SEMiSLUG Notes
13 March 2003
Question & Answer Sessions
- 1. UltraDMA/100 on a Dell PowerEdge 600SC under Linux ... how?
- Take a look at hdparm for how to set the IDE controller parameter.
(And make sure you have the right cable.)
- 2. Dummynet/AltQ or NISTnet?
- Stick with the DummyNet stuff for now.
- 3. 1k mail = 50MB sendmail process?!?
- Bad MIME header? Bad resolver? Try to capture one of the messages
and pick it appart. Try forcing the process to dump core and check
the callback stack. Or start a systrace on the running process.
- 4. MLM with good search ability?
- Sympa is fairly good at this.
- 5. WWW proxy auth via NT domain login?
- Buy a NetApp - it does it and it's transparent to IE.
- 6. winbind experience?
- Vendorland seems to want to talk to NT active directories. "I want
to be a client to my active directory; it's the best thing since
sliced spam." None of us are really sure why, however.
- 7. Caching DNS on Windoze - is there one?
- bind is available for Windows, I'm told. Run bind.
- 8. Good digital photo tools that are not Adobe Photoshop.
- Gimp. Other than that, there's a reason Photoshop costs so much.
Look for an older version of Photoshop that someone no longer
needs, perhaps?
- 9. Anyone want to buy a Motorcycle with a GPS mount?
- No. But if you change your mind, see Troy. (Post it on eBay.)
- 10. Got any SOHO-router-with-56k-dial-up-capability recommendations?
- SMC Barricade, but that didn't work. Look for a Dragon (sold
by Linksys a while back). Or Apple's Airport.
- 11. Kokia IP30 comments?
- Nope.
- 11. CommanderX webserver experience?
- It's any RJ45 plug that's a web server. It's an RJ45 on one
side and serial port on the other. It's tiny. It's cool.
- 11. Why does MJO have so many 11's?
- This one goes to 11.
- 11-1/2. Comments regarding Checkpoint DMZ or any firewall along VLAN?
- Checkpoint and Nokia support VLAN.
- 11-3/4. Jobs?
- Post 'em if you're buying, let us know if your selling.
- 11-7/8. Why is there no number 12?
- You are Number 6.
-
Presentation
MJO talks about the recent sendmail hole
Full Disclosure: You find a hole, announce it on Bugtrack, then
update your resume and call yourself a security analyst.
The Office of Homeland Security is playing up how they coordinated
the whole project when, in reality, they did virtually nothing.
"They had a rousing success in sticking their heads in the sand and
not saying anything."
On The Subject Of Anti-SPAM Messures
There aren't any DNS blacklists that are any good. There's no money
for the maintenance, so they tend to be ineffective. (Or worse, they
can be falsely positive.)
Bayesian Filtering
Visit http://bogofilter.sourceforge.net/ for a nice tool.
Rumor & Innuendo (No names, please)
Expect more security advisories soon.