2003 01 16

                    LINUX NEWS
          January 16, 2003 -- Issue #115


1) Sean’s Notes

2) Linux News

Keeping Ahead of DNS Attacks
Yet Another Distributed Cracking Effort
Linux In Schools
Mandrake Files for Bankruptcy Protection

3) Linux Resources

Setting Up SSL Keys
Mason Book Online
Hyper-Threading Explained
Watching A Honeypot At Work
Only By Special Request

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~~~

Serebra Learning Corporation knows that it’s true: you get paid more if you have the skills. Learn at your own pace with our dynamic training programs for the skills needed to succeed in today’s IT market. The Best Way to Learn Anything, Anywhere, Anytime. Check out this month’s specials!


For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit

1) Sean's Notes

Last week we had a look at what it takes to get a Linux box to
dial an ISP using the PPP protocol. Have a quick read-through to
refresh your memory:


This week, we'll look at what it takes to our Linux box act as
the dialin server. This isn't the highest density solution for
dialin, but it does the job.

(As an aside, I worked at an ISP in the mid-late 1990's. We
acquired another ISP whose modem racks were literally, wooden
racks of external USR modems connected to Linux boxes, the
plastic covers removed to avoid overheating. I really don't
recommend it!)

Let's step back a bit and recall the way Linux handles serial
devices such as modems. DOS calls them COM1, but Unix refers to
them as character devices under the /dev directory:

\[root@poochie ppp]# ls -l /dev/ttyS2
crw-------    1 uucp     uucp       4,  66 Jan 13 20:07 /dev/ttyS2

Device names beginning with "ttyS" are your serial ports. Since
they are zero indexed (ie ttyS0 is the first one), you can see
that my modem is on the third COM port. Like all devices in
Unix, we can read and write to it the same way we'd write to any
file. But if we want to get our modem to answer the phone and
establish PPP, then we'll want someone to watch the line for us.

Watching stuff in the background is the job of a daemon. Daemons
are simply programs that silently do work in the background,
such as a web server. Daemons that watch serial lines and
interact with the other end, however, are generally called
"gettys" (the spelling is intentional).

A getty is a program that watches a serial line and makes it
appear as a terminal to the system. Terminals, be they virtual
ones created when you telnet in, or real ones like serial ports
and your console, are the way the Unix system talks to the user.
If a program doesn't have a terminal, it has no way of getting
data to and from the user!

"Sean, daemons, gettys, and terminals are wonderful, but what
do they have to do speaking IP and PPP over a modem?"

I'm glad you asked.

Our getty is going to watch the modem. It'll answer the call. If
it's a PPP user, the getty will pass control to pppd. If it's a
regular Joe, well, we can either ignore them or give them the
standard login and password routine.

"mgetty" is a great getty for handling the modem. It also has
support for faxes and voice modems, but that's a topic for
another day. The home page is:


...but it's easiest if you grab it from your distribution or

Setting this up is almost as easy as dialing in to an ISP, but
there are more files we have to get into. First, go into
/etc/mgetty+sendfax/login.config. Before any other entries in
there, put the following line:

/AutoPPP/ -  -  /usr/sbin/pppd file /etc/ppp/options.server

This tells mgetty to run pppd if the AutoPPP user tries to log
in. AutoPPP is an internal name to mgetty; if it sees the PPP
initialization strings from the other end, it calls the user
AutoPPP. Passing "file /etc/ppp/options.server" tells pppd
itself that we'll be configuring it from

The contents of options.server are as follows:

asyncmap 0

Like last week, there is one option per line. "asyncmap 0" turns
off escaping of control characters over the line. Since almost
every document I've read tells you to put it in there, but none
have a good explanation, I'm going to assume it's a legacy thing
and that we're just turning it off. "modem" and "crtscts" turn
on full flow control for the modem connection. "lock" simply
locks the serial device while we're online, so that other
programs don't take it over.

"require-pap" and "refuse-chap" are there to show you how you
can prefer one form of authentication over another.

The last two lines are probably the tricky ones. The address of
my dialin server is I'd like my dialin client to
have an address of But since it's a point-to-point
link, we have to use what's called "proxy ARPing". Whenever
someone on the LAN says "Hey!  Who is", my gateway
(.1) will respond saying "That's me!". The packet will then be
relayed to the real .2, which is on the other end of that
point-to-point link. The two addresses separated by a colon
simply tells pppd to assign the local and remote addresses. Left
to its own devices, pppd, will often get the addresses wrong.

The getty knows how to answer the call and invoke pppd. pppd
knows how to authenticate and route to the remote end. All
that's left is tying the getty to the actual serial line.
That's a job for init, which is controlled from /etc/inittab:

Add the following line in inittab, it doesn't matter where
(I usually put it under the other getty lines).

di:3:respawn:/sbin/mgetty modem -D modem

(I'm also assuming you've made a symbolic link from /dev/modem
to your actual modem device, ie ln -s /dev/ttyS2 /dev/modem)

Save, and run "init q" to start up the new service.

If you were wondering what the heck I'm talking about in the
past few lines, you can get more information on init from at:


Don't forget to put your passwords into /etc/ppp/pap-secrets,
just like you did for dialin.

That's that for providing dial-in access!

Long live the Penguin,


2) Linux News

Keeping Ahead of DNS Attacks

A while ago, many of the Internet root servers were taken down
in a denial of service attack. Because of the incredible
resiliency of the DNS, you probably didn't even notice. However,
as one of the inventors of the system writes in this article,
the system isn't infallible.


Yet Another Distributed Cracking Effort

The Neo project is another distributed computing effort such as
SETI@home or distributed.net. The difference is that one of the
goals of the project is to break the Microsoft XBox key, which
would allow people to dig deeper inside the gaming console, and
perhaps develop Open Sourced tools to assist game developers.


Linux In Schools

This is a look at a K-12 school that has started to use Linux in
the classroom rather than Windows. The article actually shows
some of the educational software, along with some of the
decisions that were made during the project.


Mandrake Files for Bankruptcy Protection

While this doesn't mean the company is going under, it does show
a serious problem with cash flow. I wish the best to Mandrake,
who started out as a Pentium clone of Red Hat, but quickly
turned into a leader in the Linux desktop.


3) Linux Resources

Setting Up SSL Keys

Generating an SSL key for your secure web server isn't
necessarily hard, but if you do something wrong, you will likely
delay the receipt of your key from your certificate authority
(CA), or worse yet, get back an unusable key. Here's the
procedure to generate a key, send it off to the CA, and install
it into the web server. If you're just playing around and don't
want to fork out the cash for a key, it's got instructions on
how to do the free, self-signed version.


Mason Book Online

"Mason is a powerful text templating tool for embedding Perl in
text. It offers many features to help you create dynamic web
sites from re-usable components." It's a powerful engine, well
worth a look if you're building a high-end web site. The
O'Reilly book on the software is now online, for free.


Hyper-Threading Explained

Newer CPUs from Intel support something called "Hyperthreading",
which makes a single processor look like a dual processor (the
first time you run "top" on one of those babies, it'll surprise
you). Linux takes full advantage of this feature. This article
gives the skinny on the technology, and the improvements in the
2.5 kernel that make even better use of the added power.


Watching A Honeypot At Work

Honeypots are specially configured computers that are designed
to get broken into, but allow the administrator to watch the
attacker and to prevent them from doing damage to other systems.
This article takes a detailed look at a breakin on a honeypot,
and some insight into the mind of the cracker.


Only By Special Request

I had a missive from a reader simply reading "MS BLOWZ BIG FAT
HOARY CHUNKZ". Not to let down a reader, especially one as
bright and articulate as this one, I put the term into Google,
which didn't really help much. So, I cleaned up the spelling a
bit, and ended up finding a really good dictionary that you can
use with your favourite password cracker to audit your user's


4) App o' the Week

Unix and VMS old timers will recognize the old text games "Hack"
and "Rogue". They're extremely entertaining, but the "graphics"
leave something to be desired. (For those that have never heard
of it, these games use a standard text screen to draw the map,
a wall might be a '#', a monster a 'X', and so forth). Hack has
been redone using OpenGL, bringing a whole new dimension to this


(C) 2003 BrainBuzz.com, Inc. All Rights Reserved.

          This message is from CramSession

You are currently subscribed to the following list
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail,
   send a blank email message to:

To subscribe to this newsletter and many others visit
our site at: