Carolyn's most popular book, in 4th edition now!
For advanced hacker studies, read Carolyn's
|
| Subscribe to Happy Hacker |
| Visit this group |
Black Fox <blkfox@freenet.nether.net> wrote:
Hi. I have Red hat linux installed on my laptop, and I wanted to know how
to turn off e-mail relaying on my port 25, or how to write a message that
would appear when someone telnetted to that port (if it's possible).
Thanks,
Black Fox[Editor: To disable relaying, you'll need to edit your mailer config file. Not
know what you're running, I can't give you the sequence. To disable SMTP
completely, go into inetd.conf and put a # in front of the line for port 25.
To show a message, you'd want to run some kind of daemon on it... you can
change the sendmail default, or your could use something like nc... but why
leave a port open just to taunt ppl?]-----------------------------------------------------------------------
overlord <overlord@europe.com>
hi,
I read tha GTMHH aboud a year ago, and now FINALY installd linux
but I have a problem, I'm still 15 and my parents pay our cable internet
connection
but we have a "server" here so that my brothers have acces to
but it runs windows, so I can't get internet trough that box
is there anyway to make that work, and so that my brothers also still have
internet?
thanks for ur time
overlord/Belgium[Editor: Are you running windows and Linux on the same computer? If yes,
obviously you can't share them :). Otherwise, put two NIC's in your gateway
machine, have it run Linux and IP Masq (read the cable modem howto), or use
ICS under Win98SE.]-----------------------------------------------------------------------
MICHAEL DE KLEINE <michaeldekleine@sympatico.ca> humbly begs:
I just want to know what version of linux i should get these are my
choices:Linux Pro 5.4 , Caldera OpenLinux , Red Hat Linux, Slackware, Corel
LINUX OS , SuSE Linux, TurboLinux Install , FreeBSD Penguin Power
Mandrake Penguin Power.p.s. I need your answer in the next two day's.
Thankx
spYder[Editor: Oops, too late. I won't answer these questions, buy whatever the
^%$#^&7 you want. Better yet, download a few and try them out. I use Debian. I
dislike RedHat. SuSE is Carolyn's favorite. End of discussion.]-----------------------------------------------------------------------
Peter Kure <pkure@yahoo.com> asks:
Hello
You say in your GTMHH that a shell account is required
to do things such as finger, ping, etc. I have just
installed Red Hat Linux 6.1 and I have noticed that it
has built in programs that ping, finger, etc. I was
just wondering if you can do the same things in Linux
when hooked up to the internet than in a shell
account.thanks
~newbie[Editor: A shell account is just a login on someone else's Unix box. So yes,
your ppp connection is just as good as a shell account (actually better,
because you can run things that require root).]-----------------------------------------------------------------------
Ted <tedeb@prodigy.net> tries
Hi Mike,
I read the article on "Fighting usenet Spammers" & it appears that you need a
shell account to fight spam. If you get resistance from your ISP when asking
for a shell account, couldn't you just tell them you want to fight spam.
This is what I'm trying to learn anyhow. I'm trying to learn how to read
headers, find out if they're forged & ID the real sender & their ISP.
E-Ya Later, Ted
tedeb@prodigy.net
[Editor: I suppose. Whatever works...]
-----------------------------------------------------------------------
preetham.m <preetham@rocketmail.com> wonders:
hi,
i recently got a mail(forwarded to u) telling a mail i
sent had falied but I NEVER SENT that mail!!AND the messg which was sent is bit *****
what should i do now.I came to know abt this only
because it bounced. what if there are more mails sent
and not bouncedps:I had once tried ur email forging stuff to
configure my outlook as i didn't have any POP3 acc
then,can this be the reasonplease guide me
-----------------------------------------------------
--- Mail Delivery Subsystem <MAILER-DAEMON@aol.com>
wrote:
> Date: Sat, 11 Mar 2000 04:55:23 -0500 (EST)
> From: Mail Delivery Subsystem
> <MAILER-DAEMON@aol.com>
> To: <preetham@rocketmail.com>
> Subject: Returned mail: User unknown
>
> The original message was received at Sat, 11 Mar
> 2000 04:55:15 -0500 (EST)
> from www.qlcomm.com [206.86.127.215]
>
>
> *** ATTENTION ***
>
> Your e-mail is being returned to you because there
> was a problem with its
> delivery. The AOL address which was undeliverable
> is listed in the section
> labeled: "----- The following addresses had
> permanent fatal errors -----".
>
> The reason your mail is being returned to you is
> listed in the section
> labeled: "----- Transcript of Session Follows
> -----".
>
> The line beginning with "<<<" describes the specific
> reason your e-mail could
> not be delivered. The next line contains a second
> error message which is a
> general translation for other e-mail servers.
>
> Please direct further questions regarding this
> message to your e-mail
> administrator.
>
> --AOL Postmaster
>
>
>
> ----- The following addresses had permanent fatal
> errors -----
> <Suprgrl103@aol.com>
>
> ----- Transcript of session follows -----
> ... while talking to air-zc03.mail.aol.com.:
> >>> RCPT To:<Suprgrl103@aol.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <Suprgrl103@aol.com>... User unknown
>> ATTACHMENT part 2 message/delivery-status
> ATTACHMENT part 3 message/rfc822
> From: "Preetham" <preetham@rocketmail.com>
> To: <Suprgrl103@aol.com>
> Subject: good stuff
> Date: Sat, 11 Mar 2000 15:20:04 +0530
>
> <MESSAGE CUT BY EDITOR>
>[Editor: Ok, odds are someone tried to send a fake message using your email as
the MAIL FROM. Do an nslookup and any/all host names (and a reverse lookup on
all IP addresses.). Don't just assume when your comptuer says happyhacker.org
(happyhacker.org [111.222.111.222]) that everything is true. Read the RFC, and
you'll see that the each has a meaning, one is what the users claims to be in
the HELO command, the next is the connecting computer, and then the IP. As far
as preventing this... can't be done. You can sign all your mail with PGP, and
tell your friends ahead of time that anything not signed isn't you, but a
complete stranger wouldn't know that. Other than that... I'm afraid there's
nothing you can do.]---------------------------------------------
VGPlayer-X <ricky@fastwave.net> asks:Hey sorry this may sound like the stupidest ¿ of them all but I was wondering
if there are any free unix based e-mail addresses out there or anything like
that so I can log onto a unix shell. Well if it is too stupid to answer I
understand but I am just wondering.latz,
VGPlayer-X[Editor: You know, I think one day I'll compile a list of the truely dumbest
questions I get (aside from the: Do you want to accept credit cards at your
home based business?). Of course, no technical questions are stupid. I'll also
compile a list of the messages which demonstrate the least self confidence...
:). Anyway, no, that's a perfectly good question. Basically, you just want a
shell account, which (presumably) would come with email access. I haven't
checked any of these sites lately, but try cyberspace.org, nyx.net, grex...
run a search for "free shell accounts".]-----------------------------------------------------------------------
mail server <helew@zahav.net.il> asks:
hey i have been to amazon ,and there i came upon a book called "unix secrets "
do you recommended ,and if you can ,where can i find the book a little bit
cheaper ?are unix systems still as common s they were before NT ?
[Editor: To tell you the truth, I've never read it. As a matter of policy, the
only books I'll recommend without having read them are the O'Reilly books. As
far as cheaper than amazon... shipping to Israel is going to be the killer. I
don't really know of anywhere that'll be cheaper... I get most of my books
from one of the book sellers at computer shows here in NY... that won't
exactly help you. As far as unix systems go... well, there's a lot more of
them, but the percentage has dropped. After all, from basically 100%, there's
no where to go but down. Don't worry, you'll still have plenty of Unix systems
to play on for the next coupla years. Internet Zahav runs Unix, I know both
netvision and netmedia did... although managed a UUCP connection that was
kinda neglected in their merger... I also know that they don't always know
what they have :).]-----------------------------------------------------------------------
dave bayot mamalias <sammy.15@eudoramail.com> is dumb enough to ask:
PLEASE GIVE ME SOME TIPS/STEPS ON
HACKING.......................................................................
..................................................................[Editor: Ok, go away. Farther. Keep going......]
***********************************************************************
*** On Red Hat (or: why there are so many insecure systems)
***********************************************************************Before I begin, I ought to preface this article by saying that I have nothing
against the Red Hat distribution, per se. In fact, I am well aware that many
of the best additions to Linux make their first appearance in Red Hat, at
least among the mainstream distro's (Red Hat, Debian, Slackware, SuSE). Those
readers who have been in the Linux scene for a while probabaly remember what
the early day installs were like. Slackware, the stereotypical distro
(remember when every book included Slack?) had a smooth install, no bugs or
anything, but there was no install program. You'd boot from a floppy, create a
file system on your HD, mount it, etc. Then some distro's came up with
quasi-graphical (ncurses based installs). I remember when I first tried Debian
1.2 (the first Debian release I used), and I was amazed by the way it walked
me through the install. Of course, incorporating a package manager into the
install was years away, and it just dumped you at a login: prompt when done,
but all the steps until then were done by an intelligent (it checked the
system state, not just a listing) menu system... wow. Things like X, PPP, and
sound (probabaly the three things new users had/have the most trouble with)
were still quite frustrating, especially X, which, I confess, took me over a
year to get working (no, not continously :) ).Then another phase begin. It began subtly, as fvwm95 was released. Then widget
sets to look like 95 came out. Soon, Linux was marketing itself (yes, I know
the anthropromorphism is wrong... Linux never marketed itself) to the
point-and-click 95 crowd. The text based installers catered to those who used
DOS, now, people who have never seen a command line are running Linux. Don't
get me wrong, I think that's really cool... there's no reason you have to
learn DOS before Linux... you can move from the point-and-click world to the
command line enviornment. But these distro's (yes, even Debian has this
failure) aren't doing that. They're presenting a system with more complexity,
more packages, more options than ever before, while requiring less and less
knowledge to use it. Don't get me wrong... I'm not wishing for a return to the
old days (read: 1995) when only wizards and other guru's could install a
system. But if we provide all these tools, which include a lot _more_ possible
security risks than the earlier versions, and at the same time, our users are
knowing less... isn't that why there are so many systems out there with
dozens, if not literally hundreds, of open ports out there, waiting to be
exploited? The new automatic package selections can be a huge time saver...
but does anyone else remember the rule of never installing anything unless you
know what it does? A home machine that gets it's email via a program like
fetchmail does not require an MTA listening on port 25, least of all the
infamous sendmail? So why not just install procmail and be done with it? Why
should telnetd be listening for connections by default? Especially if a system
has to connect to the internet to download packages... why is it left in an
insecure state until _after_ the install is finished? If we want to broaden
the Linux market, the worst thing we can do is allow people to start by
running a buggy system. How popular will Linux be after people's personal data
is stolen time after time? Remember, a poorly secured Linux system is much,
much, much weaker than an out of the box Windows 98 install. It might be
better than NT, but NT doesn't run on home machines... Linux does now. So
maybe we need to start comparing it not just as a server platform, but as a
home use platform. Do these distro's really offer a balanced mix of safety and
usability?