Hi,
On Tue, 12 Feb 2002, Larry Platzek wrote:
> How much effor would be required to update DUCLING to include use the
> newer version of FreeS/wan?
Probably not much. The easiest route would require stripping the
IPSec-enabled Dachstein distribution down. The purpose of DUCLING was to
put a working VPN/Firewall on a single diskette for people to play with.
It was more of a proof-of-concept than a serious tool.
As far as going adding a second floppy ... its been done. Dachstein
works well, unless you feel you can improve upon this.
I don't know if everything would still fit (I believe it still would). I
found the most time-consuming part of the whole thing was testing and
documentation. I would readily do an update, but I'm pretty busy right
now. If anyone wishes to update DUCLING, I would gladly encourage them to
do so.
Regards,
Duncan.
On Tue, 12 Feb 2002, Larry Platzek wrote:
> How much effor would be required to update DUCLING to include use the
> newer version of FreeS/wan? I would guess not a lot. By updating
> the potential problems are removed and a better version is obtained.
>
> Besides maybe needing a second diskette any reason that the external
> interface be analog modem instead of an ethernet connection?
> The reason I ask someone asked me, so thought would ask here.
> Thank you.
>
>
>
> Larry Platzek [EMAIL PROTECTED]
>
>
> On Mon, 11 Feb 2002, Charles Steinkuehler wrote:
>
> > Date: Mon, 11 Feb 2002 10:45:42 -0600
> > From: Charles Steinkuehler <[EMAIL PROTECTED]>
> > To: Duncan Napier <[EMAIL PROTECTED]>
> > Cc: [EMAIL PROTECTED]
> > Subject: [Leaf-user] Re: Obsidian.E virus?
> >
> > > > Message: 1
> > > > Date: Fri, 8 Feb 2002 08:21:49 -0600
> > > >
> > > > I have been informed that Panda Antyvirus Platinum on Windows XP reports
> > > > that the file /usr/bin/tr contained as part of ipsec.lrp (apparently
> > version
> > > > 1.5 or earlier, since there is no tr command included in my latest ipsec
> > > > 1.91 package) is infected by the Linux/Obsidian.E virus.
> > > >
> > > > I'm currently trying to verify this, and track down exactly what the
> > > > Obsidian virus is supposed to do. If anyone has any information on this
> > > > virus, or can help verify the file is/is not infected, I would greatly
> > > > appreciate it.
> > > >
> > > > I currently have no idea if this is simply a false positive, or if there
> > is
> > > > actually a problem, but wanted to let everyone know just in case.
> > > >
> > > Any news on the status of this? I am somewhat concerned too, since the
> > > DUCLING release uses the Eigerstein FreeS/WAN 1.5 distribution.
> > >
> > > It is now available at LEAF:
> > >
> > > http://sourceforge.net/project/showfiles.php?group_id=13751
> > >
> > > courtey of Mike Noyes. Should I ask for it to be taken down?
> >
> > No, I think everything is OK.
> >
> > For those concerned about the reported Obsidian virus contained in the
> > /usr/bin/tr utility of my IPSec packages, here's the current status:
> >
> > - Marcin Bulandra reported that Panda Antyvirus Platinum on his Windows XP
> > machhine listed /usr/bin/tr (contained within the ipsec.lrp tar.gz file) as
> > being infected with the Obsidian.E virus.
> >
> > - Several folks have checked this file with alternate virus scanners, and
> > the file is not listed as infected
> >
> > - The information I have been able to gather online indicates that
> > Obsidian.E is a linux elf virus, which infects files by pre-pending it's apx
> > 8K virus payload to an executable file, creating a file with two elf headers
> > (one for the original file, and one for the virus.
> >
> > - Examination of the file in question indicates only a single elf header
> >
> > - The file-size (19008 bytes) does not seem to allow for an 8K virus
> > payload...this is one of the smallest tr binaries on any of my systems.
> >
> > - Examination of the output of strace does not reveal anything that looks
> > out of the ordinary (ie virus code running prior to the actual tr functions)
> > when running the tr utility
> >
> > I suspect at this point that something about how Panda Antyvirus Platinum is
> > scanning files for the Obsidian virus yields a false positive for the tr
> > binary included in my older IPSec packages.
> >
> > Charles Steinkuehler
> > http://lrp.steinkuehler.net
> > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
> >
> >
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
>
--
--------------------------------------------------------------------------
Duncan Napier email:[EMAIL PROTECTED]
Napier Systems Research Ph:(604) 781-2398
http://www.napiersys.bc.ca
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
