From pmui at usenix.org Tue Sep 2 16:29:32 2003 From: pmui at usenix.org (Peter Mui) Date: Tue, 2 Sep 2003 16:29:32 -0700 Subject: Register now for LISA, Oct. 26-31, San Diego Message-ID: <4E54684E-DD9D-11D7-B421-003065776E16@usenix.org> Invitation to attend: The 17th Annual Large Installation System Administration Conference (LISA). LISA returns to San Diego for October 26-31, 2003. As always, the breadth and quality of this year?s tutorials, refereed papers, invited talks, and participants is excellent. WHAT: Usenix's 17th Large Installation System Administration Conference (LISA) WHEN: October 26-31, 2003 WHERE: San Diego, CA, Town & Country Resort Hotel WHO: System Administrators, Network Administrators, CIOs, CTOs, Researchers, Tool Providers, Support and Help Desk personnel, etc. WHY: To get to and stay on the cutting edge of computer system administration HOW: http://www.usenix.org/events/lisa03/ TUTORIALS: experts such as Marcus Ranum, Trent Hein, Ned McClain, Gerald Carter, David Skoll, Mike DeGraw Bertsch and David Rhoades will give you the information, techniques, tools, and strategies you need to practice effective system administration today and tomorrow. PAPERS and INVITED TALKS: luminaries such as Gene Kim, kc claffy, Remy Evard and Moshe Bar will present cutting-edge issues in topics such as: o computer security without loss of services o Linux clustering for the enterprise o real-world comparison of commercial backup and recovery tools o designing and deploying a configuration and monitoring system at a global bank o the theory and practice of large-scale configuration management o automating switch and port configuration o supporting IPsec remote access Birds-of-a-Feather sessions and Work-in-Progress reports give you a preview of next year's news, or present fledgling work of your own and get feedback from the audience. KEYNOTE SPEAKER: eBay's Director of Availability and Performance Engineering, Paul Kilmartin, will discuss the challenges of the auction site's highly complex real-time computing demands. For more information and to register for the 17th Large Installation System Administration Conference (LISA) visit: http://www.usenix.org/events/lisa03/ Multiple Employee Discount: Usenix offers a $195 per-person discount to organizations sending 5 or more employees to LISA: email lisa03_reg at usenix.org to get this discount for your group. Register now for the best pricing! Feel free to contact me anytime with questions. Cheers, -Peter Peter Mui USENIX Association 2560 9th Street STE 215 Berkeley, CA 94710 510 548 8649 ext. 28 pmui at usenix.org From david at catwhisker.org Wed Sep 3 04:55:31 2003 From: david at catwhisker.org (David Wolfskill) Date: Wed, 3 Sep 2003 04:55:31 -0700 (PDT) Subject: More oddness seen by my firewall Message-ID: <200309031155.h83BtVhJ014660@bunrab.catwhisker.org> I noticed some odd-looking (blocked) packets intended for 17300/tcp; the frequency seems to have increased fairly suddenly recently. In the following, I have edited the entries to shorten them, and thus -- I hope! -- make seeing patterns a little easier. I replaced "63.193.123.122" by "me"; I elided the " in via dc0" from the ends of each line. I also elided the rule number (20000), since that didn't seem to be especially relevant. My intent is not to hide the information from y'all, but to faciitate some cooperation within our community: bunrab(4.9-P)[18] sudo grep ':17300' /var/log/security Aug 27 09:40:00 janus /kernel: ipfw: Deny TCP 68.62.63.245:3840 me:17300 Aug 27 10:32:05 janus /kernel: ipfw: Deny TCP 24.25.150.193:3841 me:17300 Aug 27 11:38:27 janus /kernel: ipfw: Deny TCP 172.137.205.179:3682 me:17300 Aug 27 22:33:39 janus /kernel: ipfw: Deny TCP 63.242.140.122:1119 me:17300 Aug 28 08:12:16 janus /kernel: ipfw: Deny TCP 68.71.63.171:4475 me:17300 Aug 28 09:19:33 janus /kernel: ipfw: Deny TCP 68.71.63.171:4487 me:17300 Aug 28 18:52:39 janus /kernel: ipfw: Deny TCP 68.119.151.47:2060 me:17300 Aug 29 17:16:52 janus /kernel: ipfw: Deny TCP 68.71.63.171:4283 me:17300 Sep 1 03:35:39 janus /kernel: ipfw: Deny TCP 67.112.37.165:4571 me:17300 Sep 1 11:55:43 janus /kernel: ipfw: Deny TCP 130.13.101.34:4150 me:17300 Sep 2 06:06:41 janus /kernel: ipfw: Deny TCP 67.74.73.228:4153 me:17300 Sep 2 06:06:50 janus /kernel: ipfw: Deny TCP 81.96.174.145:3545 me:17300 Sep 2 06:07:14 janus /kernel: ipfw: Deny TCP 80.135.220.136:3300 me:17300 Sep 2 06:07:43 janus /kernel: ipfw: Deny TCP 80.13.173.25:1316 me:17300 Sep 2 06:55:22 janus /kernel: ipfw: Deny TCP 68.214.99.194:50216 me:17300 Sep 2 07:21:23 janus /kernel: ipfw: Deny TCP 200.28.42.232:4206 me:17300 Sep 2 08:32:45 janus /kernel: ipfw: Deny TCP 217.228.74.31:4519 me:17300 Sep 2 08:33:35 janus /kernel: ipfw: Deny TCP 217.236.90.176:3499 me:17300 Sep 2 09:15:55 janus /kernel: ipfw: Deny TCP 200.74.144.73:1897 me:17300 Sep 2 09:45:03 janus /kernel: ipfw: Deny TCP 217.98.162.102:3924 me:17300 Sep 2 09:57:29 janus /kernel: ipfw: Deny TCP 67.122.191.205:3611 me:17300 Sep 2 10:13:58 janus /kernel: ipfw: Deny TCP 212.194.140.70:4037 me:17300 Sep 2 10:32:31 janus /kernel: ipfw: Deny TCP 213.96.224.225:3301 me:17300 Sep 2 10:49:08 janus /kernel: ipfw: Deny TCP 12.243.249.75:4552 me:17300 Sep 2 11:51:46 janus /kernel: ipfw: Deny TCP 213.13.234.76:4306 me:17300 Sep 2 12:02:14 janus /kernel: ipfw: Deny TCP 217.81.28.62:1724 me:17300 Sep 2 13:19:50 janus /kernel: ipfw: Deny TCP 81.98.115.72:2302 me:17300 Sep 2 13:24:21 janus /kernel: ipfw: Deny TCP 65.94.221.120:3093 me:17300 Sep 2 14:29:26 janus /kernel: ipfw: Deny TCP 80.8.84.96:3572 me:17300 Sep 2 19:30:27 janus /kernel: ipfw: Deny TCP 80.49.1.147:4452 me:17300 Sep 3 02:11:19 janus /kernel: ipfw: Deny TCP 24.70.194.113:4928 me:17300 bunrab(4.9-P)[19] foreach h ( `sudo grep ':17300' /var/log/security | sed -e 's/^.* TCP //' -e 's/:.*$//'` ) foreach? host $h foreach? end 245.63.62.68.IN-ADDR.ARPA domain name pointer pcp03161516pcs.flint01.mi.comcast.net 193.150.25.24.IN-ADDR.ARPA domain name pointer alb-24-25-150-193.nycap.rr.com 179.205.137.172.IN-ADDR.ARPA domain name pointer AC89CDB3.ipt.aol.com 122.140.242.63.IN-ADDR.ARPA domain name pointer 122.mug140.dtrt.sflmi01r1.dsl.att.net 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net 47.151.119.68.IN-ADDR.ARPA domain name pointer ip-wv-68-119-151-047.charterwv.net 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net 165.37.112.67.IN-ADDR.ARPA domain name pointer adsl-67-112-37-165.dsl.lsan03.pacbell.net 34.101.13.130.IN-ADDR.ARPA domain name pointer vdsl-130-13-101-34.phnx.uswest.net 228.73.74.67.IN-ADDR.ARPA domain name pointer dialup-67.74.73.228.Dial1.Philadelphia1.Level3.net 145.174.96.81.IN-ADDR.ARPA domain name pointer pc1-mfld3-6-cust145.nott.cable.ntl.com 136.220.135.80.IN-ADDR.ARPA domain name pointer p5087DC88.dip.t-dialin.net 25.173.13.80.IN-ADDR.ARPA domain name pointer APlessis-Bouchard-103-1-3-25.w80-13.abo.wanadoo.fr 194.99.214.68.IN-ADDR.ARPA domain name pointer adsl-214-99-194.gnv.bellsouth.net 232.42.28.200.IN-ADDR.ARPA domain name pointer 232-42-28.dial.terra.cl 31.74.228.217.IN-ADDR.ARPA domain name pointer pD9E44A1F.dip.t-dialin.net 176.90.236.217.IN-ADDR.ARPA domain name pointer pD9EC5AB0.dip.t-dialin.net Host not found. 102.162.98.217.IN-ADDR.ARPA domain name pointer pa102.zbaszyn.sdi.tpnet.pl 205.191.122.67.IN-ADDR.ARPA domain name pointer adsl-67-122-191-205.dsl.lsan03.pacbell.net 205.191.122.67.IN-ADDR.ARPA domain name pointer adsl-67-122-191-205.dsl.pltn13.pacbell.net 70.140.194.212.IN-ADDR.ARPA domain name pointer f07v-9-70.d1.club-internet.fr 225.224.96.213.IN-ADDR.ARPA domain name pointer 225.Red-213-96-224.pooles.rima-tde.net 75.249.243.12.IN-ADDR.ARPA domain name pointer 12-243-249-75.client.attbi.com Host not found. 62.28.81.217.IN-ADDR.ARPA domain name pointer pD9511C3E.dip.t-dialin.net 72.115.98.81.IN-ADDR.ARPA domain name pointer pc3-rdng1-3-cust72.winn.cable.ntl.com 120.221.94.65.IN-ADDR.ARPA domain name pointer MTL-HSE-ppp200072.qc.sympatico.ca 96.84.8.80.IN-ADDR.ARPA domain name pointer ca-bordeaux-12-96.w80-8.abo.wanadoo.fr 147.1.49.80.IN-ADDR.ARPA domain name pointer pb147.mielec.sdi.tpnet.pl 113.194.70.24.IN-ADDR.ARPA domain name pointer h24-70-194-113.ok.shawcable.net bunrab(4.9-P)[20] I'm not sure what to make of it yet... but that reminds me: I have been seeing a lot of HTTP requests against http://www.catwhisker.org/ that just get the root page, and they all look fairly similar; here's a (small!) excerpt: 203.232.249.65 - - [02/Sep/2003:00:04:03 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 208.206.232.111 - - [02/Sep/2003:00:07:43 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 64.170.193.211 - - [02/Sep/2003:00:17:40 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 68.121.123.211 - - [02/Sep/2003:00:24:28 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 61.121.84.33 - - [02/Sep/2003:00:25:01 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 68.74.69.31 - - [02/Sep/2003:00:26:24 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 62.13.174.12 - - [02/Sep/2003:00:29:11 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" 68.22.50.9 - - [02/Sep/2003:00:38:40 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" I'm fairly sure that this is from the recent worm/virus/whatever -- this seems to have started between 10 - 20 days ago or so. Peace, david -- David H. Wolfskill david at catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). From rob.riley at oracle.com Wed Sep 3 10:21:54 2003 From: rob.riley at oracle.com (Rob Riley) Date: Wed, 03 Sep 2003 10:21:54 -0700 Subject: More oddness seen by my firewall References: <200309031155.h83BtVhJ014660@bunrab.catwhisker.org> Message-ID: <3F562332.2030801@oracle.com> Hi David, They are scanning for systems infected with Kuang2 the virus which installs a trojan that opens port 17300/tcp on infected systems. http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htm Regards, -- Rob Riley Senior Systems Administrator, Security Engineering Global IT, Oracle Corp. 650 506-1435 office, 650 799-1607 cell David Wolfskill wrote: > I noticed some odd-looking (blocked) packets intended for 17300/tcp; the > frequency seems to have increased fairly suddenly recently. > > In the following, I have edited the entries to shorten them, and thus -- > I hope! -- make seeing patterns a little easier. I replaced > "63.193.123.122" by "me"; I elided the " in via dc0" from the ends of > each line. I also elided the rule number (20000), since that didn't > seem to be especially relevant. My intent is not to hide the information > from y'all, but to faciitate some cooperation within our community: > > bunrab(4.9-P)[18] sudo grep ':17300' /var/log/security > Aug 27 09:40:00 janus /kernel: ipfw: Deny TCP 68.62.63.245:3840 me:17300 > Aug 27 10:32:05 janus /kernel: ipfw: Deny TCP 24.25.150.193:3841 me:17300 > Aug 27 11:38:27 janus /kernel: ipfw: Deny TCP 172.137.205.179:3682 me:17300 > Aug 27 22:33:39 janus /kernel: ipfw: Deny TCP 63.242.140.122:1119 me:17300 > Aug 28 08:12:16 janus /kernel: ipfw: Deny TCP 68.71.63.171:4475 me:17300 > Aug 28 09:19:33 janus /kernel: ipfw: Deny TCP 68.71.63.171:4487 me:17300 > Aug 28 18:52:39 janus /kernel: ipfw: Deny TCP 68.119.151.47:2060 me:17300 > Aug 29 17:16:52 janus /kernel: ipfw: Deny TCP 68.71.63.171:4283 me:17300 > Sep 1 03:35:39 janus /kernel: ipfw: Deny TCP 67.112.37.165:4571 me:17300 > Sep 1 11:55:43 janus /kernel: ipfw: Deny TCP 130.13.101.34:4150 me:17300 > Sep 2 06:06:41 janus /kernel: ipfw: Deny TCP 67.74.73.228:4153 me:17300 > Sep 2 06:06:50 janus /kernel: ipfw: Deny TCP 81.96.174.145:3545 me:17300 > Sep 2 06:07:14 janus /kernel: ipfw: Deny TCP 80.135.220.136:3300 me:17300 > Sep 2 06:07:43 janus /kernel: ipfw: Deny TCP 80.13.173.25:1316 me:17300 > Sep 2 06:55:22 janus /kernel: ipfw: Deny TCP 68.214.99.194:50216 me:17300 > Sep 2 07:21:23 janus /kernel: ipfw: Deny TCP 200.28.42.232:4206 me:17300 > Sep 2 08:32:45 janus /kernel: ipfw: Deny TCP 217.228.74.31:4519 me:17300 > Sep 2 08:33:35 janus /kernel: ipfw: Deny TCP 217.236.90.176:3499 me:17300 > Sep 2 09:15:55 janus /kernel: ipfw: Deny TCP 200.74.144.73:1897 me:17300 > Sep 2 09:45:03 janus /kernel: ipfw: Deny TCP 217.98.162.102:3924 me:17300 > Sep 2 09:57:29 janus /kernel: ipfw: Deny TCP 67.122.191.205:3611 me:17300 > Sep 2 10:13:58 janus /kernel: ipfw: Deny TCP 212.194.140.70:4037 me:17300 > Sep 2 10:32:31 janus /kernel: ipfw: Deny TCP 213.96.224.225:3301 me:17300 > Sep 2 10:49:08 janus /kernel: ipfw: Deny TCP 12.243.249.75:4552 me:17300 > Sep 2 11:51:46 janus /kernel: ipfw: Deny TCP 213.13.234.76:4306 me:17300 > Sep 2 12:02:14 janus /kernel: ipfw: Deny TCP 217.81.28.62:1724 me:17300 > Sep 2 13:19:50 janus /kernel: ipfw: Deny TCP 81.98.115.72:2302 me:17300 > Sep 2 13:24:21 janus /kernel: ipfw: Deny TCP 65.94.221.120:3093 me:17300 > Sep 2 14:29:26 janus /kernel: ipfw: Deny TCP 80.8.84.96:3572 me:17300 > Sep 2 19:30:27 janus /kernel: ipfw: Deny TCP 80.49.1.147:4452 me:17300 > Sep 3 02:11:19 janus /kernel: ipfw: Deny TCP 24.70.194.113:4928 me:17300 > bunrab(4.9-P)[19] foreach h ( `sudo grep ':17300' /var/log/security | sed -e 's/^.* TCP //' -e 's/:.*$//'` ) > foreach? host $h > foreach? end > 245.63.62.68.IN-ADDR.ARPA domain name pointer pcp03161516pcs.flint01.mi.comcast.net > 193.150.25.24.IN-ADDR.ARPA domain name pointer alb-24-25-150-193.nycap.rr.com > 179.205.137.172.IN-ADDR.ARPA domain name pointer AC89CDB3.ipt.aol.com > 122.140.242.63.IN-ADDR.ARPA domain name pointer 122.mug140.dtrt.sflmi01r1.dsl.att.net > 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net > 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net > 47.151.119.68.IN-ADDR.ARPA domain name pointer ip-wv-68-119-151-047.charterwv.net > 171.63.71.68.IN-ADDR.ARPA domain name pointer co-colspgs-u6-c6b-171.clspco.adelphia.net > 165.37.112.67.IN-ADDR.ARPA domain name pointer adsl-67-112-37-165.dsl.lsan03.pacbell.net > 34.101.13.130.IN-ADDR.ARPA domain name pointer vdsl-130-13-101-34.phnx.uswest.net > 228.73.74.67.IN-ADDR.ARPA domain name pointer dialup-67.74.73.228.Dial1.Philadelphia1.Level3.net > 145.174.96.81.IN-ADDR.ARPA domain name pointer pc1-mfld3-6-cust145.nott.cable.ntl.com > 136.220.135.80.IN-ADDR.ARPA domain name pointer p5087DC88.dip.t-dialin.net > 25.173.13.80.IN-ADDR.ARPA domain name pointer APlessis-Bouchard-103-1-3-25.w80-13.abo.wanadoo.fr > 194.99.214.68.IN-ADDR.ARPA domain name pointer adsl-214-99-194.gnv.bellsouth.net > 232.42.28.200.IN-ADDR.ARPA domain name pointer 232-42-28.dial.terra.cl > 31.74.228.217.IN-ADDR.ARPA domain name pointer pD9E44A1F.dip.t-dialin.net > 176.90.236.217.IN-ADDR.ARPA domain name pointer pD9EC5AB0.dip.t-dialin.net > Host not found. > 102.162.98.217.IN-ADDR.ARPA domain name pointer pa102.zbaszyn.sdi.tpnet.pl > 205.191.122.67.IN-ADDR.ARPA domain name pointer adsl-67-122-191-205.dsl.lsan03.pacbell.net > 205.191.122.67.IN-ADDR.ARPA domain name pointer adsl-67-122-191-205.dsl.pltn13.pacbell.net > 70.140.194.212.IN-ADDR.ARPA domain name pointer f07v-9-70.d1.club-internet.fr > 225.224.96.213.IN-ADDR.ARPA domain name pointer 225.Red-213-96-224.pooles.rima-tde.net > 75.249.243.12.IN-ADDR.ARPA domain name pointer 12-243-249-75.client.attbi.com > Host not found. > 62.28.81.217.IN-ADDR.ARPA domain name pointer pD9511C3E.dip.t-dialin.net > 72.115.98.81.IN-ADDR.ARPA domain name pointer pc3-rdng1-3-cust72.winn.cable.ntl.com > 120.221.94.65.IN-ADDR.ARPA domain name pointer MTL-HSE-ppp200072.qc.sympatico.ca > 96.84.8.80.IN-ADDR.ARPA domain name pointer ca-bordeaux-12-96.w80-8.abo.wanadoo.fr > 147.1.49.80.IN-ADDR.ARPA domain name pointer pb147.mielec.sdi.tpnet.pl > 113.194.70.24.IN-ADDR.ARPA domain name pointer h24-70-194-113.ok.shawcable.net > bunrab(4.9-P)[20] > > I'm not sure what to make of it yet... but that reminds me: I have been > seeing a lot of HTTP requests against http://www.catwhisker.org/ that > just get the root page, and they all look fairly similar; here's a > (small!) excerpt: > > 203.232.249.65 - - [02/Sep/2003:00:04:03 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 208.206.232.111 - - [02/Sep/2003:00:07:43 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 64.170.193.211 - - [02/Sep/2003:00:17:40 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 68.121.123.211 - - [02/Sep/2003:00:24:28 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 61.121.84.33 - - [02/Sep/2003:00:25:01 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 68.74.69.31 - - [02/Sep/2003:00:26:24 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.13.174.12 - - [02/Sep/2003:00:29:11 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 68.22.50.9 - - [02/Sep/2003:00:38:40 -0700] "GET / HTTP/1.1" 200 1016 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > > > I'm fairly sure that this is from the recent worm/virus/whatever -- this > seems to have started between 10 - 20 days ago or so. > > Peace, > david -- Rob Riley Senior Systems Administrator, Security Engineering Global IT, Oracle Corp. 650 506-1435 work, 650 799-1607 cell From hal at deer-run.com Fri Sep 5 09:18:16 2003 From: hal at deer-run.com (Hal Pomeranz) Date: Fri, 5 Sep 2003 09:18:16 -0700 Subject: [sweil@sans.org: SANS Securing UNIX Course Starts Monday, September 29 at San Jose State University] Message-ID: <20030905161816.GA17594@deer-run.com> The short form is this: I'm teaching my SANS Securing Unix class at San Jose State on Monday evenings this fall. This is the same course you'd take at a week-long SANS conference, we're just offering it "university extension course" style for local folks who can't get away for an entire week. Attenance will be limited to 15, so sign up now if you're interested. Further details below. Cheers! -- Hal Pomeranz, Founder/CEO Deer Run Associates hal at deer-run.com Network Connectivity and Security, Systems Management, Training ----- Forwarded message from The SANS Institute ----- Date: Thu, 4 Sep 2003 20:51:19 -0600 (MDT) From: The SANS Institute Subject: SANS Securing UNIX Course Starts Monday, September 29 at San Jose State University Precedence: bulk Errors-To: To: Hal Pomeranz (SD115767) X-Bounce: === SD115767 === hal at deer-run.com === X-Mailing: SANS We are excited to announce that SANS has chosen the San Jose area to offer the new Local Instructor Program version of The SANS Institute's Securing UNIX, our widely acclaimed computer and network security course, for a limited number (15) of students. The course is being taught by SANS Instructor Hal Pomeranz. The class will meet on Monday evenings, from Monday, September 29 - Monday, December 15, 2003. Tuition fee is $2,595. For registration instructions, contact Scott Weil, sweil at sans.org . For the $2,595 tuition fee, you will receive: 1. Access to SANS Securing UNIX Courseware 2. SANS Securing UNIX Course books 3. Eleven 3-hour local instructor sessions 4. GIAC Securing UNIX Certification attempt This course is consistent with both of the key promises SANS makes to our students: (1) You will gain up-to-the-minute knowledge you can put into practice while still in class and (2) SANS identifies the best security instructors to teach their courses, by choosing from those who have ranked highest in a nine-year competition among potential security faculty. As always, great teaching sets SANS courses apart. This program offers great teaching along with the ability to master the material needed for the GCUX Certification. The course will be limited to 15 students per class to make sure students get the individual attention they need. The SANS Local Instructor Program is the ideal alternative to attending a live conference, especially for those professionals that need to add new skills but must be billable during the work week without disrupting your work and family schedule, and without the additional travel and living expenses associated with taking a six day course in a distant city. Who Should Attend -- Security professionals looking to learn the basics of securing Unix operating systems -- Experienced administrators looking for in-depth descriptions of attacks on Unix systems and how they can be prevented -- Administrators needing information on how to secure common Internet applications on the Unix platform -- Administrators looking for an introduction to best-of-breed hardening and testing tools The SANS Securing UNIX Local Instructor-Led Course runs for eleven weeks (11) and is divided into five sections. * Part 1: Issues and Vulnerabilities in UNIX * Part 2: UNIX Security Tools * Part 3: SSH / Unix Forensics * Part 4: Running UNIX Applications Securely * Part 5: UNIX Practicum Hands-on assignments will be given that can be completed outside of classroom hours. For a complete course outline, please go to: http://www.sans.org/local/track6.php Your instructor will be Hal Pomeranz. Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than fifteen years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated SANS instructor and author on topics ranging from information security to system and network management to Perl programming. Hal received the 2001 SAGE Outstanding Achievement Award for his teaching and leadership in the System Administration field. The first class session will be held on Monday, September 29, 2003 from 7:00pm to 10:00 pm at: San Jose State University 2160 Lundy Avenue Suite 250 San Jose, CA 95131 Subsequent class meetings will be at the same location and time on: Monday, October 6 Monday, October 13 Monday, October 20 Monday, October 27 Monday, November 3 Monday, November 10 *** skip week due to prior instructor commitment *** Monday, November 24 Monday, December 1 Monday, December 8 Monday, December 15 SIGN UP NOW! For your discount code and registration instructions, please contact me at sweil at sans.org If you know others who would benefit from this training, would you please forward this note to them? We have found that students who attend the course in small groups seem to benefit even more than people registering individually, and to that end, we have a special tuition fee offer of three students for the price of $6,300! This works out to a tuition fee of $2,100 per student. To take advantage of this offer you do need to all work at the same organization. Simply follow the registration instructions I will provide to you. Have you already taken Track 6, SANS Securing UNIX, but did not sign up for, or did not complete your GCUX certification, and now see the value in having the credentials and proof of mastery that comes from GIAC Securing UNIX certification? We have a mechanism to help that we want to experiment with for a limited time, so please take us up on this offer now if you are interested. You can register for the SANS Local Instructor Led Securing UNIX course and fully participate for only $850. This offer is available only to alumni of SANS Track 6 who have taken the course after January 1, 2001. You will work with our instructor, Hal Pomeranz, who will assist in preparing you for your certification. For registration instructions, please contact me at sweil at sans.org . To change your subscription, address, or other information, visit http://portal.sans.org ----- End forwarded message ----- From extasia at extasia.org Sun Sep 14 07:30:21 2003 From: extasia at extasia.org (David Alban) Date: Sun, 14 Sep 2003 07:30:21 -0700 Subject: [baylisa] SIG-BEER-WEST this Saturday 9/20 in San Francisco Message-ID: <20030914073021.A8468@gerasimov.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SIG-beer-west http://extasia.org/sig-beer-west/ Saturday, September 20, 2003 at 6:00pm San Francisco, CA Beer. Mental stimulation. This event: Saturday, 09/20/2003, 6:00pm, at [1]Jack's in the Cannery, San Francisco [2]directions [3]parking [1] http://extasia.org/sig-beer-west/jacks-cannery/ [2] http://www.thecannery.com/directions.html [3] http://www.thecannery.com/directions_parking.html Coming events (third Saturdays): Saturday, 10/18/2003, 6:00pm, location to be determined Saturday, 11/15/2003, 6:00pm, location to be determined Saturday, 12/20/2003, 6:00pm, location to be determined Saturday, 01/17/2004, 6:00pm, location to be determined San Francisco's next social event for computer sysadmins and their friends, sig-beer-west, will take place on Saturday, September 20, 2003 at [4]Jack's in the Cannery in San Francisco, CA. Jack's has 110 beers on tap, and food is available. From sandwiches to steak to New England style clam chowder (which I personally recommend). Festivities will start at 6:00pm and continue until we've all left. Directions to Jack's can be found on the Cannery's [5]directions page. For additional details, see the [6]sig-beer-west venue page for Jack's. [4] http://www.thecannery.com/dining/restaurants.html [5] http://www.thecannery.com/directions.html [6] http://extasia.org/sig-beer-west/jacks-cannery/ When you show up, you should look for some kind of home made sig-beer-west sign. We will try to make it obvious who we are. :-) Everyone is welcome at this event. We mean it! Please feel free to forward this information and to invite friends, co-workers, and others who might enjoy lifting a glass with interesting folks from all over the place. (O.K., you do have to be of legal drinking age to attend.) Can't come this month? Mark your calendar for next month. sig-beer-west is always on the third Saturday of the month. Any Comments, Questions, Suggestions of Things to Do Later on That Evening, or New Venue Suggestions ... email [7]David. [7] mailto:extasia at extasia.org There is a sig-beer-west mailing list. To subscribe, send an email with "subscribe" in the body to . sig-beer-west FAQ 1. Q: Your announcement says "computer sysadmins and their friends". How do I know if I'm a friend of a computer sysadmin? I don't even know what one is. A: You're a friend of a computer sysadmin if you can find the sig-beer-west sign at this month's sig-beer-west event. 2. Q: I'm not really a beer person. In fact I'm interested in hanging out, but not in drinking. Would I be welcome? A: Absolutely! The point is to hang out with fun, interesting folks. Please do join us. 3. Q: Is parking difficult in the city, like maybe I should factor this into my travel time? A: Yes. ______________________________________________________________________ sig-beer-west was started in February 2002 when a couple Washington, D.C. based systems administrators who moved to the San Francisco Bay area wanted to continue a [8]dc-sage tradition, sig-beer, which is described in dc-sage web space as: SIG-beer, as in "Special Interest Group - Beer" ala ACM, or as in "send the BEER signal to that process". The original SIG-beer gathering takes place in Washington DC, usually on the first Saturday night of the month. [8] http://www.dc-sage.org/ ______________________________________________________________________ Last modified: $Date: 2003/09/04 17:20:12 $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/ZHpNPh0M9c/OpdARAl4nAJ9p735DVT6GtKo9BAP9x4cE64LA2wCggRp1 PMaul/DIUYDpcyttvcE7toM= =PV7Q -----END PGP SIGNATURE----- From strata at virtual.net Wed Sep 17 09:35:59 2003 From: strata at virtual.net (Strata R Chalup) Date: Wed, 17 Sep 2003 09:35:59 -0700 Subject: BayLISA Monthly: 9/18/03: Network Security topics, Ryan Russell and Dan Kaminsky Message-ID: <3F688D6F.5040902@virtual.net> BayLISA Monthly Technical Talk & General Meeting -------- Please RSVP to rsvp at baylisa.org so that we can get an idea of how many will be attending. This event is open to the general public, you do not need to be a member to attend. -------- Where: Apple Computer, De Anza Bldg 3 (Blue Apple parking lot) Addr: 10500 N. De Anza Blvd, Cupertino, CA http://www.baylisa.org/locations/current.html -------- Date: Thursday, 18 September 2003 Time: 7:30pm - 9:30pm PST Ryan Russell and Dan Kaminsky Network Security topics Ryan and Dan will be updating us on various interesting bits from the world of network security. Highly recommended by BayLISA folks who went to Defcon and heard them speak on various topics there. -------- BayLISA meets every month on the 3rd Thursday of the month. A short period of announcements of general interest to the sysadmin community is presented, followed by a technical talk. Anyone may make an announcement; typical are upcoming presentations, user group meetings, employment offers, etc. For further information on BayLISA, check out our web site: http://www.baylisa.org/ Directions and details about the current meeting and future events: http://www.baylisa.org/events/ BayLISA makes video tapes of the meetings available to members. Tape library is often available at the general meeting, or for more information on available videos, please send email to "video at baylisa.org". If you have suggestions for speakers, or would like to volunteer to present a talk at one of our meetings, please email the Board and Working Group at "blw at baylisa.org". Thanks! -------- Please RSVP to rsvp at baylisa.org so that we can get an idea of how many will be attending. This event is open to the general public, you do not need to be a member to attend. -------- -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From michael at halligan.org Thu Sep 18 21:36:41 2003 From: michael at halligan.org (Michael T. Halligan) Date: Thu, 18 Sep 2003 21:36:41 -0700 (PDT) Subject: Remote terminal server recommendations? Message-ID: Is anybody up on the latest in remote terminals? My old standby used to be computone, but they don't seem to be around anymore. They had the best features out of them all back in the day, mainly they had ssh support, as well as per-port user/password acls & easy integration with their remote power strips. Does anybody know of something comparable (Mainly I want a solution with ssh). Michael ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From matt at offmyserver.com Thu Sep 18 22:22:04 2003 From: matt at offmyserver.com (Matt Olander) Date: Thu, 18 Sep 2003 22:22:04 -0700 Subject: Remote terminal server recommendations? In-Reply-To: ; from michael@halligan.org on Thu, Sep 18, 2003 at 09:36:41PM -0700 References: Message-ID: <20030918222204.C8371@knight.ixsystems.net> On Thu, Sep 18, 2003 at 09:36:41PM -0700, Michael T. Halligan wrote: > Is anybody up on the latest in remote terminals? > > My old standby used to be computone, but they don't > seem to be around anymore. They had the best features > out of them all back in the day, mainly they had ssh > support, as well as per-port user/password acls & easy > integration with their remote power strips. > > Does anybody know of something comparable (Mainly I > want a solution with ssh). hey Michael, Avocent has a couple of reasonable models with ssh access. -matt > > Michael > > ------------------- > Michael T. Halligan > Chief Geek > Halligan Infrastructure Designs. > http://www.halligan.org/ > 2250 Jerrold Ave #11 > San Francisco, CA 94124-1012 > (415) 724.7998 - Mobile -- Matt Olander (408)943-4100 Phone (408)943-4101 Fax www.offmyserver.com -- "Those who don't read have no advantage over those who can't" -Mark Twain From lanning at monsoonwind.com Thu Sep 18 23:21:20 2003 From: lanning at monsoonwind.com (Robert Hajime Lanning) Date: Thu, 18 Sep 2003 23:21:20 -0700 (PDT) Subject: Remote terminal server recommendations? In-Reply-To: References: Message-ID: <42257.172.16.0.30.1063952480.squirrel@ssl.monsoonwind.com> Cyclades has turned their focus from RAS to console servers. Linux on firmware runs up to a 48 port 1U rackmount box. Their power strips integrate very well. Connect to the console of a box, hit ^P and get a menu that allows you to power cycle that box, and only that box. The web interface to the console manager will show you all power outlets, and you can click on an outlet to toggle it. Connect via ssh,telnet,http,https. The http/https option hands you back a Java applet that talks ssh/telnet back to the box. http://www.cyclades.com/ http://www.cyclades.com/products/2/ts_series http://www.cyclades.com/products/3/alterpath_acs > Is anybody up on the latest in remote terminals? > > My old standby used to be computone, but they don't > seem to be around anymore. They had the best features > out of them all back in the day, mainly they had ssh > support, as well as per-port user/password acls & easy > integration with their remote power strips. > > Does anybody know of something comparable (Mainly I > want a solution with ssh). > > Michael > > ------------------- > Michael T. Halligan > Chief Geek > Halligan Infrastructure Designs. > http://www.halligan.org/ > 2250 Jerrold Ave #11 > San Francisco, CA 94124-1012 > (415) 724.7998 - Mobile > > -- END OF LINE From dk+baylisa at farm.org Thu Sep 18 23:47:08 2003 From: dk+baylisa at farm.org (=?koi8-r?B?RG1pdHJ5IEtvaG1hbnl1ayDkzcnU0snKIOvPyM3BzsDL?=) Date: Thu, 18 Sep 2003 23:47:08 -0700 Subject: Remote terminal server recommendations? In-Reply-To: ; from michael@halligan.org on Thu, Sep 18, 2003 at 09:36:41PM -0700 References: Message-ID: <20030918234708.A76731@farm.org> On Thu, Sep 18, 2003 at 09:36:41PM -0700, Michael T. Halligan wrote: > My old standby used to be computone, but they don't > seem to be around anymore. They had the best features > out of them all back in the day, mainly they had ssh > support, as well as per-port user/password acls & easy > integration with their remote power strips. > > Does anybody know of something comparable (Mainly I > want a solution with ssh). so, you want to ssh into something which can then allow you to connect to serial console? my advice is: buy portmaster 2 series (2U rackmountable PM-25, needs custom cables, or 4U PM-2E, direct DB-25 ports, can be less on ebay.) install free conserver software (www.conserver.com) on any Unix box, and configure it to connect to your portmaster. you'll get: ability to ssh to your box (which runs conserver). console logging (by conserver) multi-user access (one writer, many readers.) (by conserver) reliability and power-off-does-not-send-break-to-serial ports (by portmaster.) ability to log in to portmaster by direct telnet if your box goes down. (you can restrict it by password, i think.) you can also buy Cyclades all-in-one device, with built-in ssh, but the price would be higher (unless you are installing this in a location without existing Unix box, or are really strapped for U space). Presumably, if you want to manage customers' equipment, you have one of your own management stations, which runs network monitoring/dns/smtp services/accounting for them. where to buy: portmasters.com sells portmasters; a friend recommends them. they are not part of with Lucent (which bought Livingston.) they have password unlocking service and other kinds of support. you can always try ebay; there are good deals on portmasters, but none on cyclades. disclaimer: i have bought equipment from cyclades in the past. i have used portmasters.com service, but not bought from them (yet). I don't work for either ;) From michael at halligan.org Thu Sep 18 21:36:41 2003 From: michael at halligan.org (Michael T. Halligan) Date: Thu, 18 Sep 2003 21:36:41 -0700 (PDT) Subject: Remote terminal server recommendations? Message-ID: Is anybody up on the latest in remote terminals? My old standby used to be computone, but they don't seem to be around anymore. They had the best features out of them all back in the day, mainly they had ssh support, as well as per-port user/password acls & easy integration with their remote power strips. Does anybody know of something comparable (Mainly I want a solution with ssh). Michael ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From dk at farm.org Thu Sep 18 22:23:05 2003 From: dk at farm.org (=?koi8-r?B?RG1pdHJ5IEtvaG1hbnl1ayDkzcnU0snKIOvPyM3BzsDL?=) Date: Thu, 18 Sep 2003 22:23:05 -0700 Subject: Remote terminal server recommendations? In-Reply-To: ; from michael@halligan.org on Thu, Sep 18, 2003 at 09:36:41PM -0700 References: Message-ID: <20030918222305.C76127@farm.org> On Thu, Sep 18, 2003 at 09:36:41PM -0700, Michael T. Halligan wrote: > My old standby used to be computone, but they don't > seem to be around anymore. They had the best features > out of them all back in the day, mainly they had ssh > support, as well as per-port user/password acls & easy > integration with their remote power strips. > > Does anybody know of something comparable (Mainly I > want a solution with ssh). so, you want to ssh into something which can then allow you to connect to serial console? my advice is: buy portmaster 2 series (2U rackmountable PM-25, needs custom cables, or 4U PM-2E, direct DB-25 ports, can be less on ebay.) install free conserver software (www.conserver.com) on any Unix box, and configure it to connect to your portmaster. you'll get: ability to ssh to your box (which runs conserver). console logging (by conserver) multi-user access (one writer, many readers.) (by conserver) reliability and power-off-does-not-send-break-to-serial ports (by portmaster.) ability to log in to portmaster by direct telnet if your box goes down. (you can restrict it by password, i think.) you can also buy Cyclades all-in-one device, with built-in ssh, but the price would be higher (unless you are installing this in a location without existing Unix box, or are really strapped for U space). Presumably, if you want to manage customers' equipment, you have one of your own management stations, which runs network monitoring/dns/smtp services/accounting for them. where to buy: portmasters.com sells portmasters; a friend recommends them. they are not part of with Lucent (which bought Livingston.) they have password unlocking service and other kinds of support. you can always try ebay; there are good deals on portmasters, but none on cyclades. disclaimer: i have bought equipment from cyclades in the past. i have used portmasters.com service, but not bought from them (yet). I don't work for either ;) From rjwitte at rjwitte.com Fri Sep 19 00:55:14 2003 From: rjwitte at rjwitte.com (Russ Witte) Date: Fri, 19 Sep 2003 03:55:14 -0400 (EDT) Subject: Newest Security Update (fwd) Message-ID: Anyone else getting some sort of variation of this? I've received about 10 or 12 over the last 48 hours along with an exe file (removed). Very good social engineering ... Russ -- Russel Witte rjwitte at rjwitte.com Support Organ Donation -- It Saves Lives! -------------- next part -------------- MS Partner this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality of all previously released patches. Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. http://support.microsoft.com/ For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site http://www.microsoft.com/security/ Thank you for using Microsoft products. Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. ---------------------------------------------- The names of the actual companies and products mentioned herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3639 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 359 bytes Desc: not available URL: From david at catwhisker.org Fri Sep 19 07:18:51 2003 From: david at catwhisker.org (David Wolfskill) Date: Fri, 19 Sep 2003 07:18:51 -0700 (PDT) Subject: Newest Security Update (fwd) In-Reply-To: Message-ID: <200309191418.h8JEIpiH024192@bunrab.catwhisker.org> >Date: Fri, 19 Sep 2003 03:55:14 -0400 (EDT) >From: Russ Witte >To: baylisa at baylisa.org >Subject: Newest Security Update (fwd) >Anyone else getting some sort of variation of this? I've received about 10 >or 12 over the last 48 hours along with an exe file (removed). Very good >social engineering ... Yeah, been getting 'em both at home and at baylisa.org; have yet to see them at freebsd.org. I think a sendmail "milter" that would nuke *.exe messages would be appropriate. Peace, david (curent hat: postmaster@ the above sites) -- David H. Wolfskill david at catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). From greg.edwards at lmco.com Fri Sep 19 07:48:25 2003 From: greg.edwards at lmco.com (Edwards, Greg) Date: Fri, 19 Sep 2003 07:48:25 -0700 Subject: Newest Security Update (fwd) Message-ID: <982A2933712F3740921D842654ED470D0246C1CE@EMSS01M12.us.lmco.com> It is the new W32/Swen at MM virus http://vil.nai.com/vil/content/v_100662.htm. Greg Edwards -----Original Message----- From: David Wolfskill [mailto:david at catwhisker.org] Sent: Friday, September 19, 2003 7:19 AM To: baylisa at baylisa.org; rjwitte at rjwitte.com Subject: Re: Newest Security Update (fwd) >Date: Fri, 19 Sep 2003 03:55:14 -0400 (EDT) >From: Russ Witte >To: baylisa at baylisa.org >Subject: Newest Security Update (fwd) >Anyone else getting some sort of variation of this? I've received about 10 >or 12 over the last 48 hours along with an exe file (removed). Very good >social engineering ... Yeah, been getting 'em both at home and at baylisa.org; have yet to see them at freebsd.org. I think a sendmail "milter" that would nuke *.exe messages would be appropriate. Peace, david (curent hat: postmaster@ the above sites) -- David H. Wolfskill david at catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). From retrogmr at speakeasy.net Fri Sep 19 07:54:15 2003 From: retrogmr at speakeasy.net (Larry Anderson) Date: Fri, 19 Sep 2003 14:54:15 +0000 Subject: Remote terminal server recommendations? Message-ID: Perle also makes a pretty cool product (the CS9000 comes in 16 & 24 port models and does pretty much everything you're after). It has the added benefit of being web-accessible and super-easy to configure (something I didn't find to be the case with the Cyclades product). http://www.perle.com - Larry Anderson > -----Original Message----- > From: Michael T. Halligan [mailto:michael at halligan.org] > Sent: Friday, September 19, 2003 04:36 AM > To: baylisa at baylisa.org > Subject: Remote terminal server recommendations? > > Is anybody up on the latest in remote terminals? > > My old standby used to be computone, but they don't > seem to be around anymore. They had the best features > out of them all back in the day, mainly they had ssh > support, as well as per-port user/password acls & easy > integration with their remote power strips. > > Does anybody know of something comparable (Mainly I > want a solution with ssh). > > Michael > > ------------------- > Michael T. Halligan > Chief Geek > Halligan Infrastructure Designs. > http://www.halligan.org/ > 2250 Jerrold Ave #11 > San Francisco, CA 94124-1012 > (415) 724.7998 - Mobile > > From jxh at jxh.com Fri Sep 19 08:49:34 2003 From: jxh at jxh.com (Jim Hickstein) Date: Fri, 19 Sep 2003 10:49:34 -0500 Subject: Remote terminal server recommendations? In-Reply-To: <20030918222305.C76127@farm.org> References: <20030918222305.C76127@farm.org> Message-ID: <2147483647.1063968574@[10.9.18.6]> > you can also buy Cyclades all-in-one device, with built-in ssh, but the > price would be higher (unless you are installing this in a location > without existing Unix box, or are really strapped for U space). ... or you don't want your console server to contain anything that might not pass fsck(8) on power-up, necessitating that you reach _its_ console, usw. Firmware is good. And it has to defend itself (i.e. accept ssh connections) because if it's behind a firewall that didn't pass fsck(8).... We were so cheap, we built our own little FreeBSD box from a mini-PC card, and it all runs from flash. But used Cyclades boxes are probably next. From dannyman at toldme.com Fri Sep 19 09:34:35 2003 From: dannyman at toldme.com (Danny Howard) Date: Fri, 19 Sep 2003 09:34:35 -0700 Subject: Latest Worm In-Reply-To: <200309191418.h8JEIpiH024192@bunrab.catwhisker.org> References: <200309191418.h8JEIpiH024192@bunrab.catwhisker.org> Message-ID: <20030919163434.GN30198@pianosa.catch22.org> On Fri, Sep 19, 2003 at 07:18:51AM -0700, David Wolfskill wrote: > >Date: Fri, 19 Sep 2003 03:55:14 -0400 (EDT) > >From: Russ Witte > >To: baylisa at baylisa.org > >Subject: Newest Security Update (fwd) > > >Anyone else getting some sort of variation of this? I've received about 10 > >or 12 over the last 48 hours along with an exe file (removed). Very good > >social engineering ... > > Yeah, been getting 'em both at home and at baylisa.org; have yet to see > them at freebsd.org. I think a sendmail "milter" that would nuke *.exe > messages would be appropriate. Unless your users WANT to receive .exe files. Then plugging in a virus scanner like Sophos would be more appropriate. * changing Subject line after parsing Wolfskill's message as SPAM. From david at catwhisker.org Fri Sep 19 09:39:11 2003 From: david at catwhisker.org (David Wolfskill) Date: Fri, 19 Sep 2003 09:39:11 -0700 (PDT) Subject: Latest Worm In-Reply-To: <20030919163434.GN30198@pianosa.catch22.org> Message-ID: <200309191639.h8JGdBSU025455@bunrab.catwhisker.org> >Date: Fri, 19 Sep 2003 09:34:35 -0700 >From: Danny Howard >To: David Wolfskill >Cc: baylisa at baylisa.org, rjwitte at rjwitte.com >Subject: Latest Worm >Unless your users WANT to receive .exe files. Then plugging in a virus >scanner like Sophos would be more appropriate. Actually, I think I'd just as soon have a general "banned regex" facility. My users, both here at home and at BayLISA, have no need to receive executables (as such) via email. >* changing Subject line after parsing Wolfskill's message as SPAM. I guess that's easier than changing the parser, eh? :-} Peace, david -- David H. Wolfskill david at catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). From michael at halligan.org Fri Sep 19 10:02:04 2003 From: michael at halligan.org (Michael T. Halligan) Date: Fri, 19 Sep 2003 10:02:04 -0700 (PDT) Subject: "Impressive" datacenters in SF? Message-ID: Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility like equinix/att/sprint? The only one I know of so far is level3. ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From rsr at inorganic.org Fri Sep 19 10:37:54 2003 From: rsr at inorganic.org (Roy S. Rapoport) Date: Fri, 19 Sep 2003 10:37:54 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: References: Message-ID: <55465.204.107.250.200.1063993074.squirrel@www.inorganic.org> > Are there any GOOD hosting facilities in SF.. not resellers/small, but a > tier1/2 facility > like equinix/att/sprint? The only one I know of so far is level3. Three years ago or thereabouts, aboveNet (or whatever they're called these days) was building a DC in SF. We toured it and were suitably impressed, though this was before the electronics were put in -- we were getting to see the building foundations, etc. But given how they've built their other DCs, I'd assume their tech is top-notch (not enough, of course, to not bother checking :) ). -roy From michael at halligan.org Fri Sep 19 10:38:45 2003 From: michael at halligan.org (Michael T. Halligan) Date: Fri, 19 Sep 2003 10:38:45 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: <55465.204.107.250.200.1063993074.squirrel@www.inorganic.org> Message-ID: Roy, Above.net is always my first choice.. Sadly, the last I heard, they shut down their SF datacenter :( michael On Fri, 19 Sep 2003, Roy S. Rapoport wrote: > > Are there any GOOD hosting facilities in SF.. not resellers/small, but a > > tier1/2 facility > > like equinix/att/sprint? The only one I know of so far is level3. > > Three years ago or thereabouts, aboveNet (or whatever they're called these > days) was building a DC in SF. We toured it and were suitably impressed, > though this was before the electronics were put in -- we were getting to > see the building foundations, etc. But given how they've built their > other DCs, I'd assume their tech is top-notch (not enough, of course, to > not bother checking :) ). > > -roy > -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From fscked at pacbell.net Fri Sep 19 10:34:09 2003 From: fscked at pacbell.net (richard childers / kg6hac) Date: Fri, 19 Sep 2003 10:34:09 -0700 Subject: Newest Security Update (fwd) In-Reply-To: References: Message-ID: <3F6B3E11.2070407@pacbell.net> "Anyone else getting some sort of variation of this?" Yup. Lots of 'em. Great advertising for Daemonized Networking Services' (https://www.daemonized.com) products, eh? (-: -- richard Russ Witte wrote: >Anyone else getting some sort of variation of this? I've received about 10 >or 12 over the last 48 hours along with an exe file (removed). Very good >social engineering ... > >Russ > > > > > ------------------------------------------------------------------------ > > Microsoft All Products > | Support > | Search > | Microsoft.com Guide > > Microsoft Home > > > > MS Partner > > this is the latest version of security update, the "September 2003, > Cumulative Patch" update which resolves all known security > vulnerabilities affecting MS Internet Explorer, MS Outlook and MS > Outlook Express as well as three newly discovered vulnerabilities. > Install now to protect your computer from these vulnerabilities, the > most serious of which could allow an attacker to run code on your > system. This update includes the functionality of all previously > released patches. > > > > System requirements Windows 95/98/Me/2000/NT/XP > This update applies to MS Internet Explorer, version 4.01 and later > MS Outlook, version 8.00 and later > MS Outlook Express, version 4.01 and later > Recommendation Customers should install the patch at the earliest > opportunity. > How to install Run attached file. Choose Yes on displayed dialog box. > How to use You don't need to do anything after installing this item. > > > Microsoft Product Support Services and Knowledge Base articles can be > found on the Microsoft Technical Support > web site. For security-related > information about Microsoft products, please visit the Microsoft > Security Advisor web site, or > Contact Us. > > Thank you for using Microsoft products. > > Please do not reply to this message. It was sent from an unmonitored > e-mail address and we are unable to respond to any replies. > ------------------------------------------------------------------------ > The names of the actual companies and products mentioned herein are > the trademarks of their respective owners. > > > > Contact Us | > Legal | TRUSTe > > > ?2003 Microsoft Corporation. All rights reserved. Terms of Use > | Privacy Statement > | Accessibility > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3639 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 359 bytes Desc: not available URL: From robc at solarflares.net Fri Sep 19 11:15:10 2003 From: robc at solarflares.net (Rob Cambra) Date: Fri, 19 Sep 2003 14:15:10 -0400 Subject: "Impressive" datacenters in SF? In-Reply-To: References: Message-ID: <3F6B47AE.9030007@solarflares.net> Confirmed, I helped move some gear out of there last summer due to the imminent shut down. -rob Michael T. Halligan wrote: >Roy, > >Above.net is always my first choice.. Sadly, the last I heard, they shut >down their SF datacenter :( > >michael > >On Fri, 19 Sep 2003, Roy S. Rapoport wrote: > > > >>>Are there any GOOD hosting facilities in SF.. not resellers/small, but a >>>tier1/2 facility >>>like equinix/att/sprint? The only one I know of so far is level3. >>> >>> >>Three years ago or thereabouts, aboveNet (or whatever they're called these >>days) was building a DC in SF. We toured it and were suitably impressed, >>though this was before the electronics were put in -- we were getting to >>see the building foundations, etc. But given how they've built their >>other DCs, I'd assume their tech is top-notch (not enough, of course, to >>not bother checking :) ). >> >>-roy >> >> >> > > > From chuck+baylisa at 2003.snew.com Fri Sep 19 11:33:15 2003 From: chuck+baylisa at 2003.snew.com (Chuck Yerkes) Date: Fri, 19 Sep 2003 14:33:15 -0400 Subject: Newest Security Update (fwd) In-Reply-To: <200309191418.h8JEIpiH024192@bunrab.catwhisker.org> References: <200309191418.h8JEIpiH024192@bunrab.catwhisker.org> Message-ID: <20030919183315.GA25886@snew.com> Quoting David Wolfskill (david at catwhisker.org): > >From: Russ Witte > > >Anyone else getting some sort of variation of this? I've received about 10 > >or 12 over the last 48 hours along with an exe file (removed). Very good > >social engineering ... Hmmm, 160 in my personal mail since Thurs AM (35hrs?). > Yeah, been getting 'em both at home and at baylisa.org; have yet to see > them at freebsd.org. I think a sendmail "milter" that would nuke *.exe > messages would be appropriate. mimedefang will do this. Sendmail Inc has an attachment milter, but you've got to have switch, and that puts it into the 5 figure range (I can do < $1000 without much approval, but solid 5 figures means that this thing has to buff management's shoes and integrate with HP OV well). If you have Switch, already, there's an easy milter. If not, mime-defang it. From chuck+baylisa at snew.com Fri Sep 19 11:39:03 2003 From: chuck+baylisa at snew.com (Chuck Yerkes) Date: Fri, 19 Sep 2003 14:39:03 -0400 Subject: "Impressive" datacenters in SF? In-Reply-To: References: Message-ID: <20030919183903.GB25886@snew.com> Quoting Michael T. Halligan (michael at halligan.org): > Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility > like equinix/att/sprint? The only one I know of so far is level3. My "gut" sense is that SF is a bad place for a really really solid datacenter where you want to be always up. Unlike the East Bay, it's more easily cut off from communications in the event of the expected national disaster. It's always struck me that Oakland (and SJ) would stand to be the obvious places for Tier 1 datacenters (the transcontinental railroad ended in Oakland - for a reason). For things that would be "mostly up" (say a server for a local company where outtages in a disaster would be expected for a while and not affect a business that would be down anyway), that's where resellers fall in. But that's just my opinion. From chuck+baylisa at snew.com Fri Sep 19 11:43:22 2003 From: chuck+baylisa at snew.com (Chuck Yerkes) Date: Fri, 19 Sep 2003 14:43:22 -0400 Subject: Remote terminal server recommendations? In-Reply-To: <42257.172.16.0.30.1063952480.squirrel@ssl.monsoonwind.com> References: <42257.172.16.0.30.1063952480.squirrel@ssl.monsoonwind.com> Message-ID: <20030919184322.GC25886@snew.com> Quoting Robert Hajime Lanning (lanning at monsoonwind.com): > Cyclades has turned their focus from RAS to console servers. > > Linux on firmware runs up to a 48 port 1U rackmount box. > Their power strips integrate very well. I have an old annex at home - used mostly cause I have it. I like the cyclades. Roberts note covers it all (ssh vs. telnet is good), but skips that it will log some. It's really handy to find a box that's acting up or has just rebooted and say "show me the last MB of console data". That's how I can see: "su: Developer .... rebooting..." and perhaps discuss with developer that what he did did indeed make it crash. From lanning at monsoonwind.com Fri Sep 19 12:05:00 2003 From: lanning at monsoonwind.com (Robert Hajime Lanning) Date: Fri, 19 Sep 2003 12:05:00 -0700 (PDT) Subject: Remote terminal server recommendations? In-Reply-To: <20030919184322.GC25886@snew.com> References: <42257.172.16.0.30.1063952480.squirrel@ssl.monsoonwind.com> <20030919184322.GC25886@snew.com> Message-ID: <11204.192.55.4.36.1063998300.squirrel@ssl.monsoonwind.com> > Quoting Robert Hajime Lanning (lanning at monsoonwind.com): >> Cyclades has turned their focus from RAS to console servers. >> >> Linux on firmware runs up to a 48 port 1U rackmount box. >> Their power strips integrate very well. > > I have an old annex at home - used mostly cause I have it. > > I like the cyclades. Roberts note covers it all (ssh vs. telnet > is good), but skips that it will log some. It's really handy to > find a box that's acting up or has just rebooted and say > "show me the last MB of console data". That's how I can see: > "su: Developer .... rebooting..." and perhaps discuss with > developer that what he did did indeed make it crash. > It can also log remotely, with syslogng. So, console logs can be kept, via syslog. -- END OF LINE From fscked at pacbell.net Fri Sep 19 13:10:46 2003 From: fscked at pacbell.net (richard childers / kg6hac) Date: Fri, 19 Sep 2003 13:10:46 -0700 Subject: "Impressive" datacenters @ SF? In-Reply-To: <20030919183903.GB25886@snew.com> References: <20030919183903.GB25886@snew.com> Message-ID: <3F6B62C6.7050003@pacbell.net> > Chuck Yerkes wrote: > >Quoting Michael T. Halligan (michael at halligan.org): > > >>Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility >>like equinix/att/sprint? The only one I know of so far is level3. >> >> > >My "gut" sense is that SF is a bad place for a really >really solid datacenter where you want to be always up. > >Unlike the East Bay, it's more easily cut off from communications in >the event of the expected national disaster. > >It's always struck me that Oakland (and SJ) would stand to be >the obvious places for Tier 1 datacenters (the transcontinental >railroad ended in Oakland - for a reason). > > For similar reasons, I would avoid Stockton, both for living -and- for siting equipment ... it's downwind of both the San Francisco Bay Area in general, and Livermore, in particular. Too bad; lots of nice farmland out there. San Francisco property rates are still obnoxious, if Craigslist's 'commercial properties' section is any guide; another reason to avoid the tip of the peninsula ... Manhattanesque real estate strategies abound. (Exercise for the un[der]employed: measure your home's livable square footage and figure out how much you're paying, per square foot, per month, for rent. If it's over $1.00, you should think about renegotiating; you might save yourself $500 a month.) My $0.02, YMMV, etc. -- richard Chuck Yerkes wrote: >Quoting Michael T. Halligan (michael at halligan.org): > > >>Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility >>like equinix/att/sprint? The only one I know of so far is level3. >> >> > >My "gut" sense is that SF is a bad place for a really >really solid datacenter where you want to be always up. > >Unlike the East Bay, it's more easily cut off from communications in >the event of the expected national disaster. > >It's always struck me that Oakland (and SJ) would stand to be >the obvious places for Tier 1 datacenters (the transcontinental >railroad ended in Oakland - for a reason). > >For things that would be "mostly up" (say a server for a local >company where outtages in a disaster would be expected for a while >and not affect a business that would be down anyway), that's where >resellers fall in. > >But that's just my opinion. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at offmyserver.com Fri Sep 19 21:51:32 2003 From: matt at offmyserver.com (Matt Olander) Date: Fri, 19 Sep 2003 21:51:32 -0700 Subject: "Impressive" datacenters in SF? In-Reply-To: ; from michael@halligan.org on Fri, Sep 19, 2003 at 10:02:04AM -0700 References: Message-ID: <20030919215132.A16633@knight.ixsystems.net> On Fri, Sep 19, 2003 at 10:02:04AM -0700, Michael T. Halligan wrote: > Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility > like equinix/att/sprint? The only one I know of so far is level3. let's see. haven't been up there in awhile, but eXchange was pretty impressive, they owned the building, and had peering with PAIX. I believe that they also owned the carrier hotel. -matt > > ------------------- > Michael T. Halligan > Chief Geek > Halligan Infrastructure Designs. > http://www.halligan.org/ > 2250 Jerrold Ave #11 > San Francisco, CA 94124-1012 > (415) 724.7998 - Mobile -- Matt Olander (408)943-4100 Phone (408)943-4101 Fax www.offmyserver.com -- "Those who don't read have no advantage over those who can't" -Mark Twain From ahorn at deorth.org Fri Sep 19 22:28:38 2003 From: ahorn at deorth.org (Alan Horn) Date: Fri, 19 Sep 2003 22:28:38 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: <20030919215132.A16633@knight.ixsystems.net> Message-ID: Do you mean actually physically in SF itself ? or are you ok moving down the peninsula. Exodus has facilities in santa clara that were nice last time I looked :) is eXchange the one near candlestick park ? I wouldn't go to that part of town at night ;) But the data center seemed nice, if a little cramped. On Fri, 19 Sep 2003, Matt Olander wrote: >Date: Fri, 19 Sep 2003 21:51:32 -0700 >From: Matt Olander >To: Michael T. Halligan >Cc: baylisa at baylisa.org >Subject: Re: "Impressive" datacenters in SF? > >On Fri, Sep 19, 2003 at 10:02:04AM -0700, Michael T. Halligan wrote: >> Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility >> like equinix/att/sprint? The only one I know of so far is level3. > > >let's see. haven't been up there in awhile, but eXchange was pretty >impressive, they owned the building, and had peering with PAIX. I >believe that they also owned the carrier hotel. > >-matt > > >> >> ------------------- >> Michael T. Halligan >> Chief Geek >> Halligan Infrastructure Designs. >> http://www.halligan.org/ >> 2250 Jerrold Ave #11 >> San Francisco, CA 94124-1012 >> (415) 724.7998 - Mobile > > From alvin at Mail.Linux-Consulting.com Fri Sep 19 22:20:44 2003 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 19 Sep 2003 22:20:44 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: <20030919215132.A16633@knight.ixsystems.net> Message-ID: hi ya partial list of major NAPs and POPs http://www.micro-colo.net/POP http://www.micro-colo.net/Colos/ c ya alvin On Fri, 19 Sep 2003, Matt Olander wrote: > On Fri, Sep 19, 2003 at 10:02:04AM -0700, Michael T. Halligan wrote: > > Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility > > like equinix/att/sprint? The only one I know of so far is level3. > > > let's see. haven't been up there in awhile, but eXchange was pretty > impressive, they owned the building, and had peering with PAIX. I > believe that they also owned the carrier hotel. > From michael at halligan.org Fri Sep 19 22:35:53 2003 From: michael at halligan.org (Michael T. Halligan) Date: Fri, 19 Sep 2003 22:35:53 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: Message-ID: Ideally peninsula or up.. There are always earthquake factors to worry about, but in the end, if the excrement hits the fan I don't want to be an hour-2 hours away from my datacenter.. It's funny, above.net & hurricane electric are alright facilities, but their newest facilities are probably in the worst locations imaginable in terms of busy highways during the day. Life would just be easier if above.net hadn't closed down their SF colo. eXchange is the one near candlestick park. I actually host a bunch of my customers there (it's in my neighborhood so to speak).. but their facilities are definately tier 2, and their security procedures are a joke.. The security guys will just buzsz you into the colos if you don't have your card, and say "hey, I left my card at home", without ID. The facilities are fine though, and the sales people are great.. Most of the other places I've hosted in over the past few years, exodus, level3, he, etc.. You had to beg and bribe the TAMS to pick up their phones.. The people @ xchangecolo actually make it a point to call me and see if I'm happy, that means a lot. Unfortunately, a security based company I'm contracting for has a lot of interest from banks and law enforcement, so we're doing a LOT of "appearance of security" work.. > Do you mean actually physically in SF itself ? or are you ok moving down > the peninsula. Exodus has facilities in santa clara that were nice last > time I looked :) > > is eXchange the one near candlestick park ? I wouldn't go to that part of > town at night ;) But the data center seemed nice, if a little cramped. -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From matt at offmyserver.com Sat Sep 20 00:02:27 2003 From: matt at offmyserver.com (Matt Olander) Date: Sat, 20 Sep 2003 00:02:27 -0700 Subject: "Impressive" datacenters in SF? In-Reply-To: ; from ahorn@deorth.org on Fri, Sep 19, 2003 at 10:28:38PM -0700 References: <20030919215132.A16633@knight.ixsystems.net> Message-ID: <20030920000226.A17354@knight.ixsystems.net> On Fri, Sep 19, 2003 at 10:28:38PM -0700, Alan Horn wrote: > is eXchange the one near candlestick park ? I wouldn't go to that part of > town at night ;) But the data center seemed nice, if a little cramped. haha. walk softly and carry a big server ;) yeah, they really are cool people there and I thought when they opened they were going for tier1, but I guess it didn't work out that way. -matt > > > On Fri, 19 Sep 2003, Matt Olander wrote: > > >Date: Fri, 19 Sep 2003 21:51:32 -0700 > >From: Matt Olander > >To: Michael T. Halligan > >Cc: baylisa at baylisa.org > >Subject: Re: "Impressive" datacenters in SF? > > > >On Fri, Sep 19, 2003 at 10:02:04AM -0700, Michael T. Halligan wrote: > >> Are there any GOOD hosting facilities in SF.. not resellers/small, but a tier1/2 facility > >> like equinix/att/sprint? The only one I know of so far is level3. > > > > > >let's see. haven't been up there in awhile, but eXchange was pretty > >impressive, they owned the building, and had peering with PAIX. I > >believe that they also owned the carrier hotel. > > > >-matt > > > > > >> > >> ------------------- > >> Michael T. Halligan > >> Chief Geek > >> Halligan Infrastructure Designs. > >> http://www.halligan.org/ > >> 2250 Jerrold Ave #11 > >> San Francisco, CA 94124-1012 > >> (415) 724.7998 - Mobile > > > > -- Matt Olander (408)943-4100 Phone (408)943-4101 Fax www.offmyserver.com -- "Those who don't read have no advantage over those who can't" -Mark Twain From hans at whitties.org Mon Sep 22 07:47:42 2003 From: hans at whitties.org (Hans Jacobsen) Date: Mon, 22 Sep 2003 07:47:42 -0700 Subject: Remote terminal server recommendations? In-Reply-To: Message-ID: <5.2.0.9.0.20030922074531.00a79a90@mail.wwc.com> I still buy computone boxes and love them. http://www.computone.com/ -- the company "computone" changed its name and merged with some other company... However, the folks who cared about the main product line started a new company and kept the product name/branding of computone. Same support guys were even there when I called a couple of months ago. 64 ports in about 4U. At 09:36 PM 9/18/2003 -0700, you wrote: >Is anybody up on the latest in remote terminals? > >My old standby used to be computone, but they don't >seem to be around anymore. They had the best features >out of them all back in the day, mainly they had ssh >support, as well as per-port user/password acls & easy >integration with their remote power strips. > >Does anybody know of something comparable (Mainly I >want a solution with ssh). > >Michael > >------------------- >Michael T. Halligan >Chief Geek >Halligan Infrastructure Designs. >http://www.halligan.org/ >2250 Jerrold Ave #11 >San Francisco, CA 94124-1012 >(415) 724.7998 - Mobile -hej Hans Jacobsen cell 408 828 3228 YM ID hejish From michael at halligan.org Mon Sep 22 09:47:38 2003 From: michael at halligan.org (Michael T. Halligan) Date: Mon, 22 Sep 2003 09:47:38 -0700 (PDT) Subject: Remote terminal server recommendations? In-Reply-To: <5.2.0.9.0.20030922074531.00a79a90@mail.wwc.com> Message-ID: Whoa, great to hear! Just got in touch with Charlie and it looks like they're good to go.. I thought they were dead and only doing parts replacements.. My day is half made :) Michael On Mon, 22 Sep 2003, Hans Jacobsen wrote: > I still buy computone boxes and love them. > http://www.computone.com/ -- the company "computone" changed its name and > merged with some other company... However, the folks who cared about the > main product line started a new company and kept the product name/branding > of computone. Same support guys were even there when I called a couple of > months ago. > > 64 ports in about 4U. > > At 09:36 PM 9/18/2003 -0700, you wrote: > > >Is anybody up on the latest in remote terminals? > > > >My old standby used to be computone, but they don't > >seem to be around anymore. They had the best features > >out of them all back in the day, mainly they had ssh > >support, as well as per-port user/password acls & easy > >integration with their remote power strips. > > > >Does anybody know of something comparable (Mainly I > >want a solution with ssh). > > > >Michael > > > >------------------- > >Michael T. Halligan > >Chief Geek > >Halligan Infrastructure Designs. > >http://www.halligan.org/ > >2250 Jerrold Ave #11 > >San Francisco, CA 94124-1012 > >(415) 724.7998 - Mobile > > -hej > Hans Jacobsen > cell 408 828 3228 > YM ID hejish > > > > -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From bill at wards.net Wed Sep 24 16:06:02 2003 From: bill at wards.net (William R Ward) Date: Wed, 24 Sep 2003 16:06:02 -0700 Subject: Peninsula Linux Users' Group Tomorrow Night Message-ID: <16242.9050.710348.717300@komodo.home.wards.net> Tomorrow evening, Thursday, Sep 25, we will have a meeting of the Peninsula Linux Users' Group at Oracle building 100, room 104, in Redwood Shores. For directions see our website: http://www.penlug.org Agenda: 7:00-7:30 PM: Nuts & Bolts presentation by Rick Moen: "Personal encryption with PGP and GnuPG" 7:30-8:30 PM: Keynote presentation by Edward Cherlin: "Simputers and Free/Open Source software for the poor" 8:30-9:00 PM: App of the Month Club discussion facilitated by Bill Ward: "vi and vim" 9:00 PM: Adjourn to a local restaurant (TBD) for social & food time Details about each item: * PGP and GnuPG are not used as widely as maybe they should be. With them we can encrypt and authenticate our email. Public-key crypto and the "web of trust" model helps it scale to a worldwide scope. Rick will explain what it's all about and how you can use it in your daily email. * The Simputer is a low cost portable alternative to PCs, by which the benefits of IT can reach the common man. It has a special role in the third world, particularly in India, because it ensures that illiteracy is no longer a barrier to handling a computer. Based on Linux, the Simputer provides a simple and natural user interface based on sight, touch and audio. Edward will tell us about the work he has been doing with Simputer to bring computers to the masses worldwide. * Our third topic is the old workhorse editor for Unix, "vi". Bill will be facilitating a discusison of some basic and not-so-basic vi skills. Your homework is to play with the vim tutorial and/or read Bill's article in the current issue of Linux Journal magazine, and try at least one vi command you never knew before. Hope to see you all there! --Bill. -- William R Ward bill at wards.net http://www.wards.net/~bill/ ----------------------------------------------------------------------------- PROFESSIONAL PROGRAMMER, CLOSED COURSE. DO NOT ATTEMPT. From Leslie.Devlin at cnet.com Wed Sep 24 15:35:56 2003 From: Leslie.Devlin at cnet.com (Leslie Devlin) Date: Wed, 24 Sep 2003 15:35:56 -0700 Subject: "Impressive" datacenters in SF? Message-ID: <56D3931E053184469162B0EBF9EBB77F15A241F2@cnet10.cnet.cnwk> > Life would just be easier if above.net hadn't > closed down their SF colo. The SF above.net colo reopened recently as "365 Main." I don't know any details, especially about how well- or poorly-managed it is, but it *is* open again. From afactor at afactor.com Thu Sep 25 16:38:03 2003 From: afactor at afactor.com (Alan Factor) Date: Thu, 25 Sep 2003 16:38:03 -0700 Subject: subdomain delegation for email routing Message-ID: I have a client (company1.com) who has customers send email to several special email accounts (such as customer service which goes to care at company1.com). These emails are processed along with all other corporate email by the corporate mail server and then forwarded to an outside vendor (webservice.com) that handles these special email accounts. A backup copy is made and kept by company1.com and the original is forwarded to the vendor (e.g., to company1-cs at webvendor.com) and the vendor responds to the email. Unfortunately average response times are 48 hours. My client wants to have the customer service email delivered directly to the outside vendor and I suggested that they create a subdomain care.company1.com and delegate this subdomain to the vendor: care.company1.com IN NS ns.webservice.com care.company1.com IN MX mail.webservice.com The vendor can forward email from care.company1.com to the appropriate end user and then forward a backup copy to company1 (e.g., backup.company1.com) . Is this possible? What DNS config is required? Are there any pitfalls/better ways? Thanks, Alan -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ From alvin at Mail.Linux-Consulting.com Thu Sep 25 18:43:34 2003 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Thu, 25 Sep 2003 18:43:34 -0700 (PDT) Subject: subdomain delegation for email routing In-Reply-To: Message-ID: hi ya alan On Thu, 25 Sep 2003, Alan Factor wrote: > I have a client (company1.com) who has customers send email to several > special email accounts (such as customer service which goes to > care at company1.com). These emails are processed along with all other > corporate email by the corporate mail server and then forwarded to an > outside vendor (webservice.com) that handles these special email > accounts. > A backup copy is made and kept by company1.com and the original is > forwarded to the vendor (e.g., to company1-cs at webvendor.com) and the > vendor > responds to the email. Unfortunately average response times are 48 > hours. > > My client wants to have the customer service email delivered directly to > the outside vendor and I suggested that they create a subdomain > care.company1.com and delegate this subdomain to the vendor: > > care.company1.com IN NS ns.webservice.com > care.company1.com IN MX mail.webservice.com > > The vendor can forward email from care.company1.com to the appropriate > end user and then forward a backup copy to company1 (e.g., backup.company1.com) > > Is this possible? > What DNS config is required? > Are there any pitfalls/better ways? > dozen ways to skin the cat having the email sent directly to the webservice/tech support provider will not reduce/change their 48hr response time and depending on how you did it, you might not get a copy of it either .. best way to do this ... on your side ... vi /etc/mail/aliases # # keep a copy for yourself ... and end a copy to them # care: localcopy,customer1 at webservice.com -- on their side vi /etc/mail/aliases # # they receive incoming tech support email requests # and send off a reply .. noting the original email info # customer1: themself,replied at company1.com they reply to customer1 and you also get a cc of their reply at replied at company1.com that its been processed and hopefully, your contract calls for payment for correct and timely answers sent to "replied at company1.com" imho, tech support and other support services should be internal vs outsourced c ya alvin From hans at whitties.org Thu Sep 25 20:55:28 2003 From: hans at whitties.org (Hans Jacobsen) Date: Thu, 25 Sep 2003 20:55:28 -0700 Subject: subdomain delegation for email routing In-Reply-To: Message-ID: <5.2.0.9.0.20030925204707.00ac4090@mail.wwc.com> It is very possible to create a subdomain, to sub-delegate the subdomain, and have email delivered directly to the outside vendor. Once you delegate, you have _no_ control or other records. If you delegate the domain care.company1.com to ns.webservice.com, then ns.webservice.com has to have the MX entry for care.company1.com. If company webservice.com is cooperative, subdelegation can work. However, company1.com could just have an MX entry for care.company1.com pointing at mail.webservice.com - the entry below - without the sub-delegation. The true nature of the problem that must be solved is not clear from your email. The response time appears to be the problem. It is unclear to me how changing the email path fixes that from the information given. And who is it a problem for? company1.com? If the email does not get to company1.com first, then how will company1.com know how slow webservice.com is in forwarding the emails appropriately? -hej Hans Jacobsen At 04:38 PM 9/25/2003 -0700, Alan Factor wrote: >I have a client (company1.com) who has customers send email to several >special email accounts (such as customer service which goes to >care at company1.com). These emails are processed along with all other >corporate email by the corporate mail server and then forwarded to an >outside vendor (webservice.com) that handles these special email accounts. >A backup copy is made and kept by company1.com and the original is >forwarded to the vendor (e.g., to company1-cs at webvendor.com) and the >vendor responds to the email. Unfortunately average response times are 48 >hours. > >My client wants to have the customer service email delivered directly to >the outside vendor and I suggested that they create a subdomain >care.company1.com and delegate this subdomain to the vendor: > >care.company1.com IN NS ns.webservice.com >care.company1.com IN MX mail.webservice.com > >The vendor can forward email from care.company1.com to the appropriate end >user and then forward a backup copy to company1 (e.g., backup.company1.com) . > >Is this possible? >What DNS config is required? >Are there any pitfalls/better ways? > >Thanks, >Alan > >-- >Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -hej Hans Jacobsen cell 408 828 3228 YM ID hejish From chuck+baylisa at snew.com Fri Sep 26 09:07:41 2003 From: chuck+baylisa at snew.com (Chuck Yerkes) Date: Fri, 26 Sep 2003 12:07:41 -0400 Subject: subdomain delegation for email routing In-Reply-To: References: Message-ID: <20030926160741.GA13689@snew.com> Quoting Alan Factor (afactor at afactor.com): > I have a client (company1.com) who has customers send email to several > special email accounts (such as customer service which goes to > care at company1.com). These emails are processed along with all other > corporate email by the corporate mail server and then forwarded to an > outside vendor (webservice.com) that handles these special email accounts. > A backup copy is made and kept by company1.com and the original is > forwarded to the vendor (e.g., to company1-cs at webvendor.com) and the vendor > responds to the email. Unfortunately average response times are 48 hours. Well here's the problem. I'd expect a typical 1-2 second lag with the occasional couple hour lag on rare rare occasions. I'd solve THIS problem - a series of aliases (or distribution lists in LDAP, or the right TXT record in HESIOD (dns, really). This is a 20 minute exercise on any Unix box running a real MTA. > My client wants to have the customer service email delivered directly to > the outside vendor and I suggested that they create a subdomain > care.company1.com and delegate this subdomain to the vendor: I don't think you can have an NS *and* an MX for the same item. Pick one. > care.company1.com IN NS ns.webservice.com > care.company1.com IN MX mail.webservice.com (I'd put a number after that MX :) > The vendor can forward email from care.company1.com to the appropriate end > user and then forward a backup copy to company1 (e.g., backup.company1.com) From star at starshine.org Fri Sep 26 09:16:37 2003 From: star at starshine.org (Heather Stern) Date: Fri, 26 Sep 2003 09:16:37 -0700 Subject: subdomain delegation for email routing In-Reply-To: <5.2.0.9.0.20030925204707.00ac4090@mail.wwc.com> References: <5.2.0.9.0.20030925204707.00ac4090@mail.wwc.com> Message-ID: <20030926161637.GC17277@starshine.org> Of the techie answers mentioned already I favor Alvin's approach for simplicity. You don't need a whole subdomain for one address, and it's not terribly wise to give the third party control of a piece of your domain beyond that. However, the vague description sounds like it has both techie and social aspects to solve... > The true nature of the problem that must be solved is not clear from your > email. The response time appears to be the problem. What I got out of it is that humans are accepting mail at company1 then forwarding it to outsourced-clues.com or whoever, so the time for the final note to reach the customer is lengthened by one more factor of human interaction. In such a case though it's worth checking if the human at step 1 is performing an important screening function. My first guess is the brass would say no and the real answer's yes, since it's your only real way to tell when the customer came by. But if there would *ever* be a reason that they would *not* pass along the mail to outsourced-clues, then the function is in fact a critical part of the process. It doesn't mean technology can't help out, though. > It is unclear to me > how changing the email path fixes that from the information given. And who > is it a problem for? company1.com? If the email does not get to > company1.com first, then how will company1.com know how slow webservice.com > is in forwarding the emails appropriately? What's especially vague is whether the declared "response time" is time from customer send to customer getting their first reply, or to customer getting their question settled. When I worked at McAfee, tech support was painfully aware that customer expectation varied widely about what response time *should* be (I emailed you guys a whole 10 minutes ago! Don't you know the internet's supposed to be fast?), never mind that some questions are easy and some aren't. Also the customers rarely could get it right whether their emailed question belonged in customer care or tech supp anyway - or had aspects of both. Getting the wrong dept delayed their initial response. What I did was slip a reply bot into the stream which, unlike the usual autoreply bot, passed the message on through - with some footnotes. Also, the reply wasn't static - it was put together from a few parts; a friendly intro, some were short randomized FAQs. If it spotted useful keywords then the FAQ would be not-quite-so-random. Cap off with how to reach the staff if your email dies on you or other disaster befalls before (reasonable time to reply). Season with some antispam and anti-abuse measures. Bake at 250 for 20 minutes, remove, let cool, frost, serves thousands. :) In your case you could add tracking information, for instance log an email ID for it and add that into the subject on the way to your outside care staff, as well as into the customer's initial reply. If a customer who's been flaked on calls in, they have something to give you, and your local flamewarden has something to look up to find out where it went awry. Of course this is the moment for the obligatory plug for my consulting services :D but probably most of BayLISA can do this sort of thing. . | . Heather Stern | star at starshine.org --->*<--- Starshine Technical Services - * - consulting at starshine.org ' | ` Sysadmin Support and Training | (800) 938-4078 From star at starshine.org Fri Sep 26 14:48:04 2003 From: star at starshine.org (Heather Stern) Date: Fri, 26 Sep 2003 14:48:04 -0700 Subject: subdomain delegation for email routing In-Reply-To: References: <20030926161637.GC17277@starshine.org> Message-ID: <20030926214804.GB1467@starshine.org> On Fri, Sep 26, 2003 at 12:04:32PM -0700, afactor wrote: > Please let me clarify: > > Management's stated desire is to reduce the load on the corporate email > server which is currently straining under the virus/spam/worm > load. Management feels strongly that email that is forwarded to the > outside customer care vendor should not place a load on the corporate > email server. Management also feels that there should not be a delay in > the delivery of said email (although arguably that delay may not be > significant). Then they are about to chop their hand off should the outsourced site decide to start flaking entirely on your users rather than merely take two days to get to them. A better solution is to get defenses against the wormspam in at the MTA level so that crap is only stressing the system once (at the MTA. not twice (in the MTA and then local delivery of that junk into some account that didn't want to see it anyway). Your customers are the desired load. The viral bounce crap isn't. You haven't actually mentioned what "the overloaded corporate mail server is". I'd been riding with an assumption that it's some form or another of UNIX, but... that 486 did loads (heh) better than cc:Mail, the overloaded corporate server it was helping defend. So, consider whether the real source of the bottleneck is really where management thinks it is. MTA performance tuning may be part of your right answer; adding a cheap machine with screening-only mail services might be. > I believe that none of this mail is ever NOT forwarded although I can't > say for certain whether the forwarding is done manually or not > (incredibly I believe the forwarding of the email to the vendor may be a > manually started batch job). The only requirement is that a copy of the > email is saved/sent/forwarded to the primary company (for DR/backup > reasons). The alias described by Alvin would result in that. Both aliases could point to some completely different machine, and if so, then an LDA would never be invoked on this overloaded MX box, reducing its load considerably. > Having said that I can't put an alias in the company's mail server as that > doesn't meet the first requirement of eliminating delivery to the > corporate email server. And my second choice of setting up a second email > server and delegating a zone to it (e.g., care.company1.com) was nixed as > the company doesn't want to spend the capital. 9 to 20 characters in ascii is cheap. If the corporate mail server of Company1 isn't getting a copy, who's storing the copy-for-audit purposes? Santa? The fox in the henhouse, err, I mean the outsourced support company? Directing it off that machine once it has gotten there is just adding to its time in transit, its risk of being lost forever (hopefully tiny), and a general increase of network traffic at your site's router. > BTW, correct me if I am mistaken but I need to delegate a subdomain not > because there are alot of users in the domain (actually there are just a > handful of email addresses I need to handle) but because if I create and > delegate a subdomain in DNS the mail delivered to these users will bypass > the corporate mail server and go directly to the mail server configured in > the NS server assigned to the new subdomain. You do not need to delegate a subdomain to get that result. You only need a subhost. I have a subhost website (trek.starshine.org) and MX records for trek.starshine.org point to a different set of systems than the MX of starshine.org and a bunch of otherhosts.starshine.org. You only need to have a subhost with a seperate MX record or three. Only your own NS server nseds to get involved at all and it only needs MX entries. Although an A record pointing at the correct IP address for the offsite mailvendor might help some particularly stupid MTAs deliver correctly. It should not cost any additional. If your DNS provider charges you extra per new *host* entries at your own domain level you're being screwed and should switch it ASAP. > [Actually the above paragraph/question was what prompted me to send email > to baylisa: I'd like verification that what I am thinking of doing will > work as I imagine it will :)]. > > Unfortunately management prefers not to go this route. They do not have > any qualms about delegating a newly created subdomain to the outside > vendor just for the purpose of delivering this email. While the company is > fairly large (national, retail, 100 stores, etc.) I don't believe they > have configured any subdomains in their dns namespace. > > So what about if the handful of email addresses are changed from > customer-care-east at company1.com to customer-care-east at care.company1.com and > instead of forwarding them to company1 at webvendor.com I create a subdomain > and assign the NS record to webvendor.com: > care.company1.com IN NS ns.webvendor.com Customers will still type in the old address. Trsut me. The only way to keep customer-care-east at company1.com from getting mail (or worse, generating bounces) is to put in a mail alias (ok), forward (slower, yick), or relocate entry for it in the MTA (probably about the same processing time as an alias, but slightly diffrerent results; to wit, some MTAs will complete the transaction themselves / the whole slice of mail won't bother your server, while others will simply make their bounce message more readable). If you want it handled without bounces it has to be an alias or an MTA-level rewrite of the address and redelivery. The alias costs less processing time. care.company1.com IN MX 10 mailserv-company1-com.webvendor.com. where webvendor has added in their own DNS mailserv-company1-com IN A nn.mm.xx.yy > ... Assuming they correctly setup their dns server and mail server to > accept email from care.company1.com. Correct. Ideally they also send mail outbound as if customer-care-NN at care.company.com. (Mail Masquerading) Then nearly any customer's mailer will properly handle the rest of the conversation heading that way without any slowdown or oversight from company1.com. It's that lack of oversight that would worry me, but it's their arm to chew on. . | . Heather Stern | star at starshine.org --->*<--- Starshine Technical Services - * - consulting at starshine.org ' | ` Sysadmin Support and Training | (800) 938-4078 From chuck+baylisa at snew.com Fri Sep 26 15:38:53 2003 From: chuck+baylisa at snew.com (Chuck Yerkes) Date: Fri, 26 Sep 2003 18:38:53 -0400 Subject: subdomain delegation for email routing In-Reply-To: <20030926214804.GB1467@starshine.org> References: <20030926161637.GC17277@starshine.org> <20030926214804.GB1467@starshine.org> Message-ID: <20030926223853.GA4667@snew.com> Quoting Heather Stern (star at starshine.org): > On Fri, Sep 26, 2003 at 12:04:32PM -0700, afactor wrote: > > Please let me clarify: > > > > Management's stated desire is to reduce the load on the corporate email > > server which is currently straining under the virus/spam/worm > > load. Management feels strongly that email that is forwarded to the > > outside customer care vendor should not place a load on the corporate > > email server. Management also feels that there should not be a delay in > > the delivery of said email (although arguably that delay may not be > > significant). > > Then they are about to chop their hand off should the outsourced site > decide to start flaking entirely on your users rather than merely take > two days to get to them. A better solution is to get defenses against > the wormspam in at the MTA level so that crap is only stressing the Sigh. I love solving solutions rather than problems. "I need large rubber boots for work" why? "I keep burning my foot" how? "I keep kicking the coffee machine" stop it "No, it's under my desk, it's not on purpose" Take it out from under your desk "No, we have to keep the coffee machine under the desk" because "Because the cord is short and under my desk is on a different circuit than the computer, so we don't pop breakers with it there." Sometimes, you don't need rubber boots, you need an extension cord. I've had Ultrix boxes - 33Mhz with 5400 RPM drives - handle 100k messages per day and be really really bored. We ran 40k through them in a couple hrs as part of a test and they shot up to a load of, er, 6. I work with an E250 that handles 40k message/hour. (wasn't bored until we stopped using software mirroring and got a good Baydel RAID box on it. Then it got mostly bored.). I STILL have a Sparc 10 (150Mhz) that anti-spams and filters for around 50 people - 3000 message/day. trust me, 64MB and 150MHz is not a fast machine. I'll trade you a 36GB drive for one. So what are your GOALS? - You want a copy of the mail, it seems, elsewhere. - You want viruses stopped, somewhere. - And you get at least 4 messages/day. I'm betting a PC too slow to run windows could handle this pretty handily. If you ARE looking at real volumes (50k or more/hour), then it can STILL be solved handily at your edge. Sendmail, Inc has a milter I called the "big brother milter" that did copy mail. It can be done via procmail as well (or aliases, if it's a small enough group of users). Virus and spam scanning is a well established space with many vendors. Perhaps you just need an extension cord. From afactor at venus.he.net Fri Sep 26 12:04:32 2003 From: afactor at venus.he.net (afactor) Date: Fri, 26 Sep 2003 12:04:32 -0700 (PDT) Subject: subdomain delegation for email routing In-Reply-To: <20030926161637.GC17277@starshine.org> Message-ID: Please let me clarify: Management's stated desire is to reduce the load on the corporate email server which is currently straining under the virus/spam/worm load. Management feels strongly that email that is forwarded to the outside customer care vendor should not place a load on the corporate email server. Management also feels that there should not be a delay in the delivery of said email (although arguably that delay may not be significant). I believe that none of this mail is ever NOT forwarded although I can't say for certain whether the forwarding is done manually or not (incredibly I believe the forwarding of the email to the vendor may be a manually started batch job). The only requirement is that a copy of the email is saved/sent/forwarded to the primary company (for DR/backup reasons). Having said that I can't put an alias in the company's mail server as that doesn't meet the first requirement of eliminating delivery to the corporate email server. And my second choice of setting up a second email server and delegating a zone to it (e.g., care.company1.com) was nixed as the company doesn't want to spend the capital. BTW, correct me if I am mistaken but I need to delegate a subdomain not because there are alot of users in the domain (actually there are just a handful of email addresses I need to handle) but because if I create and delegate a subdomain in DNS the mail delivered to these users will bypass the corporate mail server and go directly to the mail server configured in the NS server assigned to the new subdomain. [Actually the above paragraph/question was what prompted me to send email to baylisa: I'd like verification that what I am thinking of doing will work as I imagine it will :)]. Unfortunately management prefers not to go this route. They do not have any qualms about delegating a newly created subdomain to the outside vendor just for the purpose of delivering this email. While the company is fairly large (national, retail, 100 stores, etc.) I don't believe they have configured any subdomains in their dns namespace. So what about if the handful of email addresses are changed from customer-care-east at company1.com to customer-care-east at care.company1.com and instead of forwarding them to company1 at webvendor.com I create a subdomain and assign the NS record to webvendor.com: care.company1.com IN NS ns.webvendor.com ... Assuming they correctly setup their dns server and mail server to accept email from care.company1.com. --Alan From lanning at monsoonwind.com Fri Sep 26 18:36:55 2003 From: lanning at monsoonwind.com (Robert Hajime Lanning) Date: Fri, 26 Sep 2003 18:36:55 -0700 (PDT) Subject: subdomain delegation for email routing In-Reply-To: References: <20030926161637.GC17277@starshine.org> Message-ID: <45419.192.55.4.36.1064626615.squirrel@ssl.monsoonwind.com> > Please let me clarify: > > Management's stated desire is to reduce the load on the corporate email > server which is currently straining under the virus/spam/worm > load. Management feels strongly that email that is forwarded to the > outside customer care vendor should not place a load on the corporate > email server. Management also feels that there should not be a delay in > the delivery of said email (although arguably that delay may not be > significant). They don't want to be responsible for anything that goes wrong. > I believe that none of this mail is ever NOT forwarded although I can't > say for certain whether the forwarding is done manually or not > (incredibly I believe the forwarding of the email to the vendor may be a > manually started batch job). The only requirement is that a copy of the > email is saved/sent/forwarded to the primary company (for DR/backup > reasons). With the delegation, you will have zero control over getting any copies. The emails never touch your network. You will rely 100% on the other company, for proper backups of all messages. > > Having said that I can't put an alias in the company's mail server as that > doesn't meet the first requirement of eliminating delivery to the > corporate email server. And my second choice of setting up a second email > server and delegating a zone to it (e.g., care.company1.com) was nixed as > the company doesn't want to spend the capital. > > BTW, correct me if I am mistaken but I need to delegate a subdomain not > because there are alot of users in the domain (actually there are just a > handful of email addresses I need to handle) but because if I create and > delegate a subdomain in DNS the mail delivered to these users will bypass > the corporate mail server and go directly to the mail server configured in > the NS server assigned to the new subdomain. You really do not have to "delegate" the subdomain. This has an additional issue of giving over control of a piece of your namespace to another authority. Hence the term "delegate". All you need to do is create an MX record in your domain. care IN MX 10 mail.webcompany.com. That is all. With that one entry all mail addressed as joeblow at care.company1.com will be delivered to mail.webcompany.com. > [Actually the above paragraph/question was what prompted me to send email > to baylisa: I'd like verification that what I am thinking of doing will > work as I imagine it will :)]. > > Unfortunately management prefers not to go this route. They do not have > any qualms about delegating a newly created subdomain to the outside > vendor just for the purpose of delivering this email. While the company is > fairly large (national, retail, 100 stores, etc.) I don't believe they > have configured any subdomains in their dns namespace. We here at Seagate (My group maintain Seagate's firewalls/SMTP(sendmail)/DNS services) do not delegate any subdomains outside our company. We maintain the records ourselves. > > So what about if the handful of email addresses are changed from > customer-care-east at company1.com to customer-care-east at care.company1.com > and > instead of forwarding them to company1 at webvendor.com I create a subdomain > and assign the NS record to webvendor.com: > care.company1.com IN NS ns.webvendor.com > > ... Assuming they correctly setup their dns server and mail server to > accept email from care.company1.com. This is usually a big assumption. > > --Alan -- END OF LINE From dannyman at toldme.com Fri Sep 26 22:16:17 2003 From: dannyman at toldme.com (Danny Howard) Date: Fri, 26 Sep 2003 22:16:17 -0700 Subject: subdomain delegation for email routing In-Reply-To: References: <20030926161637.GC17277@starshine.org> Message-ID: <20030927051617.GB27575@pianosa.catch22.org> On Fri, Sep 26, 2003 at 12:04:32PM -0700, afactor wrote: [...] > Unfortunately management prefers not to go this route. They do not > have any qualms about delegating a newly created subdomain to the > outside vendor just for the purpose of delivering this email. While > the company is fairly large (national, retail, 100 stores, etc.) I > don't believe they have configured any subdomains in their dns > namespace. [...] Hrmmm. I think we need to not lose track that there are two seperate issues here. Issue 1: Is afactor not doing a great job of reverse-engineering what really needs to be done and then selling it to management, or is he being wise in reverting to the inelegant solution of doing what the people who pay him think they want done? Yes, there are "better" solutions that have been suggested, like replacing his corporate e-mail infrastructure with Linux, or provisioning a cheap (spare?) MX box that takes incoming corporate mail, and forwards it off to the appropriate mail hosts. Yay, these are elegant solutions that will make afactor feel like more of a stud with his infrastructure, but his overlords don't want that, and delegating out the subdomain and passing the buck to the other company is a lot easier than re-jiggering architecture. Issue 2: Will afactor's technical solution work, however silly you think it is? I haven't been following any of this too closely, but as far as I can tell, y'all can address afactor's technical concerns, and then he can go an delegate out his subdomain, and get back to the real business of not getting too bent out of shape over other people's intractable problems. 2c. -danny From alvin at Mail.Linux-Consulting.com Fri Sep 26 19:00:20 2003 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 26 Sep 2003 19:00:20 -0700 (PDT) Subject: subdomain delegation for email routing In-Reply-To: Message-ID: hi ya alan On Fri, 26 Sep 2003, afactor wrote: > Please let me clarify: > > Management's stated desire is to reduce the load on the corporate email > server which is currently straining under the virus/spam/worm > load. Management feels strongly that email that is forwarded to the > outside customer care vendor should not place a load on the corporate > email server. see the postfix "big picture" - email comes in one end .. and email goes out the other end > Management also feels that there should not be a delay in > the delivery of said email (although arguably that delay may not be > significant). when receiving emails, your servers is always contacted before it goes off to its merry way to its destination ( pop server ) - even the firewall gets to redirect incoming emails a very simple picture of what happens first - dns checks where to deliver - mx checks if there is mx for the domains - helo/data process to the mail server defined - check for /etc/aliases and other mail config files - check for spam/antivirus stuff - deliver to local pop server - ... - and in your case ... dns server checking for subdomains - - the mail has to be eceived and processed locally before it can be resent back out http://www.postfix.org/big-picture.html > I believe that none of this mail is ever NOT forwarded although I can't > say for certain whether the forwarding is done manually or not > (incredibly I believe the forwarding of the email to the vendor may be a > manually started batch job). The only requirement is that a copy of the > email is saved/sent/forwarded to the primary company (for DR/backup > reasons). le'ts say this is requirement#1 "that a copy of the email is saved" > Having said that I can't put an alias in the company's mail server as that > doesn't meet the first requirement of eliminating delivery to the > corporate email server. let's say this is is requirement#2 "that it eliminated delivery to teh corp mail server" requirement#1 and requirement#2 is contradictory you have to receive it someplace and than save a copy someplace else best way to to eliminate human errors is let the machine do the forwarding human errors being things like laziness, sick day, vacation, forgot, fat fingers to delete, i'll reply to it instead of frowarding to outsourced tech support, etc, etc > And my second choice of setting up a second email > server and delegating a zone to it (e.g., care.company1.com) was nixed as > the company doesn't want to spend the capital. its your option to implement what you want to see if it works .. mine is simple /etc/mail/aliases and /etc/mail/virtusertable and other mail redirection and status and wizbang features - guarantee that the email is forwareded to outsourced-foo.com - keep a local copy - outsourced-food.com provide reply "cc back to us" to customers email requests to get paid == == if email processing is already too slow ... adding dns processing == will slow it down one more step ... == fun stuff.. c ya alvin > BTW, correct me if I am mistaken but I need to delegate a subdomain not > because there are alot of users in the domain (actually there are just a > handful of email addresses I need to handle) but because if I create and > delegate a subdomain in DNS the mail delivered to these users will bypass > the corporate mail server and go directly to the mail server configured in > the NS server assigned to the new subdomain. > > [Actually the above paragraph/question was what prompted me to send email > to baylisa: I'd like verification that what I am thinking of doing will > work as I imagine it will :)]. > > Unfortunately management prefers not to go this route. They do not have > any qualms about delegating a newly created subdomain to the outside > vendor just for the purpose of delivering this email. While the company is > fairly large (national, retail, 100 stores, etc.) I don't believe they > have configured any subdomains in their dns namespace. > > So what about if the handful of email addresses are changed from > customer-care-east at company1.com to customer-care-east at care.company1.com and > instead of forwarding them to company1 at webvendor.com I create a subdomain > and assign the NS record to webvendor.com: > care.company1.com IN NS ns.webvendor.com > > ... Assuming they correctly setup their dns server and mail server to > accept email from care.company1.com. > > --Alan > > > From aub at coldstone.com Fri Sep 26 19:13:23 2003 From: aub at coldstone.com (Alberto Begliomini) Date: Fri, 26 Sep 2003 19:13:23 -0700 Subject: Bogus eBay web sites Message-ID: <3F74F243.5030700@coldstone.com> There are few instances of this kind of messages circulating that point to bogus eBay web sites like http://211.217.224.102:4901. Be careful if you have an eBay account! Always check the URL on the top of your browser before signing in and make sure it starts with http://signin.ebay.com/. Alberto -------- Original Message -------- Subject: 0fficial Notice for all eBay users Date: Wed, 24 Sep 2003 19:10:22 +0000 From: eBay Reply-To: eBay To: Aub References: <41ALDA2A8K6L3070 at coldstone.com> Dear eBay User, During our regular udpate and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. As a result, your access to bid or buy on Ebay has been restricted. To start using your eBay account fully, please update and verify your information by clicking below : https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation Regards, eBay **Please Do Not Reply To This E-Mail As You Will Not Receive A Responce** Where can I make atx in 1936 going to may close try to understand JFqgbLh XeqRHycrCtl ja We'd like to see I'm in the know of... I'm with you 874 Why not? 2 And I can 067 things do happen. I'll give you .. From michael at halligan.org Mon Sep 29 12:28:16 2003 From: michael at halligan.org (Michael T. Halligan) Date: Mon, 29 Sep 2003 12:28:16 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: <56D3931E053184469162B0EBF9EBB77F15A241F2@cnet10.cnet.cnwk> Message-ID: I'm actually going to take a tour of 365main sometime this week. I've been speaking with Chris Dolan over there, and I'm liking what I hear. The thought of a quality datacenter in SF is rather appealing :) > > Life would just be easier if above.net hadn't > > closed down their SF colo. > > The SF above.net colo reopened recently as "365 Main." I don't know > any details, especially about how well- or poorly-managed it is, but > it *is* open again. > -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From dcurry at cariocas.com Mon Sep 29 13:20:58 2003 From: dcurry at cariocas.com (Daniel Curry) Date: Mon, 29 Sep 2003 13:20:58 -0700 Subject: "Impressive" datacenters in SF? Message-ID: <8BD5FF375912414992AE3819866ED14362F1@datastore.cariocas.com> Would this be the same place that Savvis runs out of? -----Original Message----- From: Michael T. Halligan [mailto:michael at halligan.org] Sent: Monday, September 29, 2003 12:28 PM To: Leslie Devlin Cc: Alan Horn; Matt Olander; baylisa at baylisa.org Subject: RE: "Impressive" datacenters in SF? I'm actually going to take a tour of 365main sometime this week. I've been speaking with Chris Dolan over there, and I'm liking what I hear. The thought of a quality datacenter in SF is rather appealing :) > > Life would just be easier if above.net hadn't > > closed down their SF colo. > > The SF above.net colo reopened recently as "365 Main." I don't know > any details, especially about how well- or poorly-managed it is, but > it *is* open again. > -- ------------------- Michael T. Halligan Chief Geek Halligan Infrastructure Designs. http://www.halligan.org/ 2250 Jerrold Ave #11 San Francisco, CA 94124-1012 (415) 724.7998 - Mobile From voltmer at ninevolt.com Mon Sep 29 14:50:07 2003 From: voltmer at ninevolt.com (Andy Voltmer) Date: Mon, 29 Sep 2003 14:50:07 -0700 (PDT) Subject: "Impressive" datacenters in SF? In-Reply-To: <8BD5FF375912414992AE3819866ED14362F1@datastore.cariocas.com> Message-ID: Hi, Savvis San Francisco is across the street in the Rincon USPS building on the 7th floor. I believe it is 360 Main. Sincerely, Andy Voltmer On Mon, 29 Sep 2003, Daniel Curry wrote: > Would this be the same place that Savvis runs out of? > > -----Original Message----- > From: Michael T. Halligan [mailto:michael at halligan.org] > Sent: Monday, September 29, 2003 12:28 PM > To: Leslie Devlin > Cc: Alan Horn; Matt Olander; baylisa at baylisa.org > Subject: RE: "Impressive" datacenters in SF? > > I'm actually going to take a tour of 365main sometime this week. I've > been speaking with Chris Dolan over there, and I'm liking what I hear. > The thought of a quality datacenter in SF is rather appealing :) > > > > Life would just be easier if above.net hadn't > > > closed down their SF colo. > > > > The SF above.net colo reopened recently as "365 Main." I don't know > > any details, especially about how well- or poorly-managed it is, but > > it *is* open again. > > > > -- > ------------------- > Michael T. Halligan > Chief Geek > Halligan Infrastructure Designs. > http://www.halligan.org/ > 2250 Jerrold Ave #11 > San Francisco, CA 94124-1012 > (415) 724.7998 - Mobile > > From alex at usenix.org Tue Sep 30 16:47:13 2003 From: alex at usenix.org (Alex Walker) Date: Tue, 30 Sep 2003 16:47:13 -0700 (PDT) Subject: USENIX '04 Call For Papers Message-ID: <200309302347.h8UNlDsx015744@voyager.usenix.org> USENIX '04 Call For Papers June 27-July 2, 2004, Boston, Massachusetts http://www.usenix.org/events/usenix04/general.html ---------------------------------------------------- The 2004 USENIX Annual Technical program committee invites you to contribute your ideas, proposals and papers for invited talks, refereed papers, work-in-progress reports, and special interest groups (SIG) tracks. We are also pleased to announce that in response to your feedback, the 2004 program has been reorganized and expanded. The new format will include additional tutorials, more security breakthroughs, and extra sessions devoted to Linux and Open Source Software. We welcome original and innovative papers about modern computing systems, emphasizing implementations with measured results. Possible topics include, but are not limited to: * Administration-free systems * Benchmarking * Deployment experience * Distributed and parallel systems * Embedded systems * Energy/power management * File and storage systems * Mobile systems * Operating systems * Networking and network services * Virtual machines * Reliability and availability * Usage studies & workload characterization * Web technology * Security, privacy, and trust Submissions for the general session are due by Tuesday, December 16, 2003 Please note that December 16th is a hard deadline; no extensions will be given. Submission guidelines and conference details are available on our website: http://www.usenix.org/events/usenix04/generalsubmit.html ---------------------------------------------------- FREENIX Track Call For Papers http://www.usenix.org/events/usenix04/freenix.html ---------------------------------------------------- FREENIX is the USENIX Annual Technical Conference's forum on free and open source software. New this year, the 2004 FREENIX track will have special emphasis on two related areas: I. Userland Application and Systems Development: * Desktop applications * P2P and web-based systems * Libraries, toolkits and infrastructures * Scripting languages and applications * Novel algorithms and applications * System management tools * Software development tools * Print systems II. Free and Open Source Software Engineering: * Project-centric: Software specification and design methodologies, novel implementation techniques, testing, deployment, readability and security, performance and scalability * Process-centric: Team governance, administration and management; planning and forecasting; measuring progress and assessing quality * Integrating tools and theologies In addition, we would also welcome submission on a wide variety of topics including: * Technical aspects of commercial use of free software * Graphical user interface tools * Interesting deployment of free software * Large-scale system management * Nontechnical aspects including business, legal * Security and Documentation * Submissions are due by Tuesday, December 16, 2003 Submission guidelines and conference details are available on our website: http://www.usenix.org/events/usenix04/freenixsubmit.html ---------------------------------------------------- Special Interest Groups (SIGs) Call For Proposals http://www.usenix.org/events/usenix04/sigs.html ---------------------------------------------------- New in 2004, USENIX will offer a single track devoted to Special Interest Groups/Workshops. Confirmed SIGs as of 9/12/03 are UseLinux and Security. We are currently seeking proposals for SIGs. A sampling of possible topics: * BSD * Sysadmin * Client Computing * Beowulf/Clusters * Apple/Mac OS X * Integration * Tools * Messaging/Collaboration * Languages * Databases * Desktop/Gnome/KDE To submit a proposal for a SIG, please email Ellie Young at ellie at usenix.org Please join us in developing the best technical conference program ever! We look forward to your submissions. On behalf of the USENIX '04 Organizing Committee Andrea Arpaci-Dusseau, University of Wisconsin, Madison Remzi Arpaci-Dusseau, University of Wisconsin, Madison 2004 General Session Program Chairs Bart Massey, Portland State University Keith Packard, Hewlett-Packard Cambridge Research Lab 2004 FREENIX Program Chairs ---------------------------------------------------- SAVE THE DATE! 2004 USENIX Annual Technical Conference (USENIX '04) June 27-July 2, 2004, Boston, Massachusetts http://www.usenix.org/events/usenix04/general.html