[StartingOver]

Martin Duclos tchitow-PkbjNfxxIARBDgjK7y7TUQ at public.gmane.org
Fri Feb 13 14:20:36 UTC 2004 

This is slightly off topic, but why don't you chuck the winNT box 
alltogether if only used for MSN messenger. Gaim is a great gui for instant 
messenger type things. I don't personally use that one cause I prefer AMSN. 
It's a great MSNMessenger clone. I'm using that one. Work great without a 
hick. Well, I remember having to upgrade the software once when microsoft 
decided to sneeze a protocol change. Well, the new complient verson of the 
app was released 2 days before the new protocol was in place. A google 
search should direct you to the AMSN webpage. Also on source forge. Anyhow, 
just a little note to say that there IS a better way!

Martin Duclos


----Original Message Follows----
From: Gregory D Hough <mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org>
Reply-To: tlug-lxSQFCZeNF4 at public.gmane.org
To: tlug-lxSQFCZeNF4 at public.gmane.org
Subject: [TLUG]: [StartingOver]
Date: Fri, 13 Feb 2004 09:06:34 -0500
MIME-Version: 1.0
Received: from lethe.ss.org ([206.108.5.1]) by mc3-f16.hotmail.com with 
Microsoft SMTPSVC(5.0.2195.6824); Fri, 13 Feb 2004 06:07:29 -0800
Received: by lethe.ss.org (Postfix)id 1DBF06D528; Fri, 13 Feb 2004 09:06:43 
-0500 (EST)
Received: by lethe.ss.org (Postfix, from userid 54)id E4A4612381; Fri, 13 
Feb 2004 09:06:42 -0500 (EST)
X-Message-Info: JGTYoYF78jGz3Hv98pSDEafj5f7YfJcz
Delivered-To: tlug-route-MHjupGqSvN5g9hUCZPvPmw at public.gmane.org
X-Original-To: tlug-lxSQFCZeNF4 at public.gmane.org
Delivered-To: tlug-lxSQFCZeNF4 at public.gmane.org
Message-ID: <20040213140634.GA2023-B5vlSFeRxX4 at public.gmane.org>
X-Mailer: Balsa 2.0.14
Lines: 37
Precedence: list
Return-Path: owner-tlug-lxSQFCZeNF4 at public.gmane.org
X-OriginalArrivalTime: 13 Feb 2004 14:07:30.0198 (UTC) 
FILETIME=[B7C9B360:01C3F23A]

Greetings tlug,

Although I have four years of Linux under my belt, the more I learn the  
less I know. My Lin/Win network fell apart, rather I TOOK it apart. I  saw 
things I didn't understand and felt it best to start over from  scratch.

I wish to begin rebuilding from the firewall. One thing I noticed right  
from the get-go is the way a default firewall is handling certain  
connection requests. Most notably is the way Shorewall on Mandrake  
(out-of-the-box) treats ICMP (8) and port 135. Pings are dropped which  is a 
good thing, but SYN packets to 135 go to a reject chain and are  ultimately 
sent a ZeroWindow RST ACK. I thought this port was akin to a  Windows 
specific vulnerability with DCOM services. Why would a Linux  firewall be 
treating it diffently in not just dropping it altogether?

Secondly, call me a geek, but I get more enjoyment watching tcpdump  than 
network TV and this just came in:

65.203.175.213:666 > 66.203.175.213:1026 in the form of a Messenger  
NetrSendMessage request DCE RPC trying to tell me how to disable pop- ups 
and to go to www dot messagestop dot net. I'm not concerned with  this 
traffic on this machine, but as I rebuild the network I've had to  give the 
kids a WinNT box to run that cludge called MSN Messenger. And  although I've 
done my best to DCOMbobulate that machine, I'd feel a  whole lot better 
putting it back behind a real firewall ASAP. This  particular set of packets 
is brand new to me, and the remarkable  similarity to my current IP address 
is disturbing. I believe it is no  coincidence and wish to bring the new 
network back up prepared for  such.

Perhaps if someone could briefly explain the 135 RST ACK (RFC  reference?) 
and the IP address similarity in part II, I can better  prepare the new 
firewall for the network.

Stacked Heaps Of Thanks,
farmer6re9
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=dept/features&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list