For starters, make sure the firmware on the routers is updated to the latest version if you experience dropouts. I had major dropout problems until I updated the Dlink access point I had. Also a signal level of -65db isn't bad at all if your noise level is around -100db. Right now I'm running at -72db with a noise level of -99db, but I've been all the way down to around -90db and have it remain useable. I'm shooting about 2 blocks over with line of sight.
If the request came from the inside, similar to a P2P push request, clients outside can easily connect to the server. As long as the connection initiates from inside the firewall to connect to the player, NAT does you no good and anyone on the internet can connect to your server.
Probably no such chance. They also use Region coding for price fixing so the movies sold cheaper in other nations won't be able to cross the region borders.
I came up with a great idea to do this exact thing at work where the employees needed a way to securly transfer files using only a webbrowser. Even the computer illiterate ones figured it out. I used a combination of apache ssl and this php script: http://www.qto.com/fm/index.htm
I changed the php script around slightly to allow the filenames to be links so you can simply click on the file and download it.
I think you might want to checkout the reccomended resolution for the monitor. If the fonts look screwy, then it's just that the video card is running the monitor at a different resolution than the monitor runs natively. Switch the videocard's resolution to match the monitor's resolution.
Slashdot runs on mod_perl, many many sites run on PHP.. yahoo for example... Quite time and load tested, known to work very well. There are quite a few free (and very stable) e-commerce packages avaliable for these two dynamic page generators, including minivend (search freshmeat.net).
I never quite understood why people always felt when they pay big $$$ to buy a product from a company, they expect it to be better than something they got for free. Another example of that is W2k vs FreeBSD, *ahem* no contest performance-wise or stability-wise.
Doh, one of my Linux boxes is up there in the Bay Area and it has an uptime of 123 days. It would have been up to 400+ days if it wasn't for those last 2 power outages and that RH6.0->6.2 upgrade:(
I always say, a properly secured linux installation will be much more secure than a half secured openbsd install. It only takes me about 5 minutes to completely secure a box, it would be worth your time to learn how to do it because it saves much time in cleaning up after a system compromise. It's so easy, that I'm going to list out all the steps that I use to secure a redhat 6.2 machine
1. nmap 127.0.0.1
2./usr/sbin/ntsysv (turn off all un-needed services that show in the nmap scan)
3. shut down those services, ala/etc/rc.d/init.d/(service) stop
4. vi/etc/inetd.conf (remove un-needed services)
5. restart inetd,/etc/rc.d/init.d/inet restart
6. nmap 127.0.0.1 (make sure the services are shut down)
7. install all security updates from a updates.redhat.com mirror, my favorite is ftp://ftp.freesoftware.com/pub/linux/redhat/update s/
Redhat 7.0 is very similar to 6.2, except you do not need to edit/etc/inetd.conf because it does not exist, and you can use ntsysv to remove services from the new xinetd used in 7.0.
an even better solution for #7 is to use an auto update script or program. Personally I feel that most of the ones out there for the redhat distributions aren't so great, so I decided to write my own script to do it myself. Run it fron cron once a day, and forget about manual updates. I just wrote a web page for my script, and you can see it here http://www.bol.ucla.edu/~drewm/superupd/
A script that would combine all the names of the people in the nests and spit them out in flat groups would be perfect. I'd just create a script to read from your nested group file "/etc/mygroups" and spit the new groups into the regular ol "/etc/group".
You know... I got the same exact problem running on RH7, hopefully someone can figure this one out. I was thinking it was the run script, but it seems to be the actual soffice.bin binary that spits out this error msg. Any ideas guys?
Any e-mail client should work fine with an exchange server, as long as it is running pop3. At work we have exchange servers and I use Netscape Mail and it works just fine. If you are on one of those lame NT domains.. the pop username will be slightly different... and it will follow this order: Domain/Username/firstname_lastname so mine would be somethin like: group1/drew/drew_m.....
WinCE... don't remind me, I have 2 of em, a Philips Nino 510 and a HP 620lx. I've completely locked up the Nino 510 once, which isn't too bad, but don't even get me started on the 620lx. First off, it has it's own "reset" button, and you can probably guess what that is used for. That machine frequently takes trips to the crapper, locking up, not initializing the ethernet card, and whole bunches of other things. My favorite thing that it does, is when you turn it off and on around 3 times with the ethernet card in, the card will stop working completely, no lights on the ethernet hub. And the only way to get it back, is to yank the battery while it's alive (not a smart idea) or use the nifty handy reset button. The only reason I still have these two things is because I got them both for free, one from work, and one from a contest. Okay, my grunting for the day is compete.
-Drew (unhappy CE owner who can't wait to put Linux on his Nino 510)
Hmm, you must have been one of those lucky guys that didn't have a SB Live.... If you had the shipping SB Live drivers in and after the SP4 install the machine would not even boot, just one nice little blue screen. Good thing it wasn't my machine.... no MS on this box, never.... We had to format the Fsckin drive clean by removing it and taking it to another machine because the NT installer would barf out when trying to see his partitions above 8 Gig....
Would you guys be able to tell me a little more about your setup? I've also tried to Socksify Netmeeting, but with horrible results. I've tried Sockscap32 v 1.x and 2.x beta with Netmeeting 3.01. Socks5 server release 1.0r9 running on a Linux box. I"m thinking Netmeeting 3.x is the problem, and I may decide to downgrade to 2.x soon. Jeez, downgrading MS software because it's broken.... how many times have I done that...... way too many..... It seems that TCP would get socksified while UDP wouldn't. The UDP would attempt to traverse the firewall via NAT, and I was unable to recieve video or audio. And sometimes Netmeeting would just crash and dissapear all by itself, but I see that as normal anyways:P And who was the brainiac that thought of using multiple dynamic port assignments? Why couldn't they just stick to one nice little fixed port so we could easily run this thing over NAT? It would have made life much easier for firewall admins.... Besides, there is no way in hell I"m opening up my firewall from TCP port 1024 to 65xxx just because Microsoft says so in their Netmeeting-Firewall HOWTO.
Drew
-- MS software makes the world go round, and machines crash into the ground
Try out Lame, you might really like it. I use to be a hard core bladeenc user, but I encoded mp3's side by side and listened to them using bladeenc and lame, and found that lame was more than twice a fast, and didn't have some high frequency distortion that I could hear in blade.
Try them both for yourself, you will hear the difference.... Lame works better for me
I've had a similar problem with a computer running a 2.2.9 kernel. While doing a redhat 6.0 installation over ftp on a 10bT network, the server all of a sudden decided to slow down to the point that it was almost not responding. I couldn't even telnet into it. If you pinged it, the response time would be in the >2000 ms range. It has a 3com 3c905 card in it, while the receiving computer had a 3com 3c905B.
Ifconfiging the server up and down didn't seem to do anything, but as soon as I removed and inserted the ethernet card's module, it started working happily again. I still to this day have not figured the problem out, but I know for a fact, that when that machine was running 2.0.36, it never had a problem like that. It seems to me to be a kernel issue, but I have not been able to reproduce it again.
I have seen about 3 other people post comments to slashdot having the same problem. Hopefully this can get fixed quickly.
I'm currently running 2.2.10 with the latest development 3c59x driver without any problems.
Hmm, about the tcpdump and iptraf, they both are probably putting the card in promiscious mode, you can set this mode manually by typing as root /sbin/ifconfig eth0 promisc this may give you a temporary fix.
Re:get an education about NT before talking...
on
BO2K cracked
·
· Score: 1
There is still the eeye hard info. IIS would not be able to grant a "system" command prompt to a script kiddie without itself running as a "system" level service, or am I wrong? Either way, IIS has the ability to overflow into memory areas that have system level access on a machine, therefore granting a script kiddie a "system" shell on an NT box. You forgot to give me an explanation as to how this is possible.... I would sure love to know. Educate me.
And for your info, I can lock down any box and build firewalls with the best of them.
Re:get an education about NT before talking...
on
BO2K cracked
·
· Score: 1
In many respects, NT's security architecture (ACLs on everything, non-root daemons, no setUID, etc.) is STRONGER than Linux. If you are truly correct about the "non-root daemons" then the >3000 character IIS buffer overflow that eeye found would not be possible. IIS runs with system level access, which is "root" on an NT box. That is how someone can obtain a "system level" command shell by using this expliot. I think someone else needs to "get an education about NT before talking..." But what would I know anyway, I'm just a stupid 20 year old college kid with a linux box and an internship at a huge corporation doing sysadmin work.
Re:BO2K is not a big deal
on
BO2K cracked
·
· Score: 1
And as several other people have pointed out already, one could make a similar program for a UNIX box. It's already been done, I got a few of them running on my system right now. In the computing world they are known by these names:
in.telnetd sshd
A cracker could very easily set up a telnet server, or a ssh server on a machine he just cracked, but the machine would probably be running one already:P
Slashdot Mirror
/sbin/iwconfig
Beats me how you do it on windows.
For starters, make sure the firmware on the routers is updated to the latest version if you experience dropouts. I had major dropout problems until I updated the Dlink access point I had. Also a signal level of -65db isn't bad at all if your noise level is around -100db. Right now I'm running at -72db with a noise level of -99db, but I've been all the way down to around -90db and have it remain useable. I'm shooting about 2 blocks over with line of sight.
If the request came from the inside, similar to a P2P push request, clients outside can easily connect to the server. As long as the connection initiates from inside the firewall to connect to the player, NAT does you no good and anyone on the internet can connect to your server.
I can't think of any vulnerability that was widely exploited before Microsoft issued a patch for it.
Remember Winnuke?
Probably no such chance. They also use Region coding for price fixing so the movies sold cheaper in other nations won't be able to cross the region borders.
Who ever said there wasn't an aim sniffer? 10 seconds on freshmeat was all it took
http://www.aimsniff.com/
I came up with a great idea to do this exact thing at work where the employees needed a way to securly transfer files using only a webbrowser. Even the computer illiterate ones figured it out.
I used a combination of apache ssl and this php script: http://www.qto.com/fm/index.htm
I changed the php script around slightly to allow the filenames to be links so you can simply click on the file and download it.
Also don't leave out xine, the d5d plugin does menus extremely well, which is all packaged together nicely for a redhat system at freshrpms
/sbin/hdparm -d1 -c3 /dev/hd[abcdefgh] is generally safe for most IDE chipsets and could very easily double or triple your transfer rate.
I get about 35MB/s copying between my IDE IBM 60G drives
As long as secure shell is setup (usually the default setting works fine), just ssh into the machine you'd like the app to run on:
ssh username@yourmachine.yours.com
then after the password just run an X app just like you would locally:
xeyes
trust me, it's too easy. Completely secure also (X is transmitted back over the encrypted channel).
I think you might want to checkout the reccomended resolution for the monitor. If the fonts look screwy, then it's just that the video card is running the monitor at a different resolution than the monitor runs natively. Switch the videocard's resolution to match the monitor's resolution.
Slashdot runs on mod_perl, many many sites run on PHP.. yahoo for example... Quite time and load tested, known to work very well. There are quite a few free (and very stable) e-commerce packages avaliable for these two dynamic page generators, including minivend (search freshmeat.net).
I never quite understood why people always felt when they pay big $$$ to buy a product from a company, they expect it to be better than something they got for free. Another example of that is W2k vs FreeBSD, *ahem* no contest performance-wise or stability-wise.
Doh, one of my Linux boxes is up there in the Bay Area and it has an uptime of 123 days. It would have been up to 400+ days if it wasn't for those last 2 power outages and that RH6.0->6.2 upgrade :(
I always say, a properly secured linux installation will be much more secure than a half secured openbsd install. It only takes me about 5 minutes to completely secure a box, it would be worth your time to learn how to do it because it saves much time in cleaning up after a system compromise. It's so easy, that I'm going to list out all the steps that I use to secure a redhat 6.2 machine
/usr/sbin/ntsysv (turn off all un-needed services that show in the nmap scan)
/etc/rc.d/init.d/(service) stop
/etc/inetd.conf (remove un-needed services)
/etc/rc.d/init.d/inet restart
e s/
/etc/inetd.conf because it does not exist, and you can use ntsysv to remove services from the new xinetd used in 7.0.
1. nmap 127.0.0.1
2.
3. shut down those services, ala
4. vi
5. restart inetd,
6. nmap 127.0.0.1 (make sure the services are shut down)
7. install all security updates from a updates.redhat.com mirror, my favorite is ftp://ftp.freesoftware.com/pub/linux/redhat/updat
Redhat 7.0 is very similar to 6.2, except you do not need to edit
an even better solution for #7 is to use an auto update script or program. Personally I feel that most of the ones out there for the redhat distributions aren't so great, so I decided to write my own script to do it myself. Run it fron cron once a day, and forget about manual updates. I just wrote a web page for my script, and you can see it here http://www.bol.ucla.edu/~drewm/superupd/
A script that would combine all the names of the people in the nests and spit them out in flat groups would be perfect. I'd just create a script to read from your nested group file "/etc/mygroups" and spit the new groups into the regular ol "/etc/group".
You know... I got the same exact problem running on RH7, hopefully someone can figure this one out. I was thinking it was the run script, but it seems to be the actual soffice.bin binary that spits out this error msg. Any ideas guys?
Any e-mail client should work fine with an exchange server, as long as it is running pop3. At work we have exchange servers and I use Netscape Mail and it works just fine. If you are on one of those lame NT domains.. the pop username will be slightly different... and it will follow this order:
Domain/Username/firstname_lastname
so mine would be somethin like:
group1/drew/drew_m.....
WinCE... don't remind me, I have 2 of em, a Philips Nino 510 and a HP 620lx. I've completely locked up the Nino 510 once, which isn't too bad, but don't even get me started on the 620lx. First off, it has it's own "reset" button, and you can probably guess what that is used for. That machine frequently takes trips to the crapper, locking up, not initializing the ethernet card, and whole bunches of other things.
My favorite thing that it does, is when you turn it off and on around 3 times with the ethernet card in, the card will stop working completely, no lights on the ethernet hub. And the only way to get it back, is to yank the battery while it's alive (not a smart idea) or use the nifty handy reset button.
The only reason I still have these two things is because I got them both for free, one from work, and one from a contest.
Okay, my grunting for the day is compete.
-Drew (unhappy CE owner who can't wait to put Linux on his Nino 510)
Hmm, you must have been one of those lucky guys that didn't have a SB Live.... If you had the shipping SB Live drivers in and after the SP4 install the machine would not even boot, just one nice little blue screen. Good thing it wasn't my machine.... no MS on this box, never.... We had to format the Fsckin drive clean by removing it and taking it to another machine because the NT installer would barf out when trying to see his partitions above 8 Gig....
Would you guys be able to tell me a little more about your setup? I've also tried to Socksify Netmeeting, but with horrible results. I've tried Sockscap32 v 1.x and 2.x beta with Netmeeting 3.01. Socks5 server release 1.0r9 running on a Linux box. I"m thinking Netmeeting 3.x is the problem, and I may decide to downgrade to 2.x soon. Jeez, downgrading MS software because it's broken.... how many times have I done that...... way too many..... :P
It seems that TCP would get socksified while UDP wouldn't. The UDP would attempt to traverse the firewall via NAT, and I was unable to recieve video or audio. And sometimes Netmeeting would just crash and dissapear all by itself, but I see that as normal anyways
And who was the brainiac that thought of using multiple dynamic port assignments? Why couldn't they just stick to one nice little fixed port so we could easily run this thing over NAT? It would have made life much easier for firewall admins.... Besides, there is no way in hell I"m opening up my firewall from TCP port 1024 to 65xxx just because Microsoft says so in their Netmeeting-Firewall HOWTO.
Drew
--
MS software makes the world go round, and machines crash into the ground
Try out Lame, you might really like it. I use to be a hard core bladeenc user, but I encoded mp3's side by side and listened to them using bladeenc and lame, and found that lame was more than twice a fast, and didn't have some high frequency distortion that I could hear in blade.
Try them both for yourself, you will hear the difference.... Lame works better for me
I've had a similar problem with a computer running a 2.2.9 kernel. While doing a redhat 6.0 installation over ftp on a 10bT network, the server all of a sudden decided to slow down to the point that it was almost not responding. I couldn't even telnet into it. If you pinged it, the response time would be in the >2000 ms range. It has a 3com 3c905 card in it, while the receiving computer had a 3com 3c905B.
Ifconfiging the server up and down didn't seem to do anything, but as soon as I removed and inserted the ethernet card's module, it started working happily again. I still to this day have not figured the problem out, but I know for a fact, that when that machine was running 2.0.36, it never had a problem like that. It seems to me to be a kernel issue, but I have not been able to reproduce it again.
I have seen about 3 other people post comments to slashdot having the same problem. Hopefully this can get fixed quickly.
I'm currently running 2.2.10 with the latest development 3c59x driver without any problems.
Hmm, about the tcpdump and iptraf, they both are probably putting the card in promiscious mode, you can set this mode manually by typing as root
/sbin/ifconfig eth0 promisc
this may give you a temporary fix.
There is still the eeye hard info. IIS would not be able to grant a "system" command prompt to a script kiddie without itself running as a "system" level service, or am I wrong? Either way, IIS has the ability to overflow into memory areas that have system level access on a machine, therefore granting a script kiddie a "system" shell on an NT box. You forgot to give me an explanation as to how this is possible.... I would sure love to know. Educate me.
And for your info, I can lock down any box and build firewalls with the best of them.
In many respects, NT's security architecture (ACLs on everything, non-root daemons, no setUID, etc.) is STRONGER than Linux.
If you are truly correct about the "non-root daemons" then the >3000 character IIS buffer overflow that eeye found would not be possible. IIS runs with system level access, which is "root" on an NT box. That is how someone can obtain a "system level" command shell by using this expliot. I think someone else needs to "get an education about NT before talking..."
But what would I know anyway, I'm just a stupid 20 year old college kid with a linux box and an internship at a huge corporation doing sysadmin work.
And as several other people have pointed out already, one could make a similar program for a UNIX box.
:P
It's already been done, I got a few of them running on my system right now. In the computing world they are known by these names:
in.telnetd
sshd
A cracker could very easily set up a telnet server, or a ssh server on a machine he just cracked, but the machine would probably be running one already