Re: [Leaf-user] multi-port cards + LRP
I have some longer term experience with these multi-port boards and they do work very well. I have had a Stallion running on a server for 7 years now (and it was used when I got it). Excellent product. Stable. I have also had good luck with Cyclades and you will probably find the driver already built as a module for most distributions. Just insmod cyclades.o and you are in business. I did not have such good luck with Digiboard. Seemed difficult to configure and while fine for modems, didn't support the termios structure correctly for an application which twiddled the bits for external interfaces like X10 Firecracker or non-smart APC UPS. dbc. On Wed, 19 Sep 2001, Jack Coates wrote: On Wed, 19 Sep 2001, Richard J. Lohman wrote: Greetings, all: I've been tasked with setting up a remote access solution for a number of remote offices. I was pondering setting up an LRP (either EigerStein or DachStein) box as a PPP dial-in box. I need to be able to provide 12 lines in, however. My first thought was a multi- port modem or multi-port serial adapter (with external modems). Anyone ever try such a thing? Does anyone know of any resources available for such a venture? TIA! Regards, Rich Lohman Linux has good support for these -- check out Rocket and Stallion. I've had dealings with Stallion and thought they were a good lot of folks, but no long term experience with the hardware. Look at the kernel compilation options under serial to see what has drivers built in. -- David B. Cook, [EMAIL PROTECTED] The only thing Windows this software came close to had an X in front of it. ... Open Source, we play by the rules. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] multi-port cards + LRP
Richard J. Lohman wrote: Greetings, all: I've been tasked with setting up a remote access solution for a number of remote offices. I was pondering setting up an LRP (either EigerStein or DachStein) box as a PPP dial-in box. I need to be able to provide 12 lines in, however. My first thought was a multi- port modem or multi-port serial adapter (with external modems). Anyone ever try such a thing? Does anyone know of any resources available for such a venture? TIA! Regards, Rich Lohman Well, I have an Equinox SST 64P, multiport serial card that I'm not using. If your interested, look into those, and make me an offer. I attached it to an Equinox 8-port external DB-25 box, but you can get whatever type of external box you want, 8, 16, 32 or more ports in DB-25, DB-9, or modular phone jacks style. It can handle 128 ports at full speed with no more than a 5% load on your cpu. You could easily run a supermarket with it and a good *ix box. The only issue which I'm not sure about at all is the driver support for a LEAF. I'm sure there's drivers for Linux, though, so it may be just a matter of tweaking. Best, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] FTP From Behind Firewall Problem...
I have recently set up an EigerStein firewall at home, and nearly have everything working just the way I want it. Nearly. The EigerStein machine is set up to forward FTP packets to a computer behind my home firewall. This works fine when I access the machine from a computer that is esentially sitting on the internet. I still have a shell account from the university I graduated from 4 years ago, and while telneted there, I can FTP to my machine behind the firewall just fine. However, from my computer at work, when I try to FTP, I can login, but trying to get a directory listing just sits there and eventually times out. From the work computer I can ftp to the aforementioned university account just fine, and before I installed the firewall, I could FTP home just fine. My only guess is that, due to the screwed up firewall at work, when the FTP client sends its PORT command before doing trying to get the file list, the IP address it sends isn't the same as the address it thinks I logged in from. I am basing this guess on the fact that IP address that is logged when I ssh into the machine is completely different than the IP address sent along with the PORT command. Any ideas? Clark __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] FTP From Behind Firewall Problem
You need to do the following: FTP Server: - Enable the FTP server in passive mode - Allow a range of ports for this server (e.g. 20001 to 20005) - Tell the world that your IP is YOUR_PUBLIC_IP LRP: - Port forwarding the above ports from LRP to the internal machine running your FTP server. I hope that helps. - Original Message - Message: 5 Date: Thu, 20 Sep 2001 11:39:48 -0700 (PDT) From: Clark Case [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Leaf-user] FTP From Behind Firewall Problem... I have recently set up an EigerStein firewall at home, and nearly have everything working just the way I want it. Nearly. The EigerStein machine is set up to forward FTP packets to a computer behind my home firewall. This works fine when I access the machine from a computer that is esentially sitting on the internet. I still have a shell account from the university I graduated from 4 years ago, and while telneted there, I can FTP to my machine behind the firewall just fine. However, from my computer at work, when I try to FTP, I can login, but trying to get a directory listing just sits there and eventually times out. From the work computer I can ftp to the aforementioned university account just fine, and before I installed the firewall, I could FTP home just fine. My only guess is that, due to the screwed up firewall at work, when the FTP client sends its PORT command before doing trying to get the file list, the IP address it sends isn't the same as the address it thinks I logged in from. I am basing this guess on the fact that IP address that is logged when I ssh into the machine is completely different than the IP address sent along with the PORT command. Any ideas? Clark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] LaBrea for LRP?
Someone sent me this link in the midst of the recent Nimda attacks. I don't have the tools to make this into an LRP package, but I think this could be a neat addon. (If it doesn't already exist for LRP) Alec = http://www.incidents.org/LaBrea/LaBrea.txt Welcome to My Tarpit The Tactical and Strategic Use of LaBrea Introduction LaBrea is a small Linux-based application that puts unused IP addresses on your network to use, creating a tarpit which can stop or slow down scans of your address space. This paper details the technical aspects of how LaBrea works as well as the tactical advantages of deploying LaBrea on your network. Background - Creating Virtual Machines -- LaBrea works as a low-level network application that creates virtual machines on your network - machines that don't really exist yet are able to answer connection attempts in a special way that slows and even stops the connecting process. Local communication between machines on a LAN (local area network) is done using MAC (machine access code) addresses, not with IP addresses. These MAC addresses are 48 bits in length, as opposed to the 32 bits of an IP address. External attempts to access machines in the LAN are done using IP addresses and will go through the local router. The local router's job is to figure out which MAC corresponds to which IP. The router does this by broadcasting a special request asking who owns the IP in question. If any machine owns the IP it will respond with its MAC address to the router. This request and response is known as the Address Resolution Protocol or ARP. The tenacious quality of the ARP protocol used in these router requests is what makes LaBrea possible: If at first the router does not find a machine with the IP in question, it will ask again - and again. LaBrea monitors these ARP requests and replies that are needed to connect external traffic with the local area network. If it notes several successive ARP requests without intervening ARP replies LaBrea will issue an ARP reply, effectively creating a virtual machine. Making Virtual Machines Real Once the virtual machine has been created, LaBrea will monitor all traffic destined for the MAC address it has given to the router, and will thereafter respond to inbound TCP/IP packets in a way that can tie up the connecting machines for long periods of time. Most modern TCP/IP implementations are very tenacious about holding onto established connections. LaBrea sends enough of a response to hold the connection open, but no more - the connecting machine is left hanging, waiting. Tarpitting -- The connecting machine's TCP/IP implementation will ordinarily not give up easily, but will continue to attempt to use what it regards as an established connection over and over until it finally times out. The timeout value will of course vary from implementation to implementation, but it will always be several orders of magnitude longer than for a failed connection attempt. This is the tarpit that LaBrea uses to catch worms and scanners. Connection Trapping --- LaBrea can also trap and hold connection attempts. By moving a connection from the established state to the persist state, LaBrea can literally hold connections open for an indefinite period of time, so that only a process reset at the other end will end it. Communicating in this manner is done economically despite the potentially wide bandwidth involved; also, the bandwidth usage itself is configurable. Impersonation - To effectively trick more advanced scanning tools into believing virtual machines are real, LaBrea offers standard responses to a number of typical network probes such as echo requests and SYN/ACK scans. No Collateral Damage All connection attempts aimed at LaBrea virtual machines can be considered suspect in nature as these machines do not really exist nor do they, for example, have any entries in the Domain Name System. Tactical Use Monitoring connection activities can give the network operations center a good view of the extent and nature of any reconnaissance taking place: Is a broad range of addresses being targeted, or do you have a focused intrusion attempt? LaBrea also makes an excellent adjunct to other early warning systems. Correlating intrusion detection system warnings with LaBrea virtual machine access records helps you immediately gauge the severity of an intrusion attempt. An intrusion attempt aimed solely at real machines should of course be put at a higher
Re: [Leaf-user] LaBrea for LRP?
Alec Miller wrote: I don't have the tools to make [LaBrea] into an LRP package, but I think this could be a neat addon. (If it doesn't already exist for LRP) Wouldn't you know it I was just working on this; I've already done it. I made a few code changes - mainly designed to make it less obtrusive if started without options, and to make it use a standard option (-h). The bogus -z option is removed, too, though I wonder about that some - that's an undocumented option which forces you to read the documentation (nice, eh?). Unfortunately, this program doesn't do what I had hoped for: a program like portsentry, which sits on a port and sucks in those unlucky enough to connect... I'll see if I can't put this up at http://leaf.sourceforge.net/pub/oxygen/packages/labrea.lrp sometime soon. Be sure to read the options (with LaBrea -? or LaBrea -h) - they changed slightly with my variant - I don't know if this is best, but... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Static-Nat with LRP-CD
hi all, i got a block of 8 official IP addresse to use for a DMZ, Firewall and private Network over a leased line, setup with a Static-Nat from my ISP. so may question is, can i easy expand the nextwork.conf which is came with LRP-CD or did i have to replace it with extended scripts from Charles site V1.1 and when yes what i have to look for beside to replace the addresse with my ones to get it working. thx in adanvce Harald -- Harald Schifferl St. Michael, Styria Austria mailto:[EMAIL PROTECTED] -- Typ Bits/ID Datum Benutzer ff 2048/AA904F89 2000/12/11 Harald Schifferl pub5 [EMAIL PROTECTED] Harald Schifferl pub5 [EMAIL PROTECTED] Harald Schifferl pub5 [EMAIL PROTECTED] -BEGIN PGP PUBLIC KEY BLOCK- Version: 2.6.3ia mQENAzo1WAgAAAEIALeAT/Y904K2OUVn4qOu0AKSa3vX6da+/lj0QIHFXAz1z9mu fAjHUY6pEb32IMXsY1QqpC0Lph+yq3cmnDFODOuDd646ZLopdTVJbB4GFISCztl2 oZYVuGJSXl/tqKRlGwSDSdp9cWH9LzU25UZ+2YIGXcgMt57ePgZL0vzfT4WKzYNJ RSM5Ue3aSzkBpEl1Th78y1G8dXFMfpaKbdoAWleI66VnxAeFjUHqLGW8e0TvuUwg sRQGm6RtcA92KIu3GdLAqtpe7AEC3b2OyViq/Ht5eXhKs8A7bpPVoh2JmMcM7WDt yODMaXkQjEzO32nTl517VNUAkdA6RDOfD6qQT4kABRG0M0hhcmFsZCBTY2hpZmZl cmwgcHViNSA8aF9zY2hpZmZlcmxAbWFpbC5zdHlyaWEuY29tPokBFQMFEDo1WA9E M58PqpBPiQEBIcEIAKkFjCmGKFSLNBKeTpPaKFl9QH8daGZo6hHITuz3CAJcCJ7u 3gvsYpnY4VsI1zm51qWFDImySzIwyrgxCxiHPFaqqFbcUOSMx00lR2l5E2sbfSf/ UInZ6074d1A8D4lT7BjcUGQE4Nc1n+AZ987vZ9b7FII/TaFZ6369iLwUARhdZ0TO 6jhf4668ZFkKM5cEDpVy0/StVgh8H6hRlHVzT9tL0NZ/NdtportuV2dulsJF13YD NRfF2LJjdKZJQAEoYQdn0YJuT2t82AcxQqVV3aT0vViiWedoiq4AiuIKI5ni+els vK0hz023ZLIoifzXauEfBAVopHIiI4H0s0RhG2O0MUhhcmFsZCBTY2hpZmZlcmwg cHViNSA8aF9zY2hpZmZlcmxAaGZzLWRlc2lnbi5hdD6JARUDBRA6NaZ+RDOfD6qQ T4kBAWH0B/wNSIgloBJVmjHwYFJHf/6TAxaMOomr+xKAfy9sMz/LsgsL/LkPfnZp R7clXonZ9D5lG5sfhRP2cIt2HLERX5OTxUsEr+pOLkh2x0AaoW363Mjt3hLPRdYk Xz0LaJ/S46Y0mU238VW2+ViaQ9EGz2tbBYZb1LU7zSHnMLGNG/nozUBNGi3wRLRJ n53P07Y9X06Ax4iI20Zhs7M7WmLaNZRsbdxxR7h82oKQ/dHEL+wnwec6isNmpFV6 CHzdMw/GRefi1oIN0PHRllwiy892hD4JWqPqy+6niy7yTz9bKZG+QNX98+HLF5es IbU2OVmg4uX7KT4RIt68U4NbURQY2hdttDRIYXJhbGQgU2NoaWZmZXJsIHB1YjUg PGhfc2NoaWZmZXJsQHN0eXJpYS5uZXR3YXkuYXQ+iQEVAwUQOjWj7UQznw+qkE+J AQGsYgf9ErWqFD+VJfY+mvO4Nl9idqeoc2Uwilce3UhS89GHuR9WhBvAzamb1spV OG5ngMXBonxOp/5jd28j+Aqy7nHK4cIeigiyguwiQiMEHTP60D9GUKAiEaHBEg7y nGnzpaD+/4YInrDHN2oXWhSjspCtmWhLTKbIOW8I0yBdyWMkOQxEvLtKlwbnoPQj 4A1kVD97Zt0qACZ4SXHH3MEWqRvdjsWJ24Llh9nm0H6fyJWZkhIiZjDseIKwNIOL vilWQgjA+PbXmNV0iMNhbHXMo7RUrQzUtXxHFk5eEFr0M57qoNWxfQ1cHB/yGfzs r2ic6cRY4MvIN9pdqAdDl2fjEkCyAg== =6FIe -END PGP PUBLIC KEY BLOCK- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] FTP From Behind Firewall Problem...
Thanks for the replys on this subject. I got several suggestions... 1) Make sure ip_masq_ftp is loaded. I do have ip_masq_ftp loaded - are there any options that should be used? 2) Try passive mode. I tried connecting with the client in passive mode - this failed with a Socket Error: no connection. Perhaps there is some configuration I need to do to the server (proftpd) to allow this to work. 3) Read the pdf file. What? I have to read something? :) I will take a look at the document later on. 4) Open up some more ports on the server and configure the firewall to forward them. I'll give that a shot, too. Clark I have recently set up an EigerStein firewall at home, and nearly have everything working just the way I want it. Nearly. The EigerStein machine is set up to forward FTP packets to a computer behind my home firewall. This works fine when I access the machine from a computer that is esentially sitting on the internet. I still have a shell account from the university I graduated from 4 years ago, and while telneted there, I can FTP to my machine behind the firewall just fine. However, from my computer at work, when I try to FTP, I can login, but trying to get a directory listing just sits there and eventually times out. From the work computer I can ftp to the aforementioned university account just fine, and before I installed the firewall, I could FTP home just fine. My only guess is that, due to the screwed up firewall at work, when the FTP client sends its PORT command before doing trying to get the file list, the IP address it sends isn't the same as the address it thinks I logged in from. I am basing this guess on the fact that IP address that is logged when I ssh into the machine is completely different than the IP address sent along with the PORT command. Any ideas? Clark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Static-Nat with LRP-CD
i got a block of 8 official IP addresse to use for a DMZ, Firewall and private Network over a leased line, setup with a Static-Nat from my ISP. so may question is, can i easy expand the nextwork.conf which is came with LRP-CD or did i have to replace it with extended scripts from Charles site V1.1 and when yes what i have to look for beside to replace the addresse with my ones to get it working. CS No, it won't be easy to merge the static-NAT changes into the LRP-CD scripts. I'm working on doing exactly that now, but it will be a while before I'm done...too much other stuff to do right now. I'd suggest just working with the static-NAT enabled V1.1 scripts for now, unless you want to wait a couple of weeks for me to finish merging them with the Eiger based proxy-arp scripts. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LaBrea for LRP?
On Thu, 20 Sep 2001, David Douthitt wrote: Alec Miller wrote: I don't have the tools to make [LaBrea] into an LRP package, but I think this could be a neat addon. (If it doesn't already exist for LRP) Wouldn't you know it I was just working on this; I've already done it. I made a few code changes - mainly designed to make it less obtrusive if started without options, and to make it use a standard option (-h). The bogus -z option is removed, too, though I wonder about that some - that's an undocumented option which forces you to read the documentation (nice, eh?). Unfortunately, this program doesn't do what I had hoped for: a program like portsentry, which sits on a port and sucks in those unlucky enough to connect... The other thing is you need a spare IP address, which few have. Although, I suppose you could do this: RedirectMatch ^.*\.(exe|dll).* http://some.internal.IP Which is a lot more friendly than my current: RedirectMatch ^.*\.(exe|dll).* http://support.microsoft.com Maybe I'll try that later. I'll see if I can't put this up at http://leaf.sourceforge.net/pub/oxygen/packages/labrea.lrp sometime soon. Be sure to read the options (with LaBrea -? or LaBrea -h) - they changed slightly with my variant - I don't know if this is best, but... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user