=== _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === _Julien3 [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === truz24 [n=truz24@12-203-70-118.client.insightBB.com] has joined #ubuntu-server === |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server [04:04] before I go to bed I'd like to join Ubuntu Server Team 'cause I'm a sys&net admin in a little network (only 500 hosts and 12 servers) and a student in network engineering... are there any requirements? [04:06] anyhow, good night here too ;) === _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === ealden [n=ealden@203.76.211.154] has joined #ubuntu-server === |JulienH| [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === soumyadip [n=soumyadi@59.93.198.75] has joined #ubuntu-server === allee [n=ach@dialin-145-254-255-010.pools.arcor-ip.net] has joined #ubuntu-server === hunger [n=tobias@p54A63906.dip0.t-ipconnect.de] has joined #ubuntu-server === thefish [n=thefish@unaffiliated/thefish] has joined #ubuntu-server === lbm [n=lbm@x1-6-00-13-10-7a-d1-e4.k233.webspeed.dk] has joined #ubuntu-server [10:22] Hi, I had a look at ServerTestingTeam. Looks like no ServerTestingTeamTemplate yet. :( [10:27] Is it okay to add something like ServerHardware/SunGalaxy ServerHardware/SunGalaxy/X4100 ServerHardware/SunGalaxy/X4200 ditto for DellPowerEdge that are more like a linux on laptop pages? I.e. a page that contain known issue. tools, tips links to other links pages in Web? === spike_ [n=spike@81-179-124-253.dsl.pipex.com] has joined #ubuntu-server === spike_ is now known as spike === ealden [n=ealden@ipdial-165-145.tri-isys.com] has joined #ubuntu-server === ubijtsa [n=ubijtsa@karlsson.force9.co.uk] has joined #ubuntu-server [01:27] 'lo ubijtsa [01:48] lo spike [01:48] how do you do man? [01:49] not bad.. WFH today, and trying to do some of the stuff remotely is a pain [01:51] ubijtsa: like? [01:52] running mozilla over a reverse ssh tunnel [01:53] no vpn/vnc? [01:53] nope [01:54] not to the network I need to access === _JulienH_ [n=JulienH@tru75-2-82-67-204-235.fbx.proxad.net] has joined #ubuntu-server === truz24 [n=truz24@12-203-70-118.client.insightBB.com] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === hunger [n=tobias@p54A606EE.dip0.t-ipconnect.de] has joined #ubuntu-server [03:39] ubijtsa: reverse ssh tunnel? === rebugger [n=hannes@p54B4F8F7.dip.t-dialin.net] has joined #ubuntu-server === rebugger [n=hannes@p54B4F8F7.dip.t-dialin.net] has left #ubuntu-server ["Leaving] [04:09] thefish: yeah, you ssh from box1 to box2 with something like "while true; do ssh box2 -R 2222:localhost:22 'while true; do echo -n . ; sleep 60; done'; done" [04:10] on box2 you can then do 'ssh -p 2222 localhost' and connect back through the ssh tunnel to box1's ssh port [04:11] poor mans vpn like :) [04:11] speaking of, what's going on with openssh vpn? [04:11] what benefit does it give over just normal ssh? [04:12] to run moz, i would just ssh -X box2 [04:12] there's been much rumor about it, but I've never seen anybody actually doing it [04:12] thefish: firewall filtering on port 22? [04:12] thefish: if box1 is masqueraded, you can't get to it directly [04:12] ;) [04:12] ssh -X -p2222 box2 [04:13] mkay [04:13] in my case, box1 is at work, and box2 is at home. [04:14] apparently with openssh 4.x you can do real vpns, but I couldnt find much about it :/ [04:14] I can't ssh into box1 from the net, as it is behind firewalls and NAT, but I can ssh from box1 to box2 :) [04:14] one more reason to block outgoing/incoming ssh connections. :/ [04:15] morrow: hence why my sshd don't run on standard port [04:15] ubijtsa: if you have the money you can also check port 80/443 connects and break the ssl stream. :) [04:15] uh? [04:16] morrow: that's the type product I do QA on [04:16] how would you do that without mouting a MITM attack? [04:16] ubijtsa: which one? tommy ssl? [04:16] spike: it is a MITM attack, your clients need the CA of your SSL Proxy [04:16] spike: transparent proxying/routing/bridging [04:17] some companies are willing to go this way [04:17] morrow: McAfee SCM [04:17] ubijtsa: Ahh [04:17] morrow: that was the point, if client isnt cluesless it'll spot the MITM [04:17] ubijtsa: uh, how? I dont see how that's gonna prevent that [04:17] spike: when you as an employee get told that all traffic is intercepted, what choice you have? [04:17] and I think this has been debated beyond the flame limits on any sec list :) [04:17] spike: well.. if your clients are not within your adminstration you shouldn't do such bad things. :) [04:18] as in, you either enforce it with policies or nothing, technically u cant stop it [04:18] one way of preventing IM on a corporate lan is to forbid CONNECT through proxies on http traffic [04:19] ubijtsa: yes, but then employers wont be able to use any https, and that's not reasonable for quite a few places [04:19] even for work purposes, as in they need to access customers' stuff and so on [04:20] spike: that is where URL filtering comes in [04:20] spike: trust me, there has been *loads* of work gone in to these products, and they mostly work so well you don't know they are in the way [04:20] ubijtsa: ok, so you basically restrict connect to a few websites [04:21] spike: or allow and log [04:21] ubijtsa: I do believe you, I'm just curious :) [04:21] then when you have stats, you start blocking or coaching [04:21] sure sure, again, I thought you could "technically" stop it, which is something I was pretty sure you couldnt do [04:22] not without breaking the ssl streams... [04:22] without stuff like the aforementioned MITM like setup, which a smart employer would detect [04:22] as a non smart one isnt gonna ssh tunnel home imho [04:23] one way to detect if your traffic is filtered is for downloads.. [04:23] the larger the download, the longer it takes before you get any data at all, as the AV scanners need big blocks (or whole file) to work with [04:38] ubijtsa: if you work for mcafee, how about asking some developers to relase a daemon version of uvscan? :) [04:39] hehe.. I could ask.. :) [04:39] I sit not far from the guys that wrote LinuxScan [04:40] but that project been idle/dead for ages [04:40] hmm :/ [04:41] there is *some* scanner available for linux, but I have to check who is writing it, so I direct feature requests to the right people [04:41] I can do that on monday [04:42] well currently its uvscan. but this is only a command line scanner without daemon option [04:43] ubijtsa: that would be great, please keep me posted. :) [04:44] morrow: I'll have a chat with them. I can see the usefullness of it (clamav/ clamsmtpd) so I'll see what I can do. [04:46] it could be a political thing... because the uvscan is licensed based on servers, smtp scanning usualy is per user [04:47] had this issue this week with sophos and kaspersky... even if you use the filescanber you have to licence it as SMTP gateway. :/ [04:47] filescanner.. [04:48] aye.. [04:48] right, have to change a nappy now === ubijtsa [n=ubijtsa@karlsson.force9.co.uk] has joined #ubuntu-server === ealden [n=ealden@203.76.211.155] has joined #ubuntu-server === Bluekuja [n=bluekuja@228-2.mxp.dsl.internl.net] has joined #ubuntu-server === soumyadip [n=soumyadi@59.93.244.143] has joined #ubuntu-server [08:49] ubijtsa: hey, you around? [08:51] spike: in a fashion [08:52] why? [08:54] ubijtsa: I'm trying to work out a way to get to birmingham that wont cost me a fortune... [08:54] where from? [08:54] tmoz I wanted to go to some place.. took it easy... it turned out that sing was gonna cost me 100 pound... couldnt believe it [08:54] brighton [08:55] I'm not gonna go of course... I cant affor 200 pound for a 2 days thingie... [08:55] brighton to brum, cheapest way ought to be train.. [08:55] I'm fskcing astonished... it's not even a long route... damn, by car it's something shouldnt take u more than 4 hrs and, uhm, 70 quid roundtrip? [08:56] spike: I can do it for about that round trip yeah [08:56] but that pre-supposes you have a car :) [08:56] so wtf it's gonna take 6 hrs and 200 quid round trip!? grrrr [08:57] 6hrs one way, tho, so was for 4 above [08:57] damn [08:57] public transport in UK is a joke.. everyone knows that :) [08:57] do u know liftshare.com? [08:58] hitchhiking a ride might be the only solution... I really cant spend that amount of money... [08:58] from liverpool it's "only" 30 quid... was looking if there was any way to fly cheaply from gatwick, but apparently there isnt :/ [08:59] nah.. car-share, hiking with lorries etc is cheaper, but not as safe [09:01] right, I have a few things to test.. so will be offline for a while.. [09:01] k, ta, c ya [09:11] Toadstool: the requirements for joining the team are a reasonably consistent history of contribution to the project. [09:11] Toadstool: things like help with bugs, release testing, or helping out here and on the ML. === ubijtsa [n=ubijtsa@karlsson.force9.co.uk] has joined #ubuntu-server [09:48] neuralis: ok no prob', i'll try to do my best :) [09:48] Toadstool: great, look forward to having you join soon! === allee [n=ach@dialin-212-144-132-001.pools.arcor-ip.net] has joined #ubuntu-server === ealden [n=ealden@203.76.212.190] has joined #ubuntu-server === bpuccio [n=brian@ool-457a9c38.dyn.optonline.net] has joined #ubuntu-server