Re: tcp connection
Are we talking about the 'TCP 3-way handshake'? -- Kevin Blackham 801-539-0852 [EMAIL PROTECTED]877-964-7746 XMission Internet, Salt Lake City, Utah On Tue, Jun 20, 2000 at 09:47:25PM -0400, Chris Wagner wrote: > At 02:25 PM 6/20/00 +0200, Russell Coker wrote: > >They don't use NVT. The TELNET protocol is not running on (for example) a > >web server. > > Yeah but the NVT settings have to be negotiated for each side to talk to > each other. If I telnet to an Apache webserver on port 80, my telnet is > going to negotiate NVT with whatever's on the other end. Both sides have to > agree to establish the connection. Therefore, either Apache or something > below Apache in the stack has to know about NVT. Otherwise Apache would > tell me to go take a flying leap if I tried to telnet to it. What is my > telnet client negotiating with in this case??? > > > +---+ > |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | > |=- -=ALAN KEYES FOR PRESIDENT=- -=| > | Balanced Budgets Personal Freedoms Morality Lower Tax | > |=-- http://www.Keyes2000.com. --=| > ++ > > 0100 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: resource limits?
-BEGIN PGP SIGNED MESSAGE- On Tue, 20 Jun 2000, Joaquin Ferrero wrote: > >Is there a tested & reliable kernel module/hack that would provide the > >capability to limit resources? My intent is to limit the amount of > >processes, forks per second, memory, cpu, etc a user can utilize. Doesn't > >necessarily have to be a kernel module/hack, just some trusted & reliable > >method of limiting resources and preventing dos attacks (such as fork > >bombs). > > root$ man ulimit Isn't this a bash shell level thing? % ulimit ulimit: Command not found. So what happens when you have users using tcsh? ulimit is not available in tcsh. Can't users also change their ulimit settings? What about preventing fork bombs & such? - -- Hey, don't be surprised if millions die in plague and murder, true happiness lies beyond your fries and burger. -Neil Hannon -BEGIN PGP SIGNATURE- Version: 2.6.2 iQEVAwUBOVABz425JqSrqvhBAQFQeQf/ZcpafYqE6aIRvX5dWzEkS64ZoEf6kVN+ ydaCpbwTLIh8DMpLP36DNRrS4LgIFDl3Cw8eNBqkM7j2TIRfaG6qDAsR33ZgZu70 5z/Oc8yMJkyvzaF6IkumI1n8VMlysbnLH3NjAvrZvSlvMu5h6wW1xrzYL1us5aYW aMJuAEKiU34RYv/zLDOzsRrFqRLaf7IDn+QCznKLqLv5Y7Irqifc3Y7j0RZsTI3y EBmeADFx2VAexf2bflaKVVWSwae3aQ7mCbFsJAIpcN+2+SB+06sEeAFbmPxNjAI2 PzK1pb/wD+AypZhh0kH4XciO6PgJ39yHWKZEzH+esPsbrBEtKjANgA== =0pOH -END PGP SIGNATURE-
Re: tcp connection
At 02:25 PM 6/20/00 +0200, Russell Coker wrote: >They don't use NVT. The TELNET protocol is not running on (for example) a >web server. Yeah but the NVT settings have to be negotiated for each side to talk to each other. If I telnet to an Apache webserver on port 80, my telnet is going to negotiate NVT with whatever's on the other end. Both sides have to agree to establish the connection. Therefore, either Apache or something below Apache in the stack has to know about NVT. Otherwise Apache would tell me to go take a flying leap if I tried to telnet to it. What is my telnet client negotiating with in this case??? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: resource limits?
-BEGIN PGP SIGNED MESSAGE- On Tue, 20 Jun 2000, Joaquin Ferrero wrote: > >Is there a tested & reliable kernel module/hack that would provide the > >capability to limit resources? My intent is to limit the amount of > >processes, forks per second, memory, cpu, etc a user can utilize. Doesn't > >necessarily have to be a kernel module/hack, just some trusted & reliable > >method of limiting resources and preventing dos attacks (such as fork > >bombs). > > root$ man ulimit Isn't this a bash shell level thing? % ulimit ulimit: Command not found. So what happens when you have users using tcsh? ulimit is not available in tcsh. Can't users also change their ulimit settings? What about preventing fork bombs & such? - -- Hey, don't be surprised if millions die in plague and murder, true happiness lies beyond your fries and burger. -Neil Hannon -BEGIN PGP SIGNATURE- Version: 2.6.2 iQEVAwUBOVABz425JqSrqvhBAQFQeQf/ZcpafYqE6aIRvX5dWzEkS64ZoEf6kVN+ ydaCpbwTLIh8DMpLP36DNRrS4LgIFDl3Cw8eNBqkM7j2TIRfaG6qDAsR33ZgZu70 5z/Oc8yMJkyvzaF6IkumI1n8VMlysbnLH3NjAvrZvSlvMu5h6wW1xrzYL1us5aYW aMJuAEKiU34RYv/zLDOzsRrFqRLaf7IDn+QCznKLqLv5Y7Irqifc3Y7j0RZsTI3y EBmeADFx2VAexf2bflaKVVWSwae3aQ7mCbFsJAIpcN+2+SB+06sEeAFbmPxNjAI2 PzK1pb/wD+AypZhh0kH4XciO6PgJ39yHWKZEzH+esPsbrBEtKjANgA== =0pOH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp connection
At 02:25 PM 6/20/00 +0200, Russell Coker wrote: >They don't use NVT. The TELNET protocol is not running on (for example) a >web server. Yeah but the NVT settings have to be negotiated for each side to talk to each other. If I telnet to an Apache webserver on port 80, my telnet is going to negotiate NVT with whatever's on the other end. Both sides have to agree to establish the connection. Therefore, either Apache or something below Apache in the stack has to know about NVT. Otherwise Apache would tell me to go take a flying leap if I tried to telnet to it. What is my telnet client negotiating with in this case??? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: NIC install problem SOLVED
At 06:52 2000.06.21. +1000, you wrote: >Áts Attila <[EMAIL PROTECTED]> writes: > >> I've got an install problem. I want to install my Ethernet card >> (NE2000 compatible PCI produced by KTI Networks). I start modconf, >> choose net, choose ne2k-pci, get a message The ne2k-pci module is >> not currently installed. I choose Install, get a message Parameter >> documentation for this module is unavailable and installation fails. >> What can be the problem and the solution? > >Usually, you need to specify the io address and/or irq for the network >card. Something like "IRQ=10". > >Cheers, >Roland. >-- >Tell me and I'll forget; show me and I may remember; >involve me and I'll understand - Chinese Proverb. Thank you for your help. Problem looks to has been solved. Module 8390.o should be loaded before ne2k-pci.o. I had to specify neither IRQ nor I/O, they were detected. There was another problem, the card was not properly inserted in the PCI slot :-( (was not my mistake). Best regards Attila
Re: NIC install problem SOLVED
At 06:52 2000.06.21. +1000, you wrote: >Áts Attila <[EMAIL PROTECTED]> writes: > >> I've got an install problem. I want to install my Ethernet card >> (NE2000 compatible PCI produced by KTI Networks). I start modconf, >> choose net, choose ne2k-pci, get a message The ne2k-pci module is >> not currently installed. I choose Install, get a message Parameter >> documentation for this module is unavailable and installation fails. >> What can be the problem and the solution? > >Usually, you need to specify the io address and/or irq for the network >card. Something like "IRQ=10". > >Cheers, >Roland. >-- >Tell me and I'll forget; show me and I may remember; >involve me and I'll understand - Chinese Proverb. Thank you for your help. Problem looks to has been solved. Module 8390.o should be loaded before ne2k-pci.o. I had to specify neither IRQ nor I/O, they were detected. There was another problem, the card was not properly inserted in the PCI slot :-( (was not my mistake). Best regards Attila -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
NIC install problem
Thank you for the answers regarding docs. I've got an install problem. I want to install my Ethernet card (NE2000 compatible PCI produced by KTI Networks). I start modconf, choose net, choose ne2k-pci, get a message The ne2k-pci module is not currently installed. I choose Install, get a message Parameter documentation for this module is unavailable and installation fails. What can be the problem and the solution? Best regards Attila
Re: I need doc help
Welcome Attila, On Tue, 20 Jun 2000, [iso-8859-1] Áts Attila wrote: > I'm new on the list. I need some docs on how to prepare a Debian > ISP server (WWW, DNS, firewall, mail, etc.). Where can I find any? The Linux Documentation Project has several well-written docs on setting up servers. Check it out at http://www.math.bme.hu/LDP/ You may find these useful: http://www.math.bme.hu/LDP/LDP/lasg/lasg-www/ http://www.math.bme.hu/LDP/HOWTO/HOWTO-INDEX-3.html#ss3.1 Jeremy C. Reed BSD software, documentation, resources, news... http://bsd.reedmedia.net
Re: resource limits?
>Is there a tested & reliable kernel module/hack that would provide the >capability to limit resources? My intent is to limit the amount of >processes, forks per second, memory, cpu, etc a user can utilize. Doesn't >necessarily have to be a kernel module/hack, just some trusted & reliable >method of limiting resources and preventing dos attacks (such as fork >bombs). root$ man ulimit Joaquin Ferrero [EMAIL PROTECTED]
NIC install problem
Thank you for the answers regarding docs. I've got an install problem. I want to install my Ethernet card (NE2000 compatible PCI produced by KTI Networks). I start modconf, choose net, choose ne2k-pci, get a message The ne2k-pci module is not currently installed. I choose Install, get a message Parameter documentation for this module is unavailable and installation fails. What can be the problem and the solution? Best regards Attila -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
resource limits?
-BEGIN PGP SIGNED MESSAGE- Is there a tested & reliable kernel module/hack that would provide the capability to limit resources? My intent is to limit the amount of processes, forks per second, memory, cpu, etc a user can utilize. Doesn't necessarily have to be a kernel module/hack, just some trusted & reliable method of limiting resources and preventing dos attacks (such as fork bombs). - -- Smith & Wesson - the original "point and click" interface. -BEGIN PGP SIGNATURE- Version: 2.6.2 iQEVAwUBOU+DTI25JqSrqvhBAQH1Rgf/U3mkDh8cA5HTCaSJAA49aatwIJ9dIihd 1sREYoHZzi0IFdmrd98R+70oDSCcvsjCA+yQ6gebIW2LGF4wXHZnNfgWXeB2ZJJG P0RHYvx89ts0K0v5/RXcK8Pdx0L9lHnxJncITt9YOEt5yB9FxDqKOIw7u+f+H4w5 8rU6sk4j2PYnBvjLgBtnjDqtoubYg0QKi7W8Bc8q/+iQAAx66vdWZ5QrAFNLKkir I12BAb+962uNubcw2XDwR8p9KI1Ab9eY8IHmlyDiYyVzJkvESfMDh96gQmI6GaY6 hPrpYm5uBC6sJxnMxsUw1bqzCED9+CjqcoULf5KNuYWKUXZQr+NY5w== =l7bb -END PGP SIGNATURE-
I need doc help
Hello, I'm new on the list. I need some docs on how to prepare a Debian ISP server (WWW, DNS, firewall, mail, etc.). Where can I find any? Please help me. Best regards Attila
Re: I need doc help
Welcome Attila, On Tue, 20 Jun 2000, [iso-8859-1] Áts Attila wrote: > I'm new on the list. I need some docs on how to prepare a Debian > ISP server (WWW, DNS, firewall, mail, etc.). Where can I find any? The Linux Documentation Project has several well-written docs on setting up servers. Check it out at http://www.math.bme.hu/LDP/ You may find these useful: http://www.math.bme.hu/LDP/LDP/lasg/lasg-www/ http://www.math.bme.hu/LDP/HOWTO/HOWTO-INDEX-3.html#ss3.1 Jeremy C. Reed BSD software, documentation, resources, news... http://bsd.reedmedia.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: resource limits?
>Is there a tested & reliable kernel module/hack that would provide the >capability to limit resources? My intent is to limit the amount of >processes, forks per second, memory, cpu, etc a user can utilize. Doesn't >necessarily have to be a kernel module/hack, just some trusted & reliable >method of limiting resources and preventing dos attacks (such as fork >bombs). root$ man ulimit Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
resource limits?
-BEGIN PGP SIGNED MESSAGE- Is there a tested & reliable kernel module/hack that would provide the capability to limit resources? My intent is to limit the amount of processes, forks per second, memory, cpu, etc a user can utilize. Doesn't necessarily have to be a kernel module/hack, just some trusted & reliable method of limiting resources and preventing dos attacks (such as fork bombs). - -- Smith & Wesson - the original "point and click" interface. -BEGIN PGP SIGNATURE- Version: 2.6.2 iQEVAwUBOU+DTI25JqSrqvhBAQH1Rgf/U3mkDh8cA5HTCaSJAA49aatwIJ9dIihd 1sREYoHZzi0IFdmrd98R+70oDSCcvsjCA+yQ6gebIW2LGF4wXHZnNfgWXeB2ZJJG P0RHYvx89ts0K0v5/RXcK8Pdx0L9lHnxJncITt9YOEt5yB9FxDqKOIw7u+f+H4w5 8rU6sk4j2PYnBvjLgBtnjDqtoubYg0QKi7W8Bc8q/+iQAAx66vdWZ5QrAFNLKkir I12BAb+962uNubcw2XDwR8p9KI1Ab9eY8IHmlyDiYyVzJkvESfMDh96gQmI6GaY6 hPrpYm5uBC6sJxnMxsUw1bqzCED9+CjqcoULf5KNuYWKUXZQr+NY5w== =l7bb -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I need doc help
Hello, I'm new on the list. I need some docs on how to prepare a Debian ISP server (WWW, DNS, firewall, mail, etc.). Where can I find any? Please help me. Best regards Attila -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PAM (?) and anonymous CVS with SSH problem (Was: Problem accessing your CVS repo of Java Autoconf macros
On Monday 19 June 2000, at 15 h 3, the keyboard of Joey Hess <[EMAIL PROTECTED]> wrote: > Stephane Bortzmeyer wrote: > > It worked in 'slink' and fails with 'potato' > > It works in potato with me, I never even used it in slink. Are you using > openssh, or what? Yes, but it is irrelevant (apart that, when I installed ssh-nonfree on the CVS server, I got the proper error message, which was hidden by OpenSSH). It seems that, during the upgrade to potato, ash (anoncvs' shell) was lost and the server rightly checks that the shell does exist. Installing ash solved everything. Thanks.
Re: PAM (?) and anonymous CVS with SSH problem (Was: Problem accessing your CVS repo of Java Autoconf macros
On Monday 19 June 2000, at 15 h 3, the keyboard of Joey Hess <[EMAIL PROTECTED]> wrote: > Stephane Bortzmeyer wrote: > > It worked in 'slink' and fails with 'potato' > > It works in potato with me, I never even used it in slink. Are you using > openssh, or what? Yes, but it is irrelevant (apart that, when I installed ssh-nonfree on the CVS server, I got the proper error message, which was hidden by OpenSSH). It seems that, during the upgrade to potato, ash (anoncvs' shell) was lost and the server rightly checks that the shell does exist. Installing ash solved everything. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp connection
On Mon, 19 Jun 2000, Chris Wagner wrote: >At 12:50 AM 6/19/00 +0200, Russell Coker wrote: >>It is called TCP - Transmission Control Protocol. RFC793. > >I'm starting to conclude that it's just called a "tcp connection". But I'm >still reading through the RFC... It was written in 1983 and for whatever >reason it seems to use the term socket and port interchangeably. Seems like >they had different meanings than they do now. The older RFCs were written in very poor English. >I guess it's just coincidence that the common high level protocols all use >the same NVT settings. Otherwise, telneting to a web server would fail. >Maybe its the NVT settings that are the highest common thread here, does >that standard have a name I wonder. They don't use NVT. The TELNET protocol is not running on (for example) a web server. >>If you have doc-rfc package installed: >>file:/usr/doc/doc-rfc/rfc793.txt.gz > >Don't got that, but I found faqs.org. Get it. doc-rfc is an essential package to have on your laptop if you are seriously into these things. >>Anyone who calls the protocol "Transport Control Protocol" is stupid and >>should be ignored. Instruct such people to read the documents and learn. > >I've never heard anybody call it that. MS do in all their documentation. MS weenies say that everyone else should change what they call the protocol to match what MS calls it. -- My current location - X marks the spot. X X X
Re: tcp connection
On Mon, 19 Jun 2000, Chris Wagner wrote: >At 12:50 AM 6/19/00 +0200, Russell Coker wrote: >>It is called TCP - Transmission Control Protocol. RFC793. > >I'm starting to conclude that it's just called a "tcp connection". But I'm >still reading through the RFC... It was written in 1983 and for whatever >reason it seems to use the term socket and port interchangeably. Seems like >they had different meanings than they do now. The older RFCs were written in very poor English. >I guess it's just coincidence that the common high level protocols all use >the same NVT settings. Otherwise, telneting to a web server would fail. >Maybe its the NVT settings that are the highest common thread here, does >that standard have a name I wonder. They don't use NVT. The TELNET protocol is not running on (for example) a web server. >>If you have doc-rfc package installed: >>file:/usr/doc/doc-rfc/rfc793.txt.gz > >Don't got that, but I found faqs.org. Get it. doc-rfc is an essential package to have on your laptop if you are seriously into these things. >>Anyone who calls the protocol "Transport Control Protocol" is stupid and >>should be ignored. Instruct such people to read the documents and learn. > >I've never heard anybody call it that. MS do in all their documentation. MS weenies say that everyone else should change what they call the protocol to match what MS calls it. -- My current location - X marks the spot. X X X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]