Re: Simple proxy queries wired France IPs

[Andrew Pollock]

On Sun, May 01, 2016 at 03:27:44PM +0200, Jakub Muszynski wrote:
> Hello
> 
> I was testing simpleproxy package
> simpleproxy  -L 15439 -R myaddress.com:5439  -v -t /tmp/trace
> 
> while reading /tmp/trace I've spotted strange rows in its verbose logging
> (it should contain "Read from: myaddres.com:5439")
> It does querry some *abo.wanadoo.fr <http://abo.wanadoo.fr> *hosts
> 
> The 'strings /tmp/trace | less " log:
> (...)
>  Read from: ANantes-655-1-144-239.w2-0.abo.wanadoo.fr:45039
> ---
> SELECT character_value, version() FROM
> INFORMATION_SCHEMA.SQL_IMPLEMENTATION_INFO WHERE implementation_info_id =
> '17' or implementation_info_id = '18'
>  Read from: ANantes-157-1-186-63.w2-0.abo.wanadoo.fr:5439
> ---
> character_value
> version
> (...)
> 
> *Package details:*
> *Package: simpleproxy*
> *Priority: optional*
> *Section: universe/net*
> *Installed-Size: 69*
> *Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com
> <ubuntu-devel-discuss@lists.ubuntu.com>>*
> *Original-Maintainer: Andrew Pollock <apoll...@debian.org
> <apoll...@debian.org>>*
> *Architecture: amd64*
> *Version: 3.4-5*
> *Depends: libc6 (>= 2.15)*
> *Filename: pool/universe/s/simpleproxy/simpleproxy_3.4-5_amd64.deb*
> *Size: 16834*
> *MD5sum: b1458997cde90a48f02e58a6dd97c71a*
> *SHA1: 4695e3bf2637a957f686ff2c5e0543db469b80e2*
> *SHA256: dcf773faa7a216745959505c9d4c1a62a854a359e40fe7de6a7df62652d65f38*
> *Description-en: Simple TCP proxy*
> * simpleproxy acts as a simple TCP proxy. It opens a listening socket on*
> * the local machine and forwards any connection to a remote host. It can be*
> * run as a daemon or through inetd.*
> *Description-md5: df90d17ba3792463ed98517f2afe2512*
> *Homepage: http://www.sourceforge.net/projects/simpleproxy
> <http://www.sourceforge.net/projects/simpleproxy>*
> *Bugs: https://bugs.launchpad.net/ubuntu/+filebug
> <https://bugs.launchpad.net/ubuntu/+filebug>*
> *Origin: Ubuntu*
> 
> I did look at tcpdump:
> 
> 12:31:54.815380 IP 10.18.0.6.45062 > 10.118.0.19.15439: Flags [P.], seq
> 617:689, ack 1060, win 254, options [nop,nop,TS val 402986021 ecr
> 57180214], length 72
> *12:31:54.815468 IP 10.118.0.19.58111 > 10.118.0.2.53: 10512+ PTR?
> 176.176.0.2.in-addr.arpa. (40)*
> *12:31:54.815705 IP 10.118.0.2.53 > 10.118.0.19.58111: 10512 1/0/0 PTR
> ANantes-650-1-45-6.w2-0.abo.wanadoo.fr
> <http://ANantes-650-1-45-6.w2-0.abo.wanadoo.fr>. (92)*
> 12:31:54.815746 IP 10.118.0.19.34040 > myaddress.com.5439: Flags [P.], seq
> 617:689, ack 1060, win 254, options [nop,nop,TS val 57180227 ecr
> 896665995], length 72
> 
> 12:31:54.836881 IP 10.118.0.19.34040 > myaddress.com.5439: Flags [.], ack
> 1152, win 254, options [nop,nop,TS val 57180233 ecr 89014], length 0
> *12:31:54.836932 IP 10.118.0.19.53146 > 10.118.0.2.53: 62285+ PTR?
> 63.21.0.2.in-addr.arpa. (40)*
> *12:31:54.837177 IP 10.118.0.2.53 > 10.118.0.19.53146: 62285 1/0/0 PTR
> ANantes-157-1-186-63.w2-0.abo.wanadoo.fr
> <http://ANantes-157-1-186-63.w2-0.abo.wanadoo.fr>. (94)*
> 12:31:54.837216 IP 10.118.0.19.15439 > 10.18.0.6.45062: Flags [P.], seq
> 1060:1152, ack 689, win 243, options [nop,nop,TS val 57180233 ecr
> 402986021], length 92
> 
> *dig -t ptr 160.176.0.2.in-addr.arpa*
> revils the same address
> 
> 
> It seems that it is only DNS querry, just for l*oggin porpouse,* I
> *haven't spot* any direct communication to *abo.wanadoo.fr hosts, but WHY
> does it even querry that hosts?
> 
> *strings /usr/bin/simpleproxy  |grep 'Read from'*
>  Read from: %s ---
> 
> 
> *grep /usr/bin/simpleproxy -e 63.21.0.2*
> [nothing]
> 
> I did try to look for a source code to see what is wrong.
> 
> Could anyone take a look is this package secure?

From a brief inspection of the source, I think the trace() function is
giving bogus input to the gethostbyaddr() call it makes to try and resolve
the IP addresses involved in the connection.

It's buggy, old code, and I don't think it's maintained upstream, so I might
just pull it from Debian.

Is there a better maintained alternative that you could use for your
particular use case if simpleproxy was no longer available? netcat springs
to mind, but it's probably less turnkey.


signature.asc
Description: Digital signature
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: GUI login banner at console?

[Andrew Pollock]

On Mon, Mar 24, 2008 at 4:12 AM, Scott R. Ehrlich [EMAIL PROTECTED] wrote:

 I've tried most every other unpaid path, with no luck, so maybe the
 developers forum will yield some insights...

 I've just installed 7.10 64-bit on a workstation and want to produce a
 multi-line X Windows text banner with an acknowledgement button
 (OK/Yes/whatever) on the console before the username/password prompt
 appears.

 Under CentOS or Fedora, I would place /usr/bin/gdialog --yesno This is my
 long
 intro banner... in /etc/X11/Xsession just after the first batch of
 comment
 lines.

 What would be the equivalent way for Ubuntu Gutsy?

 Will it be easier under Hardy?


I'm thinking you want to look at
http://www.jirka.org/gdm-documentation/x241.html



 Thanks.

 Scott


 --
 Ubuntu-devel-discuss mailing list
 Ubuntu-devel-discuss@lists.ubuntu.com
 Modify settings or unsubscribe at:
 https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss




-- 
Andrew Pollock
Google Systems Administrator

C: +1 650 224 3437
D: +1 650 253 2466
E: [EMAIL PROTECTED]
F: +1 650 253 0001
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Appropriateness of posts to this list (Was Re: evince crash)

[Andrew Pollock]

On Dec 3, 2007 8:28 AM, Christofer C. Bell [EMAIL PROTECTED]
wrote:

 On Dec 2, 2007 3:10 PM, (``-_-´´) -- Fernando [EMAIL PROTECTED]
 wrote:
  I agree that :
  On Tuesday 23 October 2007 05:25:56 Matthew Paul Thomas wrote:
   This causes people to make useless comments of the form This bug has
 X
   votes, why is it only Medium importance!, which causes more e-mail
   notifications and slows down the developers further.
 
  but still this is a Comunity project, or is it not?
  If what users and comunity desire is not the important for the
 project, then what is?

 I think allowing the developers of the distribution, those who have a
 real stake in the success of the software in its entirety, to decide
 where to focus their efforts is superior to allowing the mob to decide
 what's important.  I also think that using straw-man arguments to make
 your point is a mistake.


I disagree.

There needs to be some compromise between the developers and the mob,
presuming that the mob consists of end-users. The end-user decides how much
of a success the software is in its entirety. The developers need to keep
that in mind at all times.

regards

Andrew
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss