R: web-based/gui firewall administration

2002-04-17 Thread Sebastiano Scorbati 

If you're using IPTABLES, you might have a try at IPMENU:
http://users.pandora.be/stes/ipmenu.html .
Basically, it is a curses based GUI. Being curses based means that it can be
accessed through telnet (unsafe), SSH, or even from a serial terminal.
Unfortunately I don't have any direct experience to share about IPMENU.


Sincerely,

Sebastiano Scorbati

-Messaggio originale-
Da: Robert Waldner [EMAIL PROTECTED]
A: [EMAIL PROTECTED] [EMAIL PROTECTED]
Data: martedì 16 aprile 2002 15.08
Oggetto: Re: web-based/gui firewall administration



On Mon, 15 Apr 2002 14:12:03 PDT, Jeremy C. Reed writes:
I have a customer that wants a easy-to-use interface for configuring a
firewall.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer 210.135.175.47:43827/

2002-04-17 Thread Jason Lim 

Hi all,

can anyone make sense of the following?

Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer
210.135.175.47:43827/
80 shrinks window 2321430930:2321431630. Repaired.

What is this Treason uncloaked?

I think the following is unrelated, but I also found a lot of them (50+)
in the logs:

Apr 16 19:52:54 teks kernel: UDP: bad checksum. From 195.212.86.48:16384
to xxx.194.146.xxx:33618 ulen 20
Apr 16 19:53:00 teks kernel: UDP: bad checksum. From 195.212.86.48:16384
to xxx.194.146.xxx:33561 ulen 20

About 6 hours later, the box crashed (not sure if it could be related to
the above attacks).

Any ideas?

TIA.

Jason



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

postfix with SASL on Debian?

2002-04-17 Thread Patrick Hsieh 

Hello,

I'd like to enable postfix+sasl+courier-imap+Maildir support of Postfix
on woody. Everything goes well except for postfix+sasl.

What packages should I install anyway? Any instructions ?


-- 
Patrick Hsieh [EMAIL PROTECTED]
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer 210.135.175.47:43827/

2002-04-17 Thread Russell Coker 

On Thu, 18 Apr 2002 01:43, Jason Lim wrote:
 Hi all,

 can anyone make sense of the following?

 Apr 17 10:49:49 teks kernel: TCP: Treason uncloaked! Peer
 210.135.175.47:43827/
 80 shrinks window 2321430930:2321431630. Repaired.

 What is this Treason uncloaked?

From /usr/src/linux/net/ipv4/tcp_timer.c:

if (tp-snd_wnd == 0  !sk-dead 
!((1sk-state)(TCPF_SYN_SENT|TCPF_SYN_RECV))) {
/* Receiver dastardly shrinks window. Our retransmits
 * become zero probes, but we should not timeout this
 * connection. If the socket is an orphan, time it out,
 * we cannot allow such beasts to hang infinitely.
 */
#ifdef TCP_DEBUG
if (net_ratelimit())
printk(KERN_DEBUG TCP: Treason uncloaked! Peer 
%u.%u.%u.%u:%u/%u shrinks window %u:%u. Repaired.\n,
   NIPQUAD(sk-daddr), htons(sk-dport), sk-num,
   tp-snd_una, tp-snd_nxt);
#endif

So it appears that someone is running some sort of tar-pit system that is 
designed to keep sockets in a bad state and run you out of kernel memory.

I suspect that this ties in with the spam blocking things we recently 
discussed.  Maybe you should tell your ISP that they are to blame for such 
actions being done to you and that they should give you face (I think that 
was the term you used) by closing their open relays.

 I think the following is unrelated, but I also found a lot of them (50+)
 in the logs:

 Apr 16 19:52:54 teks kernel: UDP: bad checksum. From 195.212.86.48:16384
 to xxx.194.146.xxx:33618 ulen 20
 Apr 16 19:53:00 teks kernel: UDP: bad checksum. From 195.212.86.48:16384
 to xxx.194.146.xxx:33561 ulen 20

UDP and TCP, no direct relation.  But if someone's trying something nasty on 
one protocol they might be trying something nasty on another, the IPs are 
different, but faking the source of UDP is no great challenge.

 About 6 hours later, the box crashed (not sure if it could be related to
 the above attacks).

Someone who's doing the tar-pit attack would probably like your box to crash, 
but I'd hope that Linux can withstand such things, and there is special-case 
code in there to deal with it.  My guess is that your posting to the 
ide-arrays list about 3ware driver problems is a more likely explanation of 
the crash.

-- 
If you send email to me or to a mailing list that I use which has 4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]