My dream
· Make junk email illegal (like junk fax/cell)

· Culpability for Operating System Producers
  (read: "microsoft") for failure to adequately
  build/test security, based on actual damages

· Include "chain of responsibility", even if junk
  email comes from outside the US
[download]

I'm really wondering why Microsoft isn't facing class action lawsuits for their junk OS. If a TV manufacturer made a product, which caused interference in a neighbor's house, they would be told to pull the product off the market. I'm just wondering 'Why?". Is Microsoft so intimidating that they scare the lawyers away?

This looks interesting, so I've installed it on my dev machine. A number of points occur to me:

1) Although the default config file specifies:

# initialize fut_drop to default action of log and drop
init_fut_drop   :   1
[download]

... this doesn't cause the creation of the relevant DROP and LOG rules in the fut-drop-log chain.

Changing the initial declaration of $default_drop in the code, to set it to 1 instead of leaving it undef, fixed that:

my $default_drop = 1;   # use our drop or one speced by user

(2) Each invocation of the code (even without the above change) causes an additional RETURN rule to be appended to the fut chain.

(3) Having futzed (no pun intended) about with the ssh pattern in deep_match in the config (to cope with my installation), I've successfully blocked on invalid username login attempts. However, despite the spurn_time being left at default (1800s), the block does not appear to time out.

(4) FUT's logging of its SKIP messages via syslog (including the whole log line that it has just failed to perform a deep_match on), coupled with the quick_match scanning, triggers a loop. The loop continues until the length of the repeatedly prepended SKIP messages exceeds the syslog line length and the string that quick_match originally spotted disappears off the end eg:

(Update: lines of syslog output snipped - it was my syslog.conf at fault here)

Hope this is useful feedback.

Update: This is based on using FUT with Perl 5.8.1 on an old RedHat 7.3 system

S.

With respect to issue #4, the ever growing syslog message, how is your syslog.conf? FUT doesn't log to the mail, kern, or daemon facilities. So it's skip message should not show up in your input stream.

Issue #2, the repeated insertion of RETURN rule, was fixed in v.26

WRT a rule not timing out, if you send fut a USR1 signal /tmp/fut.dump is created with a listing of all blocked sites and the time the block expires. What does it show?

Be Appropriate && Follow Your Curiosity

WRT syslog - that's my oops, apologies. I've corrected the problem.

I've grabbed v26, installed the default config file for it and I'm getting a segfault on the first run. Checking iptables, fut's successfully created the fut chain, but not the fut_drop_log chain. I've tested this both with an empty iptables and with my existing ruleset in place.

kill -USR1 $pid_of_fut doesn't generate any output in /tmp I'm afraid.

Update (Duh!) It'd help if I actually had something blocked, of course. When I do, this is the output:

10.0.1.2              1      22      22   Wed Mar 29 18:12:39 2006

It is. Thank you.

Be Appropriate && Follow Your Curiosity

I'm still <gnashing of teeth/> working on memory leak problems. If you use this contact me about updates.