I am one of those others who is possibly encountering this also,
however I am using a basic Dachstein setup.
Will let you know if it works.
Steve
On Thu, 27 Jun 2002 22:24:11 -0500
Ethan Galstad [EMAIL PROTECTED] wrote:
I sent a message to the leaf-devel list a few days back about this
On Thu, 13 Jun 2002 23:25:14 -0500
Michael D. Schleif [EMAIL PROTECTED] wrote:
[ snip ]
Let's slow down and look at this carefully.
I assume that 24.118.176.137 is your external address -- right?
Correct.
[ snip ]
Now, if you were using only attbi's dns servers that they assigned to
I am having trouble with these established connections showing up in my viewmasq
log to the point where no one on the homenetwork can connect to the Internet.
The problem seemed to go away after AT$T assigned new IP's for everyone in the
neighborhood, but just today it reared its ugly head
Here are my options for running LaBrea with only one IP;
-i eth0 -l -p 8 -z -x -F /etc/LaBrea.bpf
It has been while since I set it up (Thanks to Charles and Simons help)
but if I remember right, the -x tells LaBrea to not capture an IP for it's use.
The -F /etc/Labrea.bpf setting is just a
Help!
Tonight, we lost our internet connection to the web completly. When checking out my
logs on the DS cd v1.0.2 router/firewall, I found what seemed like hundreds of
ESTABLISHED connections to my router from various IP numbers.
Here is a very small sample of what weblet showed as Current
I have Web and ssh running so I use
/usr/sbin/LaBrea -i eth0 -l -v -p 8 -z -x -F /etc/LaBrea.bpf
You will want to watch your ramdisk (or maybe you have taken care of this
another way?) using the -v option
will cause your ramdisk to fill up very quickly.
with LaBrea.bpf containing:
Yes, I have disabled or rather stopped logging hits to port 80. That
was the first thing I did Saturday after my logs were multipling like
rabbits and I had to do something to slow them down!
Steve
On Thu, 28 Feb 2002 00:34:34 -0500
Simon Bolduc [EMAIL PROTECTED] wrote:
Steve,
I long ago
I have to say - Simon, along with Charles posted on the list about a week
ago
and this is how I set mine up last week. I did pretty much the same thing
Simon posted, except I took out the v (Verbosely log activity to syslog)
out of the OPTIONS= and I disabled logging on port 80 - My ramdisk was
Thanks for the info, I feel better now!
Steve
On Tue, 26 Feb 2002 06:10:29 + (GMT)
Scott C. Best [EMAIL PROTECTED] wrote:
Steve:
The Morpheus homepage (www.MusicCity.com) has a snippet
addressing this rumor. Still nervous? Not nearly enough:
] wrote:
Steve Jeppesen wrote:
if you find a way to safely use it let me know.
It's safe and secure.
Both of my daughters use it and I am a bit worried after reading
what can happen, ie; ppl have the ability to connect to your hard
drive and go from there.
What are you
if you find a way to safely use it let me know. Both of my daughters
use it and I am a bit worried after reading what can happen, ie; ppl have
the ability to connect to your hard drive and go from there.
Other than that, they both can connect to it ok, and I am using Dachstein
CD v1.0.2
On
Ok, so far things look good. I have started up LaBrea (and will post the
steps I took to get there using just one IP) and it looks like it has
already tarpitted two poor sob IP's.
One last question, when I ran svi LaBrea start I received the following
msg;
Starting LaBrea Tarpitifconfig: not
I thought the line in /etc/init.d/LaBrea that reads
ifconfig eth0 promisc
should have been changed to
ifconfig eth0 -promisc
to disable promisc mode takes care of that? Or do I have to still load
ifconfig.lrp and change the init script for ifconfig to not put eth0
into promisc mode?
Working so
I had basically the same problem WITH Road Runner. For over a week,
portsentry reported attackalerts for three separate IP's from Road Runner
- blocked them - and yet one of those IP's kept coming back as evident
from my logs. I sent three separate emails to [EMAIL PROTECTED] with no
response
So far I have a good grasp as to whats going on with the help you and
Charles have given. This coming weekend when everybody in the house will
not be on the net, I will load up LaBrea and give it a whirl.
Charles' script is much neater than mine - I guess me writing a kludge
made
him write
On Sun, 17 Feb 2002 21:00:58 -0500
Mike Sussman [EMAIL PROTECTED] wrote:
I have observed several other port 53 floods. Am I the only one?
tcp_128.121.10.146_53
tcp_128.242.105.34_53
tcp_129.250.244.10_53
tcp_203.81.45.254_53
tcp_209.157.68.18_53
tcp_213.38.75.193_53
No, you are not the
Good Day all,
I am wondering what could I use as a unused IP for LaBrea? Is it possible to use a
class C number ie; 192.168.x.x? I only receive one IP from AT$T to connect to the
net, so I was thinking maybe I could hook up a spare computer to the network behind
the LRP (DCD v1.0.2) box, and
Thank you for your suggestions Charles.
I think I will take the easy way on this and just add an extra computer on
the internal side and go with port forwarding, I think I want to stay on the
good side of the neighbors! LOL
If you want to run LaBrea using a private space IP, you'll probably
Help!
I am using DCD 1.0.2 and have been trying to configure dnyports.lrp for my
system.
Now I have three separate instances of dnyports running! I have not
backed-up my Dachstein configuration on purpose (after installing
dynports.lrp) so I could revert back to my original configuration,
I need some help in trying to configure what gets logged when using sshd 3.0p1
An older version I used with ESB2 used to log connections, attempted connections and
when a connection closed out or was terminated.
This version I am using with DCD 1.0.2 only logs when a connection is made, not
I have not seen where it was mentioned yet (nor do I know if it is required)
but I thought that libz had to be loaded before sshd.
Just a newbies two cents worth!
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday,
Is there a difference in time it takes a mailing to get posted to leaf-user
compared to leaf-announce? Noticed this message is posted on leaf-user, but
nothing yet at leaf-announce.
If you could please, post your web address (new address? old one still seems
to be down) here concerning the
Forgive me if I am still off-track,
but it sounds as if you want your Windows clients to be able to send and
receive email to and from your ISP (thru your Dachstein server) NOT from
your Dachstein server.
If that is the case then simply just add those SMTP and pop addresses into
your Windows
/receive email.
Glad to be of some help. My turn to give some instead of always asking!
Steve
-Original Message-
From: Stewart Adey [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 08, 2002 10:52 PM
To: Steve Jeppesen
Subject: Re: [Leaf-user] ISP e-mail access help *desperate*
Oh, man
Is there another file besides /etc/POSIXness.conf and /etc/lrp.conf that I
would modify in order to receive alerts concerning the firewall? I have
been able to send a test email from the router by using this;
mail -s test [EMAIL PROTECTED] /var/log/syslog
however I have not received any actual
Thank you for the info Paul.
I have read thru those articles and have successfully configured my router
to send environment variables thru email. Since then, I deleted that
statement out of my /etc/multicron-p! ;)
Do not need those types of messages every 15 mins LOL
Just curious, is it
:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 5:12 PM
To: Steve Jeppesen; Leaf-User
Subject: Re: [Leaf-user] Linux kernel IP masquerading vulnerability
possible in Dachstein CD V1.0.2?
At 2002-01-01 17:52 -0600, Steve Jeppesen wrote:
BTW, does anybody know where there might be a link to search
Just curious, I was reading up on www.pigtail.net/LRP and found he posted
something about this vulnerability. Is this a problem with Dachstein? I am
using the kernel 2.2.19 without any mod to IP masq.
Here is the link which states the issue (which sort of makes it sound like
Dachstein is also
Patrick,
For the last two LRP upgrades I have had to resort to using an older, but
workable 3c59x.o module. Originally I started out with EigerStein, then
went on to EigersteinBETA, and now I am using Dachstein CD V1.0.2 (forgive
me on not stating what version I was using on the previous
to send to mail server. If blank, `hostname -f` is used.
MAIL_DOMAIN=mnmai05.mn.mediaone.net
Thanks again for your help!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Michael D.
Schleif
Sent: Sunday, December 30, 2001 10:12 AM
To: Steve Jeppesen
Cc
]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve
Jeppesen
Sent: Sunday, December 30, 2001 1:54 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [Leaf-user] Sending email alerts with Dachstein CD V1.0.2
Thanks for the clue Michael, that worked!
However, when the test email comes thru
31 matches
Mail list logo
