Re: OpenVPN auf Debian unstable - wie?

Am Montag 19 April 2004 12:59 schrieb Volker Tanger: Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) Why creating a custom kernel? The tun/tap device is included in the debian standard kernel images, so there is no need for

Re: OpenVPN auf Debian unstable - wie?

Am Montag 19 April 2004 12:59 schrieb Volker Tanger: Works like a charm, but: - create custom kernel (TAP/TUN) - compile OpenVPN from source (no problems) Why creating a custom kernel? The tun/tap device is included in the debian standard kernel images, so there is no need for

Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)

Hi, you shouldn't try to block everything that comes from a host which has no open smtp port, this is in generel a bad idea... reason: there are a lot (and I mean a lot) of servers out there, which only sends mail out to the world, but should never recieve any mail directly, so that it is

Re: OSF for an ISP (was Re: ..idea; ddos spam hosts off Internet?)

Hi, you shouldn't try to block everything that comes from a host which has no open smtp port, this is in generel a bad idea... reason: there are a lot (and I mean a lot) of servers out there, which only sends mail out to the world, but should never recieve any mail directly, so that it is

Re: Little BIG problem with Backbone

Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) [...] Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. in theory this is correct, but

Re: Little BIG problem with Backbone

Am Freitag 09 April 2004 16:03 schrieb Michelle Konzack: Hello, Hi :) [...] Now my Question: Creating a Local GBit-Network in Marocco is generaly no Problem, it is not a big difference between it and my local network, exept I need a little bit more cable. in theory this is correct, but

Re: Attempt on smtpd / faking remote ip

Am Dienstag 06 April 2004 17:37 schrieben Sie: Hi Ralph, thanks for the hint. [...] I did it like this, but after the first line iptables said: cannot use parameter -o with INPUT (or something like this - I can't remember exactly). So I left out -o lo at the INPUT rule, and also left

Re: Attempt on smtpd / faking remote ip

Am Dienstag 06 April 2004 17:37 schrieben Sie: Hi Ralph, thanks for the hint. [...] I did it like this, but after the first line iptables said: cannot use parameter -o with INPUT (or something like this - I can't remember exactly). So I left out -o lo at the INPUT rule, and also left

Re: Attempt on smtpd / faking remote ip

sorry, I forgot to put in the link after because you are german: :)) so here it is: http://www.heise.de/security/result.xhtml?url=/security/artikel/43066words=Cookie its about syn floods and the syncookies thing :) --Ralph

Re: Attempt on smtpd / faking remote ip

you should also filter out 127.0.0.0/8 on any network interface but lo. so that spoofing with localhost-adresses is not possible anymore. ( for example: iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p

Re: Attempt on smtpd / faking remote ip

you should also filter out 127.0.0.0/8 on any network interface but lo. so that spoofing with localhost-adresses is not possible anymore. ( for example: iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p ALL -j ACCPET iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -o lo -p

Re: How to set up a Debian mirror..

Am Montag, 29. März 2004 17:38 schrieb Ronny Adsetts: Sonny was heard to utter, at roughly 29/03/04 16:27: I was thinking about setting up a mirror of Debian for a local computer group in the area, but a simple wget will result in way too much being pulled down for what they need. Are

Re: How to set up a Debian mirror..

Am Montag, 29. März 2004 17:38 schrieb Ronny Adsetts: Sonny was heard to utter, at roughly 29/03/04 16:27: I was thinking about setting up a mirror of Debian for a local computer group in the area, but a simple wget will result in way too much being pulled down for what they need. Are

Re: I give up! Postfix keeps relaying

you are missing the following config options (main.cf): mynetworks = 127.0.0.1 smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination mydestination = localhost, complete-hostname-of-your-server That's all you need. But it sounds like you don't need your postfix listen on

Re: I give up! Postfix keeps relaying

you are missing the following config options (main.cf): mynetworks = 127.0.0.1 smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination mydestination = localhost, complete-hostname-of-your-server That's all you need. But it sounds like you don't need your postfix listen on