Re: [leaf-user] Shorewall common.def in Bering 1.2

[Jeff Newmiller]

On 13 Aug 2003, Frank Tegtmeyer wrote:

 Julian Church [EMAIL PROTECTED] writes:
 
  Since the packets you're seeing are pretty much exclusively harmless
  chatter it's more user friendly this way.
 
 You mean Windows users using the Internet as network neighborhood?
 I'm not too familiar with Windows hosts connected to the Internet
 through modem/isdn/dsl/..., so what you say may be correct.

Someone decides to setup a windows server to serve web pages (for
example).  You google around and encounter this webserver.  Because the
admins are pretty clueless, they have it configured to do name lookups
through windows networking before dns.  The server sees your source ip
address (well, at least the external one on your firewall), and decides it
wants to record a name instead of an ip address in the logs.  Windows then
starts sending packets to the windows networking ports du jour (135 and/or
445, I think?), and if it receives no response, tries a few more times. By
sending a REJECT right away, this nonsense is cut off as soon as possible,
and the server either falls back to dns or records an ip number instead of
a name.

 I interpreted Windows traffic coming from the Internet as part of a scan
 always. So there would be no need to be friendly. If this traffic is
 generated by accident in most cases the default of rejecting would be
 justified.

Yup.  The misconfigured windows server is by far the most common...
attributing malice to these packets will leave you tilting at windmills.
A real scan will usually hit OTHER ports as well.

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Quick question about Weblet/Bering UClibc

[Tony]

Good evening,

I have a quick question about the pretty firewall logs screen in the weblet
version that ships with UClibc v1.2.1.  The parsefw file, is that a compiled
program, or a shell script?  I want to make sure it's not corrupt, and also,
if it is a compiled program, I assume it would require UClibc libraries to
be present to run?

I'm trying to add this to a bering v1.1 firewall I have running now, and
have copied the relevant files and made all the relevant changes to properly
reference the files needed.  Long and short of it, if I try to run the
relevant command:

cat /var/log/shorewall.log | /var/sh-www/cgi-bin/parsefw

I am getting:

firewall: -root-
# cat /var/log/shorewall.log | var/sh-www/cgi-bin/parsefw
/var/sh-www/cgi-bin/parsefw: not found

Now, this is the dir listing:
firewall: -root-
# v
-rwxr-xr-x1 sh-httpd adm  2452 Mar 15 04:01 checkdisk
-rwxr-xr-x1 sh-httpd adm  1935 Aug 17 16:06 checkfw
-rwxr-xr-x1 sh-httpd adm  2243 Mar 15 04:06 checkmem
-rwxr-xr-x1 sh-httpd adm  9320 Mar 24 16:27 parsefw
-rwxr-xr-x1 sh-httpd adm   636 Mar 15 04:35 viewfw
-rwxr-xr-x1 sh-httpd adm  2491 Aug 17 16:23 viewhits
-rwxr-xr-x1 sh-httpd adm  1804 Mar 15 04:33 viewhits.bak
-rwxr-xr-x1 sh-httpd adm   835 Aug 17 16:34 viewlogs
lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-snort -
viewlogs
lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-www -
viewlogs
-rwxr-xr-x1 sh-httpd adm   738 Aug 17 15:50 viewlogs.backup
-rwxr-xr-x1 sh-httpd adm  1575 Mar 15 04:58 viewmasq
-rwxr-xr-x1 sh-httpd adm   947 Mar 15 05:01 viewnet
-rwxr-xr-x1 sh-httpd adm   808 Mar 23 08:37 viewshorewall
-rwxr-xr-x1 sh-httpd adm  1026 Mar 15 05:05 viewsys
-rwxr-xr-x1 sh-httpd adm  2648 Mar 14 06:24 weblet.functions

As you can see, the file is there, the group and owner are proper, the file
is executable (I even tried chmod 777 on it to make sure) and yet it still
tells me it can't find the file.

I would think if it was a library issue, it would have crapped out with a
segfault or something.

Any help would be appreciated.

Thanks

Tony




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html