Re: AW: [leaf-user] Update: Short term LEAF project goals
"Alex Rhomberg" <[EMAIL PROTECTED]> writes: > This is a good place to advertise my work: I have written a bunch of > scripts Could you add a link please? Regards, Frank --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dns dies?
Raymond Page <[EMAIL PROTECTED]> writes: > ability to dns lookups from my Bering box. It can ping nameservers, however > the lookup seems to have died. Any ideas why? The first bet is always that the generated logs are not taken by the responsible processes. If that occurs, dnscache will stop resolving. If you don't run dnscache under daemontools, try this. The multilog process will never fill the disk if configured correctly. Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] unclean W2k packets (445)
Hi, I set "dropunclean" on an interface that W2k clients use as gateway to another location (system is Bering 1.2). After checking the logs I found some dropped (unclean) tcp packets that were sent to port 445 of a W2k server. Its not a big deal because NetBT is still available (port 139) but I wonder if its standard behaviour of W2k to send packages that netfilter sees as unclean. Did someone see this happen too? Before I add tcpdump to Bering, has anybody seen what is unclean in these packages? Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] unclean W2k packets (445)
Tom Eastep <[EMAIL PROTECTED]> writes: > I strongly recommend *against* using that option on a production router. Because its experimental status or are there any other reasons? Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] unclean W2k packets (445)
Tom Eastep <[EMAIL PROTECTED]> writes: > Because there are simply too many TCP stacks out there with minor > problems that you are effectively blacklisting if you use this option. Ok, that's true for the average case. I had this very special network in mind that is W2k only. Anyway - because there seem to be problems too I will remove the option. Thanks for your answers! Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall common.def in Bering 1.2
Tom Eastep <[EMAIL PROTECTED]> writes: > you don't like it, create /etc/shorewall/common and put the rules that > YOU like in it. I did this - my question was about why these defaults are used. I suspect it's only a matter of personal preferences. But maybe I miss some obvious reason - I would like to learn about this then. Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall common.def in Bering 1.2
Frank Tegtmeyer <[EMAIL PROTECTED]> writes: > I interpreted Windows traffic coming from the Internet ... I think I see my mistake - common.def is applied to all traffic on all interfaces (if not handled by rules). So the reject is choosen to be friendly to internal users, right? Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall common.def in Bering 1.2
Hi, is there any reason that the Windows ports in common.def are set to reject instead of DROP? I like to slow scanners down if possible, so DROP would be the natural choice. The only ports where I use reject are ident (to be friendly) and some annoying P2P ports (to get them stopped faster). Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall common.def in Bering 1.2
Julian Church <[EMAIL PROTECTED]> writes: > Since the packets you're seeing are pretty much exclusively harmless > "chatter" it's more user friendly this way. You mean Windows users using the Internet as "network neighborhood"? I'm not too familiar with Windows hosts connected to the Internet through modem/isdn/dsl/..., so what you say may be correct. I interpreted Windows traffic coming from the Internet as part of a scan always. So there would be no need to be friendly. If this traffic is generated by accident in most cases the default of rejecting would be justified. Regards, Frank --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html