Kris Kennaway | 1 Mar 04:23 2004

Re: SPAM/virii apparently from freeBSD addresses.

On Sun, Feb 29, 2004 at 04:50:34PM -0800, Julian Elischer wrote:
> 
> Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
> getting really annoying..

Yeah, but what do you expect anyone to do about it?

Kris
Kris Kennaway | 1 Mar 04:28 2004

Re: SPAM/virii apparently from freeBSD addresses.

On Sun, Feb 29, 2004 at 04:50:34PM -0800, Julian Elischer wrote:
> 
> Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
> getting really annoying..

Yeah, but what do you expect anyone to do about it?

Kris
Daniel Lang | 1 Mar 09:33 2004

Re: SPAM/virii apparently from freeBSD addresses.

Hi,

Julian Elischer wrote on Sun, Feb 29, 2004 at 08:01:41PM -0800:
> Oh it was just a rant.. :-(
> 
[..]
> > > Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
> > > getting really annoying..
> > 
> > Yeah, but what do you expect anyone to do about it?
[..]

Many people are already using digital signatures. The occurence
of massively forged senders in e-mails by spammers and viruses
could be seen as motivation to establish a more widespread use
of digital signatures. Of course it doesn't help for e-mail
that we receive (unless we complain to the sender that one would
only accept signed e-mails, which is a bit tough), but at least
one could tell anyone, who complains that one has sent a virus, to
check for the signature.

Just a thought,
 Daniel

P.S.: If your MUA complains about my signature, be sure to import the
      CA certificates from http://ca.in.tum.de/, just because it's not
			in the mozilla default root-ca set, it is not a less trustworthy CA.
--

-- 
IRCnet: Mr-Spock  
   - In dieser Mail ist ein Geist, der Dich in den Hintern beisst - 
(Continue reading)

Kai Mosebach | 1 Mar 12:58 2004
Picon

Re: SPAM/virii apparently from freeBSD addresses.

well,

i collected about 2200 iworm.swens from freebsd since december'03 which is 
about 700 per month or 20 per day ...

isnt there a way to track this down ?

its at all not the best reference, freebsd gives besides its known 
advantages ...

best kai

> 
> On Sun, 29 Feb 2004, Julian Elischer wrote:
> 
> > Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
> > getting really annoying..
> 
> Yeah, I'm getting it too.  Worst part is, clamav 0.65 doesn't pick it
> up.  I'm waiting for the 0.67 port to be committed...
> 
> Mike "Silby" Silbersack
> _______________________________________________
> freebsd-hackers <at> freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe <at> freebsd.org"
> 
> 

_______________________________________________
(Continue reading)

Mike Tancsa | 1 Mar 17:12 2004
Picon

RE: em0, polling performance, P4 2.8ghz FSB 800mhz

At 09:38 PM 29/02/2004, Don Bowman wrote:
>From: Mike Tancsa [mailto:mike <at> sentex.net]
> > At 08:44 PM 29/02/2004, Don Bowman wrote:
> > >From: Mike Tancsa [mailto:mike <at> sentex.net]
> > > >
> > > > On Sat, 28 Feb 2004 23:17:44 -0500, in
> > sentex.lists.freebsd.hackers >
> > > > >If you want to spend more time in kernel, perhaps change
> > > > >
> > > > >I might have HZ  <at>  2500 as well.
>I picked 2500 as the best for my system. Its higher than
>allowed by rfc1323 and PAWS [kern/61404], but not by so much
>that i anticipate a problem.

Do you run the box with the supplied patch ?  On the firewall device I was 
thinking of experimenting with, I do have long TCP sessions that it sounds 
like HZ=2500 would break.

>For my target packets per second
>rate, it means that i can use a reasonable number of dma
>descriptors. I found that bridging performance in particular
>needs the higher hz to avoid dropping packets, to improve
>its performance.

In terms of fiddling with the em tunables, what are the drawbacks of moving 
from 256 to 512 on

EM_MAX_TXD
EM_MAX_RXD

(Continue reading)

Dag-Erling Smørgrav | 1 Mar 17:53 2004
Picon

Re: SPAM/virii apparently from freeBSD addresses.

Kris Kennaway <kris <at> obsecurity.org> writes:
> On Sun, Feb 29, 2004 at 04:50:34PM -0800, Julian Elischer wrote:
> > Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
> > getting really annoying..
> Yeah, but what do you expect anyone to do about it?

Swen and MyDoom are easy to detect and reject at the SMTP stage.  The
fact that our mail servers don't do this is a PITA, as it forces list
subscribers to accept them as well (if you reject list mail because it
contains a virus, Mailman disables your subscription)

DES
--

-- 
Dag-Erling Smørgrav - des <at> des.no
_______________________________________________
freebsd-hackers <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe <at> freebsd.org"

Andrew Boothman | 1 Mar 18:08 2004
Picon

Re: SPAM/virii apparently from freeBSD addresses.

Dag-Erling Smørgrav wrote:

>>>Somewhere out there there is a ?Virus?/?Hacker?/?Spammer?
>>>getting really annoying..
>>
>>Yeah, but what do you expect anyone to do about it?
> 
> 
> Swen and MyDoom are easy to detect and reject at the SMTP stage.  The
> fact that our mail servers don't do this is a PITA, as it forces list
> subscribers to accept them as well (if you reject list mail because it
> contains a virus, Mailman disables your subscription).

You shoudn't reject email because it contains Swen or MyDoom anyway, all 
you'll do is generate a bounce message to someone who never sent you the 
infected mail in the first place - becuase the SMTP envelope addresses 
are forged.

I believe the correct thing to do is to accept in and silently drop it.
_______________________________________________
freebsd-hackers <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe <at> freebsd.org"

Craig Boston | 1 Mar 20:43 2004

Re: SPAM/virii apparently from freeBSD addresses.

On Monday 01 March 2004 10:53 am, Dag-Erling Smørgrav wrote:
> Swen and MyDoom are easy to detect and reject at the SMTP stage.  The
> fact that our mail servers don't do this is a PITA, as it forces list
> subscribers to accept them as well (if you reject list mail because it
> contains a virus, Mailman disables your subscription)

Most of the Swens I get don't come from the list servers but are sent to my 
subscription address directly (probably grabbed from posts to the list).

I have a separate address for each list to make sorting easier.  When I set up 
freebsd-hackers, I was getting Swen sent to me within an hour of posting to 
the list for the first time.  I filter it but it still wastes bandwidth...

Craig
_______________________________________________
freebsd-hackers <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe <at> freebsd.org"

Klaus | 1 Mar 22:28 2004
Picon

System Crash(bundirty) on 5.2.1

Hi all.
First, sorry for my bad english =)

Well, on the past(28/03/2003 on FreeBSD 5.1-Release), i'm read about the 
nfs bug, and now, i'm got the same error on my fbsd box, and on history 
of all freebsd lists i've found the same response: no fix for this bug.
On my server the error appears, only before to mount my nfs home and 
mailspool dir into my server, and (the interessing point) when i run any 
ftp server, the server go down, with the error: "panic: bundirty: buffer 
0xe28a198f"

About the box:
My server is a FreeBSD 5.2.1-RELEASE, running apache+php, mysql4.0, 
openwebmail 2.30, proftpd 1.2.9(tried to use the internal ftp, but 
doesn't solve the problem), mounting two nfs volumes:
/data and /var/mail
/data: openwebmail users directory on other server, not my MTA box
I'm using NIS to auth the users on all systems.

The question: Can functions like, getpw* cause this problem?
running only apache, mysql, openwebmail, the system dont crash, but 
before start any ftp server and anyone make upload of files the system 
stop with the error described above.

Thanks 4 all.

Klaus Porto Schneider
_______________________________________________
freebsd-current <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
(Continue reading)

Andrew J Caines | 1 Mar 23:04 2004

Recovering from RELENG_5_1 -> RELENG_5.2 world/kernel statfs fubar?

[ nb. There's a question at the bottom. The rest is for context and the
  archives, since I couldn't find this kind of detail there. ]

System running RELENG_5_1 (5.1-p12, IIRC) built RELENG_5_2 and started
installworld before installkernel in flagrant violation of the correct
method and dire warnings of 20031112 in UPDATING.

The installworld borked early on during an mtree process and for reasons I
can't quite determine the output which should have eneded up in a file
didn't. From the datestamps, most or much of /bin and /usr got updated.

Booting the old (5.1) kernel made it almost to single user, but /bin/sh
wouldn't play. With the help of CD 2 from my 5.1 set I put the new kernel
in place and booted it, expecting the worst, however almost everything
runs fine - desktop, tools, apps and even the not-yet-installed linux.ko.

The problems I still have that /usr/bin/make was the old one, so there was
no simple installkernel/world option to fix things.

# /usr/bin/make
Bad system call (core dumped)

I replaced /usr/bin/make with /usr/obj/home/src/usr.bin/make/make and
after being much confused relaced /usr/obj/home/src/make.i386/make too
since this one appears to be used instead of /usr/bin/make - part of the
bootstrap, presumably.

With make appearing to work, a "make installkernel KERNCONF=MYKERNEL"
bombed on the first "install". Unlike make, /usr/bin/install seems to run
ok, despite being the old 5.1 version and doesn't core:
(Continue reading)


Gmane