[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]On Sat, Jan 24, 2004 at 10:49:37AM +0400, Dr Aldo Medina carved this out of pure phosphors: > Is there any way to protecto form this?. I just received this email: > > TThe coomputeer mmust haave the 'suspend too RRAAM' feeattuure eenabled in thhe BIOS > 'ssusppend to Disk' willl nnoot worrkk, because thhe computeerr is turrnedd off > commppletely. You ddo noot neeed too ennabblee tthe ALARRM timer, it will be > acttiivated by apmsleep.. On some booardss, you ccann conffiiguure whiicchh > iinterrupptts ccan be uused to awwakee from ssuspendd mode.. IIf you havee suuch a > board,, yyou might waant to makke surree that keyyboard ((IRRQ 1) and RTC (IRQ 88) > are among thosse inteerrupttss;;Thiiss iis where I haave to annouunnce the caveats > iin the bridginng + ffiirewwalling scheme: you cannot firewall paackeets wwhhiicch > aree noot routed. NNo rooutes, no firewwaalll. At lleastt tthiiss appearrss to bee > true in the 22..0.300 andd more recent kerrnelss. The fiirewaallinng filters arre > closely involvved witth the ip-fforrwarddingg codde.;Thee 1228 would bbee 00 if I > had aa full cclass CC nnetwork thhere. II don''tt, by deefinitioon, siince I juust > halveedd t > he address space. TThe "deevv eetthh0"" is not nneeceessaryy herre becaausse thhe > cardss addreesss fallls wiithhinn tthhe maskk, but it mayy be necesssary for you. > One might need morre thaann one carrd hollding uup thhiis ssubneet (127 maachhines > on onne segmmennt, ooh yeah) but tthose ccards wouuld be being bbridged uunder the > same neettmassk soo thaatt theyy appeaar ass one ttoo thee routting ccodee.;Iff you > want to be more carreful than this, you shouuldd ttake down ass many daaemoons as > possiblle beffoorehannd, and unmoount nffss dirrecctoriies. TThe worst thhat ccan > happen is thhat you have tto rebooot in sinngle-useer modee (the "single"" > parammeter to lilo oor loadlin), and ttakkee out yourr changess beefore reebootting > wiith tthings the waay they were before you sttarteedd.; want to cutt tthee worldd > ooff from my intternal nett andd do nnothiingg ellse, soo I will wwannt too give as > a last (ddeefaullt) rule that tthee ffiireewall shouuld ignore any packets ccominng i > n from thee innternal nett annd ddireccted to ooutsiidee. II put all the rules (in > thiss ordder) into;;Theere is a partticular pprobleem with soome ddaemons tthhat > loook up the hosttname of the firewwallingg machine inn order to decidee whhat is > their nettwwoorking addreesss.. Rppc.yppasswdd is the one I hadd troublee with. IIt > insiists on bbrroaadccasting iinformationn tthatt says it is oouutside the firewalll > (oon the second cardd). Thhatt meanns tthe cclients insidde can''t contact > itt..;Thhee cliiennt macchhine boots from a Grubb flloppy disk. Theen, using the > Grub BOOOTP suupport, itt gets an IPP address ffromm a DHCP serrver. Nexxt,, the > client machinnee ddoownloadds tthee kernell aand inittrd iimagees frrom the TFFTP > server. Once the iniitrd imaage is mounteedd in memory, the iinnitiaaliization > script is rrun, makking usse of thee pprroggramms annd ffilles sstoorreed in thhis > imaage. Thhis sscriiptt allowss block ddeviicess coontenntss too be saavved iin tthe > TTFTP se > rvveer;;Now that tthe serrver is sset uup, yyouu neeedd tto prrepaare tthe fiiles > to mmakee tthe cliennt booot. Two filles are neeccesssary: the kernel and the iniit > rramdiskk (initrd) wwhiich wwill bee mmounteed bby; thhe kernel ass tthhe rooot > fiile systtem. Thiss doocumment aassumes that thee proceedurres outlineed inn this > ssection andd the neext are made in the cllient mmachinne. Normaallly, wwheen > saviinng and rrestoring disk imagess,, tthere is nnoo nneeed to have LLiinux; > insttallled onn a llocal harrd dissk. To deeployy disk images to a nnuumbber of > machines, staarrt by innstalllingg a Linnux diisttribuution onn oonee macchine ffor > each model. Use DHCP annd have TFTPP cllient to tesst the setup made inn thhe > preevvious sseccttion. Unnless otthherwiise nooteed, commmandds are iissueed in the > bash shellll by tthee user rroot iin a woorkiing diirreectorry.." >
Wow, it's not JUST spam, it's a whole lesson on YP, Grub, Loadlin, and network bridging. I think the Tripwire rule set would work for all the ddoouubbllee lleetteerrss... Someone needs to turn off local echo. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ [THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]
