hi
please give us more info as even client side also you will require nating or
public IP address so can you elaborate your case.
as this is possible vpn with nating will work fine, If you are not using new
kernel then you have to have port forwarding mechanisam
other wise this will not work through nating.
so please give more details about your network.
nici
>From: Devdas Bhagat <dodobh(a)nettaxi.com>
>Reply-To: linuxers(a)mm.ilug-bom.org.in
>To: linuxers(a)mm.ilug-bom.org.in
>Subject: [ILUG-BOM] Re: VPN with two invalid IPs
>Date: Sat, 13 Apr 2002 12:49:36 +0600
>
>+++ Amish Mehta [01/04/02 17:46 +0530]:
> > Hi,
> >
> > I want to connect my home and office computers(atleast share files,
> > full TCP/IP would be best). But the problem is both computers
> > have invalid IPs 172.16.x.x and I do not have control over gateways to
>The invalid IP range will not be a problem. Just ensure that they are in
>different subnets.
>At least one of the systems will need a static IP address.
>Run the VPN server on this system. The other system will act as a client.
>
> > setup VPN(one on in2 cable network, other on star cable network). I
> > can keep both computers on 24 hrs, having access to internet via
> > their local gateways. But I do not know how they will find each other.
>One of them needs a static IP address,
>
> > Currently I manually email and download files but is there a way I
> > can actually FTP to and fro?
>I would recommend scp actually, but you need the VPN first.
>
>Devdas Bhagat
>--
>People are very flexible and learn to adjust to strange
>surroundings -- they can become accustomed to read Lisp and
>Fortran programs, for example.
>- Leon Sterling and Ehud Shapiro, Art of Prolog, MIT Press
>_______________________________________________
>http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
>
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
Hi,
Can you give us the official link? Or you managed to get it from
your cablewala?
Thanks.
Amish.
Trevor Warren wrote:
>--> Luggers..this is the CyberRoam software that has
> http://www.qmailtheeasyway.com/rel/
Devdas Bhagat wrote:
> >+++ Amish Mehta [01/04/02 17:46 +0530]:
>> Hi,
>>
>> I want to connect my home and office computers(atleast share files,
>> full TCP/IP would be best). But the problem is both computers
>> have invalid IPs 172.16.x.x and I do not have control over gateways to
>The invalid IP range will not be a problem. Just ensure that they are in
>different subnets.
>At least one of the systems will need a static IP address.
>Run the VPN server on this system. The other system will act as a client.
Yes IPs are static but NOT valid. I think you mean valid and not
static. Btw I dont think different subnet is required as far as I
can route IP packets to VPN interface. The problem is I dont have
control over gateways(who masquerade my packets) so I cannot setup
simple forwarding to VPN.
Amish.
Sometime on Apr 12, Jeremy Zawodny assembled some asciibets to say:
> You can try crashing mine ('jzawodn'). I should have debug version of
> the official client that will help out here.
Well, I can't do that because I can't login anymore - YPSN2 isn't
supported.
--
It's hard to drive at the limit, but it's harder to know where the limits are.
-- Stirling Moss
>> However, it can be immune to a passive attack, i.e. simply listening
>> to communications go back and forth. To break it one would need to
>> reverse-engineer the Yahoo program.
>
> Not necessarily. Just a thought - the libcrypto library being used is
> free software, so why not just restrict our tracing to what goes into
> and what comes out of MD5_* functions. That should give us a fair idea
> of how the hash is being generated. I've done a preliminary analysis,
> and judging by the number of calls to MD5_Update, I'm guessing that this
> is almost identical to how pam generates passwords. What's the
> probability that yahoo would use the same tried and tested algorithm
> rather than develop their own?
Hmm.. if they're using libcrypto then I suppose it should be possible
to trace it and break the protocol... basically catch the stuff before
it gets hashed! Could you send me details of your analysis?
Since Yahoo's been deliberately trying to kill clones, I'd assumed
they'd used some kinda statically linked crypto functions... something
fairly trivial to do.
Ok, for those who've been following the thread, here's an update from my
side.
NOTE: Throughout this explanation, ctx, ctx1, ctx2, ctx3 ... are md5
contexts, final and final2 are md5 data arrays (unsigned char[16])
the same variable name refers to the same variable always ie, scope of
variables is this mail.
1. Yahoo uses the exact same algorithm as pam does to generate MD5
passwords.
You can get the source for this from the pam package. Look in
modules/pam_unix/md5_crypt.c:MD5Name(crypt_md5)()
There is only one minor change that does not affect the outcome of the
code, and that is the calls to MD5_Update with ctx1 happen before the
calls to MD5_Update with ctx (if you see the code, it'll make more
sense, or I can explain then).
2. There are four more calls to the MD5 library. The first does this:
MD5_Init(&ctx2);
MD5_Update(&ctx2, passwd, strlen(passwd));
MD5_Final(final2, &ctx2);
MD5_Init(&ctx3);
MD5_Update(&ctx3, str, strlen(str));
MD5_Final(final2, &ctx3);
str is obtained by appending/prepending something to the username. That
something is 49 bytes in length.
The last two calls are:
MD5_Init(&ctx4);
MD5_Update(&ctx4, str2, strlen(str2));
MD5_Final(final2, &ctx4);
MD5_Init(&ctx5);
MD5_Update(&ctx5, str3, strlen(str3));
MD5_Final(final2, &ctx5);
str3 is also derived from the username, again with a 49 byte string
appended/prepended to it.
str2 seems to be 34 characters in length always.
This data was obtained through statistical analysis of function calls.
We still haven't determined what the actual contents of str, str2, str3
or the salt are. Once we have this, I believe we will have cracked it
completely.
If anyone wants to figure it out, you have to somehow get the data
that's being passed to MD5_Update.
The first call is the password, the second call is with str. You need
to figure out how str is derived.
The next three calls are password, magic ($1$ I think), salt (8 chars).
The next three are password, salt, password.
Try and figure out how salt is derived, and if magic is different from
$1$, what is it? Is it constant across calls?
Then, look at the last two calls to MD5_Update - calls number 3536 and
3537. No 3536 seems to be constant, but someone will have to confirm
this. No 3537 is derived from the username. Figure out how.
Philip
--
Spock: We suffered 23 casualties in that attack, Captain.
Hi,
> What do you think we're trying to do? The official yahoo client uses an
> MD5 Challenge/Response pair that is near impossible to crack.
I don't know anything about the Yahoo protocol etc. But speaking from
a purely cryptographic stand point, this protocol necessarily has to
be crackable. In the absence of an external key (i.e. one entered by
the user) there is no way to prevent one program from imitating
another.
However, it can be immune to a passive attack, i.e. simply listening
to communications go back and forth. To break it one would need to
reverse-engineer the Yahoo program.
> If you can, please help.
If it is legal to do it, I can try to disassemble and reverse-engineer
the Yahoo protocol.
> Get a packet sniffer (I think you already have one),
tcpdump?
> and start working on the authentication part. Look for tcp connects on
> port 5050 from your machine with the PUSH flag set to 1.
Regards,
Vinay <vinay(a)vinaypai.com>
-----Forwarded Message-----
From: Dr Deepak B Phatak <dbp(a)it.iitb.ac.in>
To: all(a)it.iitb.ac.in, faculty(a)cse.iitb.ac.in
Subject: GNU/Linux Indianization
Date: 06 Apr 2002 02:08:36 +0530
Dear ALL
With regard to this important topic, an event is being organized in KReSIT
on 9th April. I have given the details in the enclosed write up. Those of you
interested in this work are most welcome. Equally important is to ensure
that enthusiastic students interested in this area should also participate.
But I have no direct way to reach them in this short time. Could I therefore
request you to forward this mail to students of your department. Also, I would
like to request LUG member(s) from KReSIT to advertise this event amongst
the GNU/Linux community.
Thanks
- dbp
------------------------------------------------------------------------------------------------
Currently, there is a lack of a good software system which can handle
Indian languages. There are a few Multi-lingual office productivity
tools. But this is far from the full range of tools that make a computer
useful. Till now, work in this field has involved disparate groups,
working in isolation, developing closed products. These products
have not gained popularity, and lack inter-operability. Since most of
the products developed today are closed source, we cannot modify them
to support all the functionality required by computers to work comfortably
in and with Indian Languages.
We believe that the solution lies in Free Software, like GNU/Linux, which can
be customized to support Indian languages. Free Software has the
advantage of outliving any one team of developers, and of collaborative
development, where people build on each other's strengths to arrive
at a superior product. This effort will gift us with our own operating
system, capable of dealing with Indian languages, and guarantee our freedom
of use.
>From various discussions with Dr Mudur, I have come to realize that
Indian languages are immensely difficult to represent on computers,
since they are phonetic, and not linear (like English). Yet, it is
widely believed that the problem is not of a technical nature
but a project management failure. There is enough talent in India to
give us an Indian Language UNIX, one which can finally take computing
to the masses.
To initiate some concerted action in this direction, the School of IT
proposes to organize a short talk (as per schedule below) followed
by a discussion. The talk will cover the basic issues in localization,
and what is the current status of Indianization in GNU/Linux. We also
plan to collect details and status of as many efforts as can be
culled out from the audience. This, of course, would be an on going process.
Venue: 3rd floor classroom, KReSIT, IIT Bombay.
Day and Date: Tuesday, 9th April
Time: 16:00 Hrs.
ALL INTERESTED, irrespective of department and Institutional affiliations
are most welcome to participate. To permit effective handling of logistics
concerning tea and snacks, I request to send an email with subject
"will attend on 9th" (message text may be just blank) to any one
of the following:
sameerds(a)it.iitb.ac.in
vikram(a)mayin.org
dbp(a)it.iitb.ac.in
Thanks
- Deepak
----------------------------------------------
Dr. Deepak B Phatak
Subrao Nilekani Chair & Head
Kanwal Rekhi School of Information Technology
Indian Institute of Technology Bombay
Mumbai 400 076, India
Phone: (Off) +91 22 5767900/01/02
(Res) +91 22 5768747, 5724611
Fax: +91 22 5720022, 5723480
email: dbp(a)it.iitb.ac.in
----------------------------------------------
--
MTech Student,
Reconfigurable Computing Lab, Hostel 2, Room 76
KReSIT, IIT-Bombay.
Internal: 5602
Phone: 5767901 extn 5787 External: 5720023, 5721006
or 5722545 extn 5787 5720064
-----------------------------------------------------------------
Compare thinking about doing nothing and actually doing nothing;
they are distinct enterprises. -- Philip Wadler
-----------------------------------------------------------------
thanks ranjeet,
actually i am using vpop3d with sendmail not with qmail,
i am trying to solve this with sendmail only
gurjit
>Hi gurjit.
>
>Assuming foo.com is your domain for which you want to create a
>catchall
>account ....
>
>
>Create a file as .qmail-default file in your foo.com's mail
>directory.
>(i'm using vpopmail and my directory structure is like
>/home/vpopmail/domains/foo.com/ )
>
> -rw------- 1 vpopmail vchkpw 93 Mar 20 23:23
>.qmail-default
>
>it will have content like
>#cat .qmail-default
>| /home/vpopmail/bin/vdeliverymail ''
>/home/vpopmail/domains/foo.com/bar
>
>
>bar is the default directory(account) in the same foo.com.
>or else u can also use email id in the same file as
>
>&bar(a)foo.com
>
>
>Regards,
>Ranjeet
>
>PS: Also you need to make sure before posting query to give your
>config
>details.
>
>
>
>
>
>
>
>gurjit dhillon writes:
>
> >
> > dear sir,
> >
> > can any one tell me how to configure catchall account in
>vpop3d pop
> > serever.
> >
> > else every thing is working fine, but my catchall a/c is not
>working, it
> > says unkonown users and bounce back.
> >
> > thanks in advance
> >
> > waiting for reply
> >
> > gurjit
>