network issue

Bit Twister wrote:
[color=blue]
> On Sat, 16 Aug 2008 13:02:45 -0700, Eric wrote:
>[color=green]
>> ping wgf1 will ping an internet host somewhere out there and not my
>> system host
>> host mypersonaldomain.net will return the address of some internet
>> company out there and not my system
>>
>> The system is acting like /etc/hosts is being ignored[/color]
>
> Just for fun, put a # in front of your search line in /etc/resolv.conf,
> save, and try the ping -c1 wgf1 again.
> Do remember to remove the # on the search line.[/color]

ping works ok if i have no search line or if it says search localhost
host command always shows the foreign host

Bit Twister wrote:
[color=blue]
> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
>[color=green]
>> My local network, being on 192.168.x.x behind a router (and a cable
>> modem) is address isolated from the internet. If my neighbor is on the
>> same 192.168.x.x address and behind a router and cable modem it matters
>> not a bit and I'll never be able to resolve any host on his network. e.g
>> ping joe.whatever.net wont ever return a 192.168.x.x address.[/color]
>
> That is correct, ISP gateway is supposed to drop 192.168.x.x address.
>[color=green]
>> # cat /etc/host.conf
>> order hosts,bind
>> multi on
>> nospoof on[/color]
>
> Figured that was ok, still waiting for
>
> cat /etc/sysconfig/network
> and hostname --fqdn
>
> results.[/color]
# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=wgf1.mypersonaldomain.net
#hostname --fqdn
wgf1.mypersonaldomain.net

Bit Twister wrote:
[color=blue]
> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
>[color=green]
>> My local network, being on 192.168.x.x behind a router (and a cable
>> modem) is address isolated from the internet. If my neighbor is on the
>> same 192.168.x.x address and behind a router and cable modem it matters
>> not a bit and I'll never be able to resolve any host on his network. e.g
>> ping joe.whatever.net wont ever return a 192.168.x.x address.[/color]
>
> That is correct, ISP gateway is supposed to drop 192.168.x.x address.[/color]

Do you agree with my statement that:
"If joe pings joe.whatever.net it will *always* return the 192.168.x.x
address of joes system and not my system of 192.168.x.x"

[color=blue]
>[color=green]
>> # cat /etc/host.conf
>> order hosts,bind
>> multi on
>> nospoof on[/color]
>
> Figured that was ok, still waiting for
>
> cat /etc/sysconfig/network
> and hostname --fqdn
>
> results.[/color]

On Sun, 17 Aug 2008 00:58:31 -0700, Eric wrote:[color=blue]
> Bit Twister wrote:
>[color=green]
>> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
>>[color=darkred]
>>> My local network, being on 192.168.x.x behind a router (and a cable
>>> modem) is address isolated from the internet. If my neighbor is on the
>>> same 192.168.x.x address and behind a router and cable modem it matters
>>> not a bit and I'll never be able to resolve any host on his network. e.g
>>> ping joe.whatever.net wont ever return a 192.168.x.x address.[/color]
>>
>> That is correct, ISP gateway is supposed to drop 192.168.x.x address.[/color]
>
> Do you agree with my statement that:
> "If joe pings joe.whatever.net it will *always* return the 192.168.x.x
> address of joes system and not my system of 192.168.x.x"[/color]

Yes.

On Sun, 17 Aug 2008 00:44:22 -0700, Eric wrote:[color=blue]
>
> ping works ok if i have no search line or if it says search localhost[/color]

Just for fun, modify /etc/hosts
127.0.0.1 localhost.localdomain localhost
127.0.0.1 wgf1.mypersonaldomain.net wgf1

set your search mypersonaldomain.net

ping -c1 wgf1


Looking at ping
$ strings /bin/ping | grep gethostby
gethostbyaddr
gethostbyname

I would have expected ping to call gethostbyname with wgf1
The resolver would add mypersonaldomain.net because of the
search mypersonaldomain.net
and look for wgf1.mypersonaldomain.net in /etc/hosts
and return 127.0.0.1 to ping.
[color=blue]
> host command always shows the foreign host[/color]

And always will. DNS resolution tools, host, nslookup, dig... will
ignore /etc/hosts and use a DNS server.

Your options, worst to best choice.
1 pick another unregistered domain name :(
2 install bind, use opendns DNS servers (208.67.222.222 208.67.220.220)
as forwarders.
3 change .net to .invalid or .test
4 registered a domain name. :-)

On Sat, 16 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
<op.ufz910r7a3w0dxdave@hodgins.homeip.net>, David W. Hodgins wrote:
[color=blue]
>The problem with making up names, even if you check to ensure they are
>not currently in use, is that they may be registered in the future.[/color]

Hence RFC2606.
[color=blue]
>Even if you pick an invalid top level domain, that tld may someday
>become valid.[/color]

By next spring, businesses and other organizations will be able to
apply for any top-level domain they can possibly think of, like
arstechnica.awesome or google.thegoogle. Joking aside, the Internet
Corporation for Assigned Names and Numbers (ICANN) voted today in Paris
on a measure that significantly expands the scope of generic Top Level
Domains (gTLDs), allowing organizations to apply for almost any domain
suffix they can dream up.

Up until now, the rules for TLDs are rather strict and tightly
regulated. Beyond the typical .com, .net, and .org, there are only a
handful of others TLDs that IP addresses can be registered under,
including .tv, .biz, .mobi, and .us. Thanks to today's unanimous vote,
however, the list of possible options will skyrocket. "What we're
effectively doing is opening up huge amounts of online real estate,"
ICANN president and CEO Paul Twomey told the Wall Street Journal before
the vote took place.

Late June 2008. The up-side for ICANN is that they will charge huge
amounts of ca$h for allowing you to create your own vanity TLD. The
down-side is that every freakin' id10t in the world knows that all
hostnames begin with 'www.' and end with '.com'. For those wondering
what TLDs exist now, see [url]http://www.iana.org/domains/root/db/[/url]

Old guy

On Sun, 17 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
<S9Mpk.12732$JM.5021@newsfe16.ams2>, Aragorn wrote:
[color=blue]
>Well, one of the great things about UNIX systems and GNU/Linux in
>particular is that the system itself is already so secure out of the
>box that a serious system administrator doesn't have any difficulty at
>all at keeping the system secure enough.[/color]

Running *nix is not a magic bullet that makes you immune from all of
the nasties out in the world. Anyone can screw up just about anything
because nothing is fool proof, and they keep inventing improved fools
every day.

In the mid-1990s, the average open mail relay was an out-of-box Linux
system, usually running Red Hat or Caldera (Mandrake didn't come along
until 5.1 released in July 1998). Why? Because the default installs
included sendmail configured to be a relay. That's obviously changed.
[color=blue]
>For instance, there's that whole firewall thing. For someone running
>GNU/Linux on a box that's connected to the internet via a simple enduser
>client connection, there's no need to run a firewall at all.[/color]

Depends what the system is running. A basic workstation - I'm inclined
to agree with you. The "install everything!!!111" setup beloved by the
eleet wanna-be's - quite another situation.
[color=blue]
>A system that's properly set up and that disallows root logins -
>especially remote ones - is secure enough.[/color]

This goes along the ideas of an OpenBSD model, and Theo's mantra that
no OpenBSD box has ever been hacked (sic) in an out-of-box condition.
That may be true, but the reason is simple - even if you install
everything, no servers are enabled, and in order to get them working
you first have to find out how to enable them. It's the same thing as
saying that MS-DOS 3.3 was absolutely immune to network attacks as
installed.
[color=blue]
>I've been running GNU/Linux since late November 1999, and I only got an
>internet connection as of April 2000. I've never set up a firewall -
>although I have used /iptables/ to set up NAT and PAT - and I've never
>had any problems with malware or anyone trying to break into my system.[/color]

Let's just say that my Linux experience goes back to the early 1990s,
and I've been using various forms of UNIX for over a decade before that.
No one trying to break in - what, not running sshd on port 22? ;-)
[color=blue]
>It's just that most users here come from the Windows world and some may
>even still be using Windows alongside GNU/Linux. Windows is flawed by
>design, and thus the experience with Windows makes people think that
>they are exposed to the same kinds of threats in GNU/Linux that they
>were exposed to in Windows.[/color]

Let's face it - VERY FEW Linux users have had _any_ training in the
operating system. Thus, they are going with the flawed experience that
they do have - which means windoze.
[color=blue]
>And sadly enough, distromakers like Mandriva don't do anything to
>discourage this misconception. If anything, they're actually feeding
>it.[/color]

When I started learning UNIX, it was six months before I realized who
this 'root' user was. It was close to a year before I got limited
access to some privileged commands - the equivalent of 'sudo' or
'su -c', and about 18 months before I got a root password. Even then,
I was terrified that I'd screw up, and fumble-finger some command which
would bring the entire system crashing down about me, and the users
would be running about with torches and pitch-forks looking for me.
Today, (with the exception of Ubuntu and clones) root is the first
account a new user gets access to. For a system that the unskilled
gain access to with no training/skills - what can you expect?

Old guy

Bit Twister wrote:
[color=blue]
> On Sun, 17 Aug 2008 00:58:31 -0700, Eric wrote:[color=green]
>> Bit Twister wrote:
>>[color=darkred]
>>> On Sat, 16 Aug 2008 17:14:12 -0700, Eric wrote:
>>>
>>>> My local network, being on 192.168.x.x behind a router (and a cable
>>>> modem) is address isolated from the internet. If my neighbor is on the
>>>> same 192.168.x.x address and behind a router and cable modem it matters
>>>> not a bit and I'll never be able to resolve any host on his network.
>>>> e.g ping joe.whatever.net wont ever return a 192.168.x.x address.
>>>
>>> That is correct, ISP gateway is supposed to drop 192.168.x.x address.[/color]
>>
>> Do you agree with my statement that:
>> "If joe pings joe.whatever.net it will *always* return the 192.168.x.x
>> address of joes system and not my system of 192.168.x.x"[/color]
>
> Yes.[/color]
so then it should matter, (except for masking) what name you choose to use
on private network. This is why winders users get away with picking any 8
letter name they like.
Anyway, i have this fixed now - for good.
The guy who bought all those domain names only owned my (the one i was
using) domain for 5 days, today he dropped it (go figure). I registered it
in my name and thats the end of that:-)
Eric

On Sun, 17 Aug 2008 13:55:20 -0700, Eric wrote:

<snip>

[color=blue]
> so then it should matter, (except for masking) what name you choose to
> use on private network. This is why winders users get away with picking
> any 8 letter name they like.[/color]

<snip>

Not exactly. The "8 letter name" is not a "domain name", but rather a
"netbios name" for the computer. A "domain name" ( IP type not an active
directory domain ) must be setup elsewhere, as in the networksetup/TCPIP
properties.


--
BOFH excuse #106:

The electrician didn't know what the yellow cable was so he yanked the
ethernet out.
----------------------
Mandriva Linux release 2008.1 (Official) for x86_64
2.6.24.7-server-1mnb AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
----------------------

On Sunday 17 August 2008 22:23, someone identifying as *Moe Trin* wrote
in /alt.os.linux.mandriva:/
[color=blue]
> On Sun, 17 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in
> article <S9Mpk.12732$JM.5021@newsfe16.ams2>, Aragorn wrote:
>[color=green]
>> Well, one of the great things about UNIX systems and GNU/Linux in
>> particular is that the system itself is already so secure out of the
>> box that a serious system administrator doesn't have any difficulty at
>> all at keeping the system secure enough.[/color]
>
> Running *nix is not a magic bullet that makes you immune from all of
> the nasties out in the world. Anyone can screw up just about anything
> because nothing is fool proof, and they keep inventing improved fools
> every day.[/color]

Well, I tend to agree with you there on the theory, but let's face it:
GNU/Linux is a de facto secure enough system, and the development
mechanisms of FOSS make it far less prone to bugs or security exploits.
Sure, security flaws do exist, but they're patched relatively soon in
comparison to proprietary software, and particularly compared to
Windows. :-)
[color=blue]
> In the mid-1990s, the average open mail relay was an out-of-box Linux
> system, usually running Red Hat or Caldera (Mandrake didn't come along
> until 5.1 released in July 1998).[/color]

My first distribution was /Linux-Mandrake/ 6.0 PowerPack, with the 2.2.9
kernel, and KDE 1.1.1. :p I installed it on a Pentium II with 128 MB of
first-generation SD-RAM. :-)
[color=blue][color=green]
>> For instance, there's that whole firewall thing. For someone running
>> GNU/Linux on a box that's connected to the internet via a simple enduser
>> client connection, there's no need to run a firewall at all.[/color]
>
> Depends what the system is running. A basic workstation - I'm inclined
> to agree with you. The "install everything!!!111" setup beloved by the
> eleet wanna-be's - quite another situation.[/color]

You would certainly introduce a promiscuity factor there, but let's face it,
enduser connections are usually quite anonymous. In Windows, even an
anonymous connection would be hazardous because Windows itself tends to
phone home, especially since some 85% of all enduser Windows machines is
part of at least one and possibly multiple botnets.
[color=blue][color=green]
>> A system that's properly set up and that disallows root logins -
>> especially remote ones - is secure enough.[/color]
>
> This goes along the ideas of an OpenBSD model, and Theo's mantra that
> no OpenBSD box has ever been hacked (sic) in an out-of-box condition.[/color]

Actually, OpenBSD has been compromised on one and possibly two occasions,
but that was a long time ago. ;-)
[color=blue][color=green]
>> I've been running GNU/Linux since late November 1999, and I only got an
>> internet connection as of April 2000. I've never set up a firewall -
>> although I have used /iptables/ to set up NAT and PAT - and I've never
>> had any problems with malware or anyone trying to break into my system.[/color]
>
> Let's just say that my Linux experience goes back to the early 1990s,
> and I've been using various forms of UNIX for over a decade before that.[/color]

I've had some minor UNIX experience in the early 1990s, but not with root
privileges, and no X Window stuff. I did however (and do still) own a
pocketbook on UNIX and XENIX.

It was actually only by installing GNU/Linux in 1999 that I got hands-on
access to the root account and that I got to be more familiar with the
system.
[color=blue]
> No one trying to break in - what, not running sshd on port 22? ;-)[/color]

Yes, I am, but my network connection is low profile and my ISP blocks almost
all ports beneath 1024 to whatever lies outside of its own subnet. So if I
want to /ssh/ into my machine from anybody else's computer, then this
person would have to have the same ISP as I do.

Officially they do that for security reasons, but the truth is that block
those ports because your internet connection's EULA doesn't cover use as a
publicly accessible server.
[color=blue][color=green]
>> It's just that most users here come from the Windows world and some may
>> even still be using Windows alongside GNU/Linux. Windows is flawed by
>> design, and thus the experience with Windows makes people think that
>> they are exposed to the same kinds of threats in GNU/Linux that they
>> were exposed to in Windows.[/color]
>
> Let's face it - VERY FEW Linux users have had _any_ training in the
> operating system. Thus, they are going with the flawed experience that
> they do have - which means windoze.[/color]

This is why I regret that Mandriva and so many other distributions tend to
cater to those habits and profile GNU/Linux as "a Windows alternative",
instead of profiling it as "a UNIX-like system".
[color=blue][color=green]
>> And sadly enough, distromakers like Mandriva don't do anything to
>> discourage this misconception. If anything, they're actually feeding
>> it.[/color]
>
> When I started learning UNIX, it was six months before I realized who
> this 'root' user was.[/color]

Well, I had read the book - mentioned higher up - first, so I already did
know. :-)
[color=blue]
> It was close to a year before I got limited access to some privileged
> commands - the equivalent of 'sudo' or 'su -c', and about 18 months before
> I got a root password. Even then, I was terrified that I'd screw up, and
> fumble-finger some command which would bring the entire system crashing
> down about me, and the users would be running about with torches and
> pitch-forks looking for me.[/color]

It's silly, but before I used GNU/Linux, I too had that very same feeling
when sitting at a UNIX console. I was constantly afraid that I'd screw up
somewhere and bring the whole system down or something. :-)
[color=blue]
> Today, (with the exception of Ubuntu and clones) root is the first
> account a new user gets access to. For a system that the unskilled
> gain access to with no training/skills - what can you expect?[/color]

A wise man once said that if you treat your customers like idiots, idiots
will be the customers you get... :-)

--
*Aragorn*
(registered GNU/Linux user #223157)

On Mon, 18 Aug 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
<Wu2qk.76047$Q%5.29120@newsfe27.ams2>, Aragorn wrote:
[color=blue]
>*Moe Trin* wrote[/color]
[color=blue][color=green]
>> Running *nix is not a magic bullet that makes you immune from all of
>> the nasties out in the world. Anyone can screw up just about
>> anything because nothing is fool proof, and they keep inventing
>> improved fools every day.[/color]
>
>Well, I tend to agree with you there on the theory, but let's face it:
>GNU/Linux is a de facto secure enough system, and the development
>mechanisms of FOSS make it far less prone to bugs or security exploits.[/color]

But it can't make it impossible for the clueless to screw up. The
separation of ownership of system verses user files makes it more
difficult, but windoze has this as well, and because the windoze user
prefers to log in as administrator, it's useless. But then, people
also log in as root.
[color=blue]
>My first distribution was /Linux-Mandrake/ 6.0 PowerPack, with the
>2.2.9 kernel, and KDE 1.1.1. :p[/color]

I played with MCC Interim Linux, and TAMU, but the first one I was
using was SLS version 1.0something, which also used an 0.99 kernel.
There was no desktop (certainly not in the concept of KDE).
[color=blue]
>You would certainly introduce a promiscuity factor there, but let's
>face it,end user connections are usually quite anonymous. In Windows,
>even an anonymous connection would be hazardous because Windows itself
>tends to phone home, especially since some 85% of all enduser Windows
>machines is part of at least one and possibly multiple botnets.[/color]

With Mandrake 6.0 as a starting point, you should still remember the
'ramen' worm (went after RH6.2 and 7.0 boxes exploiting a pair of holes
in wu-ftpd and rpc.statd in 6.2, and ldp in 7.0), or the 'luckgo' worm
(went after rpc.statd in several distributions). Both holes had been
patched months earlier, but... from section 3 of CERT Summary CS-98.06:

3. Root Compromises

We continue to receive daily reports of sites that have suffered a
root compromise. Many of these compromises can be traced to systems
that are unpatched or misconfigured, which the intruders exploit
using well-known vulnerabilities for which CERT advisories have
been published.
[color=blue][color=green]
>> No one trying to break in - what, not running sshd on port 22? ;-)[/color]
>
>Yes, I am, but my network connection is low profile and my ISP blocks
>almost all ports beneath 1024 to whatever lies outside of its own
>subnet. So if I want to /ssh/ into my machine from anybody else's
>computer, then this person would have to have the same ISP as I do.
>
>Officially they do that for security reasons, but the truth is that
>block those ports because your internet connection's EULA doesn't
>cover use as a publicly accessible server.[/color]

I've also got an ISP like that. The residential accounts are not
allowed to run servers (including identd on 113/tcp). You need only
upgrade to a 'small business' account, and the holes magically
appear. My other ISPs allow 22/tcp, but block the "normal" ports,
like 21, 25, 80, 137-139, 443, 1433, and so on.
[color=blue][color=green]
>> Let's face it - VERY FEW Linux users have had _any_ training in the
>> operating system. Thus, they are going with the flawed experience
>> that they do have - which means windoze.[/color]
>
>This is why I regret that Mandriva and so many other distributions
>tend to cater to those habits and profile GNU/Linux as "a Windows
>alternative", instead of profiling it as "a UNIX-like system".[/color]

Most users would be unable to cope with anything more complicated.
That is why the Gnome and KDE desktops developed administrative
helper tools.

Old guy