similar to: mac_portacl

Hello, I really like the idea behind mac_portacl but I find it difficult to use it because of one issue. When an unprivileged program binds to high automatic port with a call to bind(2) and port number set to 0 the system chooses the port to bind to itself. This mechanismus is used by number of programs, most commonly by ftp clients in active mode. Unfortunately this 0 is checked by the

Hi. When we don't have too many IP addresses available and we want to run for example www server inside a jail, but use the same IP address as the main system, we need to actually use an internal IP address and forward http port with firewall from external IP to jail's IP. In that way we know that if somebody breaks into out jail, he cannot run sshd server (we have keys, I know) or any

Hi, guys. May be someone could give me advise? I am trying to find good VOIP provider ONLY for OUTGOING calls with low per channel cost and cheap rates on Eastern Europe, Turky and xUSSR. Should support g729 or g723 codecs, SIP or IAX connectivity. -- ========================================================================= = Best regards, Nikolay Pavlov.

On which versions of FreeBSD is it now possible to un-reserve ports? ( I've been waiting for this since forever ... have spent countless days - $$$ - trying to install workarounds, only to junk them later. I've even been paid a consulting gig to develop this, and declined to deploy it on my own servers :-/ ) iang

The manual page says, that rcmd() is only to be used by root's processes. On other OSes (Solaris, AIX), trying to call rcmd() without being root simply fails. FreeBSD, however, tries to be helpful and invokes rcmdsh in this case, which is inefficient and leaves the stderr's filedescriptor (fd2p) unfilled. Why? My understanding is, this is to make it harder for would-be attackers to

Hi all, I am looking at securing a web server using the FreeBSD MAC Framework. To make things clear I will call the hosted users "web users". Those are the issues I am dealing with: ** Network Security ** - Web users shouldn't be able to connect to reserved local ports apart from 25(smtp); 80(http); 443(https) and 3306(MySQL) Solution: run the web server and web users shell in

RSpec-1.1.3 has been released. If you''re using RSpec and autotest, you''ll have to upgrade to RSpec-1.1.3 and ZenTest-3.9.0 at the same time. == Version 1.1.3 Maintenance release. * Tightened up exceptions list in autotest/rails_spec. Closes #264. * Applied patch from Ryan Davis for ZenTest-3.9.0 compatibility * Applied patch from Kero to add step_upcoming to story listeners.

Hello, I've been looking at the different MAC modules available and how they cold help to implement a less insecure than usual shared hosting web server. I've not been able to come up with a suitable configuration, looking at mac_bsdextended, mac_biba and mac_mls, but I think that a MAC module with the following policies could be very useful for such an environment. Have I

Hello, I have a samba 3.0.22 + squid-2.5.STABLE14 running with Windows 2003 AD integration in ADS mode. Every time I reboot the server or after a few hours I have to rerun kinit with my user to get a ticket. Is there any way to do this automatically? I know this is probably documented somewhere but I couldn't find. I'd appreciate your advise on this. Thanks, Rodrigo

FreeBSD doesn't have a fixed range of reserved ports, although it still has IPPORT_RESERVED for compatibility; instead, the last reserved port number is indicated by the net.inet.ip.portrange.reservedhigh sysctl, which defaults to IPPORT_RESERVED - 1. The attached patch modifies add_local_forward() to use this sysctl instead of IPPORT_RESERVED on FreeBSD. DES -- Dag-Erling Sm?rgrav - des at

?I have configured squid with AD authentication its working fine but I am getting lots of error for authentication failed. ? ? squid-2.5.STABLE14-1.4E samba-3.0.10-1.4E.11 ? ? ? Windows 2003 Domain Audit log failure. ? ? Pre-authentication failed: ??????????????? User Name:??????????? proxy$ ??????????????? User ID:????????????????? DOMAIN\proxy$ ??????????????? Service Name:???????

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching

Hi, Could u recommend a secure ftp daemon? I want to be able to control the ports it uses.... and not to have to let all of the upper ports open. --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software

I am spoiled with Yum: never have had a dependency problem until today. Can this be resolved: ---> Downloading header for compat-openldap to pack into transaction set. compat-openldap-2.3.27_2. 100% |=========================| 30 kB 00:00 ---> Package compat-openldap.i386 0:2.3.27_2.2.29-4.el4.centos set to be updated --> Running transaction check --> Processing Dependency:

We have 10 SuperMicro PDSMi+ 5015M-MTs that are panic'ing every few days. This started shortly after upgrade from 6.2-RELEASE to 6.3-RELEASE with freebsd-update. Other than switching to a debugging kernel, a little sysctl tuning, and patching with freebsd-update, they are stock. The debugging kernel was built from source that is also being patched with freebsd-update. These systems are

I want to capture all my Asterisk traffic (including RTP) and then analyse it. My plan was to use tcpdump and then analyse with Wireshark. The following works: tcpdump -i eth0 -s 0 -w /tmp/tcpdump.1 But I want to be a bit more selective: tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060 This doesn't capture the RTP traffic. Could anyone advise what I'm

http://www.niallbrady.com/2014/06/11/when-uefi-network-booting-on-a-hyperv-gen-2-vm-you-might-get-pxe-e99-unexpected-network-error/ P.S. It's not this and I'm getting a PXE-E99 tftp failure "Unexepected Network Error", so I'll guess I'll need to investigate what kind of TFTP server makes hyper-v happy. Virtualbox, VmWare seem to have the same EFI boot code & output

Hi, do somebody knows how to sniff RTP and SIP traffic only for a faster debugging ? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090629/5e160c92/attachment.htm

I have some troublesome numbers that I would like to capture the SIP dialogue when I am calling them. When I am about to dial the number, is there any way to turn on SIP debugging in the dial plan before I make the call? (and turn it off after the call is completed?) -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi Jeremy, list, On 06/26/2016 12:11 AM, Jeremy Allison wrote: > We should probably have something in the server that logs > this as an official "event". Can someone log a RFE bug in > the bugzilla so we don't forget this request ? I created this bug: https://bugzilla.samba.org/show_bug.cgi?id=11998 I hope it is (approximately) what you mean. :-) Best regards, MJ