Re: How To Close Ports (OT?)
On 9/4/06, Ted Johnson [EMAIL PROTECTED] wrote: I also did a search of the document you suggested and it doesn't even have the word close in it, therefore, it would appear to not address the issue. From your reply, I'm missing something obvious here. But would you point it out anyway? Fair enough. It's because dropping packets before they reach the port makes it irrelevant whether they are closed (that is, have no listening daemon) or not. If a port scanner says the port is closed, it generally means that it got an ICMP unreachable (UDP) or a TCP reset (TCP) back. This is helpful to attackers as they know quickly that the port is useless to them, and that the target is online. On the other hand, if you drop the incoming packets, the attacker cannot infer whether you are online, and most port scanners wait for some period and then decide that the target is not going to respond, so it slows down single-threaded scans. In general, it is better to drop than to reject to untrusted networks, since the scanners are generally hostile. Internal communication on your LAN can usually be rejected, because internal users are generally not hostile. This means that if they try to access a service that isn't running, they get a response right away that they made a mistake, instead of waiting for a response which will never come. Furthermore, a closed and an open port permit pretty good OS fingerprinting. I think that if you drop instead of reject, then an attacker cannot narrow down the OS as well. In summary: The way to close a port is to not run a program which listens on that port. This can be simulated by rejecting packets at the firewall. The way to block a port is with packet filters, and there's no way to do that without one (unless you disable reject messages at the kernel level). -- If you're not part of the solution, you're part of the precipitate. Unix guru for rent or hire -- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
make which ports for maximal printer drivers?
Hiya, I'm trying to follow the instructions here: http://www.mit.edu/~jik/3000cn/ And I don't have some of the drivers that Linux cups does. What cups or ghostscript ports should I build to get the maximum number of driver options? There are many of each. Thanks! -- Resolve is what distinguishes a person who has failed from a failure. Unix guru for sale or rent - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
gvinum question: why are subdisks not attached?
Hiya, I finally resolved the source of my gvinum problems. Every time I reboot, the plexes and volumes come up attached to one another, but both are size zero and the subdisks exist but are not attached. Has anyone a guess about the source of this problem? Also, as an aside, I can add the subdisks manually, but I can't do it in one reboot; the plexes and volumes are attached, and I cannot detach or remove them. I have to first remove all the subdisks and then reboot, then remove the volumes and plexes, and then reload the configuration. I should mention I've already had data loss thanks to this. I'm not really happy with gvinum and if there isn't a simple solution to this I'm going to go back to regular partitions and recommend that everyone else I know running FreeBSD do the same until it is more functional. -- I sometimes have delusions of adequacy -- Woody Allen Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc.d script for gvinum?
Prepare the disks: Done: # disklabel /dev/ad4s1 # /dev/ad4s1: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 398283401 16unused0 0 c: 3982834170unused0 0 # raw part, don't edit # disklabel /dev/ad4s1 # /dev/ad4s1: 8 partitions: #size offsetfstype [fsize bsize bps/cpg] a: 398283401 16unused0 0 c: 3982834170unused0 0 # raw part, don't edit make a configfile: Done # cat /etc/gvinum.conf drive a device /dev/ad4s1a state up drive b device /dev/ad2s1a state up volume www plex org concat sd length 12G drive a volume ports plex org concat sd length 10G drive a volume video plex org concat sd length 180G drive b volume home plex org concat sd length 40M drive a use gvinum to make the array: # gvinum create configfile Did that before the latest reboot. now when you load gvinum it should work. How exactly do I load gvinum? If I go into gvinum and create, it gives me a config file thing - but slightly different -- and when I exit it prints: 2 drives: D b State: up /dev/ad2s1a A: 194480/194480 MB (100%) D a State: up /dev/ad4s1a A: 194474/194474 MB (100%) 5 volumes: V ports State: up Plexes: 0 Size: 0 B V www State: up Plexes: 0 Size: 0 B V video State: up Plexes: 0 Size: 0 B V subversionState: up Plexes: 0 Size: 0 B V home State: up Plexes: 0 Size: 0 B 5 plexes: P ports.p0C State: up Subdisks: 0 Size: 0 B P www.p0 C State: up Subdisks: 0 Size: 0 B P video.p0C State: up Subdisks: 0 Size: 0 B P subversion.p0 C State: up Subdisks: 0 Size: 0 B P home.p0 C State: up Subdisks: 0 Size: 0 B 5 subdisks: S ports.p0.s0 State: up D: aSize: 10 GB S www.p0.s0 State: up D: aSize: 12 GB S video.p0.s0 State: up D: bSize:189 GB S subversion.p0.s0 State: up D: aSize: 1024 MB S home.p0.s0State: up D: aSize: 40 MB See how all the plexes and volumes are size 0? you can now treat /dev/gvinum/array # ls -la /dev/gvinum ls: /dev/gvinum: No such file or directory It was there last time... what happened? -- Every once in a while you run out of ideas; just keep going. Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc.d script for gvinum?
On 6/20/06, Travis H. [EMAIL PROTECTED] wrote: It was there last time... what happened? My mistake. In fooling around with it I had set the state to something invalid, and I thought that loader.conf went in /etc, not /boot. I used rm on everything, saved, created via a config file, and now everything is happy. Thanks much! -- Every once in a while you run out of ideas; just keep going. Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rc.d script for gvinum?
I put start_vinum=YES start_gvinum=YES in /etc/rc.conf, per the handbook, and it doesn't appear that there are any startup files for it, which means my filesystems won't boot. Is there any code I can download to do this, or must I write it myself? TIA -- Scientia Est Potentia -- Eppur Si Muove Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc.d script for gvinum?
I also put these in /etc/loader.conf: vinum.autostart=YES gvinum.autostart=YES Per the handbook. Neither seems to work. Now I can't seem to get the disks started, and /dev/gvinum doesn't exist, so I can't access my data. Can someone lend me a hand here? The state of [g]vinum is completely screwed. While I won't say that this shouldn't be shipped or documented (partially working is better than not working, partly correct documentation is better than none), I will say that you should warn people who intend to use it that it is extremely beta at the moment, and has had open PRs since early 2003. -- Scientia Est Potentia -- Eppur Si Muove Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rc.d script for gvinum?
On 6/13/06, Peter A. Giessel [EMAIL PROTECTED] wrote: #1) Do NOT attempt to use both vinum and gvinum at the same time. They conflict with each other. vinum doesn't exist in my fbsd distro. #2) You don't say which version of FreeBSD you are using. (It matters for which one [vinum/gvinum] you should/can use) 6.0 #3) Did you follow David Kelly's advice? Yes, no luck. Apparently my volumes and plexes don't have component sub-objects, and attach isn't a valid command in gvinum, even though it's in the help file. If I can specify them in some kind of config file, (I'm using gvinum create /etc/gvinum.conf) then I no longer know the syntax. -- Every once in a while you run out of ideas; just keep going. Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
heyu and fbsd6.0
Anyone gotten this combo to work? The heyu port doesn't compile (it thinks timezone is some external integer or something, in fact it's a function defined in time.h). When I run heyu2, I tell it to read from /dev/ttyd0 (that's the correct kind of tty for a serial line, right?) and it prints this then hangs forever: ... Reading Heyu configuration file '/etc/heyu/x10.conf' xread() called, count=1, timeout = 2 Alarm! xread() returning 0 byte(s). The first is 3 -- Scientia Est Potentia -- Eppur Si Muove Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
is vinum in FBSD 6.0?
I recently installed 6.0, and there doesn't seem to be a vinum binary. There is a gvinum binary, but it doesn't even implement all of the commands in its own help screen. I'm somewhat confused. Did I screw up my install, or is this normal? Is there some kind of IP lawsuit over vinum or something? -- Scientia Est Potentia -- Eppur Si Muove Security guru for rent or hire - http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
