Re: [newbie-it] Tema Liquid di Mosfet
Fabio Z. wrote: From: Milko Ferioli [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [newbie-it] Tema Liquid di Mosfet Date: Wed, 18 Sep 2002 00:09:09 -0400 Ciao sto cercando il tema Liquid di Mosfet ma ho dei preblemi a trovarlo, qualcuno sa' indicarmi dove reperirlo. Ciao Milko Per trovare i temi per KDE e le istruzioni per installarli, puoi andare al sito kde-look.org; lì c'è proprio di tutto e di più. Ciao. _ MSN Hotmail è il provider email più grande al mondo cosa aspetti a farti un account? http://www.hotmail.it ti consiglio di prendere gli rpm da qui ftp://plf.zarb.org/cooker Il sito di riferimento è : http://plf.zarb.org/ trovi un sacco di cosette interessanti
[newbie-it] MySQL
Qualcuno sa - oppure ha da spedirmi - dove posso recuperare dei manuali di Mysql in _italiano_? Cerco e cerco in rete, ma alla fine scarico sempre gli stessi, in inglese... -- Arwan
[newbie-it] Divisione dei file
Scusate il piccolo OT ma avrei bisogno di sapere se nell'installazione di MDK8.2 è compresa un'utilità per spezzare i file grandi. Se esiste come si chiama? Eventualmente come faccio poi per riunirli? Grazie a tutti ciao nicola -- GIUSEPPE: E pensare che vivra' solo 33 anni... MARIA: Beh, per essere un Palestinese e' gia' tanto. -- Ellekappa
[newbie-it] scelta firewall
buonasera a tutti. vorrei un consiglio su quale firewall installare sul mio pc mand 8.2. il pc è standalone per solo uso personale domestico. si connette ad internet via normalissimo modem prossimamente spero via adsl sulle distro (8.2 download e 8.1 powerpack) ce ne sono vari bastille? guarddog? firestarter? shorewall? le mie esigenze sono UNA SOLA: che sia FACILE e rapido da installare e IDIOTA da usare. poi se non è il massimo della sicurezza non mi interssa. l'importante è non perdere tempo a configurare. se ne avete installato qualcuno e potete consigliarmi grazie. qui si passa la vita a configurare, configurare, configurare... ho fatto il programmatore per otto anni e non voglio più dedicare tempo in eccesso a questa scatola di latta. voglio solo usare e solo interfacce grafiche, per principio. perdonate lo sfogo. rigrazie. ciao.
Re: [newbie-it] Divisione dei file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 22:04, sabato 21 settembre 2002, Nicola ha scritto: Scusate il piccolo OT ma avrei bisogno di sapere se nell'installazione di MDK8.2 è compresa un'utilità per spezzare i file grandi. Se esiste come si chiama? Eventualmente come faccio poi per riunirli? per dividere split per riunire cat es: split file crea dei pezzi a1 a2 a3 an per riunire cat a* file per maggiori info man split man cat Grazie a tutti ciao nicola bye miKe ___ Slackware 8.1 GNU/Linux 2.4.19 hp Xe3 R.U.#219755 - S.R.U.#705 - R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9jOT4F/9fksDJ4y0RApmHAKC0J9m9ioRQ8ksmQ4UynUKhbJ77GgCfdggm zGNDCgWomUZ1xv5ibMTWC6o= =xPp9 -END PGP SIGNATURE-
Re: [newbie-it] ancora di driver nvidia
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 23:26, venerdì 20 settembre 2002, Ale ha scritto: Non è che ora il driver in XF86Config-4 è fbdev? quello serve per usare il framebuffer ma non è accelerato, altrimenti ad esempio, per nvidia o 3dfx o matrox, in fase di configurazione del kernel , si può scegliere se usare il modulo framebuffer standard o compilarne uno per la proprio scheda, è comunque meno performante di Xfree con i moduli per la propria gpu (nel caso di nvidia, ricompilati o installati da rpm) bye miKe ___ Slackware 8.1 GNU/Linux 2.4.19 hp Xe3 R.U.#219755 - S.R.U.#705 - R.M.#110932 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9jOY/F/9fksDJ4y0RAgfHAKChUc0USmWO6A90JMSyZLO0NbrCIwCfY/nd BoRsBn5QF+0zgpKTvqoCmJU= =tdJY -END PGP SIGNATURE-
Re: [newbie] Mounting my NTFS partition
On Sat, 21 Sep 2002 08:32, Scott Felton wrote: On Wednesday 18 September 2002 10:20 pm, you wrote: mount -t ntfs /dev/hda1 /windows Mandrake puts mount points in /mnt, so it may be /mnt/windows. I use /mnt/winnt. /dev/hda is the disk, /dev/hda1 is a partition. you want to mount a partition. BTW, it WILL be read-only. Read-write access is experimental, don't use it. Thanks for the above Michael. With your advice and adive from many others on the list I am able to mount my NTFS partition. I have added it to fstab and it works fine. I can only access it when logged in as root though. (I'll tackle that next) Many people suggested a FAT32 common area to read/write files between Linux and WindowsXP but I can't do that here. The Windows disk that came with my machine will only install using NTFS and it takes the entire 40g hard drive for itself with no consideration for what may already be on the disk. I haven't found a (free) tool that will let me claim back some of that space to use as anything other than NTFS. I will have the last laugh when I put my final chosen Linux dist on here using both 40g disks and use those Windows CDs for coasters! (margarittas anyone? :) During the Linux install on your second disk you could set aside a small fat32 partition as hdb1. -- Michael Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] giving up the ship?
On Fri, 20 Sep 2002 21:43:48 -0700 (PDT), Ibly Piblo [EMAIL PROTECTED] wrote: How do you block Nimda attacks from your logs? Really, now, there must be a way, I have tried script after script, I am still getting attacked by this IP: 65.192.141.115 Who are these criminals? Usually they're not criminals, they're just idiots. a) they're running IIS so they're not the sharpest tool in the box b) they've not paid any attention to the media outpourings over the last 12 months about Nimda, Code Red, IIS viruses in general c) they haven't taken the trouble to follow up on the reports and find install any protection d) they're paying no attention to the behaviour of their server and the fact that it's probably running like an asthmatic snail at the moment I guess you just can't run a web server anymore. Oh yes you can. Remember that these attacks generate IP addresses then attempt to connect to them on port 80. I moved my server from port 80 to port 81 about 6 months ago. Prior to that I was getting Nimda/Code Red hits in the logs every hour. Since then I've had ONE dodgy access that was someone attempting to use me as a proxy! Now people just access my website as http://www.domain.com:81/page.html rather than http://www.domain.com/page.html I live in peace once more :-) Jon Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] Dual Boot - Win XP and Suse 7.3
Hello, I have the following situation: I upgraded to Win XP Profesional from Win Me. Before this I had my system in dual boot with Suse 73. After installing XP I lost the abillity to boot Linux Suse. Currently my C: drive is NTFS. It is there a posibility to have dual boot with XP without risking to damage the C: partition or boot sector ? If you have done it I'll be glad to hear how you solved this problem. Thanks a lot, Alex Do you Yahoo!? New DSL Internet Access from SBC & Yahoo!
[newbie] XP professional
Hello guys. This is not too much realted to linux but I thought someone could help. I deleted Mandrake Linux 8.2 ( I finally got it installed because i bought the CD's from ebay). I bought Windows XP professional, and im not sure whether to put XP pro on an NTFS file system, or FAT32. Which is better? I want something that can compatible with all programs and software. Whats the difference between FAT32, and NTFS. After I get Win XP running, I will install linux again. Ps. When I was playing around with linux, KDE keeps freezing on me sometimes. I donno why this happens
Re: [newbie] XP professional
On Saturday 21 September 2002 09:44, Alex K wrote: I think you should keep your primary partition FAT32. You put in this one Windows and let other os's like Linux to access it. I have a similar situation in which I installed SUSE 73 when C: was FAT32 but afterwards I convert it to NTFS after installing XP Professional The bad thing about converting to NTFS after installing Windows is that the conversion does not set any permissions, so your partition's protection is just as vulnerable as FAT32, until you manually start tweaking it. Lee Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] giving up the ship?
Thank you Mr. Slater , is this what it is supposed to say? # iptables -A INPUT -s 65.192.141.115 -j DROP /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz failed modprobe: insmod ip_tables failed iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. [root@localhost ] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] giving up the ship?
- Original Message - From: Todd Slater [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 21, 2002 1:12 AM Subject: Re: [newbie] giving up the ship? On Fri, 20 Sep 2002 21:43:48 -0700 (PDT) Ibly Piblo [EMAIL PROTECTED] wrote: How do you block Nimda attacks from your logs? Really, now, there must be a way, I have tried script after script, I am still getting attacked by this IP: 65.192.141.115 Use iptables. iptables -A INPUT -s 65.192.141.115 -j DROP snip Isnt there something easier, a script I can just download and install? I use one that was posted on this list a while ago. I'm going to aggressively fight back, if there is a script that I can put in my /bin directory that will scan my /var/tmp/blocked file and instead of just ipchain-ing them out, (INEFFECTIVE!) it will shut them down, it is the only way. I believe Civileme posted a link to a page on PLF that contained such a script. Check the archives. It is annoying. I've been hit by 81 infected computers in a little over 2 weeks. If you drop them, they should not be showing up in your http logs. iptables gets flushed everytime you restart--could that be it? I run this if I have to restart: #!/bin/bash for idiot in `cat /var/tmp/blocked` do iptables -A INPUT -s $idiot -j DROP done exit HTH, Todd Another option is to put the offending IP address in your apache commonhttpd.conf: Order allow,deny Allow from all Deny from 65.192.141.115 You can list as many as you want Then restart Apache Once a week I go thru my logs and add the newest worst offenders, and remove those that are over 2 months old. Roy Murray www.ServiceTechHelp.com www.roymurray.net Linux Registered User 243148 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] giving up the ship?
On Sat, 21 Sep 2002 15:28:46 -0700 (PDT) Ibly Piblo [EMAIL PROTECTED] wrote: Thank you Mr. Slater , is this what it is supposed to say? # iptables -A INPUT -s 65.192.141.115 -j DROP /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_tables.o.gz failed modprobe: insmod ip_tables failed iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. [root@localhost ] You may have ipchains running instead of iptables. You may have to look at system services to see--stop ipchains and start iptables. -- Todd Slater Not currently listening to tunes Intelligence appears to be the thing that enables a man to get along without education. Education enables a man to get along without the use of his intelligence. (Albert Edward Wiggam) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Changing hda
On Sat, 2002-09-21 at 00:40, Fred Fraley wrote: Last time I tried this I managed to lose my /home partition, so I'm going to ask for help first, this time :-) How do I manage this without losing anything? I'm going to remove /dev/hda, the original 30 gig HD, from this machine. I am keeping /dev/hdb (60 gig), which will become the only HD on the system for the moment. At this time the system boots from hda. hda has everything on it except one user's home directory, /home/dad. I have plenty of room to play with while switching things. Usage is: [root@[EMAIL PROTECTED] ffraley]$ df FilesystemSize Used Avail Use% Mounted on /dev/hda5 3.4G 1.4G 1.9G 41% / /dev/hda6 15G 9.6G 4.4G 69% /home /dev/hdb1 11G 132M 11G 2% /home/dad /dev/hda1 11G 8.7G 1.4G 87% /mnt/windows I am not going to be reinstalling MSwindows on this machine but it does need to be on the 30 gig HD and working (a relative term) when things are finished. I will also be dual-booting MDK from the 30 gig after installing it on my wife's new machine. Can someone point me to a cheat sheet for this, or list the steps? Fred Fred, If I understand correctly, you want to duplicate the linux partitions that are currently on hda onto hdb, but not the w$ stuff, then hdb becomes the sole drive in this box. I would do something like this: 1. move /home/dad that's currently the only occupant of hdb onto /home, so your hdb disk can be wiped. Do something like (as root): cp -Rp /home/dad /home/newdad then edit /etc/passwd to point the associated login (presumably dad) to the new home directory. Also remove the entry that mounts /dev/hdb1 from /etc/fstab. Log on as dad to check that all is well. At this point hdb has no live data. Run diskdrake and repartition hdb. You may want different sizes for some, but the sizes you have used look OK. Duplicate the structure of hda, except that hdb1 can now be a linux filesystem of your choice. Mount hdb5 and 6 on temporary mount points like /newroot and /newhome Copy hda6 to hdb6 with a command like: cp -Rp /home /newhome Copying hda5 is a little more complicated as you need to exclude home, mnt and proc Copy the other directories one at a time with the cp -Rp command like: cp -Rp /etc /newroot/ Now we just have to take care of the boot loader. I'm assuming lilo. edit /newroot/etc/lilo.conf and remove the stanza relating to windows. Having done this you should be ready to remove hda and boot with what was hdb now becoming hda. You will need to boot first from the distro install CD and allow it to rewrite the boot loader. Now (with any luck) you will have everything in place, with a blank partition on hda1 which you can mount as whatever and use for whatever. So, what have I missed? Anyone else want to point out the errors before Fred takes the plunge? Be aware that doing it this way, as long as you have copied /home/dad across correctly and checked that before repartitioning hdb, all your data remains intact on hda and at worst you can start all over without data loss. HTH Brian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] e-mail agent
Hi everyone, Been a long time since i've been in the mailing list. While everybody seems to have new version of mandrake, I still hang on the old version - Mandrake 8.0 . I was wondering if anyone know a good e-mail agent for the Gnome of that version. I have the Kmail 1.2 but i can't get my attachement I click on it but dont do nothing ...just maybe a URL. Thanks in advance. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] ping flood?
Gretts * I came home today to my box noticing that a large number of httpd processes being spawned (this isn't a server, at least not really), and for the last hours or so my box is real slow when it comes to using the net. I'm on a DSL line and am getting some errors connecting to sites and such. I installed tcpdump and am getting lines like: 17:57:50.710986 210.95.36.130.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.711030 m206-157.dsl.tsoft.com 210.95.36.130: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.737316 158.182.6.120.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.737361 m206-157.dsl.tsoft.com 158.182.6.120: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.742490 How can I fix this? If it's a ping storm how do I stop it? I figure it has something to do with iptables but I'm a real newbie where this type of thing is concerned. After looking at tcpdump for a few minutes it is not apparent that a single site is trying to connect, but a large number of different sites. They all have one thing in common, though, this port 4156. I also noticed when looking in /var/log a couple of lines that look specifically like breakin attempts within the last week... Sep 16 19:17:04 m206-157 rpc.statd[1008]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 etc... that is very suspicious - that looks like an exploit. Between 9/16 and today nothing suspicious; there is always the lone ftp or nntp attempt but they fail and it doesn't impact performance. But today, it's like someone is flood pinging my device - the net lights are constantly on. I also saw this today: Sep 21 10:03:59 m206-157 kernel: Neighbour table overflow. Sep 21 10:03:59 m206-157 last message repeated 9 times Sep 21 10:04:04 m206-157 kernel: NET: 3050 messages suppressed. Sep 21 10:04:04 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:09 m206-157 kernel: NET: 8192 messages suppressed. Sep 21 10:04:09 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:14 m206-157 kernel: NET: 7009 messages suppressed. Sep 21 10:04:14 m206-157 kernel: Neighbour table overflow. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ping flood?
On Sat, 2002-09-21 at 21:09, dfox wrote: Gretts * I came home today to my box noticing that a large number of httpd processes being spawned (this isn't a server, at least not really), and for the last hours or so my box is real slow when it comes to using the net. I'm on a DSL line and am getting some errors connecting to sites and such. I installed tcpdump and am getting lines like: 17:57:50.710986 210.95.36.130.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.711030 m206-157.dsl.tsoft.com 210.95.36.130: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.737316 158.182.6.120.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.737361 m206-157.dsl.tsoft.com 158.182.6.120: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.742490 How can I fix this? If it's a ping storm how do I stop it? I figure it has something to do with iptables but I'm a real newbie where this type of thing is concerned. After looking at tcpdump for a few minutes it is not apparent that a single site is trying to connect, but a large number of different sites. They all have one thing in common, though, this port 4156. Dfox, Why don't you try installing Portsentry? It modifies the netfilter tables on the fly so you don't have to be an instant brainiac. You can also specify specific ip addresses for it to drop via iptables. I would try posting this to the expert list too, there are some peeps there who might have some more comments and suggestions. I also noticed when looking in /var/log a couple of lines that look specifically like breakin attempts within the last week... Sep 16 19:17:04 m206-157 rpc.statd[1008]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 etc... that is very suspicious - that looks like an exploit. This looks like a buffer overflow attempt. Between 9/16 and today nothing suspicious; there is always the lone ftp or nntp attempt but they fail and it doesn't impact performance. But today, it's like someone is flood pinging my device - the net lights are constantly on. I also saw this today: Sep 21 10:03:59 m206-157 kernel: Neighbour table overflow. Sep 21 10:03:59 m206-157 last message repeated 9 times Sep 21 10:04:04 m206-157 kernel: NET: 3050 messages suppressed. Sep 21 10:04:04 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:09 m206-157 kernel: NET: 8192 messages suppressed. Sep 21 10:04:09 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:14 m206-157 kernel: NET: 7009 messages suppressed. Sep 21 10:04:14 m206-157 kernel: Neighbour table overflow. There's no doubt that you are under attack. I'd try portsentry first, and then get someone to recommend an rc.firewall script for you. I've seen some, but the landscape is changing so very fast that it's hard to stay up on the latest custom iptables scripts. The experts would be a good place to ask. ;) --LX -- °°° Kernel 2.4.18-6mdk Mandrake Linux 8.2 Enlightenment 0.16.5-11mdkEvolution 1.0.2-5mdk Registered Linux User #268899 http://counter.li.org/ °°° Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] e-mail agent
On Sat, 21 Sep 2002 17:50:34 -0400, [EMAIL PROTECTED] wrote: Hi everyone, Been a long time since i've been in the mailing list. While everybody seems to have new version of mandrake, I still hang on the old version - Mandrake 8.0 . I was wondering if anyone know a good e-mail agent for the Gnome of that version. I have the Kmail 1.2 but i can't get my attachement I click on it but dont do nothing ...just maybe a URL. Thanks in advance. Recommend Sylpheed. It's faster, easier to manuever, keyboard oriented. Rather cryptic to begin but very configurable. It will import you Kmail but it's sort of slow. Convert only what you really need; keep the old kmail to look up old mails for a while. Kmail 1.4.1 is also a good choice. Probably easier if you can find the right rpms. Richard. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] ping flood?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 dfox wrote: | Gretts * | | I came home today to my box noticing that a large number of httpd | processes being spawned (this isn't a server, at least not really), | and for the last hours or so my box is real slow when it comes to | using the net. | | I'm on a DSL line and am getting some errors connecting to sites | and such. I installed tcpdump and am getting lines like: | | 17:57:50.710986 210.95.36.130.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) | 17:57:50.711030 m206-157.dsl.tsoft.com 210.95.36.130: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] | 17:57:50.737316 158.182.6.120.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) | 17:57:50.737361 m206-157.dsl.tsoft.com 158.182.6.120: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] | 17:57:50.742490 | | How can I fix this? If it's a ping storm how do I stop it? I figure | it has something to do with iptables but I'm a real newbie where this | type of thing is concerned. After looking at tcpdump for a few minutes | it is not apparent that a single site is trying to connect, but | a large number of different sites. They all have one thing in common, | though, this port 4156. | | I also noticed when looking in /var/log a couple of lines that look | specifically like breakin attempts within the last week... | | Sep 16 19:17:04 m206-157 rpc.statd[1008]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ | ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%192x%n | \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 | etc... that is very suspicious - that looks like an exploit. | | Between 9/16 and today nothing suspicious; there is always the lone | ftp or nntp attempt but they fail and it doesn't impact performance. | But today, it's like someone is flood pinging my device - the net | lights are constantly on. | | I also saw this today: | | Sep 21 10:03:59 m206-157 kernel: Neighbour table overflow. | Sep 21 10:03:59 m206-157 last message repeated 9 times | Sep 21 10:04:04 m206-157 kernel: NET: 3050 messages suppressed. | Sep 21 10:04:04 m206-157 kernel: Neighbour table overflow. | Sep 21 10:04:09 m206-157 kernel: NET: 8192 messages suppressed. | Sep 21 10:04:09 m206-157 kernel: Neighbour table overflow. | Sep 21 10:04:14 m206-157 kernel: NET: 7009 messages suppressed. | Sep 21 10:04:14 m206-157 kernel: Neighbour table overflow. | | | | | | Want to buy your Pack or Services from MandrakeSoft? | Go to http://www.mandrakestore.com If your machine is reasonably current (300Mhz or faster, 128MB+ RAM), then I would have to suspect a distributed attack via a virus or worm. Due to the volume, I'd bet windows. I suggest you look up a subset of that string with someone like Mcafee. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9jT1lUMkt1ZRwL1MRAh5DAJ0Q+jmZmUcsold6MYZIiOb1jDykkACZAUMh dNFMCNDhYCw3gu7lc0O5FoQ= =QpUD -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] giving up the ship?
yep.. I actually have an IIS server for testing behind my linux box firewall.. the linux apache is on port 80, and the IIS box is on port 10001, (via port forwarding with IPTABLES in linux.) works great and my setup is protected.. (it has every patch anyway.. but I still don't trust it.) Incidently, changing ports doesn't stop tools like Nessus from working it out though. rgds frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Sent: Saturday, 21 September 2002 10:08 PM To: [EMAIL PROTECTED] Subject: Re: [newbie] giving up the ship? On Fri, 20 Sep 2002 21:43:48 -0700 (PDT), Ibly Piblo [EMAIL PROTECTED] wrote: How do you block Nimda attacks from your logs? Really, now, there must be a way, I have tried script after script, I am still getting attacked by this IP: 65.192.141.115 Who are these criminals? Usually they're not criminals, they're just idiots. a) they're running IIS so they're not the sharpest tool in the box b) they've not paid any attention to the media outpourings over the last 12 months about Nimda, Code Red, IIS viruses in general c) they haven't taken the trouble to follow up on the reports and find install any protection d) they're paying no attention to the behaviour of their server and the fact that it's probably running like an asthmatic snail at the moment I guess you just can't run a web server anymore. Oh yes you can. Remember that these attacks generate IP addresses then attempt to connect to them on port 80. I moved my server from port 80 to port 81 about 6 months ago. Prior to that I was getting Nimda/Code Red hits in the logs every hour. Since then I've had ONE dodgy access that was someone attempting to use me as a proxy! Now people just access my website as http://www.domain.com:81/page.html rather than http://www.domain.com/page.html I live in peace once more :-) Jon Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] XP professional
I'd disagree witht that.. NTFS is FAR better a filesystem then Fat32.. and much more secure... Its just not writable to linux... (yet) So, the solution is simple.. 1. NTFS XP partition. 2. Linux Swap. 3. Linux main (or split that up more.) 4. Fat32 partition.. big enough to store all docs and such that you want access to in both win and lin. that way you get the best of all worlds... I have done it this way on all my installs... As an added speedup, get a 10 gig ATA100 or 133 drive, and make 2 partitions on it, about 300 MB each.. format one of them as linux swap and the other as FAT 32. then in XP set your swapfile onto the fat partition and the linux should use the swap partition on this one.. that way if you need swap in either enviroment, its not trying to use the same drive as its reading from... that tip will work even better in SCSI or the forthcomming Serial ATA setup... but it does help even with normal IDE. the rest of that drive you could partition as you will... by having XP's swap in its own partition, you get extra speed and far less fragmentation of the swap file. (usually called pagefile.sys) rgds Frank -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex KSent: Saturday, 21 September 2002 10:45 PMTo: [EMAIL PROTECTED]Subject: Re: [newbie] XP professional Hi, I think you should keep your primary partition FAT32. You put in this one Windows and let other os's like Linux to access it. I have a similar situation in which I installed SUSE 73 when C: was FAT32 but afterwards I convert it to NTFS after installing XP Professional and I am not quite sure if I am reinstalling LILO now if I'll loose my ability to boot the both os's... So be careful. Better ask in this mailing list several times wait for answer and then proceed. Good luck, Alex [EMAIL PROTECTED] wrote: Hello guys. This is not too much realted to linux but I thought someone could help. I deleted Mandrake Linux 8.2 ( I finally got it installed because i bought the CD's from ebay). I bought Windows XP professional, and im not sure whether to put XP pro on an NTFS file system, or FAT32. Which is better? I want something that can compatible with all programs and software. Whats the difference between FAT32, and NTFS. After I get Win XP running, I will install linux again. Ps. When I was playing around with linux, KDE keeps freezing on me sometimes. I donno why this happens Do you Yahoo!?New DSL Internet Access from SBC Yahoo!
RE: [newbie] ping flood?
I'd download gShield and portsentry... gShield has some excellent features, for example its really easy to blacklist IP's on the fly... other good stuff like that.. portsentry is good in that it does realtime blacklisting automatically. rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lyvim Xaphir Sent: Sunday, 22 September 2002 10:58 AM To: NewbieMandrake-List Subject: Re: [newbie] ping flood? On Sat, 2002-09-21 at 21:09, dfox wrote: Gretts * I came home today to my box noticing that a large number of httpd processes being spawned (this isn't a server, at least not really), and for the last hours or so my box is real slow when it comes to using the net. I'm on a DSL line and am getting some errors connecting to sites and such. I installed tcpdump and am getting lines like: 17:57:50.710986 210.95.36.130.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.711030 m206-157.dsl.tsoft.com 210.95.36.130: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.737316 158.182.6.120.4156 m206-157.dsl.tsoft.com.4156: udp 41 (DF) 17:57:50.737361 m206-157.dsl.tsoft.com 158.182.6.120: icmp: m206-157.dsl.tsoft.com udp port 4156 unreachable [tos 0xc0] 17:57:50.742490 How can I fix this? If it's a ping storm how do I stop it? I figure it has something to do with iptables but I'm a real newbie where this type of thing is concerned. After looking at tcpdump for a few minutes it is not apparent that a single site is trying to connect, but a large number of different sites. They all have one thing in common, though, this port 4156. Dfox, Why don't you try installing Portsentry? It modifies the netfilter tables on the fly so you don't have to be an instant brainiac. You can also specify specific ip addresses for it to drop via iptables. I would try posting this to the expert list too, there are some peeps there who might have some more comments and suggestions. I also noticed when looking in /var/log a couple of lines that look specifically like breakin attempts within the last week... Sep 16 19:17:04 m206-157 rpc.statd[1008]: gethostbyname error for ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n%19 2x%n \220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 \220 etc... that is very suspicious - that looks like an exploit. This looks like a buffer overflow attempt. Between 9/16 and today nothing suspicious; there is always the lone ftp or nntp attempt but they fail and it doesn't impact performance. But today, it's like someone is flood pinging my device - the net lights are constantly on. I also saw this today: Sep 21 10:03:59 m206-157 kernel: Neighbour table overflow. Sep 21 10:03:59 m206-157 last message repeated 9 times Sep 21 10:04:04 m206-157 kernel: NET: 3050 messages suppressed. Sep 21 10:04:04 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:09 m206-157 kernel: NET: 8192 messages suppressed. Sep 21 10:04:09 m206-157 kernel: Neighbour table overflow. Sep 21 10:04:14 m206-157 kernel: NET: 7009 messages suppressed. Sep 21 10:04:14 m206-157 kernel: Neighbour table overflow. There's no doubt that you are under attack. I'd try portsentry first, and then get someone to recommend an rc.firewall script for you. I've seen some, but the landscape is changing so very fast that it's hard to stay up on the latest custom iptables scripts. The experts would be a good place to ask. ;) --LX -- °°° Kernel 2.4.18-6mdk Mandrake Linux 8.2 Enlightenment 0.16.5-11mdkEvolution 1.0.2-5mdk Registered Linux User #268899 http://counter.li.org/ °°° Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] Inporting informix DB to MySQL.
Hi guys, I want to import a rather large Informix database into MySQL database.. anyone know if there is an easy way to do this? or will I have to recreate it manually??? rgds Frank Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
