Re: firewall (fwd)
On Sun, Oct 01, 2000 at 11:51:50AM -0700, George Bonser wrote: This isn't necessarily the case. It certainly appears to vary by region. They don't do it here (Denver, Colorado). Perhaps this is because DSL is so easily available :} One interesting thing that many providers are doing is not allowing any VPN traffic. If you want to telecommute and work from home, your company is going to have to buy you a commercial VPN capable account. The reasoning from the ISP standpoint is that the pricing on home accounts is very low. They are designed for private personal use. If you want to put these accounts into commercial service (they view a company offering employees a VPN connection into the company net for purposes of performing work to be commercial use) then you are going to need to buy a commercial account (or, rather, your EMPLOYER will need to purchase the account). Individual home internet accounts are a loss leader for most ISP's. They don't make beans from them and make their real money offering services to business. In that light, I really can't blame them. Over here in the UK, the ISP is free and the telecommunications network is what charges. ISPs here make money from the cost of phone calls to them (flat rate options are only just becomming available) or from advertising (they do nasty things like try to set the homepage of your browser to their own site). Neither the communication people nor the ISPs want you to use up too much of their bandwidth and so ADSL or cable modems or ISDN in reality are not feasible options for us. Thus we're limited to 56K modems. Apart from echo requests, I don't think the ISPs do anything in terms of scanning here: we get lines dropped after 2 hours, but they never complain about running servers: I run web servers and games servers on my box, and have never had a complaint. Examining the syslog shows nothing weird either. It is going to get much more difficult as time goes by to find a basic home account that will let you do much more than act as a basic client. As always, you get what you pay for. However, I do think it is a bit much for an ISP to scan their clients - it's using up bandwidth, and afterall, most windows users don't even realise that their NetBIOS port (139) is open, and in most cases their personal pooy web server is also running in the background. Are non windows users being penalised just because they are more likely to know what they are doing and to make use of these technologies? Are the ISPs really trying to lobby microsoft into having printer and network sharing turned off by default and to remove the pws? Matthew -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
firewall (fwd)
-- Forwarded message -- Date: Wed, 27 Sep 2000 21:28:47 -0500 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: firewall Hello All, Has anyone found making a debian machine with firewall support useful? What are firewalls useful for? Do they simply prevent packets from passing through the firewall into the rest of the network? Would a firewall necessarly have to be also configured to be a router? Any info you guys can provide would be useful. I was thinking about making one of my debian machies a firewall, but don't really know what I would do with it:) Thanks, D. Ghost
Re: firewall (fwd)
[EMAIL PROTECTED] wrote: Has anyone found making a debian machine with firewall support useful? Yes, very much so What are firewalls useful for? Do they simply prevent packets from passing through the firewall into the rest of the network? It depends. Firewall can mean different things: It may be a packet filtering firewall which does what you think it does. This functionality is built into the kernel (needs a recompile, probably). The interface to change its behavior is ipchains (for the 2.2.x-kernel, 2.0.x and 2.4.x use other means), i.e. you write a shell script that gets executed in a runlevel, which sets your config. Another type of firewall is a proxying firewall. There is a package called SOCKS that does this (maybe others too). Proxies work on the application level, IIRC, and so can know things that apacket filtering firewall can't know. They need the ability to use the proxy compiled into client programs too, though. Would a firewall necessarly have to be also configured to be a router? Again, it depends. A proper firewall should be a standalone machine without user accounts, without network services running and with as little SW as possible installed (no compilers, ...). If behind the firewall you have a network then, yes, it can do routing, too. It can also do IP masquerading. Note that there are much more sophisticated setups with demilitarized zones around the firewall and all kinds of stuff. What to build depends on your security requirements. OTOH, you can have packet filtering enabled on a standalone workstation with dial-up or cable/dsl access. No routing in this case, of course. This way, you at least can stay out of random script-kiddie portscans (or your cable provider's scans). It's also great to be able to control what's allowed to go /out/, e.g., when you're configuring network stuff and don't want your MTA to send mail to [EMAIL PROTECTED] instead to [EMAIL PROTECTED] :o) Note that you should never rely on firewall security alone, but have your services configured properly, too (tcp wrappers, etc.). You don't want your machines completely open when the firewall is compromised. Any info you guys can provide would be useful. I was thinking about making one of my debian machies a firewall, but don't really know what I would do with it:) I recommend the book Linux Firewalls by Robert L. Ziegler, New Riders, ISBN 0-7357-0900-9. He has also a webpage http://www.linux-firewall-tools.com/ with lots of info and a nifty tool where you answer questions and it will generate a firewall script for you. If you're security requirements are modest, this is maybe all you need. There are other books too, like Building OpenBSD and Linux Firewalls (IIRC), but I don't know them. There are also some GUI firewall tools for gnome, like firestarter and others (see www.gnome.org), probably for KDE, too. Note, however, that at least firestarter is AFAIK made to work with RedHat, so it needs a bit tweaking to work with the debian way of init. Very good reading is also Securing and Optimizing Linux, http://www.openna.com/books/book.htm Note that it's for RedHat, but it's easy to apply it to debian A nice exercise is to scan/attack your machine/network from the outside before and after the firewall is in place. If you're lazy ;o) a quick way to get a portscan on the well known ports done is to use Shields Up! at http://www.grc.com/ (disable your isp's proxy in your browser settings before, otherwise not you but your isp's proxy will be scanned!). You want it to report stealth for every port you don't need available from the outside Hope this helps (well, I'm sure) Greetings -- I did not vote for the Austrian government Linux: The choice of a GNU generation. Visit http://www.gnu.org/
Re: firewall (fwd)
On Sun, Oct 01, 2000 at 03:50:04PM +0200, mario wrote: [EMAIL PROTECTED] wrote: Has anyone found making a debian machine with firewall support useful? Yes, very much so What are firewalls useful for? Do they simply prevent packets from passing through the firewall into the rest of the network? It depends. Firewall can mean different things: It may be a packet filtering firewall which does what you think it does. This functionality is built into the kernel (needs a recompile, probably). The interface to change its behavior is ipchains (for the 2.2.x-kernel, 2.0.x and 2.4.x use other means), i.e. you write a shell script that gets executed in a runlevel, which sets your config. Another type of firewall is a proxying firewall. There is a package called SOCKS that does this (maybe others too). Proxies work on the application level, IIRC, and so can know things that apacket filtering firewall can't know. They need the ability to use the proxy compiled into client programs too, though. Would a firewall necessarly have to be also configured to be a router? Again, it depends. A proper firewall should be a standalone machine without user accounts, without network services running and with as little SW as possible installed (no compilers, ...). If behind the firewall you have a network then, yes, it can do routing, too. It can also do IP masquerading. Note that there are much more sophisticated setups with demilitarized zones around the firewall and all kinds of stuff. What to build depends on your security requirements. OTOH, you can have packet filtering enabled on a standalone workstation with dial-up or cable/dsl access. No routing in this case, of course. This way, you at least can stay out of random script-kiddie portscans (or your cable provider's scans). It's also great to be able to control OH? Why would my cable modem provider scan my box? What would they be looking for? Even though I didn't ask the question, thanks for the info Mario! Wm what's allowed to go /out/, e.g., when you're configuring network stuff and don't want your MTA to send mail to [EMAIL PROTECTED] instead to [EMAIL PROTECTED] :o) Note that you should never rely on firewall security alone, but have your services configured properly, too (tcp wrappers, etc.). You don't want your machines completely open when the firewall is compromised. Any info you guys can provide would be useful. I was thinking about making one of my debian machies a firewall, but don't really know what I would do with it:) I recommend the book Linux Firewalls by Robert L. Ziegler, New Riders, ISBN 0-7357-0900-9. He has also a webpage http://www.linux-firewall-tools.com/ with lots of info and a nifty tool where you answer questions and it will generate a firewall script for you. If you're security requirements are modest, this is maybe all you need. There are other books too, like Building OpenBSD and Linux Firewalls (IIRC), but I don't know them. There are also some GUI firewall tools for gnome, like firestarter and others (see www.gnome.org), probably for KDE, too. Note, however, that at least firestarter is AFAIK made to work with RedHat, so it needs a bit tweaking to work with the debian way of init. Very good reading is also Securing and Optimizing Linux, http://www.openna.com/books/book.htm Note that it's for RedHat, but it's easy to apply it to debian A nice exercise is to scan/attack your machine/network from the outside before and after the firewall is in place. If you're lazy ;o) a quick way to get a portscan on the well known ports done is to use Shields Up! at http://www.grc.com/ (disable your isp's proxy in your browser settings before, otherwise not you but your isp's proxy will be scanned!). You want it to report stealth for every port you don't need available from the outside Hope this helps (well, I'm sure) Greetings -- I did not vote for the Austrian government Linux: The choice of a GNU generation. Visit http://www.gnu.org/ -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: firewall (fwd)
On Sun, 1 Oct 2000 11:40:16 -0500 William Jensen [EMAIL PROTECTED] wrote: OH? Why would my cable modem provider scan my box? What would they be looking for? My ISP scanned my box once, and I asked them about it and they told me it was an accident, done by a new Linux box they had just set up because they were considering switching to Linux. They told me the box would be shut down until they found the problem, and that it would not happen again. -- Andrew
Re: firewall (fwd)
OH? Why would my cable modem provider scan my box? What would they be looking for? My ISP scanned my box once, and I asked them about it and they told me it was an accident, done by a new Linux box they had just set up because they were considering switching to Linux. They told me the box would be shut down until they found the problem, and that it would not happen again. @home, the largest cable ISP in the US, *routinely* scans their customers, aggressively checking that no one is breaking their service agreement by running a server OF ANY KIND. -- *-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-*-^-* Michael Leone mailto:[EMAIL PROTECTED] PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF PGP Key ID: 0x5AA5BCDF --
Re: firewall (fwd)
William Jensen wrote: OH? Why would my cable modem provider scan my box? What would they be looking for? Even though I didn't ask the question, thanks for the info Mario! My cable provider has a no servers policy for their standard accounts (if you want to run servers, you need to pay more). To enforce this, they seem to scan their new customers. The first few weeks after I signed up, they scanned me daily. It has stopped now, so I guess I'll be able to open ssh on time :) -- Greetings Mario, who did not vote for the Austrian government Linux: The choice of a GNU generation. Visit http://www.gnu.org/
Re: firewall (fwd)
On 2000-10-01 16:47:26, Pollywog wrote: OH? Why would my cable modem provider scan my box? What would they be looking for? My ISP scanned my box once, and I asked them about it and they told me it was an accident, done by a new Linux box they had just set up because they were considering switching to Linux. They told me the box would be shut down until they found the problem, and that it would not happen again. MediaOne (now ATT) probes for open relays on port 25 frequently. /Allan -- Allan M. Wind email: [EMAIL PROTECTED] P.O. Box 2022 finger: [EMAIL PROTECTED] (GPG/PGP) Woburn, MA 01888-0022 icq: 44214251 USA
Re: firewall (fwd)
My cable provider has a no servers policy for their standard accounts (if you want to run servers, you need to pay more). To enforce this, they seem to scan their new customers. The first few weeks after I signed up, they scanned me daily. It has stopped now, so I guess I'll be able to open ssh on time :) Well, if you can tell where the scans are comming from, you can just block those addresses and still open some services. Just block off your ISP's scanning addresses or network.
Re: firewall (fwd)
On Sun, 1 Oct 2000, Mike Leone wrote: @home, the largest cable ISP in the US, *routinely* scans their customers, aggressively checking that no one is breaking their service agreement by running a server OF ANY KIND. This isn't necessarily the case. It certainly appears to vary by region. They don't do it here (Denver, Colorado). Perhaps this is because DSL is so easily available :}
Re: firewall (fwd)
This isn't necessarily the case. It certainly appears to vary by region. They don't do it here (Denver, Colorado). Perhaps this is because DSL is so easily available :} One interesting thing that many providers are doing is not allowing any VPN traffic. If you want to telecommute and work from home, your company is going to have to buy you a commercial VPN capable account. The reasoning from the ISP standpoint is that the pricing on home accounts is very low. They are designed for private personal use. If you want to put these accounts into commercial service (they view a company offering employees a VPN connection into the company net for purposes of performing work to be commercial use) then you are going to need to buy a commercial account (or, rather, your EMPLOYER will need to purchase the account). Individual home internet accounts are a loss leader for most ISP's. They don't make beans from them and make their real money offering services to business. In that light, I really can't blame them. It is going to get much more difficult as time goes by to find a basic home account that will let you do much more than act as a basic client.
Re: firewall (fwd)
hi ya pollywog if the ISP did accidentally scan your box with their new linux box... which linux distro is installed that way where it comes up in a mode that scans everything around it ??? ( a startrek borg-based linux ?? ) wonder which distro they used... ... if they can say that it would not happen again...means they know who and why and how it happened ??? .. they probably added your box to the dont touch this guys box list in their programs that normally does whatever they do ?? oh well.just rambling... thanx alvin On Sun, 1 Oct 2000, Pollywog wrote: On Sun, 1 Oct 2000 11:40:16 -0500 William Jensen [EMAIL PROTECTED] wrote: OH? Why would my cable modem provider scan my box? What would they be looking for? My ISP scanned my box once, and I asked them about it and they told me it was an accident, done by a new Linux box they had just set up because they were considering switching to Linux . They told me the box would be shut down until they found the problem, and that it would not happen again. -- Andrew -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: firewall (fwd)
hi ya allan... whats the point for mediaone to scan for open relays ?? - only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? just more rambling on a sunday afternoon... thanx alvin On Sun, 1 Oct 2000, Allan M. Wind wrote: On 2000-10-01 16:47:26, Pollywog wrote: OH? Why would my cable modem provider scan my box? What would they be looking for? My ISP scanned my box once, and I asked them about it and they told me it was an accident, done by a new Linux box they had just set up because they were considering switching to Linux. They told me the box would be shut down until they found the problem, and that it would not happen again. MediaOne (now ATT) probes for open relays on port 25 frequently. /Allan -- Allan M. Wind email: [EMAIL PROTECTED] P.O. Box 2022 finger: [EMAIL PROTECTED] (GPG/PGP) Woburn, MA 01888-0022 icq: 44214251 USA -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: firewall (fwd)
On Sun, 1 Oct 2000 14:24:21 -0700 (PDT) Alvin Oga [EMAIL PROTECTED] wrote: hi ya pollywog if the ISP did accidentally scan your box with their new linux box... which linux distro is installed that way where it comes up in a mode that scans everything around it ??? ( a startrek borg-based linux ?? ) wonder which distro they used... I don't recall which distro it was, but I was told that one of the techs had installed some software on the box and that he did not configure it correctly. ... if they can say that it would not happen again...means they know who and why and how it happened ??? .. they probably added your box to the dont touch this guys box list in their programs that normally does whatever they do ?? They knew who had done it and I think maybe they did add my address to the don't scan this list :) -- Andrew
Re: firewall (fwd)
On Sun, 1 Oct 2000 14:26:45 -0700 (PDT) whats the point for mediaone to scan for open relays ?? - only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? Or they are tired of dealing with abuse reports about their spammers and crackers and script kiddies. -- Andrew
Re: firewall (fwd)
hi y pollywog.. yeah...now that makes sensethat someone added something to the linux box.. good... have fun linuxing alvin On Sun, 1 Oct 2000, Pollywog wrote: On Sun, 1 Oct 2000 14:24:21 -0700 (PDT) Alvin Oga [EMAIL PROTECTED] wrote: hi ya pollywog if the ISP did accidentally scan your box with their new linux box... which linux distro is installed that way where it comes up in a mode that scans everything around it ??? ( a startrek borg-based linux ?? ) wonder which distro they used... I don't recall which distro it was, but I was told that one of the techs had installed some software on the box and that he did not configure it correctly. ... if they can say that it would not happen again...means they know who and why and how it happened ??? .. they probably added your box to the dont touch this guys box list in their programs that normally does whatever they do ?? They knew who had done it and I think maybe they did add my address to the don't scan this list :) -- Andrew -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: firewall (fwd)
- only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? One more ... duck c. intimidated by the brain-dead idiots at ORBS /duck
flamewar ;-? (Re: firewall (fwd))
On Sun, 01 Oct 2000 14:40:02 PDT, George Bonser writes: c. intimidated by the brain-dead idiots at ORBS duck Actually, I don´t think Alan[0] is braindead. He does a quite good job, he just hasn´t his scripts under control[1], sometimes... Always remember, you don´t _have_ to use ORBS, although it´s cutting spam about 60 % at my private server. /duck rw 0: Alan Brown, he more-or-less is ORBS 1: adding multi-level-relays to the list _without_ prior notification. 2: or above.net is once again blackholing half manawatu.co.nz´s netblock, and some *really braindead* parser thinks ((no answer)==(127.0.0.2)) -- / Robert Waldner [EMAIL PROTECTED] | Phone: +43 1 89933 0 Fax x533 \ \KPNQwest/AT tech staff| Diefenbachg. 35 A-1150 Wien /
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... whats the point for mediaone to scan for open relays ?? - only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? They get fewer complaints about a mis-configured mail system. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517pe/ZTSZFDeHPwRAnf3AKCoXMm7j2b5g1aDg4bWLLSzczJpGwCgmffa aoKU22NYUz+Q8WDFXB8YZFc= =MIRv -END PGP SIGNATURE-
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... hi ya pollywog if the ISP did accidentally scan your box with their new linux box... which linux distro is installed that way where it comes up in a mode that scans everything around it ??? ( a startrek borg-based linux ?? ) wonder which distro they used... Caldera has been known to do that as part of it's network automatic configuration process. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517qm/ZTSZFDeHPwRAoHnAKCAoEcyYWA62sAmAjMGsIvYfyiDVQCfYRrV VgtADsqgiaHDtj7W+umNHmE= =b0OT -END PGP SIGNATURE-
Re: flamewar ;-? (Re: firewall (fwd))
On Mon, 02 Oct 2000 00:17:08 +0200 Robert Waldner [EMAIL PROTECTED] wrote: Actually, I don´t think Alan[0] is braindead. He does a quite good job, he just hasn´t his scripts under control[1], sometimes... Always remember, you don´t _have_ to use ORBS, although it´s cutting spam about 60 % at my private server. I liked it until it started cutting out legitimate mail, then I stopped using it. -- Andrew
Re: firewall (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... - only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? One more ... duck c. intimidated by the brain-dead idiots at ORBS /duck No need to duck here - there are probably several people who are sympathetic to your dislike of ORBS (me!) :) - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517s//ZTSZFDeHPwRAuA7AJ9FOiyXRhExul3MnKfoJusW/tDzAwCeLcBv DVYPeCrx7Ulj9PJ1ijNf81Q= =skrq -END PGP SIGNATURE-
Re: flamewar ;-? (Re: firewall (fwd))
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... On Mon, 02 Oct 2000 00:17:08 +0200 Robert Waldner [EMAIL PROTECTED] wrote: Actually, I don´t think Alan[0] is braindead. He does a quite good job, he just hasn´t his scripts under control[1], sometimes... Always remember, you don´t _have_ to use ORBS, although it´s cutting spam about 60 % at my private server. I liked it until it started cutting out legitimate mail, then I stopped using it. And I switched to the MAPS anti-spam lists after I found out that they were blocking entire networks who were blocking the very aggressive ORBS relay tester ie above.net, who hosts a very important mailing list called BugTraq, and a company called RoadRunner, who is becoming of one of the largest cable ISPs in the US of A. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517ws/ZTSZFDeHPwRAp6fAKCqDstLD8bGvHucDg+9kMu+plWK4wCeLg5X Cd6OQksHL6QumHYNVgQAfuY= =yJfv -END PGP SIGNATURE-
Re: firewall (fwd)
hi ya phil... thats assuming that the guy with the open relay is able to fix it...cause mediaone told um they had an open relay... oh well...have fun linuxing.. alvin On Sun, 1 Oct 2000, Phil Brutsche wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... whats the point for mediaone to scan for open relays ?? - only two reasons ??? a. they want to add that open relay box for more advertising to be sent thru it... b. they want to tell the customer to close the open relay ?? They get fewer complaints about a mis-configured mail system. - -- - -- Phil Brutsche [EMAIL PROTECTED] GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC GPG key id: 50DE1CFC GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE517pe/ZTSZFDeHPwRAnf3AKCoXMm7j2b5g1aDg4bWLLSzczJpGwCgmffa aoKU22NYUz+Q8WDFXB8YZFc= =MIRv -END PGP SIGNATURE-
Re: flamewar ;-? (Re: firewall (fwd))
And I switched to the MAPS anti-spam lists after I found out that they were blocking entire networks who were blocking the very aggressive ORBS relay tester ie above.net, who hosts a very important mailing list called BugTraq, and a company called RoadRunner, who is becoming of one of the largest cable ISPs in the US of A. Well, there is a very simple way to solve the problem. On the count of three, everyone configure your mailers to ALWAYS relay for *.orbs.org but nobody else. It will turn their database to useless mush. Ready ... one two THREE!
Re: firewall (fwd)
Hi, On Sun, Oct 01, 2000 at 01:25:39PM -0400, Allan M. Wind wrote: MediaOne (now ATT) probes for open relays on port 25 frequently. In Silicon Valley, [EMAIL PROTECTED] cable poke NNTP port from 2 servers Their hostname was like authorized-scan.athome.net or something. (I got linuxconf, http, ftp, sunrpc port scanned but these seems to be from script kiddie.) I have closed most server port (1-1023) by ipchains by modifying ipmasq scripts. (It's on my web page as tar.gz) I think for home machines, firewall by ipchains are good enough and quite effective both for ISP relation and script kiddie protection. Good luck. Osamu -- + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + Fingerprint: 814E BD64 3288 40E7 E88E 3D92 C3F8 EA94 D5DE 453D + + === http://www.aokiconsulting.com === Cupertino, CA USA === +
Re: dselect ftp from behind a firewall (fwd)
[apologies if this is the second time you've seen this. I had a sendmail problem.] Thanks to all the people who replied on the list and by mail. Unfortunately the problem is that this particular firewall (ANS Interlock) requires you to login to the firewall first and then access the ftp site. Luckily I discovered that dselect uses a perl script to actually do the ftping based on the Net::FTP module. So I thought I'd just edit it to add the second login. Unfortunate, I cannot for the life of me figure out how to get it to accept the second password. Oh well, that's a question for the perl groups. I think I've found a good alternative. I noticed lynx has the right kind of settings to get through the firewall. It also supports ftp URLs. So what I've done is to rewrite dselects script to go through lynx. It seems to be working but I'll test and polish it a bit more and if all goes well, i'll submit as a new access method. -- Jaldhar -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]