| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13
Comments:
<0> it will be in a directory when you mount it. Did you mount it yet? Do you see it in dmesg?
<1> how to know what kind of unix machine i'm telnet "ing" to?
<2> uname -a
<3> what's an INGRESLOCK message from ipf mean?
<3> not seen that one before...
<4> anybody can help me with ghostscript?
<0> Hawson: some jerk left their caps lock on? :)
<3> unliekly
<3> a line looks like this:
<3> 1.2.3.4 -> 8.7.5.4 INGRESLOCK R port=3306
<0> INGRESLOCK has a lof of google results
<3> yes, most of them talking about a hacker group, or a specific expliot
<3> I don't think this is either
<3> google has very little useful info on this
<5> INGRESLOCK?
<3> INGRESLOCK
<6> is a port
<5> makes me think of NAT corruption
<6> (port 1524)
<5> oh
<3> It can be, yes.
<5> i think I remember
<3> but I'm not sure it is in this case.
<6> Just fooling around the other day on a box running ingres and i tried
<6> telneting to port 1524 (ingreslock) and was surprised to be dropped into a
<6> root shell.
<5> NAT port lockin
<3> The box does not perform an NAT
<6> Hawson: right, i'm trying to match ^^ with what ipf is telling you
<3> the log format is also wrong for a port.
<5> Hawson, yeah but its the same thing as if you used it as a firewall
<3> that would be more like: 1.2.3.4 -> 8.6.5.4 TCP D=3306 S=4959 Syn Seq=4019063859 Len=0 Win=65535 Options=<mss 1460,nop,nop,sackOK>
<3> simpleton: <nod>
<3> this is IPF acting as a host firewall
<7> hey what do you guys think of slackware ?
<3> but NAT is neither configured, nor desiered
<3> desired
<5> Hawson, guessing someone's scannin to see if you're backdoored
<3> simpleton: well, yeah. :)
<5> jahshua, oldish
<6> 1 12:06:6.56395 karish -> galfield length: 60 INGRESLOCK R port=1102
<6> 2 12:06:6.56399 galfield -> karish length: 58 INGRESLOCK C port=1102
<3> kneer0w: exactly!
<5> definately
<7> well sometimes old is good right?
<3> that's the error
<5> jahshua, debatable
<5> try gentoo
<7> i did
<5> or better yet FreeBSD
<7> i borked it
<7> heh
<7> i prefer Open to Free
<3> jahshua: then slackware won't help much
<5> try try again
<6> its from a tcpdump
<7> if i have to choose
<3> kneer0w: mine is from snoop. :)
<6> right, sorry
<6> snoop
<5> nc is your friend folks
<6> this from tcpdump:
<6> 15:31:29.949066 20.222.129.242.ingreslock > 216.129.75.8.2456: . ack 0 win 16384 (DF) [tos 0x8]
<6> 15:31:29.950360 216.129.75.8.2456 > 20.222.129.242.ingreslock: R 0:0(0) win 0 [tos 0x8]
<3> ah, but that's different I think
<8> bah
<6> can't figure out for the life of me what it is though
<5> umm
<8> hax0rd
<5> yes
<3> that clearly indicates that the 'ingreslock' port is the source port
<5> DF
<6> i'm not familiar with snoop nomenclature
<3> whereas our logs are of a different format
<5> who the **** sets don't fragment
<3> simpleton: lots of people. :-(
<8> my precious packets
<5> meh
<3> good with ketchup
<5> my precious adaptive kalloc
<5> =[
<9> Hawson: that's simply snoop's way of printing the source port
<5> you know what, this seriously pisses me off
<9> http://www.cs.bgu.ac.il/~arik/usail/man/solaris/snoop.1.html
<5> i can make it better, but the damn thing can't be apdaptive without costly overhead
<3> dhartmei: so, why does it use a differnet format for that packet, as opposed to all the other (many) packets?
<5> meh
<5> HATE
<5> Hawson, dump payload
<9> what other packets? what other format?
<3> one sec, posting
<3> here's the packet in question:
<3> 206.188.160.7 -> 1.3.4.5 INGRESLOCK R port=3306
<10> http://www.flickr.com/photos/fotograf416/sets/72057594093551068/show/
<10> thats some bday party
<3> *other* packets, from the same host, which are also blocked are logged like this:
<3> 206.188.160.7 -> 1.3.4.5 TCP D=3306 S=1563 Syn Seq=2804856395 Len=0 Win=65535 Options=<mss 1460,nop,nop,sackOK>
<3> Different format.
<9> the port is different
<9> it guesses what protocol it is based on the ports
<9> the output line looks different based on the ports involved
<3> Hrm. So it's just funky IPF heuristics then?
<5> ?
<9> it has nothing to do with ipf
<5> dhartmei, you sure bout that?
<3> snoop, rather
<9> just snoop interpreting bpf
<5> its just takin it from services?
<11> has anyone used a cisco 1721?
<9> i think it has a pretty-printer for INGRESLOCK
<3> Okay.
<12> or raw socket as it were :P
<5> ingreslock4/tcp #ingres
<5> ingreslock4/udp #ingres
<9> i have no clue about solaris :)
<3> ingreslock 1524/tcp
<3> for solaris
<9> try snoop -v, that should disable the pretty-printing
<5> Figz, Sol10 doesn't have bpf?
<3> Thanks
<9> or at least spit out each layer individually
<3> simpleton: Sol10 ships ifp (or a bastardized version thereof)
<12> bpf was ported to sunos at one point
<5> wettoast, that looks like a bunch of retards on MDA
<12> never heard of sun importing it permanently.. they do have some streams interface/tap iirc..
<9> they hired reed...
<12> sun?
<9> he's working for sun in china now
<12> that's hillarious
<5> cool
<5> congrats to him
<10> simpleton: sure does, but it was a bday party for some girl
<3> [root@squidward:~] # pkginfo |grep -i ipf
<3> system SUNWipfr IP Filter utilities, (Root)
<3> system SUNWipfu IP Filter utilities, (Usr)
<3> from a Sol10 x86_64 box
<5> Hawson, payload dump?
<3> simpleton: looks the same as the others
<12> dhartmei, clearly he's a lot better than those other packet filter wimps who aren't hired to import their work into a *real* OS.
<3> just snoop thing. :-/
<11> is solaris 10 x86 actually as useful as bsd or linux?
<9> well, i don't know how good his deal is, i personally wouldn't necessarily want to work THERE :)
<9> i love internet access :)
<5> CCFL_Man, god bless dtrace
Return to
#unixhelp
or
Go to some related
logs:
#nhl
xfree86_libs
#linuxhelp
#stocks
#beginner
black virginfresh
losers always cry about their best. winners go home and fuck the prom queen
#unixhelp
uglyfatcunts
wvsprintf delphi
|
|