cdonner's questions

TrustWave has become a little better in accommodating CentOS in their scans - I can now at least select "I have backported software" when I file a dispute. But they are still providing excellent job security by requiring hours of painstaking pointing and clicking on their website every month.

Now to my question. CVE-2016-10009 has not been patched by the RHEL folks, and there is no direct fix available for CentOS. In TrustWave's response to my initial dispute there is this note:

Since this finding affects PCI DSS Compliance, it does need to be confirmed to have been addressed in some fashion. The requirements as listed within the scan report are to upgrade the system or utilize the compensating controls mentioned (such as never loading PKCS#11 modules from paths outside a trusted whitelist (run-time configurable)).

The latest OpenSSH patch has fixes backported up to OpenSSH 7.3 and it is unclear to me if this particular vulnerability will be addressed. The "compensating control" that is mentioned - only allowing whitelisted modules - is exactly the fix that was put in 7.4, so this is not helpful, and the scan report does not list anything.

I am therefore looking for a configuration change that would satisfy the scanner, but I could not find one. Here is a decent explanation of the issue. Is there something that I can do? Disable PKCS#11 altogether?

I connect to a QNap NAS (Ubuntu 4.1.2) in the office through an IPSec tunnel established between two pfSense firewalls. This has worked fine for months. I recently replaced the NAS with a newer model and upgraded the firmware to the latest version. Ever since, when I connect via SSH and run anything that returns more than a few lines of text the SSH connection will die.

This means that it no longer responds to input and the terminal will never time out. The Enter-~-. sequence does not bring it back, either. For example, running ls in the root folder works fine, ls in the /etc/config folder will freeze the console. Running top will freeze the console after about 20 lines.

I tried different clients and this happened with SecureCRT and Putty. When I RDP into a Windows box in the office and SSH to the NAS from there (in the same subnet), this does not happen, and the same commands run just fine.

I found some hints that this might be MTU-related (e.g. in this post), but nothing conclusive that applies to my setup. I will experiment with the MTU settings nonetheless, but in the meantime I figured that maybe someone can offer specific advice.

I have an IPSec tunnel between work and home, with a pfSense firewall on both ends. The VPN works fine, although I never got DNS to work properly across sites, and I use Host Overrides in the DNS forwarder settings on both ends to be able to access remote machines by name. I only have a handful of mappings and this is managable (albeit not pretty).

Now I want to set up a QNAP NAS in my home network (behind a Cisco SG300-28P 28-Port Gigabit PoE Managed Switch) that uses the QNAP RSync backup to replicate data from a QNAP NAS at work to the one in my basement.

I would have preferred to use an IP address from the work subnet for the NAS at home, but that does not appear to work. Why not? Do I have to use an IP address in the local subnet, even though the remote domain and DNS server are always accessible? Do I need a virtual network?

I just replaced the old HP ProCurve switch with a new Cisco SG 300-28P managed switch. It has PoE on all ports. Everything works, except for my domain server that went offline and the network interface appears to be dead. Windows says the network cable is disconnected, and no lights blink on the switch. Tried different cables and different ports on the switch.

The Cisco PoE ports are supposed to be auto-sensing, i.e. not to send power to a device that cannot handle it. Is this technique not 100% reliable? The server is a SHUTTLE XS35V2 with an onboard network chip, so it is probably fried.

My questions:

• is this plausible?
• who's fault is it - Shuttle or Cisco (i.e. which support line should I try first)?

UPDATE: I did go back and tried another switch between the server and the Cisco switch, and indeed, the connection came back to live. When everything is powered down and I start fresh, with the server connected to the Cisco switch, the port light will blink for a while and the connection status is "No Internet connection" at first until it goes off after about 20 seconds and the connection status changes to "Network cable disconnected". On the other switch it works. Clearly not a PoE issue now. I will start looking into the Cisco's onboard diagnostic functions, but so far I have not noticed anything unusual in the log.

I set up an IPSec tunnel between my home network and work. We have a Sharepoint server in the office that I used to be able to access just fine remotely. Now that requests to the server are routed through the tunnel, I can browse the share in Windows Explorer, and copy files to a local folder. When I try to open a Word document directly from Sharepoint, however, MS Word will hang. I can open it in WordPad, but I get a security warning (despite the fact that I added the server to my local network in the IE Internet settings).

Is this not possible, or is there a fix?

I am running a Netgate M1n1wall on our small office Comcast Business connection. When I connect to Sharepoint via Webdav remotely, the performance is really slow, e.g. it takes 15-20 seconds for the directory lists to populate in Windows Explorer. When I connect via the M1n1wall's PPTP VPN, it is flying. What could cause this difference?

I am running out of licenses on my Pix 501, and the show local-host command lists a number of odd IP addresses that do not belong to my 10.10.1.* subnet. Any idea what they are? The only thing I could find was a potential ISP: DINSA is Defence Interoperable Network Services Authority, an agency of the Ministry of Defence of the United Kingdom. Does not sound right.

I don't see any active connections, though. I can't ping or traceroute these IPs, but they reappear after I clear the list, with various other addresses in that general range, up until the connection limit is reached. Based on the number denied, I suppose I would have a lot more of them had I not the connection limit. Very dubious. Is anybody else seeing this?

pixfirewall# show local-host
Interface inside: 10 active, 10 maximum active, **118 denied**
local host: <10.10.1.110>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.176>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.170>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 1/unlimited
  AAA:
  Xlate(s):
  Conn(s):


local host: <10.10.1.175>,
    TCP connection count/limit = 11/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 1/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.108>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.33.41.115>,   // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.33.226.124>,   // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.172>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <25.36.114.91>,     // ???????????????? what is this?
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

local host: <10.10.1.109>,
    TCP connection count/limit = 0/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
  AAA:
  Xlate(s):
  Conn(s):

pixfirewall# 

I am running several websites on a Windows VPS that have "recommend this to a friend" type of emails. I get frequent bounces.

The provider allows us to configure reverse DNS records for all the domains that are hosted on the server, which I did recently. The changes have propagated. I am doing this through their administration panel and I am not sure what happens behind the scenes.

I am still getting these errors in the log:

2009-09-22 22:07:50 200.221.XX.XXX OutboundConnectionResponse SMTPSVC1 XXXXXXX - 25 - - 450+4.7.1+Client+host+rejected:+cannot+find+your+hostname,

Is this not related to reverse DNS issues? Or this just a notorious mail exchange (mx.uol.com.br)? How can I verity that our server is correctly configured?