Berkeley CSUA MOTD:2001:August:05 Sunday <Saturday, Monday>
Berkeley CSUA MOTD
2001/8/5 [Computer/SW/Unix] UID:22007 Activity:nil
8/4     Why is everyone bashing Bush- Bash the dot coms, bash the
        financial anaysts, bash the consultants, bash msft, bash the
        FCC.. bush's role in the whole thing is very small- Presidents
        are very limited in what they can do and I believe he is doing as
        much "good" as anyone else could do. He might be doing it in a
        different way but the "good" is still occuring.
          what the hell is supporting our economy right now- energy,
        construction and governemtn spending- if Bush put restraints on
        these we would be in deap shit.  The is nothing he can do to
        stimulate investment- government IT spending is going up
        substantially but compared to what the private sector was doing
        its small potatoes and more gearer towards larger companies-- ie
        Boeing, EDS, Dyncorp, Lockhead. IS this good -- hell ya as at
        leasts it better than nothing at all. result- flight to
        \_ hi kinney!
2001/8/5 [Recreation/Food, Computer/SW/Security] UID:22008 Activity:high
8/4     What do most bio majors do once they've applied to med school for
        two years on a row and got rejected both times? Do most of them
        just end up in the food service industry like history majors do?
        \_ is the food service industry big enough for english, history, AND
           bio majors?
           \_ Don't forget philosophy, psychology, ethnic studies, women's
              studies, religious studies, mass comm, sociology, and poli sci.
                \_ No. Philosophy majors (unless going to law school), upon
                   graduation, immediately enter an eternal state of
              \_ Soylent green is made of people! You've got to tell them!
                 Soylent green is people!
        \_ I think many apply to med schools in other countries. And I
           got the impression that those doing bad enough to not even
           get into those have already changed majors by that point.
           \_ Agreed
        \_ From what I understand, there are other options for bio majors
           besides med school.  Some go into grad school, some go into
           pharma, and some go into completely different career paths.
           Most of the ones I know, however, ended up in pharma.  -chaoS
2001/8/5 [Computer/Networking] UID:22009 Activity:high
8/4     If I have ADSL service from a company other than PacBell would it
        be possible to disconnect the phone service without loosing DSL?
        \_ it should be, but you can bet that there will be lots of
            trouble with the line in the future.  Techs like to 're-use' pairs
            that dont have 'dial tone' on them.  They can't check for DSL,
            so your line will very likely get inadvertantly cut.
            \_ but if this was true then there would be lots of SDSL-using folks
               unhappy about it. Remeber that SDSL does requires a dedicated
               phone line running to telco's CO.
2001/8/5 [Academia/Berkeley/CSUA/Troll/Kinney] UID:22010 Activity:nil
8/4     Shut the fuck up, kinney
        (latest kinney drivel in /csua/tmp/motd.kinney)
        \_ damn... I just missed it.
2001/8/5-6 [Computer/Networking] UID:22011 Activity:very high
8/5     I've just setup a new firewall at home and I'm looking for a
        tool to test it out. Any recommendations?
        I'm also running a caching DNS server on the firewall and I'd
        like to setup a rule that allows the server to make queries
        and recieve responses but that blocks inbound queries. I can't
        seem to figure out how to do this though as my ipf fu is weak.
        Any suggestions? Thanks.
        \_ you want it so that you can run internal dns, but not have
           external machines able to query your internal dns?  Can you
           run 2 nameservers on your network then?
           \_ Not necessary to run 2 nameservers, that's overkill.  BIND
              has a directive which allows you to specify which servers
              are allowed to query it.  I'll double-check and get back to
              \_ somewhat obviously, the option you want is 'allow-query'.
                 \_ This does not seem to be a supported BIND4 directive.
                    Do you know if there is an equivalent?
                    \_ No, there is no equivalent.
           \_ The caching nameserver handles the nameservice queries for
              the internal nat'ed network. The dns for the public systems
              in the dmz are hanled by my isp.
              In BIND8 you can tell it to bind() and listen() for connections
              on selected ip's on the system system, but I'm stuck running
              BIND4 which doesn't support this feature. Thus I'm trying to
              figure out a ipf rule that will allow me to run caching dns
              while preventing '1337 h4x0r5 from trying to exploit the
              \_ Why are you running BIND4?  There's no good reason to.
                 \_ Okay stuck was a bad choice of words. BIND4 for OpenBSD
                    has been audited while BIND8 has not. I just wanted that
                    extra level of protection and I wanted to avoid having
                    to install /usr/ports on the firewall in order to build
                    BIND8. Anyway it looks like I'm just going to have to
                    install BIND8. Thanks.
                    \_ Okay, let me get this straight.  You're running BIND
                       on your firewall box.  Are you INSANE?!?  If you
                       care about having a secure nameserver, don't run
                       BIND.  Run djbdns (Dan Bernstein's uber-paranoid
                       DNS server).
                       \_ OpenBSD BIND4 is audited. Its not the same as
                          stock BIND4 or BIND8. I thought about djbdns.
                          There are problems with the way that it does
                          recursive queries that break my webcache so
                          I can't use it.
                          As far as the firewall is concerned if udp 53
                          is open on my internal ip but closed on my
                          external ip, external attacks cannot exploit
                          any weaknesses in BIND. This is the level of
                          security I'm looking for. (I case this box is
                          hacked, I've got another with a similar image
                          ready to go, I can just power than one on and
                          switch over while the regular machine is being
                          reimaged from known safe media)
        \_ you could try ShieldsUp! at
           \_ The guy who runs this site is a freak! I don't know
                about the quality of his programs, but I would not
                want to support him.
              \_ why not?  sure, his site looks unprofessional, but you have to
                 respect someone who codes win32 apps in asm.  his denial of
                 service story is good reading too.
        \_ go to click on tools then port scan.
           \_ Thanks, I'll try this out.
        \_ May I reccomend nmapping your site from outside?
           \_ I've performed a TCP connect(), SYN, FIN, Xmas, NULL, and
              a UDP port scan. The only open port that was detected was
              tcp 22 (SSH) and udp 53 so most of my rules appear to be
              working. The bits I want to test are filter input and output
              packets with invalid source and destination addresses. I'm
              a nmap novice and can figure out how to do this. I suppose
              I could just write a raw packet generator, but someone must
              have already wrote one so I'm looking for recommendations.
2001/8/5 [Uncategorized] UID:22012 Activity:nil
8/5     A sucking chestwound is Nature's way of telling you to slow down.
        \_ Real Men(tm) don't use bullets!  Bullets are for pussies!
Berkeley CSUA MOTD:2001:August:05 Sunday <Saturday, Monday>