Does anyone know, if there is a program that converts Word document into html files to run on a Linux box. I've tried "webdoc". It craps out after converting the first 5 .doc. Thanks, Max Thanks, plug-discuss-admin@lists.PLUG.phoenix.az.us wrote: > > Send Plug-discuss mailing list submissions to > plug-discuss@lists.PLUG.phoenix.az.us > > To subscribe or unsubscribe via the web, visit > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > or, via email, send a message with subject or body 'help' to > plug-discuss-request@lists.PLUG.phoenix.az.us > You can reach the person managing the list at > plug-discuss-admin@lists.PLUG.phoenix.az.us > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Plug-discuss digest..." > > Today's Topics: > > 1. Re: bind (Shawn T. Rutledge) > 2. Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET (Shawn T. Rutledge) > 3. Re: bind (Kurt Granroth) > 4. Three NIC problem (David Demland) > 5. Re: Three NIC problem (Bob George) > 6. Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET (Rick Rosinski) > 7. Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET (der.hans) > 8. RE: Free stuff for PLUG and some not so free stuff for PLUG (Gary Nichols) > 9. RE: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET (Craig White) > 10. RE: Three NIC problem (Craig White) > 11. Re: Three NIC problem (Bob George) > > --__--__-- > > Message: 1 > Date: Fri, 23 Mar 2001 17:36:10 -0700 > From: "Shawn T. Rutledge" > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: bind > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > On Fri, Mar 23, 2001 at 04:29:59PM -0800, Lucas Vogel wrote: > > Can I ask a really stupid question? What is BIND, and how do I know if I'm > > running it or not? > > ps auxw | grep named > > it's the name server > (Berkeley Internet Name Daemon) > > -- > _______ Shawn T. Rutledge / KB7PWD ecloud@bigfoot.com > (_ | |_) http://www.bigfoot.com/~ecloud kb7pwd@kb7pwd.ampr.org > __) | | \________________________________________________________________ > > --__--__-- > > Message: 2 > Date: Fri, 23 Mar 2001 17:38:10 -0700 > From: "Shawn T. Rutledge" > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > Thank you! I saw something about it, but didn't realize I needed > to do something about it until now. > > 8.2.3-0 would be OK right? That's the latest one from > http://security.debian.org > > On Fri, Mar 23, 2001 at 12:25:52PM -0700, Rusty Carruth wrote: > > > > In case nobody has posted this yet: > > > > If you've not updated your bind/dns - do so NOW. > > > > Also, if you run bsd there is a chance the problem is there also. > > > > >Date: Fri, 23 Mar 2001 9:40:03 -0700 (MST) > > >From: The SANS Institute > > >Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > > >Sender: sans@sans.org > > >To: John Driggers (SD512389) > > >X-LDAP-Alias: V 1.0rc5. Sent to driggers@slb.com resolving to > > >driggers@austin.apc.slb.com > > > > > >-----BEGIN PGP SIGNED MESSAGE----- > > >Hash: SHA1 > > > > > >ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > > > > > >March 23, 2001 7:00 AM > > > > > >Late last night, the SANS Institute (through its Global Incident > > >Analysis Center) uncovered a dangerous new worm that appears to be > > >spreading rapidly across the Internet. It scans the Internet looking > > >for Linux computers with a known vulnerability. It infects the > > >vulnerable machines, steals the password file (sending it to a > > >China.com site), installs other hacking tools, and forces the newly > > >infected machine to begin scanning the Internet looking for other > > >victims. > > > > > >Several experts from the security community worked through the night to > > >decompose the worm's code and engineer a utility to help you discover > > >if the Lion worm has affected your organization. > > > > > >Updates to this announcement will be posted at the SANS web site, > > >http://www.sans.org > > > > > > > > >DESCRIPTION > > > > > >The Lion worm is similar to the Ramen worm. However, this worm is > > >significantly more dangerous and should be taken very seriously. It > > >infects Linux machines running the BIND DNS server. It is known to > > >infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all > > >8.2.3-betas. The specific vulnerability used by the worm to exploit > > >machines is the TSIG vulnerability that was reported on January 29, > > >2001. > > > > > >The Lion worm spreads via an application called "randb". Randb scans > > >random class B networks probing TCP port 53. Once it hits a system, it > > >checks to see if it is vulnerable. If so, Lion exploits the system using > > >an exploit called "name". It then installs the t0rn rootkit. > > > > > >Once Lion has compromised a system, it: > > > > > >- - Sends the contents of /etc/passwd, /etc/shadow, as well as some > > >network settings to an address in the china.com domain. > > >- - Deletes /etc/hosts.deny, eliminating the host-based perimeter > > >protection afforded by tcp wrappers. > > >- - Installs backdoor root shells on ports 60008/tcp and 33567/tcp (via > > >inetd, see /etc/inetd.conf) > > >- - Installs a trojaned version of ssh that listens on 33568/tcp > > >- - Kills Syslogd , so the logging on the system can't be trusted > > >- - Installs a trojaned version of login > > >- - Looks for a hashed password in /etc/ttyhash > > >- - /usr/sbin/nscd (the optional Name Service Caching daemon) is > > >overwritten with a trojaned version of ssh. > > > > > >The t0rn rootkit replaces several binaries on the system in order to > > >stealth itself. Here are the binaries that it replaces: > > > > > >du, find, ifconfig, in.telnetd, in.fingerd, login, ls, mjy, netstat, > > >ps, pstree, top > > > > > >- - "Mjy" is a utility for cleaning out log entries, and is placed in /bin > > >and /usr/man/man1/man1/lib/.lib/. > > >- - in.telnetd is also placed in these directories; its use is not known > > >at this time. > > >- - A setuid shell is placed in /usr/man/man1/man1/lib/.lib/.x > > > > > >DETECTION AND REMOVAL > > > > > >We have developed a utility called Lionfind that will detect the Lion > > >files on an infected system. Simply download it, uncompress it, and > > >run lionfind. This utility will list which of the suspect files is on > > >the system. > > > > > >At this time, Lionfind is not able to remove the virus from the system. > > >If and when an updated version becomes available (and we expect to > > >provide one), an announcement will be made at this site. > > > > > >Download Lionfind at http://www.sans.org/y2k/lionfind-0.1.tar.gz > > > > > > > > >REFERENCES > > > > > >Further information can be found at: > > > > > >http://www.sans.org/current.htm > > >http://www.cert.org/advisories/CA-2001-02.html, CERT Advisory CA-2001-02, > > >Multiple Vulnerabilities in BIND > > >http://www.kb.cert.org/vuls/id/196945 ISC BIND 8 contains buffer overflow > > >in transaction signature (TSIG) handling code > > >http://www.sans.org/y2k/t0rn.htm Information about the t0rn rootkit. > > >The following vendor update pages may help you in fixing the original BIND > > >vulnerability: > > > > > >Redhat Linux RHSA-2001:007-03 - Bind remote exploit > > >http://www.redhat.com/support/errata/RHSA-2001-007.html > > >Debian GNU/Linux DSA-026-1 BIND > > >http://www.debian.org/security/2001/dsa-026 > > >SuSE Linux SuSE-SA:2001:03 - Bind 8 remote root compromise. > > >http://www.suse.com/de/support/security/2001_003_bind8_ txt.txt > > >Caldera Linux CSSA-2001-008.0 Bind buffer overflow > > >http://www.caldera.com/support/security/advisories/CSSA-2001-008.0.txt > > >http://www.caldera.com/support/security/advisories/CSSA-2001-008.1.txt > > > > > >This security advisory was prepared by Matt Fearnow of the SANS > > >Institute and William Stearns of the Dartmouth Institute for Security > > >Technology Studies. > > > > > >The Lionfind utility was written by William Stearns. William is an > > >Open-Source developer, enthusiast, and advocate from Vermont, USA. His > > >day job at the Institute for Security Technology Studies at Dartmouth > > >College pays him to work on network security and Linux projects. > > > > > >Also contributing efforts go to Dave Dittrich from the University of > > >Washington, and Greg Shipley of Neohapsis > > > > > >Matt Fearnow > > >SANS GIAC Incident Handler > > > > > >If you have additional data on this worm or a critical quetsion please > > >email lionworm@sans.org > > >-----BEGIN PGP SIGNATURE----- > > >Version: GnuPG v1.0.4 (BSD/OS) > > >Comment: For info see http://www.gnupg.org > > > > > >iD8DBQE6u17n+LUG5KFpTkYRAgn9AJ0ffubakBA47teAe9lF92lrS2H+TwCgh3T/ > > >ek+YCliAS832nnMIzP28ezM= > > >=E1SG > > >-----END PGP SIGNATURE----- > > > > > > Rusty Carruth Email: rcarruth@Tempe.tt.slb.com or rcarruth@slb.com > > Voice: (480) 345-3621 SnailMail: Schlumberger ATE > > FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 > > Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 > > ICBM: 33 20' 44"N 111 53' 47"W > > > > > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- > _______ Shawn T. Rutledge / KB7PWD ecloud@bigfoot.com > (_ | |_) http://www.bigfoot.com/~ecloud kb7pwd@kb7pwd.ampr.org > __) | | \________________________________________________________________ > Free long distance at http://www.bigredwire.com/me/RefTrack?id=USA063420 > > --__--__-- > > Message: 3 > Date: Fri, 23 Mar 2001 17:45:57 -0700 > From: Kurt Granroth > To: plug-discuss@lists.PLUG.phoenix.az.us > Subject: Re: bind > plug-discuss@lists.PLUG.phoenix.az.us > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > Lucas Vogel wrote: > > Can I ask a really stupid question? What is BIND, and how do I know if I'm > > running it or not? > > It is the (set of) programs that handle name lookups. The specific > program that does most of the work is called 'named'. You can tell if > it's running by doing 'ps aux | grep named' or '/etc/rc.d/named status' > (maybe). > > You almost surely *aren't* running it unless: > > 1) You are running a DNS server to handle name server requests for > your LAN > 2) Your distribution installs and runs it by default > > I don't think any distros are dumb enough to do the latter and since > you are asking what it is, you clearly aren't doing the former :-) > -- > Kurt Granroth | http://www.granroth.org > KDE Developer/Evangelist | SuSE Labs Open Source Developer > granroth@kde.org | granroth@suse.com > KDE -- Conquer Your Desktop > > --__--__-- > > Message: 4 > From: "David Demland" > To: "Plug-Discuss" > Subject: Three NIC problem > Date: Fri, 23 Mar 2001 18:09:56 -0700 > charset="iso-8859-1" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > I have a problem. I am installing a Storm box. It has to have three NICs. > This is because two if the NICs will be used as the gateways for our > internal workstations. At the current time some of our workstations use one > gateway, a T1, and the others use an other gateway, an ISDN line. This new > firewall has to have NICs for each of these gateways. This way we can remove > these firewalls without having to reconfigure all the workstations. The > third NIC will be used to send data out to our Cisco router which we will > use to do the routing for all our network. The idea is to use the current > gateway IP of 192.168.1.204 (T1) and 192.168.1.79 (ISDN). The third NIC will > be given an IP of 10.0.1.1 that will be used to pass all traffic to the > router. > > Question: > > How do I get the Storm box to route both of the functioning gateway IPs out > the third NIC to the router? I thought I had the routing table and the NICs > configured right but I can not get anything to pass out the third NIC. > > Thank You, > > David Demland > Qa/Process Manager > CADTEL Systems, Inc. > 11201 N. Tatum Ste. 200 > Phoenix, AZ 85028 > (602) 648-6054 > Fax: (602) 648-6054 > ddemland@cadtel.com > > --__--__-- > > Message: 5 > From: "Bob George" > To: > Subject: Re: Three NIC problem > Date: Fri, 23 Mar 2001 18:13:02 -0700 > charset="iso-8859-1" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > "David Demland" wrote: > > > [...] > > Question: > > > > How do I get the Storm box to route both of the functioning gateway IPs > out > > the third NIC to the router? I thought I had the routing table and the > NICs > > configured right but I can not get anything to pass out the third NIC. > > Can we assume that the 3rd NIC is up and running OK? You'd typically just > have static routes pointing to your local subnets as appropriate, and a > default route pointing to the Cisco router. You mentioned that the Storm box > is also acting as a firewall. Are you using NAT? Could that be the issue? > Can you ping the Cisco router from the Storm box? > > Dump us your configs, routing tables and traceroutes and some more ideas may > be forthcoming. > > (FYI: You could also bind multiple secondary IPs to the Cisco router's > internal port, and use IT as your firewall. The capabilities will depend on > who manages it, and what feature set you've purchased.) > > Good luck! > > - Bob > > --__--__-- > > Message: 6 > From: Rick Rosinski > To: plug-discuss@lists.PLUG.phoenix.az.us > Subject: Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > Date: Fri, 23 Mar 2001 19:14:33 +0000 > charset="us-ascii" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > Would this effect a Slackware 7.x system? I noticed that I don't have any > "bind" in my paths. > > On Saturday 24 March 2001 00:38, you wrote: > > Thank you! I saw something about it, but didn't realize I needed > > to do something about it until now. > > > > 8.2.3-0 would be OK right? That's the latest one from > > http://security.debian.org > > > > On Fri, Mar 23, 2001 at 12:25:52PM -0700, Rusty Carruth wrote: > > > In case nobody has posted this yet: > > > > > > If you've not updated your bind/dns - do so NOW. > > > > > > Also, if you run bsd there is a chance the problem is there also. > > > > > > >Date: Fri, 23 Mar 2001 9:40:03 -0700 (MST) > > > >From: The SANS Institute > > > >Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > > > >Sender: sans@sans.org > > > >To: John Driggers (SD512389) > > > >X-LDAP-Alias: V 1.0rc5. Sent to driggers@slb.com resolving to > > > >driggers@austin.apc.slb.com > > > > > > > >-----BEGIN PGP SIGNED MESSAGE----- > > > >Hash: SHA1 > > > > > > > >ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > > > > > > > >March 23, 2001 7:00 AM > > > > > > > >Late last night, the SANS Institute (through its Global Incident > > > >Analysis Center) uncovered a dangerous new worm that appears to be > > > >spreading rapidly across the Internet. It scans the Internet looking > > > >for Linux computers with a known vulnerability. It infects the > > > >vulnerable machines, steals the password file (sending it to a > > > >China.com site), installs other hacking tools, and forces the newly > > > >infected machine to begin scanning the Internet looking for other > > > >victims. > > > > > > > >Several experts from the security community worked through the night to > > > >decompose the worm's code and engineer a utility to help you discover > > > >if the Lion worm has affected your organization. > > > > > > > >Updates to this announcement will be posted at the SANS web site, > > > >http://www.sans.org > > > > > > > > > > > >DESCRIPTION > > > > > > > >The Lion worm is similar to the Ramen worm. However, this worm is > > > >significantly more dangerous and should be taken very seriously. It > > > >infects Linux machines running the BIND DNS server. It is known to > > > >infect bind version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, and all > > > >8.2.3-betas. The specific vulnerability used by the worm to exploit > > > >machines is the TSIG vulnerability that was reported on January 29, > > > >2001. > > > > > > > >The Lion worm spreads via an application called "randb". Randb scans > > > >random class B networks probing TCP port 53. Once it hits a system, it > > > >checks to see if it is vulnerable. If so, Lion exploits the system using > > > >an exploit called "name". It then installs the t0rn rootkit. > > > > > > > >Once Lion has compromised a system, it: > > > > > > > >- - Sends the contents of /etc/passwd, /etc/shadow, as well as some > > > >network settings to an address in the china.com domain. > > > >- - Deletes /etc/hosts.deny, eliminating the host-based perimeter > > > >protection afforded by tcp wrappers. > > > >- - Installs backdoor root shells on ports 60008/tcp and 33567/tcp (via > > > >inetd, see /etc/inetd.conf) > > > >- - Installs a trojaned version of ssh that listens on 33568/tcp > > > >- - Kills Syslogd , so the logging on the system can't be trusted > > > >- - Installs a trojaned version of login > > > >- - Looks for a hashed password in /etc/ttyhash > > > >- - /usr/sbin/nscd (the optional Name Service Caching daemon) is > > > >overwritten with a trojaned version of ssh. > > > > > > > >The t0rn rootkit replaces several binaries on the system in order to > > > >stealth itself. Here are the binaries that it replaces: > > > > > > > >du, find, ifconfig, in.telnetd, in.fingerd, login, ls, mjy, netstat, > > > >ps, pstree, top > > > > > > > >- - "Mjy" is a utility for cleaning out log entries, and is placed in > > > > /bin and /usr/man/man1/man1/lib/.lib/. > > > >- - in.telnetd is also placed in these directories; its use is not known > > > >at this time. > > > >- - A setuid shell is placed in /usr/man/man1/man1/lib/.lib/.x > > > > > > > >DETECTION AND REMOVAL > > > > > > > >We have developed a utility called Lionfind that will detect the Lion > > > >files on an infected system. Simply download it, uncompress it, and > > > >run lionfind. This utility will list which of the suspect files is on > > > >the system. > > > > > > > >At this time, Lionfind is not able to remove the virus from the system. > > > >If and when an updated version becomes available (and we expect to > > > >provide one), an announcement will be made at this site. > > > > > > > >Download Lionfind at http://www.sans.org/y2k/lionfind-0.1.tar.gz > > > > > > > > > > > >REFERENCES > > > > > > > >Further information can be found at: > > > > > > > >http://www.sans.org/current.htm > > > >http://www.cert.org/advisories/CA-2001-02.html, CERT Advisory > > > > CA-2001-02, Multiple Vulnerabilities in BIND > > > >http://www.kb.cert.org/vuls/id/196945 ISC BIND 8 contains buffer > > > > overflow in transaction signature (TSIG) handling code > > > >http://www.sans.org/y2k/t0rn.htm Information about the t0rn rootkit. > > > >The following vendor update pages may help you in fixing the original > > > > BIND vulnerability: > > > > > > > >Redhat Linux RHSA-2001:007-03 - Bind remote exploit > > > >http://www.redhat.com/support/errata/RHSA-2001-007.html > > > >Debian GNU/Linux DSA-026-1 BIND > > > >http://www.debian.org/security/2001/dsa-026 > > > >SuSE Linux SuSE-SA:2001:03 - Bind 8 remote root compromise. > > > >http://www.suse.com/de/support/security/2001_003_bind8_ txt.txt > > > >Caldera Linux CSSA-2001-008.0 Bind buffer overflow > > > >http://www.caldera.com/support/security/advisories/CSSA-2001-008.0.txt > > > >http://www.caldera.com/support/security/advisories/CSSA-2001-008.1.txt > > > > > > > >This security advisory was prepared by Matt Fearnow of the SANS > > > >Institute and William Stearns of the Dartmouth Institute for Security > > > >Technology Studies. > > > > > > > >The Lionfind utility was written by William Stearns. William is an > > > >Open-Source developer, enthusiast, and advocate from Vermont, USA. His > > > >day job at the Institute for Security Technology Studies at Dartmouth > > > >College pays him to work on network security and Linux projects. > > > > > > > >Also contributing efforts go to Dave Dittrich from the University of > > > >Washington, and Greg Shipley of Neohapsis > > > > > > > >Matt Fearnow > > > >SANS GIAC Incident Handler > > > > > > > >If you have additional data on this worm or a critical quetsion please > > > >email lionworm@sans.org > > > >-----BEGIN PGP SIGNATURE----- > > > >Version: GnuPG v1.0.4 (BSD/OS) > > > >Comment: For info see http://www.gnupg.org > > > > > > > >iD8DBQE6u17n+LUG5KFpTkYRAgn9AJ0ffubakBA47teAe9lF92lrS2H+TwCgh3T/ > > > >ek+YCliAS832nnMIzP28ezM= > > > >=E1SG > > > >-----END PGP SIGNATURE----- > > > > > > Rusty Carruth Email: rcarruth@Tempe.tt.slb.com or > > > rcarruth@slb.com Voice: (480) 345-3621 SnailMail: Schlumberger ATE > > > FAX: (480) 345-8793 7855 S. River Parkway, Suite 116 > > > Ham: N7IKQ @ 146.82+,pl 162.2 Tempe, AZ 85284-1825 > > > ICBM: 33 20' 44"N 111 53' 47"W > > > > > > > > > ________________________________________________ > > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't > > > post to the list quickly and you use Netscape to write mail. > > > > > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- > Rick Rosinski > http://rickrosinski.com > rick@rickrosinski.com > > --__--__-- > > Message: 7 > Date: Fri, 23 Mar 2001 19:20:15 -0700 (MST) > From: "der.hans" > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > Am 23. Mar, 2001 schwäzte Rick Rosinski so: > > > Would this effect a Slackware 7.x system? I noticed that I don't have any > > "bind" in my paths. > > The executable is called named. Slack probably needs to be updated as the > upstream security fixes were first released in Jan. > > ciao, > > der.hans > -- > # der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-) > # Two roads diverged in a wood, and I -- > # I took the one less traveled by, > # And that has made all the difference. -- Robert Frost > # I, OTOH, prefer to just go stomping through the desert... - der.hans > > --__--__-- > > Message: 8 > From: "Gary Nichols" > To: > Subject: RE: Free stuff for PLUG and some not so free stuff for PLUG > Date: Fri, 23 Mar 2001 19:42:44 -0700 > charset="iso-8859-1" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > Thanks to Jim for volunteering to pick up the loot, and thanks to Lucas for > offering to buy my Amiga. :-) > > Here's the breakdown of the goodies... hope you all enjoy. > > Shirts: > XL Black Penguin Computing > XL White Penguin VXA > L Blue Penguin Polo > (Worn a few times, but in great shape... and washed! *g*) > > Boxed Software: > Applixware Office (can't recall the version... but I think it was from 1998) > Redhat 7.0 new in shrinkwrap > Redhat 6.1 > Redhat 5.2 > Redhat 5.1 > Suse 6.1 > Accelerated X Multihead > Solaris 7 x86 + Sparc > Solaris 8 beta > > Books: > Computer Consultants Handbook > Linux, complete ref (caldera) > Linux, Complete ref (penguin) > Linux, Adv ref (penguin) > Tcl/TK Tools > > Misc: > 6" Stuffed Tux > Linux Library CD > A bunch of Redhat bumper stickers > > Should you be the recipient of a box of software and you're missing the > cd's, let me know and I'll see if I can find them. This stuff has been in > my den for a while. *grin* > > ~Gary > > -----Original Message----- > From: plug-discuss-admin@lists.PLUG.phoenix.az.us > [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Gary > Nichols > Sent: Friday, March 23, 2001 3:04 PM > To: plug-discuss@lists.PLUG.phoenix.az.us > Subject: Free stuff for PLUG and some not so free stuff for PLUG > > Guys, > > I just cleaned out my den and I have a bunch of linux-oriented stuff I'd > like to donate to the group. If somebody could swing by my home or office > to pick them up I'd appreciate it-- no idea when I'll make the next meeting. > Perhaps use them as door prizes or donations to school(s)? > > More or less the pile of stuff consists of: > Redhat 5.1 > Redhat 5.2 > Redhat 6.1 > Redhat 7.0 (brand new in shrink wrap) > Suse 6.x (can't remember) > Tk/Tcl Tools book > Applixware office > Various linux books that I had more than 1 copy of. > > There are some linux T-shirts too, just can't remember what I threw in the > box. Anyway... this stuff is free to the group, just need a 'designatee' to > come pick it up! > > My home is near I-17/Deer Valley in Phoenix, my office is near > Priest/University in Tempe. > > Also OT, I am planning on moving to Chandler shortly so I'm wanting to sell > my Amiga 2000 with monitor/keyboard/mouse and a box of software. (You know, > better to sell cheap than move it LOL) The Amiga has 2MB of memory, a hard > drive/floppy/external floppy and works great. > I'll let all this Amiga stuff go for $100. > > Anybody? Please answer to the list or you can email me directly at: > gnichols AT qwest.net. > > Thanks PLUG'ers > > Gary > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post > to the list quickly and you use Netscape to write mail. > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --__--__-- > > Message: 9 > From: "Craig White" > To: > Subject: RE: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET > Date: Fri, 23 Mar 2001 20:42:09 -0700 > charset="US-ASCII" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > > -----Original Message----- > > From: plug-discuss-admin@lists.plug.phoenix.az.us > > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Rick > > Rosinski > > Sent: Friday, March 23, 2001 12:15 PM > > To: plug-discuss@lists.plug.phoenix.az.us > > Subject: Re: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE > > INTERNET > > > > > > Would this effect a Slackware 7.x system? I noticed that I don't > > have any > > "bind" in my paths. > > > --- > Try typing (as root) "ps aux|less" and scroll up and down to see if "named" > is running. This will tell for sure. > > I can't imagine any reason for named/bind to be installed on any workstation > configuration as it is strictly a network server daemon. If you are running > a linux as a masquerade/firewall/router box - you may have installed bind - > if you did, you surely should know whether it is installed or not. > > Only 2 scenarios here, 1 is that you plan to provide domain name services to > the public internet in which case, you better get up to speed on bind, up to > date and spend a lot of time learning how to chroot because it is probably > more a question of when it gets hacked than if it gets hacked. > > Scenario 2 is that you are providing DNS services to a local lan - in which > case you MUST block the DNS packets from coming thru your firewall... > > on the 2.2-xxx kernel > > /sbin/ipchains -A input -j REJECT (or DENY) - i (public ethernet > interface) -p tcp -s 0.0.0.0 -d (public ipaddress) domain > > and also > > /sbin/ipchains -A input -j REJECT (or DENY) - i (public ethernet > interface) -p udp -s 0.0.0.0 -d (public ipaddress) domain > > replace (public ethernet interface) with eth0, eth1 whichever appropriate > replace (public ipaddress) with your public/internet ip address > you need to block both tcp & udp because DNS packets can be either. > > as one who has experience bind exploits, I speak with experience. > > Craig > > --__--__-- > > Message: 10 > From: "Craig White" > To: > Subject: RE: Three NIC problem > Date: Fri, 23 Mar 2001 20:50:01 -0700 > charset="iso-8859-1" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > > -----Original Message----- > > From: plug-discuss-admin@lists.plug.phoenix.az.us > > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of David > > Demland > > Sent: Friday, March 23, 2001 6:10 PM > > To: Plug-Discuss > > Subject: Three NIC problem > > > > > > I have a problem. I am installing a Storm box. It has to have three NICs. > > This is because two if the NICs will be used as the gateways for our > > internal workstations. At the current time some of our > > workstations use one > > gateway, a T1, and the others use an other gateway, an ISDN line. This new > > firewall has to have NICs for each of these gateways. This way we > > can remove > > these firewalls without having to reconfigure all the workstations. The > > third NIC will be used to send data out to our Cisco router which we will > > use to do the routing for all our network. The idea is to use the current > > gateway IP of 192.168.1.204 (T1) and 192.168.1.79 (ISDN). The > > third NIC will > > be given an IP of 10.0.1.1 that will be used to pass all traffic to the > > router. > > > > Question: > > > > How do I get the Storm box to route both of the functioning > > gateway IPs out > > the third NIC to the router? I thought I had the routing table > > and the NICs > > configured right but I can not get anything to pass out the third NIC. > > > ----- > Perhaps I'm not understanding what's going on but on the surface, it appears > that you are using a Cisco router to route two distinct subnets but trying > to put a firewall between the two subnets and the router - that doesn't make > sense to me. > > I would like to see this topic remain public and not private so I can > benefit from learning about 3 NIC setup since I am going to be trying to do > a similar thing. > > Craig > > --__--__-- > > Message: 11 > From: "Bob George" > To: > Subject: Re: Three NIC problem > Date: Fri, 23 Mar 2001 21:35:49 -0700 > charset="iso-8859-1" > Reply-To: plug-discuss@lists.PLUG.phoenix.az.us > > "Craig White" wrote: > > [...] > > I would like to see this topic remain public and not private so I can > > benefit from learning about 3 NIC setup since I am going to be trying to > do > > a similar thing. > > Are there any particular issues you're concerned about? I've got 3 10/100 > ethernet plus a token ring port going on my firewall at present. I'm using > Debian on a 2.4.1 kernel to support my internal LAN (general usage), DMZ > (mail, web servers), and lab (Cisco router pod). NAT to the Internet as > well. It's working great. In fact, a few of us are using Zebra to test > various BGP routing scenarios (GRE tunnels between Cisco and Linux devices). > I'd be happy to share my notes. > > - Bob > > --__--__-- > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > End of Plug-discuss Digest