Marcus said they will fix it for the next update, so no reporting is
necessary. If they don't I know where to send the bill! ;-)
Met vriendelijke groet / Best regards,
Wilfred van Velzen
>>> "Carlos E. R." <robin.listas(a)telefonica.net> 2008-01-23 13:41:07
>>>
The Wednesday 2008-01-23 at 13:04 +0100, Wilfred van Velzen wrote:
> The same here.
> I forgot to mention this in the first message:
>
> # ls -l
> -rw------- 1 root root 1309 Jan 23 2006 secring.gpg
> -rw-r--r-- 1 root root 0 Jul 10 2006 secring.gpg.bak
>
> The .bak file is the offending file...
>
> This is the date from the rpm, if I interpret the output from below
> command correct:
>
> # rpm -qlv aaa_base | grep secring
> -rw-r--r-- 1 root root 0 Jul 10 2006
/root/.gnupg/secring.gpg
It is a bug. In my case, the backup coantains a zero bytes file dated
2004, so there was no damage done.
I believe you should report this to Bugzilla.
--
SERCOM Regeltechniek b.v.
Heereweg 9
2161 AB Lisse
Nederland
+31 (0)252 416530 (voice)
+31 (0)252 419481 (fax)
<http://www.sercom.nl/>
Op al onze offertes, op alle opdrachten aan ons en op alle met ons gesloten
overeenkomsten zijn toepasselijk de METAALUNIEVOORWAARDEN, gedeponeerd ter
Griffie van de Rechtbank te Rotterdam, zoals deze luiden volgens de
laatstelijk aldaar neergelegde tekst. De leveringsvoorwaarden worden u op
verzoek toegezonden.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
The same here.
I forgot to mention this in the first message:
# ls -l
-rw------- 1 root root 1309 Jan 23 2006 secring.gpg
-rw-r--r-- 1 root root 0 Jul 10 2006 secring.gpg.bak
The .bak file is the offending file...
This is the date from the rpm, if I interpret the output from below
command correct:
# rpm -qlv aaa_base | grep secring
-rw-r--r-- 1 root root 0 Jul 10 2006
/root/.gnupg/secring.gpg
Met vriendelijke groet / Best regards,
Wilfred van Velzen
>>> "Carlos E. R." <robin.listas(a)telefonica.net> 2008-01-23 11:52:27
>>>
The Wednesday 2008-01-23 at 11:35 +0100, Wilfred van Velzen wrote:
> My existing secring.gpg was overwritten yesterday by zero-sized
file,
> probably when I did an update with yast/you. It took me some time to
> find out why some of my scripts didn't work as expected, so I am a
bit
> p*ssed off... I was very happy with my backup, so I could restore my
> secring.gpg! :)
>
> Is this a bug?
My "/root/.gnupg/secring.gpg" is also zero bytes, but it is dated 2006.
What is the date of the file contained in the rpm, I wonder?
--
SERCOM Regeltechniek b.v.
Heereweg 9
2161 AB Lisse
Nederland
+31 (0)252 416530 (voice)
+31 (0)252 419481 (fax)
<http://www.sercom.nl/>
Op al onze offertes, op alle opdrachten aan ons en op alle met ons gesloten
overeenkomsten zijn toepasselijk de METAALUNIEVOORWAARDEN, gedeponeerd ter
Griffie van de Rechtbank te Rotterdam, zoals deze luiden volgens de
laatstelijk aldaar neergelegde tekst. De leveringsvoorwaarden worden u op
verzoek toegezonden.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
My existing secring.gpg was overwritten yesterday by zero-sized file,
probably when I did an update with yast/you. It took me some time to
find out why some of my scripts didn't work as expected, so I am a bit
p*ssed off... I was very happy with my backup, so I could restore my
secring.gpg! :)
Is this a bug?
server:~/.gnupg # rpm -q -f secring.gpg -i
Name : aaa_base Relocations: (not
relocatable)
Version : 10.3 Vendor: SUSE LINUX
Products GmbH, Nuernberg, Germany
Release : 90.2 Build Date: Thu Nov 8
03:20:41 2007
Install Date: Tue Jan 22 09:01:42 2008 Build Host:
soellner.suse.de
Group : System/Fhs Source RPM:
aaa_base-10.3-90.2.src.rpm
Size : 314450 License: GPL v2 or
later
Signature : DSA/SHA1, Thu Nov 8 03:22:41 2007, Key ID
a84edae89c800aca
Packager : http://bugs.opensuse.org
Summary : SUSE Linux Base Package
Description :
This package installs several important configuration files. Central
scripts like SuSEconfig are also in this package.
Authors:
--------
Werner Fink <werner(a)suse.de>
Rüdiger Oertel <ro(a)suse.de>
Burchard Steinbild
Florian La Roche
Martin Scherbaum
Distribution: openSUSE 10.3 (i586)
Met vriendelijke groet / Best regards,
Wilfred van Velzen
--
SERCOM Regeltechniek b.v.
Heereweg 9
2161 AB Lisse
Nederland
+31 (0)252 416530 (voice)
+31 (0)252 419481 (fax)
<http://www.sercom.nl/>
Op al onze offertes, op alle opdrachten aan ons en op alle met ons gesloten
overeenkomsten zijn toepasselijk de METAALUNIEVOORWAARDEN, gedeponeerd ter
Griffie van de Rechtbank te Rotterdam, zoals deze luiden volgens de
laatstelijk aldaar neergelegde tekst. De leveringsvoorwaarden worden u op
verzoek toegezonden.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
> SUSE Security Announcement
>
> Package: Xorg and XFree
> Announcement ID: SUSE-SA:2008:003
> Date: Thu, 17 Jan 2008 15:00:00 +0000
> Affected Products: SUSE LINUX 10.1
> openSUSE 10.2
> openSUSE 10.3
This update also breaks the graphical user interface of the BOINC software
(seti@home, einstein@home etc.).
Before the update the program worked without errors; now I get the
following message when starting the program:
The program 'boincmgr' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
(Details: serial 586 error_code 11 request_code 146 minor_code 5)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the --sync command line
option to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error()
function.)
Re-compiling of the program did not help. Any ideas how to fix this?
Bye,
Jürgen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Thursday 2008-01-17 at 15:28 +0100, Thomas Biege wrote:
> SUSE Security Announcement
>
> Package: Xorg and XFree
> Announcement ID: SUSE-SA:2008:003
> Date: Thu, 17 Jan 2008 15:00:00 +0000
> Affected Products: SUSE LINUX 10.1
> openSUSE 10.2
> openSUSE 10.3
> 3) Special Instructions and Notes
>
> Please restart your X server. (logout and login)
Please note that this is not enough.
If, for instance, you are using gdm, the gdm instance remains in memory
until the rcxdm is explicitly restarted.
If after the update and doing the specified logout and login you do an
'lsof', searching for inodes detects inodes still not really deleted,
like:
lsof | grep -E 'RPMDELETE|;|path inode='
and I find that a lot of services still active, ie, not "actually" updated:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
gdm 1108 root mem REG 22,70 1170944 /usr/lib/libXcursor.so.1.0.2 (path inode=1562119)
gdm 1108 root mem REG 22,70 1170964 /usr/lib/libXrandr.so.2.1.0 (path inode=1562139)
gdm 1108 root mem REG 22,70 1170958 /usr/lib/libXi.so.6.0.0 (path inode=1562133)
gdm 1108 root mem REG 22,70 1170946 /usr/lib/libXdamage.so.1.1.0 (path inode=1562121)
gdm 1108 root mem REG 22,70 1170942 /usr/lib/libXcomposite.so.1.0.0 (path inode=1562117)
gdm 1108 root mem REG 22,70 1170960 /usr/lib/libXinerama.so.1.0.0 (path inode=1562135)
gdm 1108 root DEL REG 22,70 1171004 /usr/lib/libxcb-render-util.so.0.0.0;479085e8
nmbd 4028 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
nmbd 4028 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
nmbd 4028 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
nmbd 4028 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
sshd 4847 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
sshd 4847 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
sshd 4847 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
sshd 4847 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gdm 5525 root mem REG 22,70 1170944 /usr/lib/libXcursor.so.1.0.2 (path inode=1562119)
gdm 5525 root mem REG 22,70 1170964 /usr/lib/libXrandr.so.2.1.0 (path inode=1562139)
gdm 5525 root mem REG 22,70 1170958 /usr/lib/libXi.so.6.0.0 (path inode=1562133)
gdm 5525 root mem REG 22,70 1170946 /usr/lib/libXdamage.so.1.1.0 (path inode=1562121)
gdm 5525 root mem REG 22,70 1170942 /usr/lib/libXcomposite.so.1.0.0 (path inode=1562117)
gdm 5525 root mem REG 22,70 1170960 /usr/lib/libXinerama.so.1.0.0 (path inode=1562135)
gdm 5525 root DEL REG 22,70 1171004 /usr/lib/libxcb-render-util.so.0.0.0;479085e8
smbd 10675 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
smbd 10675 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
smbd 10675 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
smbd 10675 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
smbd 10676 root mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
smbd 10676 root mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
smbd 10676 root mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
smbd 10676 root mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gnome-vfs 28342 cer mem REG 22,70 1561642 /usr/lib/libk5crypto.so.3.1 (path inode=1561641)
gnome-vfs 28342 cer mem REG 22,70 1561037 /usr/lib/libkrb5.so.3.3 (path inode=1561036)
gnome-vfs 28342 cer mem REG 22,70 1561639 /usr/lib/libgssapi_krb5.so.2.2 (path inode=1561638)
gnome-vfs 28342 cer mem REG 22,70 1561660 /usr/lib/libkrb5support.so.0.1 (path inode=1562082)
Ie, to really activate the last security update, I needed to manually
restart: rcxdm, rcsshd, rcsmbd, and rcnmbd.
Also, gnome-vfs has to be killed, because it is a known bug that Gnome
does not close all the programs started on a session when it exits.
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHkSWhtTMYHG2NR9URAib3AKCJ0Z/cpmpBoAY99JIQnK3KrITMuACcCQyJ
9QdTyNsXG5XXJ7G1oGl+NAM=
=oiha
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
Is the external address of your host "128.9.0.107." If so, there is a host somewhere on the Internet that has this IP address configured as their DNS server. Probably a typo.
Wil
------------
Wilson Mattos
Technology Specialist
wmattos(a)novell.com
949-212-2805
Novell, Inc.
Novell BrainShare 2008
This is Your Open Enterprise
Register at http://www.novell.com/brainshare
>>> "Carlos E. R." <robin.listas(a)telefonica.net> 01/17/08 10:53 AM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
My setup is:
small
adsl---> router ---lan----> PC
with (10.3)
firewall
192.168.1.1 192.168.1.12
I see these repeated messages on my 10.3 system:
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39491 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2525 DPT=53 LEN=42 ]
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39492 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2528 DPT=53 LEN=42 ]
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39493 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ]
Jan 15 14:16:55 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=98 TOS=0x00 PREC=0xC0 TTL=255 ID=39500 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=62240 DF PROTO=UDP SPT=2533 DPT=53 LEN=50 ]
Jan 16 11:19:18 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=20624 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=41759 DF PROTO=UDP SPT=2696 DPT=53 LEN=40 ]
Jan 16 14:07:48 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=1746 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44799 DF PROTO=UDP SPT=2737 DPT=53 LEN=40 ]
Jan 17 11:11:12 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=123 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=3073 DPT=162 LEN=103
Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ]
They started on Nov 4 (the day after I installed 10.3), and there is a
total of 112 entries.
My first idea was that my router (192.168.1.1) was doing a DNS query to my
linux machine (192.168.1.12), which is weird as the router uses a remote
dns server as defined by my ISP. The linux machine does have a local dns
server as cache and server.
But then I noticed this part:
PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107....
The dest part in brackets is always the same, and it is a dns server
(ns1.isi.edu).
I don't know how to decipher this... what is it all about?
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHj6QhtTMYHG2NR9URAvuqAJ9YPDWnU68t2IakpYl/PDFjEtzHqgCdFPe2
SnKxMIxKa3SFvK17/clsKsE=
=4+lG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
Is the source MAC address a host on that network segment or is it the IP address of your router? Describe your network setup in a little more detail and maybe I can help with other ideas to figure this out.
Wil
------------
Wilson Mattos
Technology Specialist
wmattos(a)novell.com
949-212-2805
Novell, Inc.
Novell BrainShare 2008
This is Your Open Enterprise
Register at http://www.novell.com/brainshare
>>> "Carlos E. R." <robin.listas(a)telefonica.net> 01/17/08 12:28 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Thursday 2008-01-17 at 13:01 -0700, Wilson Mattos wrote:
> Is the external address of your host "128.9.0.107."
Certainly not.
My IP is dynamic and never in that range; but that IP is the same in all
the messages, since November.
> If so, there is a host somewhere on the Internet that has this IP
> address configured as their DNS server.
Yes, ns1.isi.edu, I said so.
> Probably a typo.
By whom?
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHj7qAtTMYHG2NR9URAiuLAJ0aIF7vtFNrJyFVKZbEFG3dngw46ACfaufl
Fqcdy49Oobwa+Sm6zrGGkgg=
=vYmz
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
My setup is:
small
adsl---> router ---lan----> PC
with (10.3)
firewall
192.168.1.1 192.168.1.12
I see these repeated messages on my 10.3 system:
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39491 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2525 DPT=53 LEN=42 ]
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39492 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2528 DPT=53 LEN=42 ]
Jan 15 14:16:52 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=90 TOS=0x00 PREC=0xC0 TTL=255 ID=39493 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=61490 DF PROTO=UDP SPT=2529 DPT=53 LEN=42 ]
Jan 15 14:16:55 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=98 TOS=0x00 PREC=0xC0 TTL=255 ID=39500 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=62240 DF PROTO=UDP SPT=2533 DPT=53 LEN=50 ]
Jan 16 11:19:18 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=20624 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=41759 DF PROTO=UDP SPT=2696 DPT=53 LEN=40 ]
Jan 16 14:07:48 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=1746 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44799 DF PROTO=UDP SPT=2737 DPT=53 LEN=40 ]
Jan 17 11:11:12 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=123 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=3073 DPT=162 LEN=103
Jan 17 11:11:33 nimrodel kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:30:da:70:d7:ea:08:00 SRC=192.168.1.1 DST=192.168.1.12 LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=34107 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51874 DF PROTO=UDP SPT=2900 DPT=53 LEN=40 ]
They started on Nov 4 (the day after I installed 10.3), and there is a
total of 112 entries.
My first idea was that my router (192.168.1.1) was doing a DNS query to my
linux machine (192.168.1.12), which is weird as the router uses a remote
dns server as defined by my ISP. The linux machine does have a local dns
server as cache and server.
But then I noticed this part:
PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.1.12 DST=128.9.0.107....
The dest part in brackets is always the same, and it is a dns server
(ns1.isi.edu).
I don't know how to decipher this... what is it all about?
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHj6QhtTMYHG2NR9URAvuqAJ9YPDWnU68t2IakpYl/PDFjEtzHqgCdFPe2
SnKxMIxKa3SFvK17/clsKsE=
=4+lG
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
Hi!
Today I wanted to add some community repositories as installation
sources, more specifically stuff from the OpenSuse Build Service. Yast
complained about an untrusted key, since the public key of the build
service is not included in the distribution (not to be confused with the
build key, which is included).
Of course I could just press the "OK" button, or download the key from
[1], import it and never be bothered again. But that key has no
signatures and is transmitted via http, so I still do not know if I have
the right key. Is there any way of securely retrieving the authentic
public key of the build service without traveling to Nuremberg? How is
the average user supposed to do that?
Happy Holidays
nordi
[1] http://download.opensuse.org/openSUSE-Build-Service.asc
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org