[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] help

Subject: [cobalt-security] help
From: "John Hong" <jhhong98@xxxxxxxxx>
Date: Wed, 27 Feb 2002 04:17:37 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Please unsuscribe.

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of
cobalt-security-request@xxxxxxxxxxxxxxx
Sent: Tuesday, February 26, 2002 7:44 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: cobalt-security digest, Vol 1 #687 - 13 msgs


Send cobalt-security mailing list submissions to
	cobalt-security@xxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	http://list.cobalt.com/mailman/listinfo/cobalt-security
or, via email, send a message with subject or body 'help' to
	cobalt-security-request@xxxxxxxxxxxxxxx

You can reach the person managing the list at
	cobalt-security-admin@xxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cobalt-security digest..."


Today's Topics:

   1. SNMP (John Adair)
   2. Re: SNMP (Jeff Lovell)
   3. Re: SNMP (David Lucas)
   4. traffic question (ICDservers.com)
   5. Re: Updated RPMS for proftpd, imapd and qpopper (Sergio Araujo)
   6. Re: traffic question (Rob)
   7. Re: traffic question (AYoung@Home)
   8. Re: traffic question (Steve Werby)
   9. Re: traffic question (Matthew Nuzum)
  10. Autoreply: Re: [cobalt-security] traffic question
(hostmaster@xxxxxxxxxxxxx)
  11. Re: traffic question (Daniel Neuhaus)
  12. Re: traffic question (Gerald Waugh)
  13. Re: traffic question (AYoung@Home)

--__--__--

Message: 1
From: "John Adair" <J.Adair@xxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Mon, 25 Feb 2002 15:39:17 -0500
Subject: [cobalt-security] SNMP
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

I was wondering if Cobalt is going to put out new SNMP packages for their
products soon?

http://www.cert.org/advisories/CA-2002-03.html

- - -
Opinions expressed do not necessarily represent the views of my employer.

This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone, fax or e-mail to the sender without delay.  Return this
message or delete this message and any attachment from your system as per
our request. If you are not the intended recipient you must not copy this
message or attachments or disclose the contents to any other person.


--__--__--

Message: 2
Subject: Re: [cobalt-security] SNMP
From: Jeff Lovell <jlovell@xxxxxxx>
To: cobalt-security@xxxxxxxxxxxxxxx
Date: 25 Feb 2002 16:23:21 -0800
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

On Mon, 2002-02-25 at 12:39, John Adair wrote:
> I was wondering if Cobalt is going to put out new SNMP packages for their
> products soon?
>
> http://www.cert.org/advisories/CA-2002-03.html

There is verification testing going on with all platforms right now.
There is not threat of remote exploitation as the snmptrapd is not
shipped with the version of snmp on Sun Cobalt appliances.  But as we
all know, that doesn't mean that an exploit cannot be crafted.  There
should be an official update available soon.

There are unsupported RPMS available from:

ftp://ftp.cobaltnet.com/pub/unsupported

But it should be notes that these RPMS will require command-line
modification to the initscript and snmpd.conf file to work properly.

Jeff
--
Jeff Lovell
Sun Microsystems Inc.


--__--__--

Message: 3
Date: Mon, 25 Feb 2002 18:44:49 -0600
To: cobalt-security@xxxxxxxxxxxxxxx
From: David Lucas <david@xxxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] SNMP
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

At 06:23 PM 2/25/2002, you wrote:
>On Mon, 2002-02-25 at 12:39, John Adair wrote:
> > I was wondering if Cobalt is going to put out new SNMP packages for
their
> > products soon?
> >
> > http://www.cert.org/advisories/CA-2002-03.html
>
>There is verification testing going on with all platforms right now.
>There is not threat of remote exploitation as the snmptrapd is not
>shipped with the version of snmp on Sun Cobalt appliances.  But as we
>all know, that doesn't mean that an exploit cannot be crafted.  There
>should be an official update available soon.
>
>There are unsupported RPMS available from:
>
>ftp://ftp.cobaltnet.com/pub/unsupported
>
>But it should be notes that these RPMS will require command-line
>modification to the initscript and snmpd.conf file to work properly.
>
>Jeff
>--
>Jeff Lovell
>Sun Microsystems Inc.


Thank you Jeff.!  We do appreciate you.



--__--__--

Message: 4
From: "ICDservers.com" <info@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Date: Tue, 26 Feb 2002 09:50:31 +0100
Subject: [cobalt-security] traffic question
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

Hi All,

I was wondering if any of you have solved this one yet, as i stil lam
looking for a good option.

The problem is this.

All my hosters get a standard free amount of datatraffic per month, say
1 GB. For normal website hosting this is sufficient, but some of the
hosters generate more traffic and that has to be paid extra. I am now
looking for a tool or whatever that will allow me to track who has
generated how much in a certain month, for billing purposes of course ;)
Also if there is a way to restrict a site to the agreed amount of
traffic ( like the free hosters do ) that would be great.


Anyone any ideas about this ?


Regards,

Peter Broerse
ICDServers




--__--__--

Message: 5
From: "Sergio Araujo" <sergio@xxxxxxxx>
To: cobalt-security@xxxxxxxxxxxxxxx
Date: Tue, 26 Feb 2002 12:29:57 +0000
Subject: [cobalt-security] Re: Updated RPMS for proftpd, imapd and qpopper
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

Greetings,

On 24 Feb 2002 10:50:04 -0500
 Matthew Nuzum <cobalt@xxxxxxxxxxxxx> wrote:
> It's a pity IMAP is based on the UW server at all.  Would LOVE to have a
> robust e-mail server with built in virtual hosting support that will
> authenticate users to non-system accounts.

Actually, you can, with Stalker's CommuniGate Pro. It's not free, though.

This is not an unbiased oppinion, was we found their messaging solution so
good that we decided to resale it, so contact me directly if you'd like some
more information.

--
Sérgio Araújo

3G - NetWorks <sergio@xxxxxxxx>
Projecto Oásis <sergio@xxxxxxxxxxxxxxxxx>
Tel: +351 252 374979 Fax: +351 252 317259
In three words I can sum up everything I've learned about life: it goes on.
(Robert Frost)

--__--__--

Message: 6
From: "Rob" <dillybar1@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 07:42:12 -0600
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

check out Urchin (http://www.urchin.com)   it keeps pretty thorough stats
and will and will
calculate the amount due for each customer.  free demo too i think.

-Rob

----- Original Message -----
From: "ICDservers.com" <info@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, February 26, 2002 2:50 AM
Subject: [cobalt-security] traffic question


> Hi All,
>
> I was wondering if any of you have solved this one yet, as i stil lam
> looking for a good option.
>
> The problem is this.
>
> All my hosters get a standard free amount of datatraffic per month, say
> 1 GB. For normal website hosting this is sufficient, but some of the
> hosters generate more traffic and that has to be paid extra. I am now
> looking for a tool or whatever that will allow me to track who has
> generated how much in a certain month, for billing purposes of course ;)
> Also if there is a way to restrict a site to the agreed amount of
> traffic ( like the free hosters do ) that would be great.
>
>
> Anyone any ideas about this ?
>
>
> Regards,
>
> Peter Broerse
> ICDServers
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security


--__--__--

Message: 7
Date: Tue, 26 Feb 2002 09:06:36 -0500
Subject: Re: [cobalt-security] traffic question
From: "AYoung@Home" <ayoung78@xxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

on 2/26/02 3:50 AM, ICDservers.com at info@xxxxxxxxxxxxxx wrote:

> Hi All,
>
> I was wondering if any of you have solved this one yet, as i stil lam
> looking for a good option.
>
> The problem is this.
>
> All my hosters get a standard free amount of datatraffic per month, say
> 1 GB. For normal website hosting this is sufficient, but some of the
> hosters generate more traffic and that has to be paid extra. I am now
> looking for a tool or whatever that will allow me to track who has
> generated how much in a certain month, for billing purposes of course ;)
> Also if there is a way to restrict a site to the agreed amount of
> traffic ( like the free hosters do ) that would be great.
>
>
> Anyone any ideas about this ?

If memory servers me right you can set bandwith if that's what you want to
do per IP via the Cobalt GUI (Raq4i).

Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
complete.  Of course if you only have 1 IP # then you'll probably not be
able to restrict.

As far as a tracking software or script I'm sure there's something out
there.

aky


--__--__--

Message: 8
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 09:59:55 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

"AYoung@Home" <ayoung78@xxxxxxxx> wrote:
> If memory servers me right you can set bandwith if that's what you want to
> do per IP via the Cobalt GUI (Raq4i).
>
> Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
> complete.  Of course if you only have 1 IP # then you'll probably not be
> able to restrict.

True, but that just limits the throughput rate.  From what I understand, the
original poster doesn't want to throttle the throughput rate, just limit the
total traffic during a month by turning the site off or pointing it to a
special page when that traffic total is reached.  To answer Peter's
question, I don't think you'll find a solution that stops serving up users'
sites when their traffic hits the quota you've set.  If their month to date
traffic is stored in a text file, db, html source code, etc. it would be
fairly easy for a programmer to write a script which looks up that number
and compares it to the quota and takes action.  Whether that action is
sending an email, tracking their overage so you can bill them, pointing
their site pages to a special page, shutting down their email, etc. or some
combination of those another script will be needed to perform the action.
If you wanted to point to a special page for example, the script would need
to modify the Apache config file and run a command to reload the config
file.  Both will require root privileges and so a script run as root from
cron automatically at whatever frequency makes sense (probably nightly) may
be the way to go.  These are the types of software solutions I build for
clients so if you want to discuss with me off-list feel free to contact me
by email or at the # listed on my site.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/



--__--__--

Message: 9
Subject: Re: [cobalt-security] traffic question
From: Matthew Nuzum <cobalt@xxxxxxxxxxxxx>
To: cobalt-security <cobalt-security@xxxxxxxxxxxxxxx>
Date: 26 Feb 2002 10:28:46 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

Hello, what you're doing is probably what I call "high density
hosting".  Lots of low bandwidth sites, in many cases all on the same IP
address.  The common characteristic is that there are lots of sites on
each IP address.

I've thought about this myself, and I'll warn you, inability to monitor
and control bandwidth has put many hosting companies out of business.
However, IP based solutions usually don't work well when you have lots
of sites on an IP.

Unfortunately, your real choices are somewhat limited.  Using the below
option mentioned by AYoung is good if you want to keep your peak
bandwidth under control, but probably won't help you on a per-site
basis.  The throttling mentioned below will keep all sites combined
below a certain point.

What I recommend is saving all of your log files.  That means making a
change to your logrotate scripts (in /etc/cron.daily/logrotate I think)
so that your logs are kept.  Then, get a good (probably commercial such
as webtrends or similar) log processor.  You can then see the bandwidth
used for a site's http traffic.

If you offer e-mail or ftp services, you're going to have to save and
process these logs.  I found a tool a while back on sunsite
(http://metalab.unc.edu) that will convert e-mail log files into common
log format so that it can be processed by standard web log processing
tools.  ProFTP also supports using the same log format as apache, so it
is easily processed.

An option that won't work (probably) but does provide very good reports
is MRTG.  It uses SMTP to poll data from routers ethernet interfaces.
It does reporting on a per IP basis, which once again isn't useful
unless your sites all have their own IP.

Good Luck,
Matt Nuzum

On Tue, 2002-02-26 at 09:06, AYoung@Home wrote:
    on 2/26/02 3:50 AM, ICDservers.com at info@xxxxxxxxxxxxxx wrote:

    > Hi All,
    >
    > I was wondering if any of you have solved this one yet, as i stil lam
    > looking for a good option.
    >
    > The problem is this.
    >
    > All my hosters get a standard free amount of datatraffic per month,
say
    > 1 GB. For normal website hosting this is sufficient, but some of the
    > hosters generate more traffic and that has to be paid extra. I am now
    > looking for a tool or whatever that will allow me to track who has
    > generated how much in a certain month, for billing purposes of course
;)
    > Also if there is a way to restrict a site to the agreed amount of
    > traffic ( like the free hosters do ) that would be great.
    >
    >
    > Anyone any ideas about this ?

    If memory servers me right you can set bandwith if that's what you want
to
    do per IP via the Cobalt GUI (Raq4i).

    Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
    complete.  Of course if you only have 1 IP # then you'll probably not be
    able to restrict.

    As far as a tracking software or script I'm sure there's something out
    there.

    aky

    _______________________________________________
    cobalt-security mailing list
    cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security



--__--__--

Message: 10
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Autoreply: Re: [cobalt-security] traffic question
From: hostmaster@xxxxxxxxxxxxx
Date: Tue, 26 Feb 2002 16:21:28 +0100
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

Bonjour,
Je ne serait pas atteignable la journée du lundi 25 février au vendredi 1er
mars inclus. Votre message sera traité en début de soirée. Vous trouverez
ci-après la liste des contacts directs pour les questions urgentes :
Connections à Internet     : hotline@xxxxxxxxxxxxx
Hébergements/Commercial    : hosting@xxxxxxxxxxxxx
Compteurs/Scripts/Linux    : linux@xxxxxxxxxxxxx
Facturation/Rappels        : lincey@xxxxxxxxxxxxx
Direction                  : borishome@xxxxxxxxxxxxx

Avec mes meilleures salutations,
Infomaniak Network SA
Fabian Lucchi


Your message reads:

Received: from list.cobalt.com (unverified [63.77.128.170]) by
aristote2.infomaniak.ch
 (Rockliffe SMTPRA 4.5.6) with ESMTP id
<B0011668801@xxxxxxxxxxxxxxxxxxxxxxx> for <hostmaster@xxxxxxxxxxxxx>;
 Tue, 26 Feb 2002 16:21:27 +0100
Received: from list.cobalt.com (localhost [127.0.0.1])
	by list.cobalt.com (8.9.3/8.9.3) with ESMTP id HAA05268;
	Tue, 26 Feb 2002 07:17:16 -0800
Received: from ns2.befriend.com ([207.218.238.21])
	by list.cobalt.com (8.9.3/8.9.3) with ESMTP id HAA04799
	for <cobalt-security@xxxxxxxxxxxxxxx>; Tue, 26 Feb 2002 07:01:15 -0800
Received: from satellite (pool-209-158-202-143.rich.east.verizon.net
[209.158.202.143])
	by ns2.befriend.com (8.10.2/8.10.2) with SMTP id g1QExNM26054
	for <cobalt-security@xxxxxxxxxxxxxxx>; Tue, 26 Feb 2002 08:59:23 -0600
Message-ID: <>
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
References: <B8A1009C.73E47%ayoung78@xxxxxxxx>
Subject: Re: [cobalt-security] traffic question
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: cobalt-security-admin@xxxxxxxxxxxxxxx
Errors-To: cobalt-security-admin@xxxxxxxxxxxxxxx
X-BeenThere: cobalt-security@xxxxxxxxxxxxxxx
X-Mailman-Version: 2.0.6
Precedence: bulk
Reply-To: cobalt-security@xxxxxxxxxxxxxxx
List-Help: <mailto:cobalt-security-request@xxxxxxxxxxxxxxx?subject=help>
List-Post: <mailto:cobalt-security@xxxxxxxxxxxxxxx>
List-Subscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>,
	<mailto:cobalt-security-request@xxxxxxxxxxxxxxx?subject=subscribe>
List-Id: Mailing list for users to address network security on Cobalt
products. <cobalt-security.list.cobalt.com>
List-Unsubscribe: <http://list.cobalt.com/mailman/listinfo/cobalt-security>,
	<mailto:cobalt-security-request@xxxxxxxxxxxxxxx?subject=unsubscribe>
List-Archive: <http://list.cobalt.com/pipermail/cobalt-security/>
Date: Tue, 26 Feb 2002 09:59:55 -0500

"AYoung@Home" <ayoung78@xxxxxxxx> wrote:
> If memory servers me right you can set bandwith if that's what you want to
> do per IP via the Cobalt GUI (Raq4i).
>
> Access Server GUI-->Control Panel-->Bandwith (top of page)-->Add, then
> complete.  Of course if you only have 1 IP # then you'll probably not be
> able to restrict.

True, but that just limits the throughput rate.  From what I understand, the
original poster doesn't want to throttle the throughput rate, just limit the
total traffic during a month by turning the site off or pointing it to a
special page when that traffic total is reached.  To answer Peter's
question, I don't think you'll find a solution that stops serving up users'
sites when their traffic hits the quota you've set.  If their month to date
traffic is stored in a text file, db, html source code, etc. it would be
fairly easy for a programmer to write a script which looks up that number
and compares it to the quota and takes action.  Whether that action is
sending an email, tracking their overage so you can bill them, pointing
their site pages to a special page, shutting down their email, etc. or some
combination of those another script will be needed to perform the action.
If you wanted to point to a special page for example, the script would need
to modify the Apache config file and run a command to reload the config
file.  Both will require root privileges and so a script run as root from
cron automatically at whatever frequency makes sense (probably nightly) may
be the way to go.  These are the types of software solutions I build for
clients so if you want to discuss with me off-list feel free to contact me
by email or at the # listed on my site.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security


--__--__--

Message: 11
Date: Tue, 26 Feb 2002 16:45:16 +0100
From: Daniel Neuhaus <cobalt.com@xxxxxxx>
To: Matthew Nuzum <cobalt-security@xxxxxxxxxxxxxxx>
Subject: Re: [cobalt-security] traffic question
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

Matthew Nuzum wrote on 26.02.2002:

> Hello, what you're doing is probably what I call "high density
> hosting".  Lots of low bandwidth sites, in many cases all on the same IP
> address.  The common characteristic is that there are lots of sites on
> each IP address.

There are two tools available for the RaQ to count the transfer:

Musita: http://www.musita.com
TrafficLight: http://www.raqsupport.net/trafficlight.html

I use Musita on two of my servers and it works fine, but unfortunately
it counts only web-transfer.

Regards,
Daniel

--
free backup-solution for your RaQ:
http://www.dnid.de/cobalt/raqbackup/


--__--__--

Message: 12
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] traffic question
Date: Tue, 26 Feb 2002 10:05:09 -0500
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

On Tue, 26 Feb 2002, Steve Werby wrote:
<snip>
> These are the types of software solutions I build for
> clients so if you want to discuss with me off-list feel free to contact me
> by email or at the # listed on my site.
>
hhhmm! sounds like jeff. is that you steve <smile><grin><smile>
ataboy!

--
Gerald Waugh

--__--__--

Message: 13
Date: Tue, 26 Feb 2002 09:25:05 -0500
Subject: Re: [cobalt-security] traffic question
From: "AYoung@Home" <ayoung78@xxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Reply-To: cobalt-security@xxxxxxxxxxxxxxx

on 2/26/02 8:42 AM, Rob at dillybar1@xxxxxxxxxxxxxx wrote:

> check out Urchin (http://www.urchin.com)   it keeps pretty thorough stats
and
> will and will
> calculate the amount due for each customer.  free demo too i think.
>
> -Rob
>
Urchin has a free demo that lasts for 30-days.  Easy pkg install via GUI for
Raq's.  After the 15-days is $495 for 25-sites $295 for each addlt 25-sites.

aky



--__--__--

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security


End of cobalt-security Digest


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Follow-Ups:
- Re: [cobalt-security] help
  - From: Jeff Lasman
Prev by Date: Re: [cobalt-security] traffic question
Next by Date: [cobalt-security] (no subject)
Previous by thread: Autoreply: Re: [cobalt-security] traffic question
Next by thread: Re: [cobalt-security] help
Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index