Force DNS zonetransfer regardless of serial ?
Is it possible to force a secondary/slave NS to do a zone transfer for a particualr zone _regardless_ of the local stored serial? I certainly know that this is not recommended for daily use, but I occasionly have a situation where this is required. Any ideas beyond manually deleting the db-file? tia, Marcel -- __ .´ `. : :' ! Enjoy `. `´ Debian/GNU Linux `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel-image-2.4.7-586
Craig Sanders proclaimed: On Sun, Aug 12, 2001 at 04:21:32PM +0100, Bruno David Sim?es Rodrigues wrote: Could we have a configuration to disable ECN in netbase package ? install the systune package and add the following lines to /etc/systune.conf: # turn off ECN (Explicit Congestion Notification /proc/sys/net/ipv4/tcp_ecn:0 then run /etc/init.d/systune reload whats wrong with sysctl (from procps)? Just put net.ipv4.tcp_ecn = 0 in /etc/sysctl.conf and you're done. Holger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Confused
Hi everybody :) How to write this clearest *sigh* When i telnet to port 25 from my desktop machine to my secondary mail server (sendmail), the time period is almost instant, however when i telnet from my primary mail (exim) server outside my firewall to my secondary mail server there is a noticeable delay. Anyone got any suggestions, have checked out my firewall script and it is letting though DNS stuff, also both servers have rev lookups. SOS Kind regards Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Confused
Open my firewall for 113 Auth ... has worked, now i need someone or some docs to explain what/how and why :) Thought auth was a security exploit ? thanks for the help dudes Craig :) -Original Message- From: Thomas Fini Hansen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 4:45 PM To: Craig Cc: Debian-Isp Subject: Re: Confused On Tue, Aug 14, 2001 at 04:36:54PM +0200, Craig wrote: Hi everybody :) How to write this clearest *sigh* Hope I understand the problem properly. When i telnet to port 25 from my desktop machine to my secondary mail server (sendmail), the time period is almost instant, however when i telnet from my primary mail server outside my firewall to my primary mail server (exim) there is a noticeable delay. Anyone got any suggestions, have checked out my firewall script and it is letting though DNS stuff, also both servers have rev lookups. Had the same problem, exim does a reverse connection on the auth port (113), and if it's blackholed there is a 10 second timeout. Try making sure that the firewall *denies* the connection (or lets it though, doen't really matter). -- Thomas [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Confused
Craig wrote: Open my firewall for 113 Auth ... has worked, now i need someone or some docs to explain what/how and why :) http://www.amaranth.com/cgi/showport.cgi?prot=tcpport=113 Thought auth was a security exploit ? Not if you don't have an auth server running :-) Haim. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
sniffer
Dear all I learnt that sniffer program can steal password and secure shell can prevent it But how do I do it in Cisco router? and Do I have any methods to prevent the sniffer program to my router and servers? TIA Cheers __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Host my own box as my own ISP?
How do I set up/configure Windows 2000 Advanced server as ISP host on my own box, which is a Compaq 7495 with Windows 2000 Advanced server. My 'net connection is Bellsouth USB DSL. -Thanks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sniffer
Larry, that's a good solution but it was a little cryptic on the explanation. Let me expound some for Ann's benefit. Ann, what we're talking about is using the console on the router to do all administration, and *never* telneting to it. But physically going to all the routers and setting up a laptop is a little cumbersome. The solution is to essentially set up a totally independent serial network for the administration of the routers and switches. A serial cable is run from the console port on the router back to a central, and *heavily secured*, server. The server has to have atleast as many serial ports as you have routers so you might need to buy a serial card, like Cyclades or Comtrol or something. Comtrol supports 128 serial ports per box, last time I checked. With all this hooked up, each tty on the server corresponds to a specific router. Now just fire up your favorite terminal emulator and you can open a serial connection to any router you want. And since you're ssh'ed into the server, no one can see what you're doing or steal passwords. If you want it even more secure, don't put the server on the network at all. If this server is in a convenient location you can just walk over to it and log on it's console for the ultimate in unsniffable security! There is another option that Cisco and some switches support call AAA (triple-A) authentication. I forget what it stands fore but basically your off loading the authentication from the router to a remote server called an ACE server. That stands for Access Control Encryption. It's made by a company called Security Dynamics (recently acquired by RSA). To access something protected by AAA auth you have to have a physical card that generates auth tokens. To log in you type in the token from the card plus a PIN. The router sends this information back to the ACE server and if it's valid lets you access the resource. This method is extremely secure because there's essentially no fixed password to steal! Even if someone sniffs your PIN they still can't get in because they don't have the card. If they steal the card it's useless without your secret PIN! Combine AAA with ssh and you have a nearly impregnable line of security. At 02:21 PM 8/14/01 -0400, Larry Morrow wrote: Just my $02. AND how we do it. Connect a serial cable to the console port of your routers./switches and then ssh into your debian server and use minicom. Larry At 11:05 AM 8/14/2001 -0700, ann kok wrote: Dear all I learnt that sniffer program can steal password and secure shell can prevent it But how do I do it in Cisco router? and Do I have any methods to prevent the sniffer program to my router and servers? TIA Cheers ---=ALL YOUR BASE ARE BELONG TO US=--- ___/`YOU HAVE NO CHANCE TO SURVIVE MAKE YOUR TIME!`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Host my own box as my own ISP?
Why not ask how to build a house ( step by step ) Do some reading first. - Regards Nick Wildthing Communications ICQ# 64851373 http://www.wildcomm.net - Those who ignore the lessons of history are condemned to repeat it. I think you're on the wrong list. This list is for the discussion of the Debian distribution of Linux for ISP's. Why are you running super expensive Windows 2000 when you could be using the much more flexible and robust, not to mention FREE, Debian? If you could tell us what you're trying to do we can give you some advice on how to do it with Linux. At 01:05 PM 8/14/01 -0700, etalent wrote: How do I set up/configure Windows 2000 Advanced server as ISP host on my own box, which is a Compaq 7495 with Windows 2000 Advanced server. My 'net connection is Bellsouth USB DSL. -Thanks ---=ALL YOUR BASE ARE BELONG TO US=--- ___/`YOU HAVE NO CHANCE TO SURVIVE MAKE YOUR TIME!`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]