[opensuse-factory] Firewall not consistent..
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This morning i had to shut down the firewall to enter my Lan. Printing was impossible, and also accessing the other pc's and laptops in the network. What i do not understand is why this firewall prevents me from entering other pc's in the network, while others can acces mine easily? When are we going to have a configurable firewall? Like: Share Files and printers? x Yes 0 No Trusted hosts: Untrusted hosts: etc etc. I do not like a firewall that does not what it is supposed to.. It should not limit *my* access to the network.. and grant others to my pc.. (it is like this firewall does the opposite job..) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6kqkX5/X5X6LpDgRAmt/AJ4oMfZkTJMZt565d/lYAQj/n/FdawCeJKwS iPLNvYCuPK7ZUk9V1ryCmu8= =2KBp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote:
(it is like this firewall does the opposite job..)
I don't really see how your net is configured. My firewall is on the router/gateway, not on my desktop. my desktop access is only managed by the ordinary permission system (anyway all the ports are shut down except ssh) jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-09-14 at 11:01 +0200, jdd wrote:
(it is like this firewall does the opposite job..)
I don't really see how your net is configured.
My firewall is on the router/gateway, not on my desktop.
my desktop access is only managed by the ordinary permission system (anyway all the ports are shut down except ssh)
Even in that case, I like to use a firewall protecting me from the internal network. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG6nVbtTMYHG2NR9URAgSLAJ9dmGeVhXAmxqi/WC+REAXTxQvJFACggNfv oX1hogaKpoCmrElmehRTSsw= =HcyS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Friday 2007-09-14 at 11:01 +0200, jdd wrote:
(it is like this firewall does the opposite job..) I don't really see how your net is configured.
My firewall is on the router/gateway, not on my desktop.
my desktop access is only managed by the ordinary permission system (anyway all the ports are shut down except ssh)
Even in that case, I like to use a firewall protecting me from the internal network.
Well, if my sons and wife can enter my PC, and their config is adjusted to share files, and the printer is shared, than i expect to get access to their pc's. If SuSE's firewall denies entrance to other pc's, but grants these same pc's to enter my pc, than something is wrong, it is that simple. And as far as SuSE's firewall is concerned, from 10.0 it has caused unaccesible lan. only accessible if the network interface was changed to the internal zone.. In Beta 3, i moved the network interface to internal zone: no network access. I moved it to the external zone again: Network access. So i thought: Fixed! Wrong. I know that i can choose whatever firewall i want to use.. It is just that if SuSE has one of its own, it should be easier to use that one, am i wrong here? In an earlier mail i stated that the fault was gone, this was a mistake. None config wse changed, - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6q3/X5/X5X6LpDgRAoDvAKDHnDsRk1F61vVe/2A6iOwMb8IqEwCg1Fvc fZt6mFGf6tB2xz4PQ2wEYzw= =ooBY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
(it is like this firewall does the opposite job..)
I don't really see how your net is configured.
My firewall is on the router/gateway, not on my desktop.
my desktop access is only managed by the ordinary permission system (anyway all the ports are shut down except ssh)
jdd
I am talking about the SuSE-firewall... and the testing of it in 10.3 beta3.. (offcourse i can also use the routers firewall..)
- -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6qkRX5/X5X6LpDgRAkZLAJ0Y9Y15aw2OCUbqzRLKaoFSQcnVhgCfZh9Q YxbzIXRq75hP8K4kwvk0U4A= =p6Cm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
It is probably the old and never solved issue with samba high ports, if you're using samba to share resources. In the suse firewall configuration file, look for FW_SERVICES_ACCEPT_EXT and set it to: 0/0,tcp,1024:65535,137:139 0/0,udp,1024:65535,137:139 This issue have been affecting SuSE for a lot of time, and it's time to find a solution, without hiding behind security reasons or other solutions (like using two cards ;-)) as it was done in the past. With kind regards, Alberto Il giorno ven, 14/09/2007 alle 17.30 +0200, M9. ha scritto:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
jdd schreef:
M9. wrote:
(it is like this firewall does the opposite job..)
I don't really see how your net is configured.
My firewall is on the router/gateway, not on my desktop.
my desktop access is only managed by the ordinary permission system (anyway all the ports are shut down except ssh)
jdd
I am talking about the SuSE-firewall... and the testing of it in 10.3 beta3..
(offcourse i can also use the routers firewall..)
- --
Have a nice day,
M9. Now, is the only time that exists.
OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFG6qkRX5/X5X6LpDgRAkZLAJ0Y9Y15aw2OCUbqzRLKaoFSQcnVhgCfZh9Q YxbzIXRq75hP8K4kwvk0U4A= =p6Cm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alberto Passalacqua schreef:
It is probably the old and never solved issue with samba high ports, if you're using samba to share resources.
In the suse firewall configuration file, look for FW_SERVICES_ACCEPT_EXT and set it to:
0/0,tcp,1024:65535,137:139 0/0,udp,1024:65535,137:139
This issue have been affecting SuSE for a lot of time, and it's time to find a solution, without hiding behind security reasons or other solutions (like using two cards ;-)) as it was done in the past.
With kind regards, Alberto
This one i did not know ;-) I am going to try it imediately, thnx. Still i agree that the issue should be solved.. Imagine what is attached to this: 1) The printer is behind a windowsbox => Samba 2) Al the movies and music are on a networkdrive, for everybodies convienience, except the ones who use SuSE..=> Samba 3) Shared files are in shared windows docs..=> Samba For all this samba is *normaly* spoken the way.... (i mean without hacking into someones files...) Like for people coming from widnose, and are used to everything is configured automaticly, they would not know a solution like Alberto proposes here ;-) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6sgZX5/X5X6LpDgRAm6vAJ9Ckftv/3svppYKtLjTdBXRmCGZNwCff19L 5T44p7nLGkMUYwNytAeXiks= =Xcj+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote:
I am talking about the SuSE-firewall... and the testing of it in 10.3 beta3..
me too. My router is an openSUSE box. myconcern is to know how is your lan configured (what PC is used as gateway, what is the "internal" network, what the "external" (precise, with IP's, thanks) and if possible, what are the differences between the default SUSEFirewall2 (/etc/sysconfig/scripts/SuSEfirewall2) script and the one you use only to help you :-) jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
I am talking about the SuSE-firewall... and the testing of it in 10.3 beta3..
me too. My router is an openSUSE box.
myconcern is to know how is your lan configured (what PC is used as gateway, what is the "internal" network, what the "external" (precise, with IP's, thanks)
and if possible, what are the differences between the default SUSEFirewall2 (/etc/sysconfig/scripts/SuSEfirewall2) script and the one you use
only to help you :-)
jdd
I am using a level-one wireless router as gateway, behind a tomson speedtouch adsl-modem. They are both configured to fit as one, and function without any error for many years, except for some wireless-card problems, and windows SP2 updates, which throw the network down every once in a while... PC's and Laptops in daily use, some pc's have wireless cards. tribal is the 64bits AMD 2800+, to test all Linux version i like, the ibm is the 32bits P4 testbox, (for the night-time), with windows for the accessability from all other windows-boxes, all production machines... terminator 192.168.1.9 (WLAN)(Fixed) ibm-sfn3 192.168.1.7 (LAN) (DHCP) IslandDreamer 192.168.1.4 (WLAN) (Fixed) tine-toshi 192.168.1.5 (WLAN) (Fixed) piii-sfn5 192.168.1.10 (WLAN) (Fixed) tribal-sfn2 192.168.1.8 (LAN) (DHCP) Networkdrive 192.168.1.2 (LAN) (Fixed) TOSP200 192.168.1.3 (WLAN) (DHCP) asus-sfn6 192.168.1.6 (WLAN) (Fixed) The printer is behind ibm-sfn2, configured as: smb://192.168.1.*/EPSONSty (exact name from MSXP) For this printer, an Epson Stylus C64 Photo edition, is no printserver available, so i have to hang it behind a box. In the start, tribal-sfn2 was the server, and main pc, but since the trouble with the firewall (and the scanner), which started with SuSE 10.0, several years ago, ibm carries this burdon... The MS boxes use an old and free Norton firewall:sygate About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see. I use the gui's in yast to configure the firewall, and that should be more than enough. IMHO should a firwall be configured once, and work in silence, protecting a pc or laptop against attack fro 'outside'. It should not block the trusted hosts, and block the untrusted ones. A warning should be displayed, with an option to grant or denie an attempt to enter the pc, with a discription of the host and the ip adress, so that one can decide to let pass once or forever, which does not mean that 'forever' can not be changed to denie. A realy good firewall can work with passwords, just as a server can. this is all the info i can think of, is from any use..
- -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6tgyX5/X5X6LpDgRAlsNAKCxNPLa7Hf9IxwfE9cWrFMs3K0lAwCcC4va Iql8dvlk6FJo5xTQkZSscAc= =LUfA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote: so, if I understand well you have only one lan (192.168.1.x) with all the PC on it. previously you said: "This morning i had to shut down the firewall to enter my Lan. Printing was impossible, and also accessing the other pc's and laptops in the network. What i do not understand is why this firewall prevents me from entering other pc's in the network, while others can acces mine easily?" It looks like you (or any event) swapped the internal and external network in the config try setting with defaults - usually defaults are good
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see.
it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later) this file is commented internally, and the comments are the only firewall notice I know of
IMHO should a firwall be configured once, and work in silence, protecting a pc or laptop against attack fro 'outside'.
it's what SuSEfirewall2 do usually :-)
It should not block the trusted hosts, and block the untrusted ones.
not clear in your config wich is what
A warning should be displayed, with an option to grant or denie an attempt to enter the pc, with a discription of the host and the ip adress, so that one can decide to let pass once or forever, which does not mean that 'forever' can not be changed to denie.
it's really too easy to clic on "yes" without caution and very difficult to go back after, and should any user be allowed to do so?
A realy good firewall can work with passwords, just as a server can.
I think somewhat your definition of "firewall" is wrong. a firewall is used to open or close "ports", not communication (your firewalls don't do NAT, as you have an other router). whatever you do with these ports is irrelevant. a firewall works at the packet level, not at the logical one, it knows nothing of passwords. It protect networks, so if you want a part with trusted pc, it must be the internal and untrusted the external or the dmz if they are in your house, but this needs an other net card (an other lan). you can set some filtering based on IP, but I'm not sure it's secure and anyway it's difficult to setup. finally you said "This morning i had to shut down the firewall to enter my Lan.", so the day before the firewall was nice, what did change in between? I beg you use an samba network and windows samba is buggy and needs to open nearly anything to work as was said from the beginning by an other writer. http://lists.opensuse.org/opensuse-factory/2007-09/msg00335.html but if I understand well, doing so is nearly the same as stopping the firewall. use of samba server on suse fixes the permission problem. jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-09-14 at 23:55 +0200, jdd wrote:
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see.
it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later)
It is '/etc/sysconfig/SuSEfirewall2'. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG6xjXtTMYHG2NR9URAo4QAJwJGZUw8ylyOGoV2vFlD7LSFjINOwCgksf+ YOYa8ie4c1yYQ9M3L7yPk/Q= =DguM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Friday 2007-09-14 at 23:55 +0200, jdd wrote:
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see. it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later)
It is '/etc/sysconfig/SuSEfirewall2'.
Thnx. ;-) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6/+JX5/X5X6LpDgRAm2qAJ9WX50TAHKcTH8ndd37n1kkiOrd8gCgwanF CEOdhAdKNCAaeUqkATSeuxA= =SFIT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
so, if I understand well you have only one lan (192.168.1.x) with all the PC on it.
Yes that is correct ;-)
previously you said:
"This morning i had to shut down the firewall to enter my Lan. Printing was impossible, and also accessing the other pc's and laptops in the network.
What i do not understand is why this firewall prevents me from entering other pc's in the network, while others can acces mine easily?"
It looks like you (or any event) swapped the internal and external network in the config
try setting with defaults - usually defaults are good
I used the defaults, after putting back the network interface back to the external zone again.
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see.
it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later)
this file is commented internally, and the comments are the only firewall notice I know of
IMHO should a firwall be configured once, and work in silence, protecting a pc or laptop against attack fro 'outside'.
it's what SuSEfirewall2 do usually :-)
It should not block the trusted hosts, and block the untrusted ones.
not clear in your config wich is what
In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed by dataminers, in windows one should be able to block them...)
A warning should be displayed, with an option to grant or denie an attempt to enter the pc, with a discription of the host and the ip adress, so that one can decide to let pass once or forever, which does not mean that 'forever' can not be changed to denie.
it's really too easy to clic on "yes" without caution and very difficult to go back after, and should any user be allowed to do so?
Normaly, if you have a good firewall, there is a discription of the host, its ip adress, and the purpose for entering from or towards the pc. The streams are visible if you want: in, out, and which ports are used. each programm is listed, and the ports they use.
A realy good firewall can work with passwords, just as a server can.
I think somewhat your definition of "firewall" is wrong. a firewall is used to open or close "ports"
exactly! , not communication yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle.. (your firewalls don't
do NAT, as you have an other router).
whatever you do with these ports is irrelevant.
If some host wants to enter my pc, i want to know this, and be able to close the gate (port) if i do not want it entering for whatever reason i have. If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password.
a firewall works at the packet level, not at the logical one, it knows nothing of passwords. It protect networks, so if you want a part with trusted pc, it must be the internal and untrusted the external or the dmz if they are in your house, but this needs an other net card (an other lan).
A good firewall can handele this perfectly, with just one card.
you can set some filtering based on IP, but I'm not sure it's secure and anyway it's difficult to setup.
finally you said "This morning i had to shut down the firewall to enter my Lan.", so the day before the firewall was nice, what did change in between?
Not one thing, that is why i call the firewall inconsistent..
I beg you use an samba network and windows samba is buggy and needs to open nearly anything to work as was said from the beginning by an other writer.
I use samba on the Linux-side,
http://lists.opensuse.org/opensuse-factory/2007-09/msg00335.html
but if I understand well, doing so is nearly the same as stopping the firewall.
As i understand, only for the ports used by samba for the LAN?
use of samba server on suse fixes the permission problem.
Samba server i did not use before...
jdd
If you want to know what i mean, you should download the free sygate firewall from norton, and use it on a windows box. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG6/6WX5/X5X6LpDgRAk/MAKDHiYPzxAqnJA1sqEvChupx03ySHQCghFAw K7nudtOjDVT7Uz2in5rMOUA= =PE8L -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote:
In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed
informed?
yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle..
this is not a firewall but a proxy server. Usually, a firewall blocks all the ports. That means that no communication can be initiated from the exterior to the inside. If inside your computer you ask an application to go and search, this is allowed.
If some host wants to enter my pc, i want to know this,
what does this mean for you?? all what an external program can do on your computer is read a port or write a port. closing a port means only that this write is rejected (or simply ignored). In fact, if no application is listening (by reading this port), the write *is* ignored
If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password.
this may be the windows way of life, but it's not Linux one. if I do "ssh <somecomputer>", my ssh will try to write to the ssh port of this computer. If, for example, it's a windows 98 with no firewall at all, but with no ssh server neither, nothing is going on and I cannot enter to enter a computer you must have a server that allows this
A good firewall can handele this perfectly, with just one card.
nope. untrusted pc can attack a trusted one. This is like having all computers exposed to the exterior and youi have to protect all of them
As i understand, only for the ports used by samba for the LAN?
well, the windows smb implementation seems to be programed in an evil way and don't use always the same ports, so one must let many ones open (that is may listen to these ports and answer to them) and this is unsecure.
use of samba server on suse fixes the permission problem.
Samba server i did not use before...
how did you grant access to your linux computer from windows then? access must be done on the host: * by a standard protocol (smb, ssh, ftp, http...) accepted by a server * by two applications sharing the same port anyway, if you had a working config one day, and now it's no more working, there is to have been a change in between :-) jdd jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
In my config there are only trusted hosts... (in a windows case there are constantly hosts that are informed
informed?
spyware and datamining.. ;-) ( i know this is unknown to linux :-)
yes it has to let me know who is going out and going in, and i must be able to shut whatever port i like, in principle..
this is not a firewall but a proxy server.
no, in windows, a firewall can do that..
Usually, a firewall blocks all the ports. That means that no communication can be initiated from the exterior to the inside. If inside your computer you ask an application to go and search, this is allowed.
If some host wants to enter my pc, i want to know this,
what does this mean for you??
that my spyware-killers do not work.. (please do not forget my decade of windows use ;-)
all what an external program can do on your computer is read a port or write a port.
closing a port means only that this write is rejected (or simply ignored). In fact, if no application is listening (by reading this port), the write *is* ignored
If i give a password to a host, it can enter without noticing me, as long as i want to let the firewall exept the password.
this may be the windows way of life, but it's not Linux one.
indeed, some habits die hard ;-) if I do
"ssh <somecomputer>", my ssh will try to write to the ssh port of this computer. If, for example, it's a windows 98 with no firewall at all, but with no ssh server neither, nothing is going on and I cannot enter
to enter a computer you must have a server that allows this
A good firewall can handele this perfectly, with just one card.
nope. untrusted pc can attack a trusted one. This is like having all computers exposed to the exterior and youi have to protect all of them
my router is a firewall, and all PC's and laptops have one..
As i understand, only for the ports used by samba for the LAN?
well, the windows smb implementation seems to be programed in an evil way and don't use always the same ports, so one must let many ones open (that is may listen to these ports and answer to them) and this is unsecure.
use of samba server on suse fixes the permission problem.
Samba server i did not use before...
how did you grant access to your linux computer from windows then?
Sorry, it is the client and the server, i thought of an aplication like server-edition.. euh..errr..;-)
access must be done on the host:
* by a standard protocol (smb, ssh, ftp, http...) accepted by a server * by two applications sharing the same port
yes that is the procedures..
anyway, if you had a working config one day, and now it's no more working, there is to have been a change in between :-)
Offcourse there has to be a change to change something. In this case i did not change a thing. Why should i? It worked, and i never change something that does its job well.. again, that is why i call the firewall inconsistant.. If it is too much trouble to config it right, i shut it off, no big deal..(router is sufficient, and one pc can use DHZ ) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7A1yX5/X5X6LpDgRAtrYAJ9qC4iLYY/VZVowNhuPxnx3oR+JMgCfdzEm splkrsqmms9PIUnSgYkXi+k= =dAU3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote:
informed?
spyware and datamining.. ;-) ( i know this is unknown to linux :-)
if you let your computer infected, there is nothing a firewall can do. it should be some sort of "apparmor" for Windows, monitoring wich application do what. It's not the scope of a firewall and SuSEfirewall2 never protected your agianst such thing, anyway if the spy uses a classic internet protocol (http), you can only cry :-(
no, in windows, a firewall can do that..
then it have some functions more than a firewall
that my spyware-killers do not work.. (please do not forget my decade of windows use ;-)
they should. In France, secuser.com links to free spyware defender, very effective. I have an XP box, no firewall on it and never infected (never for a longtime, though)
Sorry, it is the client and the server, i thought of an aplication like server-edition.. euh..errr..;-)
default openSUSE install are usually quite defensives and allow little open ports and little running servers (I'm not even sure that sshd is running by default)
access must be done on the host:
* by a standard protocol (smb, ssh, ftp, http...) accepted by a server * by two applications sharing the same port
yes that is the procedures..
so what is the server you fear to be broken?
Offcourse there has to be a change to change something. In this case i did not change a thing. Why should i? It worked, and i never change something that does its job well..
again, that is why i call the firewall inconsistant..
If it is too much trouble to config it right, i shut it off, no big deal..(router is sufficient, and one pc can use DHZ )
yes it is. however no firewall and certainly not on Linux can change by itself :-), so something must have been done, evidently accidentally :-). what you could do is: * backup the /etc/sysconfig folder (it's small , do a complete backup of it) * do "SuSEfirewall2 stop" to stop the firewall * remove the /etc/sysconfig/SuSEfirewall2 * in yast, force the reinstall of the firewall, like this you should recover the default config file hope this works jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
jdd wrote:
M9. wrote:
no, in windows, a firewall can do that..
then it have some functions more than a firewall
Linux firewalls can do all that and much more. Your imagination is the limit, once you start looking into the iptables commands and options. Don't let the fact that SuSEfirewall2 is only a very rudimentary and limited graphical shell for a subset of those commands fool you. Joe --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Saturday 15 September 2007 12:38:53 pm jdd wrote:
M9. wrote:
informed?
spyware and datamining.. ;-) ( i know this is unknown to linux :-)
Not yet, but when LSB kick in and it would be easy to install any program to any distro, situation may change.
if you let your computer infected, there is nothing a firewall can do. it should be some sort of "apparmor" for Windows, monitoring wich application do what.
That is what most 'firewalls' for windows do. They call it firewall, as it sounds good, but it is actually proxy that monitors all traffic. ...
default openSUSE install are usually quite defensives and allow little open ports and little running servers (I'm not even sure that sshd is running by default)
It is not enabled by default.
access must be done on the host:
* by a standard protocol (smb, ssh, ftp, http...) accepted by a server * by two applications sharing the same port
yes that is the procedures..
so what is the server you fear to be broken? ...
Don't forget that there is few computers in M9 network wireless. and problem can come from that side too. They are part of internal network, they probably have enabled ad hoc wireless and if some neighbor has no wireless access point it can without knowing what he is doing connect to any windows computers in range. If he has viruses they will find the way in. Taking how easy most of windows users dismiss firewall popups it opens unlimited possibilities. -- Regards, Rajko. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rajko M. schreef:
On Saturday 15 September 2007 12:38:53 pm jdd wrote:
M9. wrote:
Don't forget that there is few computers in M9 network wireless. and problem can come from that side too. They are part of internal network, they probably have enabled ad hoc wireless and if some neighbor has no wireless access point it can without knowing what he is doing connect to any windows computers in range. If he has viruses they will find the way in. Taking how easy most of windows users dismiss firewall popups it opens unlimited possibilities.
In this case i let my router take security, by selecting which wireless pc's or laptops can enter the network. Until now this allways worked. If i add a new wireless one, i have to give it permission in my router. It will see the network, but will not be able to acces it. An advantage my router ( i do not know if any router has that ), has, to protect the network. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7kJMX5/X5X6LpDgRAp8KAJoC/DLsJqEyZjNTlT5GxpWrhNHbCgCcDSz+ Zzh3b8tZmxtl6vJDtm9QYKM= =cZLd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-09-17 at 11:01 +0200, M9. wrote: [ This is a conversation more appropiate for the normal or the security lists, I think ]
In this case i let my router take security, by selecting which wireless pc's or laptops can enter the network. Until now this allways worked. If i add a new wireless one, i have to give it permission in my router. It will see the network, but will not be able to acces it.
By which method do you allow a new PC? For instance, if you do it based on the hardware address of the new wireless device, that's very easy to break. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG7nxWtTMYHG2NR9URAs+vAJ4iz1xXgkY+8OqlXEC6dZN1gAioJACeNv+C 1OPSUyiN03789uPMvALCAU0= =q/fw -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Monday 2007-09-17 at 11:01 +0200, M9. wrote:
[ This is a conversation more appropiate for the normal or the security lists, I think ]
In this case i let my router take security, by selecting which wireless pc's or laptops can enter the network. Until now this allways worked. If i add a new wireless one, i have to give it permission in my router. It will see the network, but will not be able to acces it.
By which method do you allow a new PC? For instance, if you do it based on the hardware address of the new wireless device, that's very easy to break.
It is very simple in fact,a pc or laptop not listed gets no ip... - --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7o/oX5/X5X6LpDgRAlUCAKCxl4GU9SBwST+KZTFOtMlpBQQ/KgCfXGem EtvA4/3opAujXSGpoubvuV8= =Azlt -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-09-17 at 16:32 +0200, M9. wrote:
By which method do you allow a new PC? For instance, if you do it based on the hardware address of the new wireless device, that's very easy to break.
It is very simple in fact,a pc or laptop not listed gets no ip...
Don't you bet on it for a second. A cracker can make his PC look like one of yours and connect, instantly. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG7pMYtTMYHG2NR9URArIjAJ9eeSIrroESGqZiEG/XaltW+92khwCbBaSV Puti7ou0+xvjkCGbgEdCAbk= =Ved5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
A cracker can make his PC look like one of yours and connect, instantly.
that is a cracker can guess your wep key (don't ask me how :-(), at the moment lurking the net gives him the mac adresse of the various hosts. at the moment one of these hosts stops, he can use the mac to get an ip, he can also share the IP (but it's probably marginally more difficult) the problem is: why should a cracker do this on your network? If this was one of a big company or if your work is highly important, may be. may be also an evil neigbor I beg some sort of malfunction is more likely to happen... jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
Carlos E. R. wrote:
A cracker can make his PC look like one of yours and connect, instantly.
that is a cracker can guess your wep key (don't ask me how :-(), at the moment lurking the net gives him the mac adresse of the various hosts.
at the moment one of these hosts stops, he can use the mac to get an ip, he can also share the IP (but it's probably marginally more difficult)
the problem is: why should a cracker do this on your network? If this was one of a big company or if your work is highly important, may be.
may be also an evil neigbor
I beg some sort of malfunction is more likely to happen...
jdd
I guess also, i have no valuable secrets stored on the pc's, nor am i rich. My house is not protected, there is no need, most people are to afraid to come by at night. If one would reach the house, he would stumble and fall, because there is no light, and it is full of rocks and trees. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7ppcX5/X5X6LpDgRApqsAJ401F9bbcUz8lhYgLBUju/IuNykjQCgv6ZB m9o7jsZ2Y7DXfOWrm2COSoU= =1Kym -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-09-17 at 17:03 +0200, jdd wrote:
Carlos E. R. wrote:
A cracker can make his PC look like one of yours and connect, instantly.
that is a cracker can guess your wep key (don't ask me how :-(), at the moment lurking the net gives him the mac adresse of the various hosts.
Yes, but he didn't say if he is using wep. My point is, that basing security only in giving IPs to known machines, using the hardware address, is not secure. Added to other methods, yes. And wep... I was told of an ISP technician that installed all routers in his area withe keys of the "012345678901234567890xx" type, the last to digits being related to the customer. The customers were happy because they had a long key that was easy to remember. The crackers were even happier.
the problem is: why should a cracker do this on your network? If this was one of a big company or if your work is highly important, may be.
may be also an evil neigbor
Or one without ISP, and just wanting to send his emails free. I have a friend in that case. Somebody told me that once he tested his neighbors wifi network, and got in easily. He then captured the traffic, and managed to learn his bank login and password - shame on the bank for sending that in clear -. He even tested it by entering the bank account, and exited. Obviously, that neighbor was using windows. He said that, had he being malign, he would have connected to the bank from a second neighbor network, and sent the money to a third one: there would be no way to track him, and the police would blame the second neighbor. Anyway, M9 doesn't have neighbors, so he probably doesn't those problems :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG7tzZtTMYHG2NR9URAs4DAJ4gF0cIRTCbnoxZkCzem71IxlJY4wCeP5Gh dRrUP1UmwJ9VGoRC4WvqRTs= =Uyxg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Monday 2007-09-17 at 17:03 +0200, jdd wrote:
Carlos E. R. wrote:
A cracker can make his PC look like one of yours and connect, instantly. that is a cracker can guess your wep key (don't ask me how :-(), at the moment lurking the net gives him the mac adresse of the various hosts.
Yes, but he didn't say if he is using wep. My point is, that basing security only in giving IPs to known machines, using the hardware address, is not secure. Added to other methods, yes.
And wep... I was told of an ISP technician that installed all routers in his area withe keys of the "012345678901234567890xx" type, the last to digits being related to the customer. The customers were happy because they had a long key that was easy to remember. The crackers were even happier.
the problem is: why should a cracker do this on your network? If this was one of a big company or if your work is highly important, may be.
may be also an evil neigbor
Or one without ISP, and just wanting to send his emails free. I have a friend in that case.
Somebody told me that once he tested his neighbors wifi network, and got in easily. He then captured the traffic, and managed to learn his bank login and password - shame on the bank for sending that in clear -. He even tested it by entering the bank account, and exited. Obviously, that neighbor was using windows. He said that, had he being malign, he would have connected to the bank from a second neighbor network, and sent the money to a third one: there would be no way to track him, and the police would blame the second neighbor.
Anyway, M9 doesn't have neighbors, so he probably doesn't those problems :-)
Looking into my bank-account, he/she would probably get tears in his/her eyes, and in pity, he/she would send some money to my account ;-)) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG78nqX5/X5X6LpDgRAsQbAJ9qZpjkTKNxRVLjpx2WUFlJ9kMo3QCfW4Ie lu7vs9A4096QkXlm+H+shUk= =+jk9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Monday 2007-09-17 at 16:32 +0200, M9. wrote:
By which method do you allow a new PC? For instance, if you do it based on the hardware address of the new wireless device, that's very easy to break.
It is very simple in fact,a pc or laptop not listed gets no ip...
Don't you bet on it for a second.
A cracker can make his PC look like one of yours and connect, instantly.
Well, as a matter of fact, in my case, this is not as simple as you suggest.. I live in the middle of nowhere.. Neighbours i have two, a quarter of an hour walk from me.. If you see the place, it look so ancient, that most people who visit me are very surprised that the inside is very up to date.. They did not expect to find fast ethernet, and many pc's and laptops that are very recent.. In my place there is no electricity, no gas, no water, no sewer.. Al this is selfmade, and selfcontroled. If somebody would come so close, that the wireless would pick him, i would have picked him before that, and if he/she would not come to visit me, he/she would have no business here.. ;-) Thnx for your concern ;-) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7plnX5/X5X6LpDgRAqjyAKDPWekNI+SOjac1sLnCINbTgdXjAACgmW1Z v9tEDdBm8I1sNfdHQFL7Loc= =DTFP -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-09-17 at 17:12 +0200, M9. wrote:
A cracker can make his PC look like one of yours and connect, instantly.
Well, as a matter of fact, in my case, this is not as simple as you suggest.. I live in the middle of nowhere.. ...
Sounds a beautiful place :-)
Thnx for your concern ;-)
Welcome :-) You know that there are handheld gadgets that you carry in your pocket when you have a walk and beep or buzz when they detect a wifi. I have been told of people doing it in their cars, putting a special aerial with a magnet on the car roof. They can use a portable computer running a certain windows program that detects the networks it finds, and writes all that in a report. Plus, if connected to a GPS and a map software, it plots the findings in the map, with colors showing how "kind" are the neighbors. The person that told me this said that they were thinking on doing this for their final project on university, and had a round of the industrial park here with that setup. The findings were very /interesting/, but refrained from making them public. But I had seen a similar report published in an article by the IEEE, it wasn't news to me. Not your case, but people should be way more cautious with their wifis. On another message I wrote a sample of what damage can get done to such trusting users. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG7t+mtTMYHG2NR9URAk0BAJ40Nk9dMzjKhG9ea8M0MDTdguPHlQCfXcS1 Dy7nSga27VPxZDxhsOPVGcw= =hw3y -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Monday 2007-09-17 at 17:12 +0200, M9. wrote:
You know that there are handheld gadgets that you carry in your pocket when you have a walk and beep or buzz when they detect a wifi. I have been told of people doing it in their cars, putting a special aerial with a magnet on the car roof. They can use a portable computer running a certain windows program that detects the networks it finds, and writes all that in a report. Plus, if connected to a GPS and a map software, it plots the findings in the map, with colors showing how "kind" are the neighbors.
The person that told me this said that they were thinking on doing this for their final project on university, and had a round of the industrial park here with that setup. The findings were very /interesting/, but refrained from making them public.
But I had seen a similar report published in an article by the IEEE, it wasn't news to me.
Not your case, but people should be way more cautious with their wifis. On another message I wrote a sample of what damage can get done to such trusting users.
I know this is true, because a friend of mine for years allways only uses some neighbours wifi-networks, he says that they pay for it anyway, if he uses them or not, but he only uses the internet connection, and does not intrude their networks or pc's. I have tried to crack mine, but only thing that happened was that the whole network went down every time... ;-) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG78uDX5/X5X6LpDgRAgHhAKDOgmEXVOgPcqK86vlWD6aR6Fdh7ACgpSGE zCY5QxYPBwRTFU0+bkB/E50= =mrbB -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-09-18 at 14:58 +0200, M9. wrote: ...
I have tried to crack mine, but only thing that happened was that the whole network went down every time... ;-)
Then, /you/ have a problem :-P But this is not the proper list to discuss it. Use the security list or the opensuse plain list, I think - unless it is 10.3 which breaks down! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG8N6xtTMYHG2NR9URAnhPAJ4qMnBbXvnMXOFZygHgqLY3/p3G8gCeMliV Zs9tiGop394Bp0FoK+otrMQ= =H47w -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Tuesday 2007-09-18 at 14:58 +0200, M9. wrote:
...
I have tried to crack mine, but only thing that happened was that the whole network went down every time... ;-)
Then, /you/ have a problem :-P
But this is not the proper list to discuss it. Use the security list or the opensuse plain list, I think - unless it is 10.3 which breaks down!
No nothing breaks down, except the firewall anoys me. But i have shut it off. I have ended my wifi. I have laid cables yesterday, added a 17 ports hub, which i had lying around, and from there 2 PC's and 3 laptops are fed ;-) The switch makes it more difficult to intercept, for the packages go only to the PC that needs/ordered/wants them. Everybody here was tired of failing connections, now everybody smiles again. The strange thing is that the linux wifi does not kill the network, but MS does. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG8U1CX5/X5X6LpDgRApoUAKCT1QpTnAsGE5iaIEgFUx9bBy/ZygCfZJd5 N8cCwuNRYvdDlofMfB+jhHo= =99gv -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-09-15 at 19:38 +0200, jdd wrote:
default openSUSE install are usually quite defensives and allow little open ports and little running servers (I'm not even sure that sshd is running by default)
The sshd daemon is intalled and runs, but the port is left closed in the firewall, if I remember correctly. Every port is left closed.
what you could do is:
* backup the /etc/sysconfig folder (it's small , do a complete backup of it) * do "SuSEfirewall2 stop" to stop the firewall * remove the /etc/sysconfig/SuSEfirewall2 * in yast, force the reinstall of the firewall, like this you should recover the default config file
I think he can simply copy over the default from the '/var/adm/fillup-templates/sysconfig.SuSEfirewall2' file. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFG7Hc4tTMYHG2NR9URAqjfAJwPJ6bDReFe0epAoqtx9tcLZQeKBACeMz3A J3ob1+IwfL9W2Spj7aWxCeg= =z6pQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carlos E. R. schreef:
The Saturday 2007-09-15 at 19:38 +0200, jdd wrote:
default openSUSE install are usually quite defensives and allow little open ports and little running servers (I'm not even sure that sshd is running by default)
The sshd daemon is intalled and runs, but the port is left closed in the firewall, if I remember correctly. Every port is left closed.
what you could do is:
* backup the /etc/sysconfig folder (it's small , do a complete backup of it) * do "SuSEfirewall2 stop" to stop the firewall * remove the /etc/sysconfig/SuSEfirewall2 * in yast, force the reinstall of the firewall, like this you should recover the default config file
I think he can simply copy over the default from the '/var/adm/fillup-templates/sysconfig.SuSEfirewall2' file.
Even more simple ;-) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7kJaX5/X5X6LpDgRAv49AJ4jj+kPPdJ06PH6KQxuTNBNZnOGHQCeNVr2 iBpYdoEgYk+nZ71KIwnNHwo= =OAvE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
default openSUSE install are usually quite defensives and allow little open ports and little running servers (I'm not even sure that sshd is running by default)
No it is not..
so what is the server you fear to be broken?
I wish i knew..
Offcourse there has to be a change to change something. In this case i did not change a thing. Why should i? It worked, and i never change something that does its job well..
however no firewall and certainly not on Linux can change by itself :-),
That is what i thought..
so something must have been done, evidently accidentally :-).
Indeed, but not by me, and there is no-one else that uses this pc...
what you could do is:
* backup the /etc/sysconfig folder (it's small , do a complete backup of it) * do "SuSEfirewall2 stop" to stop the firewall * remove the /etc/sysconfig/SuSEfirewall2 * in yast, force the reinstall of the firewall, like this you should recover the default config file
hope this works jdd
Yep, sounds sane, i can try that ;-) I will let you know.. - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7j1VX5/X5X6LpDgRArTvAKDGS6xCWG4hWs1uoR4rzggul8LoYgCgnehH nEz1E/Ux50DQiY6jf8eRclg= =jWYN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
M9. wrote:
so something must have been done, evidently accidentally :-).
Indeed, but not by me, and there is no-one else that uses this pc...
what one can do accidentally is unlimited :-(. This can (just a guess) be the result of a powerdown at the worst moment I have an hosted server (physically hosted by an university) that couldn't boot after an unwanted power down. typing "lilo" at the rescue prompt was enough to restore the boot sector. after some enquiry, it seems that all the room was cautiously shut down for electrical maintenance, but the maintenance crew managed to power on all the system in the mean time. probably afraid of doing so, tey shut down almost immediately. On my server this was during MBR reading. I beg some sort of surge took place on the disks heads, or enywhere else, end the MBR was written... problem: this happenned in the middle of hollidays and the room was not accessible by me, so one week off... there is nothing to be done against such things :-((( jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jdd schreef:
M9. wrote:
so something must have been done, evidently accidentally :-).
Indeed, but not by me, and there is no-one else that uses this pc...
what one can do accidentally is unlimited :-(. This can (just a guess) be the result of a powerdown at the worst moment
This might be possible. I could have turned the power button off, while the pc was shutting down. You get a black screen before the log starts.. I remember that when i turned it on again the next day, it started immediately without me pushing the start button... :-(
I have an hosted server (physically hosted by an university) that couldn't boot after an unwanted power down. typing "lilo" at the rescue prompt was enough to restore the boot sector.
after some enquiry, it seems that all the room was cautiously shut down for electrical maintenance, but the maintenance crew managed to power on all the system in the mean time. probably afraid of doing so, tey shut down almost immediately. On my server this was during MBR reading. I beg some sort of surge took place on the disks heads, or enywhere else, end the MBR was written...
problem: this happenned in the middle of hollidays and the room was not accessible by me, so one week off...
there is nothing to be done against such things :-(((
jdd
Yep, Shit happens....:-(( - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.22.5-10-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 10.3 (X86-64) Beta3 KDE: 3.5.7 "release 58" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG7o/cX5/X5X6LpDgRAn1kAJ45QhjkLdsPOtqa6oGcyERdypZf1gCeP+v/ p7E3znIgcxfzbm8q5WABuxw= =ld1+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (6)
-
Alberto Passalacqua -
Carlos E. R. -
jdd -
joe -
M9. -
Rajko M.