
It's been an option on traditional Unix systems for a long time. When
kernel runs the interpreter listed on the #! line, it does so with
suid/sgid access enabled. It's not really any more difficult than
launching binaries.
However, there is an
Alexander Clouter [EMAIL PROTECTED] writes:
ermdon't diasble them in /etc/services, this normally doesn't work (as
far as I'm aware). /etc/services is more a 'lookup' service then a 'whether
I should actually work' service.
Ditto.
according to /etc/serices 111 is 'portmapper', darned
On Tue, Dec 04, 2001 at 11:03:24PM +0100, Robert Magier wrote:
Hello.
What in source files should I change if I want syslogd to read another
config file, then /etc/syslog.conf, by default ?
Nothing, it's a runtime argument. When invoking syslogd, use the -f
argument to specify an alternative
Hi Paul,
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
On Tue, 4 Dec 2001, Robert Magier wrote:
What in source files should I change if I want syslogd to read another
config file, then /etc/syslog.conf, by default ?
How about the manpage? (The -f opttion) Or, as folks around here say:
perl -e 'print
This is one remnant of the "trusted" world of Unix, and the legacy that
Linux has to deal with. It's ipchains/iptables to the rescue.
I do not have NFS turned on in the kernel modules, nor the package
installed. Yet this port is still open *to the outside world*. Can
anyone suggest a reason why
* William R Ward [EMAIL PROTECTED] [2001.12.04 10:48:19-0800]:
Right; but assumin gone takes care of this kind of issue, is there
anything inherently unsafe about running shell scripts through sudo?
I understand that there are risks of race conditions with setuid shell
scripts, and so they
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.03 00:57:48+0100]:
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridge,
Hi!
I scanned my debian 2.2 and find
port 765/tcp - webster
I look thru my system files(xinetd, inetd) and didnt find the service
webster.
What is it?
Billy
On Tue, Dec 04, 2001 at 09:05:07AM +0300, Igor L. Balusov wrote:
Hi!
I scanned my debian 2.2 and find
port 765/tcp - webster
I look thru my system files(xinetd, inetd) and didnt find the service
webster.
What is it?
webster is an old dictionary program. We actually run websterd
Hi all !
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
have a LAN and be able to get data on how many MB each host downloaded
for billing purposes.
Any help much appreciated
Marcel
The simplest way - is to LOG packets using IPTABLES.
My friends from Internet-provider are doing so.
Another way is to use proxy-servers (like SQUID).
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
There is a tool called rasa, look at http://rasa.gis.de.
English information is available from [EMAIL PROTECTED]
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
have a LAN and be able to get data on
On Tue, 2001-12-04 at 09:35, Marcel Welschbillig wrote:
Hi all !
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
have a LAN and be able to get data on how many MB each host downloaded
for billing
On Tue, Dec 04, 2001 at 04:35:04PM +0800, Marcel Welschbillig wrote:
Hi all !
Know this is a bit off subject but dose anybody know any good programs
to use for monitoring Megabytes per IP address. What i want to do is
have a LAN and be able to get data on how many MB each host downloaded
Recently, I had someone trying to browse the web from one of our servers
via squid. Luckily, I didn't need squid for this machine, so I took it
off and emailed the hostmaster of the domain the person was doing it
from..luckily the IP address was the same. i also managed to get the
IP address
Is there any docs / FAQs on apache re: stopping bots accessing it. At
the moment, one of the worms keeps trying to access
/winnt/system32/cmd.exe even though it doesn't exist on debian (or
unixfor that matter).
I suppose it's a waste of bandwidth as it keeps cropping up every few
minutes..other
Hi,
Trouble is, the IP addresses that access squid don't have host
names (ie. they don't exist) and they keep changing. Is there any way
to block access to this and is there a good FAQ, etc.
there is a good FAQ at /usr/doc/squid/FAQ.html (belongs to web/squid).
But you should not block these
On another server, which I have squid running and want running, I keep
getting accesses from http://service.bfast.com/bfast/serve and someone
seems to be accessing web pages late at night when everyone has gone
home. Trouble is, the IP addresses that access squid don't have host
names (ie.
msg.pgp
Description: PGP message
I created a php 404 Error page, where I list the fingerprints of the worms
I know.
If I find one of them is causing the request, I let the script simply die
so I don't waste any more bandwidth then neccessary on these anoying
creatures.
I thought about blocking IP's involved but the sources
On Tue, Dec 04, 2001 at 11:25:50PM -0500, Robert Ruzbacky wrote:
Is there any docs / FAQs on apache re: stopping bots accessing it. At
the moment, one of the worms keeps trying to access
/winnt/system32/cmd.exe even though it doesn't exist on debian (or
unixfor that matter).
I am also
Hi Johann!
Is there any docs / FAQs on apache re: stopping bots accessing it. At
the moment, one of the worms keeps trying to access
/winnt/system32/cmd.exe even though it doesn't exist on debian (or
unixfor that matter).
I am also interested in this. I experience frequent visits
Title: ::: 파라주라 메일 발송 :::
먼저 사전 양해없이 메일을 보내드려 죄송합니다.
본 메일은 정통부 권고사항에 의거 제목에(광고)라 표시된 광고 메일입니다.
더이상 메일을 받고싶지 않으시면
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).
-rishi
On Tue, 4 Dec 2001, Chris Harrison
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tend to agree that filtering things at layer 3 and 4 is
the best
policy (since I don't fully trust every program I run to
filter
itself properly). iHowever, if you are running 2.4 kernel
you will
need to investigate iptables rather than
That's majorly overkill when there's access controls in squid itself. Why
take a sledgehammer to break a nut.
--
ian
- Original Message -
From: Rishi L Khan [EMAIL PROTECTED]
To: Chris Harrison [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; 'Debian Security'
debian-security@lists.debian.org
martin f krafft [EMAIL PROTECTED] writes:
* William R. Ward [EMAIL PROTECTED] [2001.11.29 18:00:40-0800]:
Question: Is it generally considered secure enough to sudo a bash
script like your sucpaliases? Or should a C equivalent be written
instead?
no. especially not the quick'n'dirty
Gerfried Fuchs writes:
* William R Ward [EMAIL PROTECTED] [2001-12-03 00:50]:
Right; but assuming one takes care of this kind of issue, is there
anything inherently unsafe about running shell scripts through sudo?
shell scripts usually call other programs - whose behavior could be
most of the
* William R. Ward [EMAIL PROTECTED] [2001-12-04 11:56]:
Yes, it is difficult, but if one is conscientious enough about
checking all the environment variables and such it can be done.
For oneliners, maybe. But even there it's hard. YMMV. I can find
better things than trying to secure shell
ACL's are avalible in squid, what you can do is setup an ACL to allow only
your networks IP's to connect to squid, and deny everything else.
like this:
acl all src 0.0.0.0/0.0.0.0
acl private_networks0 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
acl private_networks1 src xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
37/tcp opentime
66/tcp opensql*net
what about ip accounting?
Petre L. Daniel
Linux Administrator,Canad Systems Pitesti
http://www.cyber.ro email:[EMAIL PROTECTED]
phone: +4048220044,+4048206200
-Mesaj original-
De la: Yotam Rubin [mailto:[EMAIL PROTECTED]
Trimis: Tuesday, December 04, 2001 1:51 AM
Catre:
[EMAIL PROTECTED] (William R. Ward) writes:
Gerfried Fuchs writes:
[setuid scripts]
You have a misinformation/misinterpretation there. It's not disabled,
it's simply not possible in the way scripts are run.
It's been an option on traditional Unix systems for a long time.
It's perfectly
Gerfried Fuchs writes:
* William R. Ward [EMAIL PROTECTED] [2001-12-04 11:56]:
Because the thread originated there.
I haven't seen it before here. Do you really mean
[EMAIL PROTECTED] and not debian-security@LISTS.debian.org?
Those are two totally different things Maybe you have to resend
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
/etc/services does not enable or disable ports. It is merely a database
mapping commonly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well,111 is the portmap port..carefully,its a gate for intrusion with
rpc attacks..
you must disable portmap. try something like update-rc -f remove
portmap or
update-rc -f portmap remove i forgot..
if that doesn work try blocking ports vias
Hello.
What in source files should I change if I want syslogd to read another
config file, then /etc/syslog.conf, by default ?
--
Robert Magier
On Tue, 4 Dec 2001, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
/etc/services doesn't control services. The only function of this file is to
translate between port numbers and service names. Commenting stuff in there
doesn't help. What you need is to figure out what processes are keeping the
ports open and shut down all the unneeded ones. In this case you
Paul,
Commenting things out in /etc/services is not really the way to disable
them. Here is a good, concise, Debian-specific piece of documentation:
http://www.debian.org/doc/manuals/securing-debian-howto/
Also, try the Security-Quickstart-HOWTO:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
J. Paul Bruns-Bielkowick:
Port 111 is sunrpc. I forgot the exact name of the package that
leaves this open (perhaps someone else can recall it). If you
type 'netstat -p' (as root) you will see which programs have
which ports open. For the quick
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp
[EMAIL PROTECTED] (William R. Ward) writes:
It's been an option on traditional Unix systems for a long time. When
kernel runs the interpreter listed on the #! line, it does so with
suid/sgid access enabled. It's not really any more difficult than
launching binaries.
However, there is an
Alexander Clouter [EMAIL PROTECTED] writes:
ermdon't diasble them in /etc/services, this normally doesn't work (as
far as I'm aware). /etc/services is more a 'lookup' service then a 'whether
I should actually work' service.
Ditto.
according to /etc/serices 111 is 'portmapper', darned
On Tue, Dec 04, 2001 at 11:03:24PM +0100, Robert Magier wrote:
Hello.
What in source files should I change if I want syslogd to read another
config file, then /etc/syslog.conf, by default ?
Nothing, it's a runtime argument. When invoking syslogd, use the -f
argument to specify an alternative
Hi Paul,
On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0 0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
On Tue, 4 Dec 2001, Robert Magier wrote:
What in source files should I change if I want syslogd to read another
config file, then /etc/syslog.conf, by default ?
How about the manpage? (The -f opttion) Or, as folks around here say:
perl -e 'print
This is one remnant of the trusted world of Unix, and the legacy that
Linux has to deal with. It's ipchains/iptables to the rescue.
I do not have NFS turned on in the kernel modules, nor the package
installed. Yet this port is still open *to the outside world*. Can
anyone suggest a reason why
* William R Ward [EMAIL PROTECTED] [2001.12.04 10:48:19-0800]:
Right; but assumin gone takes care of this kind of issue, is there
anything inherently unsafe about running shell scripts through sudo?
I understand that there are risks of race conditions with setuid shell
scripts, and so they are
* Wichert Akkerman [EMAIL PROTECTED] [2001.12.03 00:57:48+0100]:
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
i guess you are right. my only problem is that a bridge does MAC/SNAP
and is
* Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]:
Anyways, I've been following this thread and wondering: Is there any
reason why snort would or would not work with a bridge?
snort is a tool that primarily assesses ip, tcp, and application level
protocols. if you run it on a bridge,
75 matches
Mail list logo