Re: System Calls that do DNS
On 4 June 2013, at 22:19, Enno Davids wrote: > See if whois can tell you who owns the block the IP is in. That may give > you some insight into what is asking for the reverse. Its AT&T. Its probably at least a state's worth of DSL addresses. I am physically at one of them for a couple more days. After that I have no way to test this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
See if whois can tell you who owns the block the IP is in. That may give you some insight into what is asking for the reverse. E. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Tue, Jun 4, 2013 at 12:21 AM, Doug Hardie wrote: > Unfortunately truss does not show anything more than ktrace. Normally most people use truss first, then fall back to ktrace ;) > Bind doesn't check the hosts files as far as I can tell. System requests obey nsswitch.conf(5) -- Adam Vande More ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 4 Jun 2013, Tim Daneliuk wrote: On 06/04/2013 04:51 PM, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. Yes, I'd love a look at that, thanks. sshguard is supposed to be capable of analyzing log files beyond just ssh. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: System Calls that do DNS
On Jun 3, 2013 10:22 PM, "Doug Hardie" wrote: > > > On 3 June 2013, at 20:39, staticsafe wrote: > > > On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote: > >> I have an unusual situation. A program is doing a DNS lookup and often the IP address has no reverse DNS entries. As a result the program hangs for several timeouts. The call is not being made directly in its code, but is occurring in a system call. There are no specific calls to DNS, its something else doing it. I have been trying to track down which system call is doing it, but without success so far. I have tried syslog calls around each of the system calls I thought might be the culprit, but my guessing is not very good. How can I identify the system call that is calling DNS? If I can find it, I hopefully can find another way to do whatever it does that does not involve a reverse DNS lookup. > >> > >> > > > > Use truss: > > http://www.freebsd.org/cgi/man.cgi?query=truss > > > > The truss utility traces the system calls called by the specified > > process or program. > > -- > > staticsafe > > O< ascii ribbon campaign - stop html mail - www.asciiribbon.org > > Please don't top post - http://goo.gl/YrmAb > > Don't CC me! I'm subscribed to whatever list I just posted on. > > > > Unfortunately truss does not show anything more than ktrace. I know what is going out on the internet connection. Its a plain old reverse DNS request. The question is what library module (probably not a system call now that I think about it) is making that request. Interestingly enough, adding the IP address with a dummy name in /etc/hosts causes the reverse request to succeed and there are no time delays. So whatever module it is, is not using bind. Bind doesn't check the hosts files as far as I can tell. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org" maybe try ldd and see if it is linked to a library like c-ares? or try running it in gdb to see whats going on? some ideas. Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 4 Jun 2013, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. That sounds incredibly useful. Can you post it somewhere? -- Chris Hill ch...@monochrome.org ** [ Busy Expunging ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On 06/04/2013 04:51 PM, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. Yes, I'd love a look at that, thanks. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On 4 June 2013, at 08:47, Tim Daneliuk wrote: > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Fw:
Wow http://chorus-trier.de/iphone.html?popavasjq=248394&nalydy=31411 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. I don't use sendmail, but aren't the login attempts at least logged in maillog as well? If so, you could use fail2ban to ban them. We do this with postfix/exim/dovecot/etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Can sasl/sendmail Report IP Of Failed Access?
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > --- > Tim Daneliuk > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org" On Jun 4, 2013 9:00 AM, "Tim Daneliuk" wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > --- > Tim Daneliuk > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " freebsd-questions-unsubscr...@freebsd.org" one idea is to run auth on a different service / machine on a non-standard port, that at least cuts down the noise from "non-targetted" scans. Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Can sasl/sendmail Report IP Of Failed Access?
I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: why is ports web page so far out of date
On Tue, 04 Jun 2013 07:08:15 -0500, Fbsd8 wrote: I can not get current version of the ports system. The ports web page http://www.freebsd.org/ports/ is almost 2 years out of date. Says the port I am interested in is at 1.7 version when just 2 weeks ago it was at 2.2. Portsnap is also messed up showing the 1.7 version. I'm not sure what the status of this system is, but I'd recommend you use the official unofficial Freshports.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
why is ports web page so far out of date
I can not get current version of the ports system. The ports web page http://www.freebsd.org/ports/ is almost 2 years out of date. Says the port I am interested in is at 1.7 version when just 2 weeks ago it was at 2.2. Portsnap is also messed up showing the 1.7 version. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
How to compile ipoib module manually?
Hi. I work with FreeBSD9.1 and Mellanox devices. The kernel was configured with OFED support but without IB support: MYKERNEL file: # # GENERIC -- Generic kernel configuration file for FreeBSD/amd64 # # For more information on this file, please read the config(5) manual page, # and/or the handbook section on Kernel Configuration Files: # # http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html # # The handbook is also available locally in /usr/share/doc/handbook # if you've installed the doc distribution, otherwise always see the # FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the # latest information. # # An exhaustive list of options and more detailed explanations of the # device lines is also present in the ../../conf/NOTES and NOTES files. # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # # $FreeBSD: release/9.1.0/sys/amd64/conf/GENERIC 238090 2012-07-04 00:54:16Z delphij $ cpu HAMMER include GENERIC ident MYKERNEL makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols optionsSCHED_ULE # ULE scheduler optionsPREEMPTION # Enable kernel thread preemption optionsINET # InterNETworking optionsINET6 # IPv6 communications protocols optionsSCTP# Stream Control Transmission Protocol optionsFFS # Berkeley Fast Filesystem optionsSOFTUPDATES # Enable FFS soft updates support optionsUFS_ACL # Support for access control lists optionsUFS_DIRHASH # Improve performance on big directories optionsUFS_GJOURNAL # Enable gjournal-based UFS journaling optionsMD_ROOT # MD is a potential root device optionsNFSCL # New Network Filesystem Client optionsNFSD# New Network Filesystem Server optionsNFSLOCKD # Network Lock Manager optionsNFS_ROOT # NFS usable as /, requires NFSCL optionsMSDOSFS# MSDOS Filesystem optionsCD9660# ISO 9660 Filesystem optionsPROCFS# Process filesystem (requires PSEUDOFS) optionsPSEUDOFS # Pseudo-filesystem framework optionsGEOM_PART_GPT # GUID Partition Tables. optionsGEOM_RAID # Soft RAID functionality. optionsGEOM_LABEL # Provides labelization optionsCOMPAT_FREEBSD32 # Compatible with i386 binaries optionsCOMPAT_FREEBSD4 # Compatible with FreeBSD4 optionsCOMPAT_FREEBSD5 # Compatible with FreeBSD5 optionsCOMPAT_FREEBSD6 # Compatible with FreeBSD6 optionsCOMPAT_FREEBSD7 # Compatible with FreeBSD7 optionsSCSI_DELAY=5000 # Delay (in ms) before probing SCSI optionsKTRACE# ktrace(1) support optionsSTACK # stack(9) support optionsSYSVSHM # SYSV-style shared memory optionsSYSVMSG # SYSV-style message queues optionsSYSVSEM # SYSV-style semaphores options_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions optionsPRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed. optionsKBD_INSTALL_CDEV# install a CDEV entry in /dev optionsHWPMC_HOOKS # Necessary kernel hooks for hwpmc(4) optionsAUDIT # Security event auditing optionsMAC# TrustedBSD MAC Framework #options KDTRACE_FRAME # Ensure frames are compiled in #options KDTRACE_HOOKS # Kernel DTrace hooks optionsINCLUDE_CONFIG_FILE # Include this file in kernel optionsKDB # Kernel debugger related code optionsKDB_TRACE # Print a stack trace for a panic # Make an SMP-capable kernel by default optionsSMP # Symmetric MultiProcessor Kernel # CPU frequency control device cpufreq # Bus support. device acpi device pci # Floppy drives device fdc # ATA controllers device ahci # A
Fw:
Wow http://anisoftworks.com/iphone.html?uvigjvitac=732608&jketet=65454 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"