Re: [leaf-user] Firewall Getting Hammered.
Hi Joe On Mon, 06 Oct 2003 20:23:58 -0500, j d [EMAIL PROTECTED] wrote: Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump): Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530 and Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347 A few informative links here: http://www.google.com/search?q=UDP+1026 Looks like M$ Messenger Service spam. cheers Julian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Firewall Getting Hammered.
Joe, Are you implementing a blacklist with Shorewall? Just add the offending SRC addys to your list and refresh. If they're spamming you with Messenger spam, why would you want them connecting to any legitimate services you have running? I figure if they're lowlifes to begin with, they can do without knowing our servers exist. Good Luck Tony Julian Church wrote: Hi Joe On Mon, 06 Oct 2003 20:23:58 -0500, j d [EMAIL PROTECTED] wrote: Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump): Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530 and Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347 A few informative links here: http://www.google.com/search?q=UDP+1026 Looks like M$ Messenger Service spam. cheers Julian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RV: [leaf-user] RE: PPTP Client trouble
Alex, Finally I used the latest versions from CVS : pppd2.4.2b3 rp-pppoeplugin version 3.3 (I read somewhere that this version is really 3.5, but I supose It's a typo) pptp1.3.1-1 /etc/ppp/peers/dsl-provider plugin /usr/lib/pppd/rp-pppoe.so noipdefault hide-password lcp-echo-interval 10 lcp-echo-failure 3 connect /bin/true noauth usepeerdns name * pty pppoe -I eth1 -T 80 -m 1452 /etc/ppp/peers/tunnel lock noauth nobsdcomp nodeflate lcp-echo-interval 10 lcp-echo-failure 3 mtu 1000 name * pty pptp pptp server --nolaunchpppd I don't use /etc/network/interfaces to manage the ppp interfaces... so : pon dsl-provider eth1 pon tunnel poff dsl-provider poff tunnel Cheers, Mariano. -Mensaje original- De: Alex Ryabtsev [mailto:[EMAIL PROTECTED] Enviado el: Martes, 07 de Octubre de 2003 04:00 Para: Mariano Drzazga Asunto: RE: [leaf-user] RE: PPTP Client trouble Hi Mariano, On Sat, 2003-09-27 at 11:06, Mariano Drzazga wrote: Thank you Eric. - In fact, as you said, I remebered that I wasn't using the last ppp package (for size problems). - The version of pptp I'm using is the latest in CVS. - The pptp interface was ppp1 because ppp0 was the DSL connection (I make the VPN connection trought the ADSL line, ppp0) I will try with the latest pppd from the CVS and I'll post my experience. As I understood, you have managed to run pptp client on bering through PPPoE connection? Could you please describe how you did it? Which packages instaalled and what configuration made? Thanks in advance. -- Alex Ryabtsev [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering uClibc 1.2 : lshd bug fix available?
Is the lshd in Bering uClibc compromised? LSH: Buffer overrun and remote root compromise in lshd http://cert.uni-stuttgart.de/archive/bugtraq/2003/09/msg00323.html Is any bugfix planned or just available? Regards Markus --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering uClibc 1.2 : lshd bug fix available?
Is the lshd in Bering uClibc compromised? LSH: Buffer overrun and remote root compromise in lshd http://cert.uni-stuttgart.de/archive/bugtraq/2003/09/msg00323.html Is any bugfix planned or just available? Regards Markus I can't recall if that particular problem has been fixed, but we ,(Bering uClibc team) have switched to Dropbear, a small SSHD daemon. You can find it in our latest beta image, now part of the base floppy. But if you really want it for Bering uClibc we will have to compile it, we don't have it in our package repository. Luis Correia Bering uClibc Team PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Problem starting Shorewall Firewall
Hey how is everybody doing? Let see if you can spot me here with my problem. I use to work with Bering 1.2 for VLAN issues but now I want to configure an old machine as a firewall using the software shorewall which is include in Berig 1.2. I have downloaded the quick start guide for a simple configuration, a local net conected to the firewall (eth1) by a hub (local PCs and the firewall by eth1 are conected to the same hub) and the firewall conected to the router (eth0) of course eth1 has thh net IP address of the local net and eh0 has the same net IP address of the router. Also I have configurated all the machines within the local net with their gateway set with the IP address of the local interfce of the firewall (eth1) as it is said in the quickstart guide of shorewall for two interfaces. I have the following policies: local net ACCEPT net all DROP all all REJCET The in the rules I have some rules like local fw tcp 53 local net tcp 4662 local net udp 4662 netlocal udp 4662 local fw tcp 80 fw net tcp 80 local net tcp 25 (SMTP) netlocal tcp 110 (POP) and two or three more, I don´t know if the rules are like that exactly now. The problem is that, from any computer of the local net I can ping the private interface of the router (which is conected to the fw) and from the firewall I can ping either the router or any local PC. But when I try to open my web broser in any of my local PCs it doesn´t work. So here is my question, with Bering 1.2 and it´s shorewall, do I have to start the firewall with any command? or does it get set up automaticly by it self after the sistem is booted? if so, how can I get it started? Did I do anything wrong in my configuration of the firewall or in the desing of the net? Thanks for yor time falks ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [Bering] IDLE Problem
Hello all, if I set the idle to 30~80 seconds, all is working fine. But more give me no Timeout on ppp0. Why ? Here is my syslog copied from the weblet: Oct 8 00:06:40 router pppd[30564]: pppd 2.4.1 started by root, uid 0 Oct 8 00:06:40 router pppd[30564]: Using interface ppp0 Oct 8 00:06:40 router pppd[30564]: local IP address 10.64.64.64 Oct 8 00:06:40 router pppd[30564]: remote IP address 10.112.112.112 Oct 8 00:07:21 router pppd[30564]: Starting link Oct 8 00:07:22 router chat[14625]: report (CONNECT) Oct 8 00:07:22 router chat[14625]: abort on (BUSY) Oct 8 00:07:22 router chat[14625]: abort on (NO CARRIER) Oct 8 00:07:22 router chat[14625]: abort on (VOICE) Oct 8 00:07:22 router chat[14625]: abort on (NO DIALTONE) Oct 8 00:07:22 router chat[14625]: abort on (ERROR) Oct 8 00:07:22 router chat[14625]: abort on (NO ANSWER) Oct 8 00:07:22 router chat[14625]: send (ATZ^M) Oct 8 00:07:22 router chat[14625]: expect (OK) Oct 8 00:07:22 router chat[14625]: ATZ^M^M Oct 8 00:07:22 router chat[14625]: OK Oct 8 00:07:22 router chat[14625]: -- got it Oct 8 00:07:22 router chat[14625]: send (AT\FH0^M) Oct 8 00:07:22 router chat[14625]: expect (OK) Oct 8 00:07:22 router chat[14625]: ^M Oct 8 00:07:22 router chat[14625]: ATFH0^M^M Oct 8 00:07:22 router chat[14625]: OK Oct 8 00:07:22 router chat[14625]: -- got it Oct 8 00:07:22 router chat[14625]: send (ATDT0860888080^M) Oct 8 00:07:23 router chat[14625]: expect (CONNECT) Oct 8 00:07:23 router chat[14625]: ^M Oct 8 00:07:41 router chat[14625]: ATDT0860888080^M^M Oct 8 00:07:41 router chat[14625]: CONNECT Oct 8 00:07:41 router chat[14625]: -- got it Oct 8 00:07:41 router chat[14625]: send (PPP^M) Oct 8 00:07:41 router pppd[30564]: Serial connection established. Oct 8 00:07:41 router pppd[30564]: using channel 5 Oct 8 00:07:41 router pppd[30564]: Connect: ppp0 -- /dev/ttyS0 Oct 8 00:07:42 router pppd[30564]: sent [LCP ConfReq id=0x1 asyncmap 0x0 magic 0xb77b1332 pcomp accomp] Oct 8 00:07:45 router pppd[30564]: sent [LCP ConfReq id=0x1 asyncmap 0x0 magic 0xb77b1332 pcomp accomp] Oct 8 00:07:45 router pppd[30564]: rcvd [LCP ConfReq id=0x1 asyncmap 0x0 auth chap MD5 pcomp accomp endpoint [MAC:00:d0:52:04:87:e8]] Oct 8 00:07:45 router pppd[30564]: sent [LCP ConfAck id=0x1 asyncmap 0x0 auth chap MD5 pcomp accomp endpoint [MAC:00:d0:52:04:87:e8]] Oct 8 00:07:45 router pppd[30564]: rcvd [LCP ConfAck id=0x1 asyncmap 0x0 magic 0xb77b1332 pcomp accomp] Oct 8 00:07:46 router pppd[30564]: rcvd [CHAP Challenge id=0x1 53979f1e5e35d549774877aa914ce0f3, name = nsstr208] Oct 8 00:07:46 router pppd[30564]: sent [CHAP Response id=0x1 458ee65e828debc84b8894363e44b641, name = fti/cac3qzk] Oct 8 00:07:46 router pppd[30564]: rcvd [CHAP Success id=0x1 \000] Oct 8 00:07:46 router pppd[30564]: Remote message: ^@ Oct 8 00:07:46 router pppd[30564]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0 compress VJ 0f 01] Oct 8 00:07:46 router pppd[30564]: sent [CCP ConfReq id=0x1 deflate 15 deflate(old#) 15] Oct 8 00:07:46 router pppd[30564]: rcvd [IPCP ConfReq id=0x1 compress VJ 0f 01 addr 193.251.96.169] Oct 8 00:07:46 router pppd[30564]: sent [IPCP ConfAck id=0x1 compress VJ 0f 01 addr 193.251.96.169] Oct 8 00:07:46 router pppd[30564]: rcvd [CCP ConfReq id=0x1 11 06 00 01 01 03] Oct 8 00:07:46 router pppd[30564]: sent [CCP ConfRej id=0x1 11 06 00 01 01 03] Oct 8 00:07:46 router pppd[30564]: rcvd [IPCP ConfNak id=0x1 addr 80.9.197.35] Oct 8 00:07:46 router pppd[30564]: sent [IPCP ConfReq id=0x2 addr 80.9.197.35 compress VJ 0f 01] Oct 8 00:07:46 router pppd[30564]: rcvd [CCP ConfRej id=0x1 deflate 15 deflate(old#) 15] Oct 8 00:07:46 router pppd[30564]: sent [CCP ConfReq id=0x2] Oct 8 00:07:46 router pppd[30564]: rcvd [IPCP ConfAck id=0x2 addr 80.9.197.35 compress VJ 0f 01] Oct 8 00:07:46 router pppd[30564]: Local IP address changed to 80.9.197.35 Oct 8 00:07:46 router pppd[30564]: Remote IP address changed to 193.251.96.169 Oct 8 00:07:46 router pppd[30564]: sent [IP data] 45 00 00 3a 27 b8 40 00 ... Oct 8 00:07:46 router pppd[30564]: Script /etc/ppp/ip-up started (pid 1649) Oct 8 00:07:46 router pppd[30564]: rcvd [CCP ConfRej id=0x2] Oct 8 00:07:46 router pppd[30564]: Script /etc/ppp/ip-up finished (pid 1649), status = 0x100 Oct 8 00:15:01 router /USR/SBIN/CRON[13578]: (root) CMD (/etc/multicron-p) Oct 8 00:22:22 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.67 DST=192.168.1.2 LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=17300 PROTO=UDP SPT=1864 DPT=53 LEN=43 Oct 8 00:22:22 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.67 DST=192.168.1.2 LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=17302 PROTO=UDP SPT=1864 DPT=53 LEN=43 Oct 8 00:22:22 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.67 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=17304 PROTO=UDP SPT=1864 DPT=53 LEN=59 Oct 8 00:22:22 router kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=192.168.1.67 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=17306 PROTO=UDP
Re: [leaf-user] [Bering] IDLE Problem
On Wed, 8 Oct 2003, Michelle Konzack wrote: Hello all, if I set the idle to 30~80 seconds, all is working fine. But more give me no Timeout on ppp0. Why ? Below, you say you want no timeout. Your question here suggests that you do want timeout. Perhaps you think timeout means something different than I do? Idle timeout is timer completing full specified time with no activity, which leads to pppd dropping connection. Here is my syslog copied from the weblet: Oct 8 00:06:40 router pppd[30564]: pppd 2.4.1 started by root, uid 0 Oct 8 00:06:40 router pppd[30564]: Using interface ppp0 [...] Oct 8 00:07:41 router pppd[30564]: Connect: ppp0 -- /dev/ttyS0 [...] Oct 8 00:37:57 router pppd[30564]: Terminating on signal 15. This message usually indicates that the connection was dropped, either due to line noise (modem gave up) or because the other end dropped the connection (timeout by ISP). [...] There is absulutly nothin which let the Connection 'persist' !!! What can I do ? - Curently I have set the idle to 60 seconds, but this is no solution for me... Talk to your ISP? Maybe they don't like people camping on their modems. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html