Re: Security for amateurradio TCP/IP server!
On Mon, 27 Sep 1999, M Taylor wrote: In Canada an encrypted telnet, ssh, SSL, or encrypted SMTP or POP3 would likely violate Radiocommunication Regulations section 47b: 47. A person who operates radio apparatus that is licensed in the amateur radio service may only ... (b) use a code or cipher that is not secret; and The encryption schemes around these days use published codes/ciphers, it is merely the keys which are secret. I don't know whether this is a legal nicety or not - you decide. 73, G8FSL -- Andrew Benham [EMAIL PROTECTED]
Re: Baycom and Linux?
On Mon, Sep 27, 1999 at 09:09:03PM +0200, [EMAIL PROTECTED] wrote: Wich SuSE-Version are you running? On my SuSE 6.2 there are the /dev/bc* devices, even without running a baycom device, as there are installed by the devs-package: They exist but they will not be used. The kernel will not recognise them. SuSE shouldn't ship them any more. None of my Debian systems have ever had them. cheers Hamish -- Hamish Moffatt Mobile: +61 412 011 176 [EMAIL PROTECTED] Rising Software Australia Pty. Ltd.http://www.risingsoftware.com/ Phone: +61 3 9894 4788Fax: +61 3 9894 3362USA: 1 888 667 7839
netrom and 2.2.x kernels
I know it's been posted before... Could someone please refresh me with archived messages and/or a rundown on "how-to" netrom nodes with 2.2.x kernels? Running SuSE 6.2 beta 2 (Kai?) Thanks, - James S. Kaplan KG7FU Eugene Oregon USA [EMAIL PROTECTED] http://www.rio.com/~kg7fu ICQ # 1227639 Have YOU tried Linux today? -
Re: netrom and 2.2.x kernels
On Tue, 28 Sep 1999, James S. Kaplan KG7FU wrote: Could someone please refresh me with archived messages and/or a rundown on "how-to" netrom nodes with 2.2.x kernels? Just like before? There are no fundamental changes in the NET/ROM support. You do have to use recent lib/tools/apps to get everything working and the "-i" option to nrattach isn't really optional in 2.2.x kernels (the same goes for kissattach, spattach etc.). -- Tomi Manninen Internet: [EMAIL PROTECTED] OH2BNS AX.25: [EMAIL PROTECTED] KP20ME Amprnet: [EMAIL PROTECTED]
Re: Baycom and Linux?
On Tue, Sep 28, Hamish Moffatt wrote: On Mon, Sep 27, 1999 at 09:09:03PM +0200, [EMAIL PROTECTED] wrote: Wich SuSE-Version are you running? On my SuSE 6.2 there are the /dev/bc* devices, even without running a baycom device, as there are installed by the devs-package: They exist but they will not be used. The kernel will not recognise them. SuSE shouldn't ship them any more. None of my Debian systems have ever had them. We are shipping the old kernel 2.0.36 as fallback so the devices could be useful. Kai -- Kai Altenfelder, SuSE GmbH, Schanzaeckerstr. 10, D-90443 Nuernberg Tel.: +49-911-74053-0, Fax: +49-911-3206727, EMail: [EMAIL PROTECTED] Ham: DL3LBA PGP public key available
Re: Security for amateurradio TCP/IP server!
On 28-Sep-99 Andrew Benham wrote: The encryption schemes around these days use published codes/ciphers, it is merely the keys which are secret. I don't know whether this is a legal nicety or not - you decide. It doesn't really matter, any kind of public key cryptography whether used for authentication or signing (never mind data encryption) has been deemed by the UK RA to be unacceptable, period. What they are actually afraid of, reading between the lines, is steganography: ie. hiding messages inside of largish blocks of binary data, which exactly what a public key really is. Dirk G1TLH -- Dirk-Jan Koopman, Tobit Computer Co Ltd At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.
Re: Security for amateurradio TCP/IP server!
Greetings, I and many others have been working on a SANS document that talks about a step by step instruction on securing a Linux server. This may be of interest to some of you especially those who are installing a Linux server for the first time on the inet. I am not sure when it will be released or if there are any charges associated with this document. I do know that it contains excellent examples, such as ipchains config from Trinity OS. Maybe there is a clue to its release at www.sans.org site ? I am not affiliated in any way with the organization but I really enjoyed their symposium. Regards, John
Re: Security for amateurradio TCP/IP server!
On Tue, Sep 28, 1999 at 12:58:00PM +0100, Dirk Koopman wrote: What they are actually afraid of, reading between the lines, is steganography: ie. hiding messages inside of largish blocks of binary data, which exactly what a public key really is. No, that's winnowing. == KC5TJA/6 | -| TEAM DOLPHIN |- DM13 | Samuel A. Falvo II QRP-L #1447| http://www.dolphin.openprojects.net Oceanside, CA |..
Re: Security for amateurradio TCP/IP server!
On Tue, Sep 28, 1999 at 11:12:11AM -0300, M Taylor wrote: To control access, I would make certain that you use a recent kernel, 2.2.12 works well for me, and have all necessary distribution's patches and updates installed. You can use tcp_wrappers for "course" access control such 44.*.*.* vs. from the internet access, and a mini-firewall using ipchains for "finer grain" access control and logging. And don't forget the obvious: Do not give shell access to new users by default! Set their default shells to /bin/false. This is easy enough to do -- "adduser" is a script, and can be edited by hand. While you're at it, be sure to `cat $USERNAME /etc/ftpusers` to prevent them from accessing files on the box via FTP. Sendmail is a bit more difficult to secure down, as it requires modifying sendmail.cf (recommended; sendmail.m4 just doesn't give you the flexibility of a direct edit of sendmail.cf does). However, it's quite possible to terminate the use of mail relaying in all forms by editing sendmail.cf appropriately. Armored Internet, my company, did just this -- and for the last four years, not one mail has been relayed from our servers. Not saying it's impossible -- just that it has yet to be done. Unfortunately, due to NDAs, I cannot release the sendmail.cf. :( POP servers are even more difficult, as it requires modification of the POP/IMAP server software itself. But this is also trivial, if you know the C programming language. Create a new configuration file, "popusers", which works identically to ftpusers. Every time a POP server receives both a USER and a PASS parameter, check the POP users file, and make sure that the indicated user isn't listed. Then that will stop them from accessing their e-mail. It will not stop them from attempting to hack another e-mail account, however -- nothing you can do on your box can stop this. It's all a part of being a service provider. Deal with it! :-) Once these measures have been put in place, /really/, the only way to get into the box is through whatever channels you actually setup. They cannot get to shell access, either via telnet, rlogin, or otherwise, as their shell is set to /bin/false. rsh won't work because (presumably) they do not have a .rlogin file sitting in their home directory. They won't be able to FTP files in or out of the box if their user ID is in the ftpusers file except as anonymous, and the security for anonymous in most FTP servers is usually quite good. Proper directory structuring is the key here. They won't be able to relay mail off your server with a correctly configured sendmail.cf (the "anti-spam" and "anti-relaying" measures in Sendmail don't cover all the cases, or even most of the cases -- a full audit of sendmail.cf is required for efficient anti-relay protection). And with the modified POP server, they won't be able to check their mail either, thus preventing another form of DoS attack. The worst thing that can happen in this case is they can hog the network bandwidth in your modem. == KC5TJA/6 | -| TEAM DOLPHIN |- DM13 | Samuel A. Falvo II QRP-L #1447| http://www.dolphin.openprojects.net Oceanside, CA |..
AX.25 Layer 1
"physical" layer. Thanks. == KC5TJA/6 | -| TEAM DOLPHIN |- DM13 | Samuel A. Falvo II QRP-L #1447| http://www.dolphin.openprojects.net Oceanside, CA |..
Re: AX.25 Layer 1
On Tue, Sep 28, 1999 at 09:56:30AM -0700, Samuel A. Falvo II wrote: MIME-Version: 1.0 "physical" layer. Thanks. WHOA! This came out all mangled up. Hope this messages gets through OK. I'm looking for the physical characteristics for AX.25, as used on the VHF bands. Any ideas? Would they be on tapr.org? (Of course, I'll look there anyway, but it doesn't hurt to ask.) == KC5TJA/6 | -| TEAM DOLPHIN |- DM13 | Samuel A. Falvo II QRP-L #1447| http://www.dolphin.openprojects.net Oceanside, CA |..
Problems compiling ax25-utils-2.1.42a
Hello all! I am having BIG problems with the last ax25-utils... Since i update to linux 2.2.12 (from 2.0.36) my ax25 connection stopt working... I only used "call" to connect the DX-cluster, but for a week or less i have been "fighting" the PC and i have been unable to make the call work! The problem i got when i try "make" in the ax-util directory is: gcc -Wall -Wstrict-prototypes -O2 -c -o procutils.o procutils.c procutils.c: In function `read_proc_ax25': procutils.c:36: `errno' undeclared (first use this function) procutils.c:36: (Each undeclared identifier is reported only once procutils.c:36: for each function it appears in.) procutils.c: In function `read_proc_ax25_route': procutils.c:107: `errno' undeclared (first use this function) procutils.c: In function `read_proc_nr_neigh': procutils.c:154: `errno' undeclared (first use this function) procutils.c: In function `read_proc_nr_nodes': procutils.c:194: `errno' undeclared (first use this function) procutils.c: In function `get_call': procutils.c:255: `errno' undeclared (first use this function) make[1]: *** [procutils.o] Error 1 make[1]: Leaving directory `/otro/nuevo/radio/k/ax25-utils-2.1.42a/lib' make: *** [all] Error 2 And when i try "call radio ea4ure-5". I start the ax25 with: kissattach -m 512 -v /dev/tnc radio 44.133.228.22 kissparms -p radio -t 200 -s 0 -r 0 route add -net 44.133.228.0 netmask 255.255.255.192 ax0 ifconfig ax0 broadcast 44.133.228.63 netmask 255.255.255.192 Similar as i used to execute with 2.0.36... Then i get: ea4abw:~/.pgp# tnc.bat kissattach: 0.0.5 axconfig: port radio not active kissparms: no AX.25 ports configured SIOCADDRT: La operación no está soportada por el dispositivo (this means The device does not support that function ) SIOCSIFBRDADDR: La operación no está soportada por el dispositivo ax0: unknown interface. SIOCSIFNETMASK: La operación no está soportada por el dispositivo ea4abw:~/.pgp# axconfig: port radio not active === Can anybody help me? Many thanks! 73 Jaime Robles e-mail: [EMAIL PROTECTED] Fido: 2:341/136.49 POBox 9416 * 28080 * Madrid http://www.geocities.com/SiliconValley/5161 Powered by LiNUX!
RE: Still need DNS help! (was: HAM related DNS problem)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Schelander Sent: Monday, September 27, 1999 11:11 PM I would like to have a configuration where I can list the names for local ham stations here (within ampr.org) and forward only if requests for not listed stations should be answered. Setting up my DNS server as master for ampr.org is impossible, because requests for names which are not listed in my ampr.org zone file are not forwarded. Setting up as a slave is impossible too, because zonetransfers between the ampr.org master are out of question. Why not do what I used to do, which is to FTP the ampr.org zone and reverse files from ucsd.edu and install them in my own DNS server. I used to hack the SOA etc to point to myself to try and keep things simple. I know this is not a clean and pure way of running DNS, but as most of ampr.org is slow changing it worked well with a weekly update. Another alternative some stations used was to grab the entire ampr.org files and strip out all but local (reachable stations). This was done when 8 megs of RAM was considered a lot and the ampr.org took up valuable swap space :-) I must point out that this only really scales when there is no local wormhole to allow worldwide connectivity. If you've a reasonably modern machine you'll have no real trouble having all of ampr.org loaded in your own DNS server. And, should you use the same machine for internet stuff too, you'll find that you can retain your own copy of ampr.org and still allow your ISP to be your forwarder for everything else when online. (ofcourse, the best solution for slow half duplex networks and memory starved machines would be, A. a resolver library with longer timeouts and B. a crippled bind that could look up from a disk based database (as nos does/did) ). David G7PIT
Re: AX.25 Layer 1
On 28-Sep-99 Samuel A. Falvo II wrote: I'm looking for the physical characteristics for AX.25, as used on the VHF bands. Any ideas? Would they be on tapr.org? (Of course, I'll look there anyway, but it doesn't hurt to ask.) layer 1 = bell 202 tones. -- Dirk-Jan Koopman, Tobit Computer Co Ltd At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.
Re: AX.25 Layer 1
On Tue, Sep 28, 1999 at 10:20:45PM +0100, Dirk Koopman wrote: layer 1 = bell 202 tones. Which are? == KC5TJA/6 | -| TEAM DOLPHIN |- DM13 | Samuel A. Falvo II QRP-L #1447| http://www.dolphin.openprojects.net Oceanside, CA |..
Re: Baycom and Linux?
On Tue, Sep 28, 1999 at 12:46:19PM +0200, Kai Altenfelder wrote: On Tue, Sep 28, Hamish Moffatt wrote: On Mon, Sep 27, 1999 at 09:09:03PM +0200, [EMAIL PROTECTED] wrote: Wich SuSE-Version are you running? On my SuSE 6.2 there are the /dev/bc* devices, even without running a baycom device, as there are installed by the devs-package: They exist but they will not be used. The kernel will not recognise them. SuSE shouldn't ship them any more. None of my Debian systems have ever had them. We are shipping the old kernel 2.0.36 as fallback so the devices could be useful. It is my understanding that the bc0 character devices are much much older than that. IIRC, the ax25 code changed significantly in 2.0.35 (backported from the 2.1.x development tree). I suspect it may be older than that. cheers Hamish -- Hamish Moffatt Mobile: +61 412 011 176 [EMAIL PROTECTED] Rising Software Australia Pty. Ltd.http://www.risingsoftware.com/ Phone: +61 3 9894 4788Fax: +61 3 9894 3362USA: 1 888 667 7839
How to stop the automatic sending of mail about AX25-ham please ?
Hello all. I'm looking for the way to stop the automatic sending of mail from vger.rutgers.edu about linux - ax25 - ham radio. The reason is the wrong e-mail than i have gave when i suscribed the mail-news of "linux - ax25 - ham radio". I someone could help me, it will be really nice beacause the e-mail is my professionnal e-mail. By advance, many thanks for help. Best regards, Sebastien. -- EMail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web: http://www.chu-rouen.fr http://www.chu-rouen.fr --