Posts by TheOgre

A few minor corrections:
ln sourceName destDirectory create symbolic link to a file
Should be:

ln -s source destination (the -s switch denotes a symbolic link)
sh the standard Unix shell, bash
Should be:

sh is the standard UNIX shell.
bash is the Bourne Again SHell, standard on most Linux systems. UNIX doesn't come with bash, unless it's installed seperately.

Handy Linux Sys Admin Commands
mount /mnt/floppy mounts the floppy fs
Should be:

mount /mnt/floppy mounts the floppy device (if /mnt/floppy is the mountpoint)
mount /mnt/cdrom mounts the cd-rom fs
Should be:

mount /mnt/cdrom mounts the CD-ROM device (if /mnt/cdrom is the mountpoint)
shutdown -r "now" restarts the machine
Should be:

shutdown -r now (no quotes)
or even reboot on some systems

update db update file database used by locate command
Can also be:
updatedb or /usr/libexec/locate.updatedb

You can get a LinkSys (or DLink, Netgear, etc.) VPN Server/router for both ends, which will create the VPN tunnel. Once connected, you can share files/print as if all 4 machines were on the same LAN.

Setup a VPN tunnel to connect the two locations, which will provide access to network resources on both ends. There's all kinds of commercial boxes you can get for that, or you could do it yourself if you know Linux/UNIX.

It took me awhile to figure the DNS part out, but once that was handled, the rest was a piece of cake.

Let me know if you need help with the firewall & nat rules - I can send you a copy of mine so you can see how it's done (if you want.)

If you need/want help with anything else, I'll be here...

When you configure sudo, you can specify which commands they can run so that won't happen.

I'll explain my setup, which will give you an idea of how it works.

I have qmail as my mail server and Apache serving files. All boxes sit behind a FreeBSD firewall that handles NAT, routing, and all the filtering.

For DNS, I signed up for a free account with Afraid.org, which handles DNS and stores the MX record for the domain. Your ISP won't do any of this for you (I don't know about BT, but don't count on it.)

I run Apache on port 80, but I have my firewall listen for http requests on port 6900 and then route them internally to port 80 (my ISP blocks port 80.) I have this setup at Afraid.org so I don't have to worry about it.

For mail, I have 25 and 110 open on the firewall, which routes them to my mail server, which runs Vexira A/V.

I also have FTP, VNC, and game servers running behind the firewall that are all routed by the firewall, and haven't had a problem yet with people connecting to them using the FQDN.

Let me know if you want some help getting everything setup.

I can't find the disk, but I modeled it after Bart's. You can find it here.

You've been infected with the Blaster worm, which spawns random filename processes if one of them gets killed.

Do a search on Google for a Blaster removal tool, such as from Symantec, Sophos, etc., then PATCH YOUR BOX using Windows Update - specifically, the DCOM update.

You can also add entries to the Registry in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Although it's better to create a shortcut in the Startup group for the program you want to start with Windows (like crunchie stated) than copying the actual executable.

To prevent applications from starting up, check the Registry and the Startup group. Quicktime starts from HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Check the power saving properties for the NIC, and make sure it's not shutting off the device to save power.

What's your pingtime without the Netgear router in place? Are you using the uPnP forwarding or actual port forwarding on the router?

It depends on the switch - some models don't require them, others do. If you don't want to spend the money on switches, since you already have 2 hubs, just connect the hubs together with a crossover cable. There should be ports marked on the hubs to indicate where the uplink ports are located. The user manual should also tell you which ones they are, and how to connect them.

How about some more details?

1.) What game?
2.) What Operating System?
3.) What protocol?
4.) Are you using the same CD-Key for each computer for that game?
5.) Can you paste the error, word for word (or even a screenshot?)

Do you have 128-bit encryption installed for IE? I don't remember the version number for IE for that offhand...

You'd have to configure your XP box as a router to do that, and I'm not entirely sure it has that capability. Would it be possible to use your Linux box as your firewall/router/gateway? You could use iptables to handle the routing and the firewall rules, including NAT, which might be your better option.

The hosts file has it's origins in UNIX. Basically, if you don't have a local DNS server on your network and want to be able to access/ping/etc. other machines by hostname instead of using their IP, you can edit your hosts file and manually add the entries, so name resolution works without a DNS server.

Example hosts file:

# This is my example hosts file.
# I only have 3 machines on my tiny home network..
192.168.0.5 Machine1_hostname
192.168.0.10 Machine2_hostname
192.168.0.15 Machine3_hostname

So now if you ping Machine2 from Machine1, name resolution will appear to take place.

You can also use the hosts file to block certain websites by making them resolve to localhost, which is useful for blocking ad sites (doubleclick, etc.):

127.0.0.1 ads1.doubleclick.net
127.0.0.1 doubleclick.net

and so on. Keep in mind that this is a very simplistic example. Try doing a search on Google for more in-depth examples/tutorials.

Somewhere I have a network boot disk that you can use to logon to a domain/workgroup with under DOS. Lemme poke around and see if I can find it...

What O/S on each machine?

What ISP are you signed on with? I use OptOnline and have the same setup you're looking to do (MX, httpd, etc.)

Which version of KDE are you using? (I don't use RedHat, so I don't know which versions it ships with.)

I cant copy the log over to my floppy or my windows partition, it appears I don't have the priveleges to copy it over to eaather thanks for the help

You can't copy a file to your floppy as root? Check /etc/fstab and look for:

/dev/fd0 /floppy vfat rw,users,noauto

If you don't have an entry in your /etc/fstab for mounting the floppy, you'll have to manually add one. Same thing for you Windows partition, which could look something like this:

/dev/hda0 /c-drive vfat rw,users,noauto 0 0

Make sure you change the mountpoint to your actual mountpoint (directory) or create one using:

root@host# mkdir /c-drive

So the question is: how do I kill the audio as a non-root user?
Thanks.

Did you set the proper permissions as the other post explained? Have you tried doing chattr on the audio device (making it executable by everyone)?

You could also install and configure sudo so every user in group wheel can run commands without a password using sudo command (just make sure the users actually belong to group wheel.)

I've never came across this issue, so I don't have a working fix for it (I also don't use RedHat/Fedora) so I don't know all the specifics regarding this, but maybe one of these suggestions helps...

OK, first of all, you have to have a directory you want to protect already created within C:\www\webroot. For example, C:\www\webroot\sample\

Then, in httpd.conf, you need to add the example I pasted earlier, but modify it so the path is correct for your environment, like this:

<Directory C:\www\webroot\sample>
AuthType Basic
AuthName "Members Only"
AuthUserFile C:\www\passwords
Require valid-user
</Directory>

After you've modified your httpd.conf file and created the directory, you need to add a user and set a password for that user with the htpasswd command (see my previous post.)

Then, create/copy the .htaccess file in C:\www\webroot and restart Apache so it reads the config file (httpd.conf) and implements the changes.

If you don't have an index.html file already in that directory (\sample\) and you just want Apache to list the files available in that directory, comment out the following line in httpd.conf:

#LoadModule autoindex_module modules/mod_autoindex.so

so it reads:

LoadModule autoindex_module modules/mod_autoindex.so

and restart Apache.

I've found it's a LOT easier to use the htpasswd command to create a userid and password than it is to use .htaccess in the directory you want to protect.

You also need to have this uncommented in httpd.conf:

# AccessFileName .htaccess
#
# <Files ~ "^\.htaccess$">
# order allow,
#
# </Files>

so it reads:

…

I tryed it d:/www/.htpasswd and d:\www\.htpasswd None of them seem to work.! Yes the password file is in the riht dir.

If you're trying to limit access on a particular directory within your /www/ directory, you have to first create a user account and password using the htpasswd utility using the -a switch and then specify which file the password will be stored in, then reference that file within httpd.conf

Example:

<Directory /usr/local/www/mydomain.com/secure>
AuthType Basic
AuthName "Members Only"
AuthUserFile /usr/local/www/passwords
Require valid-user
</Directory>

The syntax for htpasswd is as follows:

user@host$ htpasswd
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.

Then, in the directories you want protected, place .htaccess in that directory with the following contents:

Options Indexes FollowSymLinks Includes
 AddType text/html .html
 AddHandler server-parsed .html

FreeBSD is UNIX :)

Not too bad, but here's some you left out:

http://www.sans.org/ (Computer Security Education and Information Security Training)
http://www.gocsi.com/ (Computer Security Institute)
http://www.cert.org/ (CERT Coordination Center)
http://ciac.llnl.gov/ciac/index.html (U.S. DOE-CIAC)
http://www.isecom.org/ (The Institute for Security and Open Methodologies)
http://packetstorm.linuxsecurity.com/ (PacketStorm)
http://www.immunix.com (Immunix Host Intrusion Prevention)
http://www.dshield.org/ (DShield - Distributed Intrusion Detection System)
http://www.cotse.com/ (Church of the Swimming Elephant)

...I had most of the others already...

As I stated before, this forum isn't for arguments or settling personal disputes. This forum is for helping people by answering their questions.

The average user here isn't a Security specialist, so in their environment, a firewall and some flavor of virus protection would be needed, unless you're going to volunteer your services to implement your recommendations in their infrastructure.

The original topic of this thread was regarding Knoppix - NOT Security. I suggest we get back on track, or close the discussion. Feel free to discuss your recommendations for security-related issues in either a new thread or a different area of the forum.

From what I was able to find, that error is the result of your CPU being overloaded with I/O requests from your soundcard. Try disabling full-duplex operation in the control panel (uncheck the box) and see if that fixes it.

Kewl :) Although I don't know RedHat all that well, I'll do what I can if you have any problems...

I stopped getting certs after A+ for awhile. The only reason I went for the A+ test is because my employer at the time paid for it. I was about 2 days out from taking all 6 MCSE tests when I cancelled it, for reasons that are too lengthy to post here.

The only Microsoft cert I have is an OEM cert, the MCPS (Microsoft Certified Preinstallation Specialist) which I got years ago when working for a small (now extinct) mom and pop chain (Apex Computers.)

Recently (about a month ago) I registered for both the Linux+ and the LPI Level I and II certs (LPI = Linux Professional Institute, http://www.lpi.org) just to see if I know enough about Linux (*cough*) to get them :)

Aside from that, I don't plan on going for any more certs for awhile yet. Not because I don't want them, but because I'm too busy to study/refresh for them. I probably *should* get more, like some of the other CompTIA ones (for starters) and some security-related certs, but I'm not one to look at how many letters follow someone's name.

I was going for a B.S. in "Telecommunications Management" at DeVry, but the travel involved, along with some other factors, made me rethink my educational goals. I'll be attending a local community college this Fall to get an A.S. degree in networking (well, I'll be paying a lot of money for the piece of paper...) just to use …

NewsBinPro also has the ability to filter file extensions, so you're less likely to receive an infected file (if you actualy configure the filters) like something.jpg.pif

They have a free version you can grab from their site (the 2.x, at the bottom of the Downloads page) if you don't want the newest.

I've been using it for years, and I'ev never had a problem with it. I've tried Kazzaa, Kazzaa Lite, WinMX, morpheus, and a ton of others, and I still say that newsgroups are the way to go. They also aren't as heavily monitored by the RIAA and MPAA as the P2P newtorks are, and the downloads are immediate (as in, no waiting for 4 hours for a 3 MB file.)

.. just my preference, tho ...

No problem. How'd you make out with it?

With OpenOffice.org you have compatability across platforms, something you don't have with KDEOffice. If you're not going to be sharing documents with anyone, KDEOffice is fine, but there's a lot of functionality that OpenOffice.org has that KDEOffice is still missing. Also, OOo actually has support (mostly fee-based) that KO doesn't have, except for forums and newsgroups. That isn't really an issue for the home user, but corporations might find that handy. Since you didn't specify which target market you are inquiring about, I'm giving overall info here for both :)

Also keep in mind that there are more developers working on OOo at any given time, which usually means more features, faster revision releases, less bugs (on average) and better documentation.

"Which is better?" is a broad topic. "Which is better at handling MS Word docs?" would give a better indication about what features you are trying to compare.

What specifically were you trying to compare between the two?

That is correct. Finger won't return the hostname.

Also, if you're attempting to get the hostname of a remote box, that could be considered an attempt to compromise the system (even if you aren't trying to actually DO that) and the new laws carry a penalty of life imprisonment for doing that.

There's also other ways to do what you're trying to do. The easiest is to have that person send you an e-mail, which will contain the originating hostname in the header of the message.

What exactly are you trying to do?

Ahh, alrighty then :)

WindowsXP HOME has NO support for logging into a network, whereas WindowsXP Pro DOES. This is not to say that XP home can't get on the Internet or transfer files across the LAN, but some major things were left out of the Home version (as far as it's networking capabilities go.) I can't say for sure if this is what's causing the problem you're experiencing, but I'd be willing to bet that if you had XP Pro on Machine A, you wouldn't be receiving those errors.

I just thought of a long way around this that might work for you. I've never tested this specific solution, as I don't have any XP boxes (all mine are either FreeBSD or Linux, with one Win2k box for my games :)

OK, here goes:

On Machine A, share out a test directory.
On Machine B, map a drive to the test share on Machine A, then share that drive and see if you can see the contents from your Linux system. I have NO IDEA whether this will work or not, but it's worth a try...

OK, do me a flavor and describe your setup to me. I'm old, ya know :)

Seriously, please describe your network setup. I understand you are running Linux in a virtual machine using MS VirtualPC, but what's the other system? Windows? Linux?

You can't see the system itself, or the shared directories (if any)? If that system is running Linux, do you have Samba installed and configured on that machine? If you're using Windows, do you have File & Print Sharing enabled (BAD!)?

Please give me some more information so I can better understand your problem.

when you sya windows messagine do you mean AIM?

No, I mean the Windows SERVICE called "messenger."

Start | Settings | Control Panel | Administrative Tools | Services

Find and disable the service called "messenger."

(AIM = AOL Instant Messenger)

oil -> money

If you find a good company to get your logo done, do me a favor and let me know - I'm looking for a new design myself :)

Which NIC is installed under MS VirtualPC? Does it have access to the Internet? Is it a shared connection with your system's actual NIC?

The stdout from your ifconfig shows that packets are being sent AND received, with no errors, which makes me think it has to do with MS VirtualPC, rather than your Linux installation. Since I've never used MS VirtualPC, I have no idea how it works, and therefor can't answer your question with the given information. Is it possible to do another Linux install using VMWare on that same machine?

You might also want to disable the Windows Messeging service (*NOT* Windows Messenger) since a lot of spammers now utilize the smb service to run ads.

Also check the registry to see what programs/services/apps are being started at boot time (which can be done via Spybot and Ad-Aware, if you choose to use them.)

I never understood why you'd run a web site from home. The electricity, hardware, and software you spend (if you go with non-open source) costs more per month than a web host where you'd only pay $5.00 a month. I guess I can see why someone would want to do it, if you have special needs (something hosts don't provide) but if it's a basic site, I don't think it's worth it.

My two cents.

I run one of my sites from home as a way to demonstrate to my clients some of the services I offer (some of them are interested in hosting their own sites, rather than paying for webhosting, among other projects that utilize a web server.) Out of the 9 machines on my network that are on 24/7, the CPU power to run httpd isn't costing anything extra, not to mention I use httpd for other projects I'm working on, so to make it available to the outside is worth it to me in the long run. The extra bandwidth usage for the hits aren't anything worth noticing, mainly because I don't advertise the site.

As far as others are concerned, maybe they want to do it for fun, or to see how it works (the hacker idiology at work :), or for other personal reasons. A few of my associates started hosting their own sites for fun, and have since started their own hosting companies they run out of their house (on T-lines, not …

No problem. I'm glad you finally got it working :) If you're going to be creating a lot of test .cgi files, it might be a good idea to actually create them on your Linux box, as opposed to transferring them later. It prevents a bunch of problems, and besides, it makes you practice you vi/emacs/pico skills while doing it :)

NP :)

I'll be here if you have any more questions...

Apache installs itself as a service IF YOU SPECIFY THAT OPTION during the install. It doesn't affect your Internet connection settings at all, nor does it modify your browser's start page.

You might want to check your system for mal/ad/spyware, or at the very least see what services are starting at boot time (registry, Startup group, etc.)

In reading the initial post again, I never did actually answer the question :P

OK, if you want to host your own website, you only need a machine with a webserver. Depending on your hardware, you could either use some flavor of Microsoft Windows as the platform, with a webserver (apache, tinyhttp, etc.) or some flavor of either UNIX or Linux, and Apache (or another http server.)

My personal preference is Apache on FreeBSD, which runs my personal site (both mail and web.) The machines are identical HP Vectra PII 350's with 128 MB of SD133 RAM, running FreeBSD.

Sure TheOgre, would love a lesson :)

Lesson: IP Routing 101

Given:

- A webserver (listening on port 80) with an internal IP address of 192.168.0.5
- A mail server (using POP3 and SMTP) with an internal IP of 192.168.0.10
- A firewall/router (in this example, running IPFW and NATd on FreeBSD)
- An Internet connection using Optimum Online
- A properly registered domain (with a MX record) pointing to a dynamic IP
- A DNS redirector for the domain. In this example, our webserver is listening on port 6900, and the DNS redirector has been configured for this already.

Configuring IP routing for mail and web using IPFW on FreeBSD:

Edit your firewall config file and add a rule that allows all incoming traffic on TCP port 80 to be redirected to the internal IP of the webserver (192.168.0.5):

# fxp0 = outside (WAN) interface
add [rule #] allow log tcp from any to 192.168.0.5 6900 via fxp0

Then create a firewall rule allowing anything incoming on TCP ports 25 and 110 to be redirected to the internal IP of the mail server:

add [rule #] allow log tcp from any to 192.168.0.10 25 via fxp0
add [rule #] allow log tcp from any to 192.168.0.10 110 via fxp0

Save the changes and close the file.

Now we edit the natd …

Let me have a look at my Apache Cookbook to see if it has anything in there regarding this issue. I completely forgot I had it, or I would've checked it before :P

Did you edit httpd.conf as root? (I know, stupid question, but I just have to ask :)

I use NewsBinPro (http://www.newsbinpro.com) to download binaries from newsgroups. It's a LOT faster than P2P apps, and you can specify which newsgroups you want to target for downloads. It also lets you grab specific files, so you don't have to waste hard drive space on useless files.

Here's Symantec's info (including cleaning instructions) on SubSeven:

http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html

The reason I believe it's SebSeven (Sub7) is because of the directory/file you posted earlier:

C:\unzipped\sub7legends\sub7legends\subseven.exe

Normally, that's the default server filename (the file that infects the target PC) before being renamed when you create the server.

Just out of pure curiosity, is there a chance that you ran that file before and possibly infected yourself with it?