Topic: Unauthorised access?

[CharlieBrady]

And hey, you know?  Your "non-issue" clocked up 17.1MiB in blocked attempts to contact the Internet in the last 24hrs alone.  Over a month that's 510MiB, which is as much as some of our subscribers have by way of a monthly ration, and as excess MB over our Internet Connection Plan would have cost us $15.

If you hadn't blocked them, the DNS responses would have been cached and the lookups wouldn't have been continually retried. SME server is a networking appliance - it does networking stuff, including lookup up names in the DNS.

[KeeWee]

If you hadn't blocked them, the DNS responses would have been cached and the lookups wouldn't have been continually retried. SME server is a networking appliance - it does networking stuff, including lookup up names in the DNS.

Again, why?  I gave it the address of a DNS server because it would need one if I ever asked it to do an update.  What other addresses does it need to go out looking for off its own bat, by default?

[cjensen]

Again, why?  I gave it the address of a DNS server because it would need one if I ever asked it to do an update.  What other addresses does it need to go out looking for off its own bat, by default?

Any computer, connected to the internet will have this type of activity.  The difference between Windows and SME Server is that with windowz it will likely do much more.

The bottom line is... It is normal.  And for the record, SME Server has matured a great deal and is in fact just about as secure as it could be (minus time between found security issues in upstream packages and update... or insecure apps installed by the server admin).  It does a very good job at what it was designed for.

Craig

[KeeWee]

Any computer, connected to the internet will have this type of activity.  
Craig

Again, what "type of activity"?

What does a 'server-only' set-up need to do off its own bat and by default?

If it's asked to look up an IP address it can go look it up at the DNS address I've given it, bring it back to me and then shut up.  It I want it to fetch ntp synchronisations I'll tell it to, and I haven't.  If I want it to join a OSPF, RIP or BGP dance I'll set it up to do so.  I've disabled automatic updates because I don't want it going on-line for that purpose.  I haven't even enabled the RADIUS facility on CentOS no-one tells you about so there's no call for any keep-alive signalling.

As it has to pass through nat to even get any responses from off network it must be initiating these contacts to no networks I've given it any information about, and as I wasn't aware it would be doing it and thought it safe with a 10.0.0.0 address it's actually been a damn great security hole in my network.

So again, what is it doing and from whence come the addresses it's been doing it with?

If it was a Windows application doing this I'd call it spyware.

[cjensen]

Again, what "type of activity"?

network

What does a 'server-only' set-up need to do off its own bat and by default?

read:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter2

As it has to pass through nat to even get any responses from off network it must be initiating these contacts to no networks I've given it any information about, and as I wasn't aware it would be doing it and thought it safe with a 10.0.0.0 address it's actually been a damn great security hole in my network.

so you are saying it 'created' a security hole....?

I think not.

So again, what is it doing and from whence come the addresses it's been doing it with?

If it was a Windows application doing this I'd call it spyware.

not.  If no one here can convince you to either test as server-gateway or believe what you have been told then I don't know what else to tell you.

Firstly though you really should read the manual before posting that SME Server has created a hole in your network.

Craig

[KeeWee]

Again, what "type of activity"?

network

What does a 'server-only' set-up need to do off its own bat and by default?

read:
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter2

As it has to pass through nat to even get any responses from off network it must be initiating these contacts to no networks I've given it any information about, and as I wasn't aware it would be doing it and thought it safe with a 10.0.0.0 address it's actually been a damn great security hole in my network.

so you are saying it 'created' a security hole....?

I think not.

So again, what is it doing and from whence come the addresses it's been doing it with?

If it was a Windows application doing this I'd call it spyware.

not.  If no one here can convince you to either test as server-gateway or believe what you have been told then I don't know what else to tell you.

Firstly though you really should read the manual before posting that SME Server has created a hole in your network.

Craig

Yup.  Read that.  NOTHING in that section of the manual answers my question.  What is the SME server in server-only mode doing INITIATING dialogue with the Internet?

Remember, when this was happening it was not part of a network.  It was on a 10.0.10.0/24 network all on its lonesome.  I'd set up a route to it from my PC just to be able to talk to it by web and PUTTY.  No other machine should have been able to get to it.  I didn't firewall the rest of the world off from it because I didn't think I had any need to.

So if you're going to climb on your high-horse and get snarky, tell me also what it was initiating so I can stop it, and enable the interface it's connected to so I can talk to it again.

[bpivk]

This is a server. If you want it to stop presenting itself on your line use a big axe or something. That should work.

Another thing is quoting. Could you please quote properly or stop with it and we'll track back a little because i can't read all those

 

commands.

And if you want to stop with all the traffic use my first suggestion or disable all services like mail, dns, apache,... but you'll have a hard time when you'll try to use that box.

Just my two penys.

[warren]

I'm an amateur trying to run a small, community-owned non-profit wireless network bringing fast internet to a remote rural community.

We all at onestage started out as "amateurs" and the best way to learn is
to ask, read, listen to those who are no longer "amateurs"  

You identified that you had a need for :

Looking to include a server in the network so we could do our own mail and web-hosting rather than paying someone else to do it .....

If this is your end need, then the machine would have to access the net in order to meet the need and surely you would have to then test the system in a configuration that would meet this end need, ie in server-gateway mode.

After testing, you could then evaluate the suitability vs your requirements
and if it does not meet your requirements, then you would have to find an
alternative ?  

[KeeWee]

Edit: quotes didn't work

[KeeWee]

I'm an amateur trying to run a small, community-owned non-profit wireless network bringing fast internet to a remote rural community.

:shock:
We all at onestage started out as "amateurs" and the best way to learn is
to ask, read, listen to those who are no longer "amateurs"  :lol:

You identified that you had a need for :

Looking to include a server in the network so we could do our own mail and web-hosting rather than paying someone else to do it .....

If this is your end need, then the machine would have to access the net in order to meet the need and surely you would have to then test the system in a configuration that would meet this end need, ie in server-gateway mode.

After testing, you could then evaluate the suitability vs your requirements
and if it does not meet your requirements, then you would have to find an
alternative ?  :roll:

Thank you Warren.  I was beginning to think this SME forum was an exclusive club for myopic geeks who just wanted to spend their time congratulating each other on how clever they are and how silly the rest of the world is because it doesn't know what they know.

I know eventually I'm going to have to open a server up to the net.  I don't want to do that until I know what I'm doing - ain't that silly.  I ran the machine with SME on it connected just to the LAN on my machine while I podded and poked it.  I thought I had turned off or not even enabled anything that would initiate any connection to the net and connected it up to our network to see if I was getting there in my understanding.  

But something, clearly, is still initiating connections across the network.  I can't see what it is from the manual, the SME geeks club isn't interested in handing down their arcane and hard-won knowledge - or can't actually tell me - so I think the best course for me now is to scrap SME and try FreeBSD instead which I'm told can do everything SME can but better.  And who am I to judge.

Oh, and I hit the quote button on your forum and work with what it gives me.  So the cock-up over the quotes is probably due to the fact that, not being one of the SME in-crowd, I use the wrong browser.

So solly.

Golly, browser failed again.  Perhaps I should try that Microsoft one.

[pfloor]

Oh, and I hit the quote button on your forum and work with what it gives me.  So the cock-up over the quotes is probably due to the fact that, not being one of the SME in-crowd, I use the wrong browser.

So solly.

Golly, browser failed again.  Perhaps I should try that Microsoft one.

There is nothing wrong with this forum or your browser and this is not a conspiracy to make you look stupid, you have managed to do that yourself.

You need to un-check the "Disable BBCode in this post" for quotes to work...Oh but you already knew that, didn't you!

I fixed them all so your post are easier for everyone to read.

[KeeWee]

Clearly I wasn't going to get anywhere with SME and its manual that assumes you know it all anyway, and a bunch of geeks who regard it as their personal reserve, who equate ignorance with stupidity and would much rather tell newbies how stupid they are than they would help them out.

So I've brought the machine home, installed FreeBSD on it over SME and will start all over again.

[cjensen]

KeeWee,

Clearly I wasn't going to get anywhere with SME and its manual that assumes you know it all anyway, and a bunch of geeks who regard it as their personal reserve, who equate ignorance with stupidity and would much rather tell newbies how stupid they are than they would help them out.

It is unfortunate that you have this opinion.  This forum is actually very informative and helpful.  If you look back in the first few responses of your thread, Charlie Brady indicated the fact that what you were seeing was not an issue to be of concern.  Perhaps you should know that Charlie knows what he is saying.  And it was not meant to put you off.  

Whatever information you were hoping to glean we/I must have misunderstood.  You *sounded* like you were in fact not interested in help because we tried to help.  You were told to install SME Server in server-gateway and read about it.  Do you realize that every response to help you is voluntary help, free for you to take advise on or not.  In this case you apparently chose not.

In the end you are always free do do as you please.  However SME Server will remain a very good product with or without you.  Should you choose to use it you will find that to be the case.  And should you choose to come and ask questions in the forum you will likely get help.  Help is best gained by 1) giving good background information about the issue; 2) taking the advice of people who are as seasoned at the base as the likes of Charlie; and 3) don't be so quick to bash the heads of your would-be help

Good luck.

Craig

[jameswilson]

When I started with SME I was very green and ALL here were extremly helpful. My questions are always answered or I'm nudged in the direction of what the wuestion should be, not necessarily what I asked lol.
I also have to say the forum is well run and informative, but I do tend to accept the answers I am given.
Any distro will probably do what sme does, but it will take longer to configure, update and generally look after. I for one left the other distros to come to SME as it 'just works'
Maybe what yourcwanting to achieve needs some other distro where you can customise it without a template system. Will be easier in the short term. But I'd advise you read listen and undetstand as minds far better than you and me have done these things for a reason. I wish you luck with freeBSD and all the help those forums may give

James