Re: howto show IPv6 address lifetime?

derstand this first sentence. > > I would like to see the address lifetime, which address is preferred, which > is deprecated, etc. On Linux a simple command like "ip a s" shows. As quoted above, ifconfig is your friend: [Wed Apr 19 14:19:35] peter@elke:~$ ifconfig iwm0 iwm0: fl

Re: ordering

ated, you could do worse than head over to http://www.openbsd.org/donations.html and donate an equivalent (or larger!) amount via whatever option appears appropriate. I'm sure this will make you feel even better while downloading the release. -- Peter N. M. Hansteen, member of the first RFC 1149 imple

upgrading on vultr.com: make sure to select the bsd.mp set

was actually quite simple: the installer does not select the bsd.mp kernel automatically, but do select it. Then it will get installed and the system will boot the correct mp kernel. I'm sure we can supply more detail if needed. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149

Intuos Draw (uwacom) question

=160633=6271=WACOM+CTL-490DW Any feedback would be appreciated. Regards, -peter

Re: Does OpenBSD's pf prevents Hole punching?

that point :D Yes and no. With a sufficiently restrictive rule set (eg https://home.nuug.no/~peter/pf/newest/simplest-secure.html just to do some blatant self-promotion) you could be fairly certain to have successfully prevented access of any kind via the network. Working from tha

Re: Topics for revised PF and networking tutorial

oad ' option. Tables can hold both inet and inet6 items, and you can add them as single addresses or with masks: [Fri Apr 07 18:31:40] peter@skapet:~$ doas pfctl -t myself -T show 127.0.0.1 192.168.103.1 213.187.179.198 ::1 2001:470:27:658::2 2001:470:28:658::1 2001:470:df85:dead:bee

Re: Topics for revised PF and networking tutorial

cluded. On the other hand there is a chance we will be able to offer a similar session at EuroBSDCon too, but no decisions have been made yet. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Reme

Re: how is IPv6 over pppoe supposed to work?

y addresses DHCPv6 prefix delegation. Peter

Re: New support

0 C Netherlands P T Huizen Z 1273 LD O Wenka Computer Systems I A Delta 81 M i...@wenka.nl U http://www.wenka.nl/en/ B +31 85 111 8800 X N IT security, networking and open source software consultancy. OpenBSD-based networking and VoIP support.

New support

0 C Netherlands P T Huizen Z 1273 LD O Wenka Computer Systems I A Delta 81 M i...@wenka.nl U http://www.wenka.com/en/ B +31 85 111 8800 X N IT security, networking and open source software consultancy. OpenBSD-based networking and VoIP support.

Topics for revised PF and networking tutorial

o you have questions on PF and related matters, or are there specific topics you would like to see covered? We want to hear from you, either contact us directly at the reply-to address use the list. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot

Re: OpenBSD httpd and HTTP/2

Yes, that's the point of QUIC. On 2017 Mar 31 (Fri) at 13:30:59 +0200 (+0200), Marina Ala wrote: :UDP servers listening? would that open possibility for massive DOSes?  :  : :Sent: Friday, March 31, 2017 at 12:14 PM :From: "Reyk Floeter" :To: "Marina Ala"

Re: Sony Vaio VPCSA

e (yes, that could be time consuming), if at all possible collecting dmesg output for each variation (saving to somewhere on the usb stick you're installing from should work fine). - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://w

Re: regarding OpenSSL License change

ely to be time consuming (just ask the people who did just that on the OpenBSD source and ports trees at least once), but unless they get everyone explicitly on board with the new license they will need to go through one. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation tea

Re: For the super paranoid

There is no way hardware supported way to do this on mainstream Intel / AMD. Yes it's possible to make a chip that could do it. No it's not reasonable, it would destroy performance without really helping that much. If you are facing an adversary powerful enough to have access to your RAM sticks,

Re: bandwidth monitoring

t most of Michael's books, btw) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconne

Re: AP using AR9287 working yesterday, broken today.. How to diagnose?

>> add athn0 > > If i recall correctly, from some discussion on misc@, you cannot use a > wireless interface in a bridge ( athn0 or all, I'm not sure). But > maybe I say something wrong, search the archive. > You certainly can have a wireless device in a bridge, this is how my current hostap athn

Re: hairpin nat with pf ?

n even think of several tutorials and accompanying slides that deal with what you are looking for, available right there on the Internet. And even a book (*cough*). But start with the PF FAQ, go on to the pf.conf man page and then move to the other resources if you feel the need to. -- Pete

Re: Just to understand, ARM64 has SMP and ARM32 does not? &, OpenBSD design fine with ARM's weak mem coherency?

On 2017 Feb 26 (Sun) at 03:56:33 + (+), Tinker wrote: :Hi misc, : :I just wanted to understand what's going on with SMP on ARM - : :Did I get it right, that ARM64 has SMP (as of the patches this week), but :ARM32 does not have SMP and will not get it too? : :What was the reason for not

inquiry on PIM option

it would be appreciated. I'm kinda desperate to get igmp v3 support since I want my settop box to work so that I can sit down and relax over a movie somedays. OH yeah I'm working off -current sources and snapshot system from feb 14th. :-( Regards, -peter

Re: OSPFd stucks in EXCHG/EXSTA

rev Peter Hessler <phess...@theapt.org>: :> :> Are you establishing an ospf session with the N3048? If you are, then :> there is an MTU miss-match. :> :> Either "system jumbo mtu" refers to the IP packet, which doesn't match :> the 1500 set on trunk1, or it refer

Re: OSPFd stucks in EXCHG/EXSTA

Are you establishing an ospf session with the N3048? If you are, then there is an MTU miss-match. Either "system jumbo mtu" refers to the IP packet, which doesn't match the 1500 set on trunk1, or it refers to the ethernet packet which should be 1518 (16 bytes for the ethernet header). Is it

Re: sendsyslog: dropped 4 messages, error 55

I agree I don't give much information. I have no idea what information to give. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Marcus MERIGHI Sent: Tuesday, January 31, 2017 3:13 AM To: Peter Fraser <p...@thinkage.ca> Cc: 'misc@openb

sendsyslog: dropped 4 messages, error 55

My /var/log/messages is filling up with messages like the following: Jan 30 10:28:06 gateway sendsyslog: dropped 4 messages, error 55 Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55 Jan 30 10:28:06 gateway sendsyslog: dropped 2 messages, error 55 Jan 30 10:28:06 gateway

Re: make pf allow out on lo per user

Also, as I keep repeating to anybody who cares to listen, just like "verbing weirds the language", "excessiv quicks weird your PF rule set". -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://ww

Re: Pf on lo0

r the packet. Also as Sebastien mentioned do check for any "set skip on lo" or similar in your ruleset. If you have that, filtering simply does not happen on interfaces or interface groups in the "set skip" rule. -- Peter N. M. Hansteen, member of the first RFC 1149 im

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

the newly changed code. Cheers, -peter

Re: OpenBGPd - Multi-home ISP : DDoS Protection

On 2017 Jan 12 (Thu) at 11:18:58 +0100 (+0100), Uday MOORJANI wrote: :Dear OpenBSD-Misc, : :First of all, awesome work on the OpenBGPd and BFD code. I'm working on a :WAN setup for an enterprise and we are migrating from static route WAN to a :full fledge BGP transit in a multi home environment

Re: IPv6 OSPF

On 2017 Jan 13 (Fri) at 13:48:13 +0200 (+0200), Claudiu Popescu wrote: :Hi, : :First of all, hopefully I managed to send this email to the correct list :) :I am pretty new to OpenBSD but so far I managed to get everything :working for a router without IPv6 OSPF. :I have ospfd and ospf6d running

Re: Funding for Skylake support

9 January, 2017 05:44:10 Subject: Re: Funding for Skylake support On 1/7/2017 3:19 PM, Peter Membrey wrote: > Hi all, > > I've gotten OpenBSD up and running on a new Intel NUC, but unfortunately > Skylake isn't supported. I was able to get X working in software accelerated >

Re: Non-free firmware without asking the user

plainly put it, >If you don't want such firmwares loaded onto the hardware, then don't >buy the hardware that needs it. On Sat, Jan 7, 2017 at 9:28 PM, Martin Hanson <greencopperm...@yandex.com> wrote: > 08.01.2017, 02:53, "Peter Rippe" <peter.ri...@gmail.com>: >

Re: Non-free firmware without asking the user

I think it absolutely is a language issue: > On policy page it clearly says: "OpenBSD strives to provide code that can be freely used, copied, modified, and distributed by anyone and for any purpose." Operative word being **strives** - might want to look it up. It does not say 'guaranteed',

Funding for Skylake support

of funding would be needed. Thanks in advance! Kind Regards, Peter Membrey

Re: relayd[66834]: relayd: socketpair: Too many open files

Ah yes I see those lines now, thank you. Kevin, what version of OpenBSD are you using? You mentioned this is a new project so I assume 6.0? Peter On Jan 5, 2017, at 10:08, Theo de Raadt <dera...@openbsd.org> wrote: >> Hmm. The default number of files is 128 for daemons, but it's s

Re: relayd[66834]: relayd: socketpair: Too many open files

socket pairs are created between all the relayd processes, i.e. n^2 * 2 ish file descriptors, which could exceed 128 pretty fast. Are you running with a non-default prefork setting? Peter > On Jan 5, 2017, at 09:12, Kevin <spy...@gmail.com> wrote: > > Nope. I was hoping for a

Re: relayd[66834]: relayd: socketpair: Too many open files

Have you modified your open file limits in /etc/login.conf? Especially in the daemon section? Peter > On Jan 5, 2017, at 08:50, Kevin <spy...@gmail.com> wrote: > >> On Tue, Jan 3, 2017 at 1:16 PM, Kevin <spy...@gmail.com> wrote: >> >> Hey gang, >>

Re: isakmpd set up

Yes I did try with the extra .0 it made no difference -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Denis Fondras Sent: Tuesday, January 3, 2017 1:56 AM To: Peter Fraser <p...@thinkage.ca> Cc: 'misc@openbsd.org' <misc@openbsd.org>

Re: isakmpd set up

[mailto:owner-m...@openbsd.org] On Behalf Of Steve Williams Sent: Monday, January 2, 2017 6:57 PM To: Peter Fraser <p...@thinkage.ca>; 'misc@openbsd.org' <misc@openbsd.org> Subject: Re: isakmpd set up Hi, I have been using OpenBSD on a dynamic IP address for 10+ years. I have an account

isakmpd set up

A charity that I support has been having trouble with its internet provider (Rogers). The problem I have is that Roger is the only supplier that is available that will give a fixed IP address. I want the fixed IP address so I don't have to drive there to fix problems. It occurred to me that if I

Re: How to make spamd more annoying ?

I want with log data. Also, a few links to useful resources such as http://bgp-spamd.net/. I hope you find this useful. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evi

Re: How to make spamd more annoying ?

On 12/13/16 19:29, Mik J wrote: > Peter, you use greylists but I read somewhere that gmail servers change > their IPs when they retry to send the mails. With a high outgoing volume > of mails, many IPs can be whitelisted thanks to spamlogd. But my server > is very low volume. How wo

Re: How to make spamd more annoying ?

On Mon, Dec 12, 2016 at 11:12:33PM +, Mik J wrote: > Thank you Peter, > I've added the -s 5 Option and removed the -5Do you know what is the default > -w window size ?About the -S I didn't understand what it means (I read the > man) the -S option: by default spamd will 'stutte

Re: How to make spamd more annoying ?

On 2016 Dec 12 (Mon) at 21:31:25 + (+), Mik J wrote: :Hello, :I've been annoyed for months/years by a few marketing companies from which I regularly unsubriscribed (according to the law in my country they should have done it).A few days ago I decided to make spamd work on my pf machine.

Re: SSL/TLS troubleshooting

On 2016 Dec 10 (Sat) at 22:56:05 +0100 (+0100), Christian Schulte wrote: :$ uname -a :OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64 You broke it. Please use a GENERIC kernel, and it will work as normal.

Re: assign process to cpu (core)

On 2016 Dec 08 (Thu) at 16:27:29 +0100 (+0100), Roger Schreiter wrote: :Hello, : :is there a mean to get a running process running on :a certain cpu (core)? Or restrict it from running on a cpu? : :I have a cheap Atom CPU with four cores, and all interrupts, :also network traffic, is using CPU0. :

Re: LibC openBSD affected ?

able to a classic buffer overflow. Yes. See http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malic

Re: acer swift 7, atheros qca6174 wireless and intel hd 615 video

On Sat, Dec 3, 2016 at 8:24 PM, Jonathan Gray <j...@jsg.id.au> wrote: > On Sat, Dec 03, 2016 at 11:57:18AM -0600, Peter Miller wrote: >> On Mon, Nov 28, 2016 at 11:23 AM, Stefan Sperling <s...@stsp.name> wrote: >> > On Mon, Nov 28, 2016 at 11:09:

Re: acer swift 7, atheros qca6174 wireless and intel hd 615 video

On Mon, Nov 28, 2016 at 11:23 AM, Stefan Sperling <s...@stsp.name> wrote: > On Mon, Nov 28, 2016 at 11:09:12AM -0600, Peter Miller wrote: >> As for the wifi, I don't see support for the atheros 6174 chipest in >> the man pages, and I don't know if anyone is wor

Re: HP Proliant MicroServer G8: not seeing disks [solved]

: connecting to wsdisplay0 uhidev1 at uhub4 port 5 configuration 1 interface 1 "Microsoft Wired Keyboard 600" rev 2.00/3.00 addr 3 uhidev1: iclass 3/0, 2 report ids uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 uhub5 at u

Re: PCI Express wireless adapter supported under OpenBSD

d it's worth keeping in mind one other option: get the highest quality access point or 'wireless router' you can afford, configure it as access point only (no dhcp or routing, leave that to the OpenBSD tools) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementati

acer swift 7, atheros qca6174 wireless and intel hd 615 video

tion" [ 1792.791] compiled for 1.18.4, module version = 1.0.0 [ 1792.791] ABI class: X.Org Video Driver, version 20.0 [ 1792.791] (II) VESA(0): initializing int10 [ 1792.792] (EE) VESA(0): Cannot read int vect [ 1792.792] (II) UnloadModule: "vesa" [ 1792.792] (II) UnloadSubModule: "int10" [ 1792.792] (II) Unloading int10 [ 1792.792] (II) UnloadSubModule: "vbe" [ 1792.792] (II) Unloading vbe [ 1792.792] (EE) Screen(s) found, but none have a usable configuration. [ 1792.792] (EE) Fatal server error: [ 1792.792] (EE) no screens found(EE) [ 1792.792] (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. [ 1792.792] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information. [ 1792.792] (EE) [ 1792.794] (EE) Server terminated with error (1). Closing log file. -- Later Peter

Rspamd or other such programs

Using clamsmtpd and the instructions in http://technoquarter.blogspot.ca/2015/02/openbsd-mail-server-part-3-clamav-an d.html I was able to smtpd to interface with clamd. Is there a similar procedure to get rspamd or similar to work with smtpd?

Re: OpenBSD and you

On 11/26/16 04:57, R0me0 *** wrote: > As I did see any mention around here, I was boosted to post this great > presentation by Peter N . M. Hansteen. > > https://home.nuug.no/~peter/blug2016/ It's nice to hear you like it! The meeting where I presented this was a lot less well att

Re: How to detect this kind of attacks

d-command address=119.141.24.19 host=119.141.24.19 command="RCPT > TO:" result="550 Invalid recipient" > Nov 26 06:06:57 server smtpd[55880]: 3bcc430eee258cd7 smtp event=closed > address=119.141.24.19 host=119.141.24.19 reason=disconnect You could try configuring spamd(

Re: OpenBSD 5.2 AutoFSCK at boot

n bit OpenBSD guests more frequently than others. But again, we don't have sufficient information to help you diagnose. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit

Re: HP Proliant MicroServer G8: not seeing disks

xt few days. I'll report back if I notice any difference. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]:

Re: HP Proliant MicroServer G8: not seeing disks

.10/51.27 addr 4 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 uhub5 at uhub3 port 1 configuration 1 interface 0 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2 uhub6 at uhub5 port 3 configuration 1 interface 0 "Standard Microsystems product 0x2660" r

HP Proliant MicroServer G8: not seeing disks

which in my case was the USB thumbdrive with the bsd.rd on it. Any input on how to proceed appreciated, dmesg from the install to USB thumbdrive follows - Peter OpenBSD 6.0-current (GENERIC.MP) #0: Thu Nov 17 15:57:16 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile

Re: Gigabyte-range /dev, for whatever reason

C) to create the situation. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Gigabyte-range /dev, for whatever reason

On Fri, Nov 18, 2016 at 05:56:20AM +1000, Stuart Longland wrote: > On 18/11/16 05:51, Peter N. M. Hansteen wrote: > > This is probably a one-off (actually two, but more about that later) that > will only ever bite me and never be heard of againg, but I have to ask: > > > &g

Gigabyte-range /dev, for whatever reason

was attempting to upgrade my laptop to the latest amd64 snapshot, the upgrade failed due to a full root file system. I thought that to be distinctly odd, because the file system layout is very close to the default with a gigabyte for root, to wit: [Thu Nov 17 20:03:37] peter@elke:~$ df -h Filesystem Size

OpenBSD 6.0 and emacs.

Since going to 6.0 emacs-24.5p5-gtk2 has randomly and infrequently been non responsive and consuming one CPU. The only way to stop is a kill -9. This is on a 32 system, and the only thing strange I did was to use gsettings-desktop-schemas-3.20.0p1 to stop the errors on emacs initial load Is

Re: OpenBGPD status for RPKI

Fondras Sun, 08 Jun 2014 09:28:25 -0700 : :Any idea when will it get in? It looks promising! : :Thanks! : :> Sent: Monday, November 07, 2016 at 9:40 PM :> From: "Peter Hessler" <phess...@openbsd.org> :> To: "minek van" <minek...@mail.com> :> Cc: misc

Re: OpenBGPD status for RPKI

There is currently no RPKI in OpenBGPD. On 2016 Nov 07 (Mon) at 21:19:20 +0100 (+0100), minek van wrote: :Hello, : :is RPKI production ready with OpenBGPD? Does anyone uses it? : :Many thanks! :

Re: php system using httpd and php-fpm

-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Otto Moerbeek Sent: Friday, November 4, 2016 2:38 PM To: Peter Fraser <p...@thinkage.ca> Cc: 'misc@openbsd.org' <misc@openbsd.org> Subject: Re: php system using httpd and php-fpm On Fri, Nov 04, 2016 at 05:29:54PM +,

php system using httpd and php-fpm

I actually wanted to call php's mail function which I could not get to work, I think I have tracked to problem down to exec not working the details follow using a test web page datetest.php newweb:/var/www/htdocs/web # cat datetest.php cat datetest.php Date Test Date Test';

berkeleydb in ports

if it's a known bug it would save me the effort next year. The DNS server was built with OpenBSD as the development machine and is now also running in a strict OpenBSD environment on my VPS's. Thanks in advance for your sharing, -peter

Re: Is 6.1 expected to happen soon?

the established schedule. In the meantime, there are worse things knowledgeable OpenBSD users can do with their time than trying out snapshots to get the feel for how development is progressing. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ ht

Re: A detail about pf.conf

If this is what the original poster is trying to address, blocking on an additional table sourced from a file might be useful. [1] https://home.nuug.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www

Re: Allow FTP through Openbsd firewall

That's what ftp-proxy is for. It inserts the rules it needs in the anchor. My hunch is that you're not actually allowing traffic initiated by the proxy to pass. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://w

Re: BGPd / Update Large-Communities Attribute number

Hi Denis Yes, I am in quite close contact with Job and the IETF IDR-WG, and will update this in the near future. On 2016 Oct 27 (Thu) at 08:12:08 +0200 (+0200), Denis Fondras wrote: :Hello, : :Here is a patch to update the large communities attribute value. IANA has :changed it from 30 to 32.

Re: How to analyse excessive PF states?

to mind). The packet loss could conceivable by a side effect of the number of states going into the territory where timeouts are scaled down (exceeding 60% of state table limit IIRC). - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://

Re: OpenBSD 6-stable vmd

This isn't expected to work at all. That is why it was disabled. You'll need to upgrade the Hypervisor to -current, or to 6.1 when it is released. On 2016 Oct 22 (Sat) at 00:06:08 -0200 (-0200), R0me0 *** wrote: :Hello misc. : :For testing purposes : :I compiled kernel with vmd support. :

Re: Because Theo de Raadt said that the buttons are for idiots?

The poster is just trolling, and trying to get reactions. Don't answer. On 2016 Oct 20 (Thu) at 23:57:26 +0200 (+0200), Alexander Hall wrote: :On this list, English is the language to use, and Google translate does not :cut it. I do think I understand what you're after, but have someone help

Re: Flaw resides in BTB helps bypass ASLR

ich claims that ASLR is indeed enabled by default in all recent Ubuntu releases. Well, something in this story doesn't quite fit. Until we see the actual code, and a credible demonstration, I remain unconvinced that the paper tells the whole truth. -- Peter N. M. Hansteen, member of the first RFC

Re: Flaw resides in BTB helps bypass ASLR

On Thu, Oct 20, 2016 at 10:40:28AM +0200, Peter Janos wrote: > Hello, > > http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha > swell-cpu-509460.shtml > ?? > paper: > http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nae

Flaw resides in BTB helps bypass ASLR

Hello, http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha swell-cpu-509460.shtml   paper: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs /micro16.pdf]   could we somehow prevent this attack on OpenBSD?

Re: SSHowDowN

"Christian Weisgerber" <na...@mips.inka.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote: > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does a

Re: SSHowDowN

.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:56 AM, Peter Janos wrote: > sometimes I send mails in HTML format, sorry for that, mail.com has this by > default.. > > so the PDF also states that the "admin" user had /sbin/nologin for shell > > ---

Re: SSHowDowN

default? someone requested it to be yes? does anybody know? Thanks.   Sent: Tuesday, October 18, 2016 at 10:46 AM From: "Christian Gruhl" <cgr...@uni-kassel.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:41 AM, Sol��ne Rapenne wrote: > Le 2016-10-18 10:35,

SSHowDowN

shouldn't the default be "no" for the AllowTcpForwarding? Why is an insecure option "yes" by default? https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf Thanks.

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

;Otto Moerbeek" <o...@drijf.net> To: "Peter Janos" <peterjan...@mail.com> Cc: "openbsd misc" <misc@openbsd.org> Subject: Re: What are the security features in OpenBSD 6.0 that are by default disabled? On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter

Fw: RE: RE: OpenBSD PaX Test question

if anyone interested, correction for the pax topic Sent: Tuesday, October 11, 2016 at 3:57 PM From: "W. Dean Freeman" <wdfree...@acumensecurity.net> To: "'Peter Janos'" <peterjan...@mail.com> Subject: RE: RE: OpenBSD PaX Test questionIncreasing the stack gap si

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

remote supervisor/console solutions are still turned on while the server is off, so simply powering off the OS isn't enough.there were/will be many bugs for these remote console solutions too Sent: Friday, October 14, 2016 at 9:48 PM From: "Raul Miller" To:

What are the security features in OpenBSD 6.0 that are by default disabled?

Hello, I know some features that can give additional security isn't turned on due to because of the bad quality of the code in ports and some also decreases performance (or disables a feature, ex.: screenlock doesn't work if nosuid set, but if feature not used, nousid can be used). I only know

New OpenSSL double-free and invalid free vulnerabilities in X509 parsing

Hello gods, http://seclists.org/fulldisclosure/2016/Oct/62 -> https://github.com/guidovranken/openssl-x509-vulnerabilities   a little bit old, but LibreSSL got this?   The original X509_NAME decode free code was buggy: this could result in double free or leaks if a malloc failure occurred.

Re: CARP host with lower advskew not becoming master

On 2016 Oct 04 (Tue) at 09:27:50 +0200 (+0200), Jasper Siepkes wrote: :Hi list! : :I'm experimenting with CARP and I'm a bit puzzled by the following :behavior; I have 2 hosts setup in an active/passive way with CARP. :Host A has an advskew of 0 and becomes master, Host B has an :advskew of 100

Re: Fix paxtest output on OpenBSD 6.0?

(guessed) "to 20 quality bits". Thanks! Sent: Sunday, October 02, 2016 at 12:12 PM From: "Peter Janos" <peterjan...@mail.com> To: misc@openbsd.org Subject: Fix paxtest output on OpenBSD 6.0?Fix paxtest output on OpenBSD 6.0? Hallo :) Also I included a few other OS. Mirror

Fix paxtest output on OpenBSD 6.0?

blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtes

Fix paxtest output on OpenBSD 6.0?

Hallo :) Also I included a few other OS. Mirror for the post: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a

Re: Opinion about pflog

somewhat similar reaction as yours when I first read about the binary PF logs, but in practical terms the way it's done actually makes sense. - P [1] One such setup is described, with some anecdotes just because, at http://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html --

Re: ARM64:s finally on the market, and flooding it. OpenBSD support?

On 2016 Sep 24 (Sat) at 06:55:40 + (+), Ruslanas G??ibovskis wrote: :Hi team, maybe it would be a great thing if you would be able to create a :list of hw developpers would be interested to develop. so any sysadmin :would know what is needed for openbsd devs and send out hw to dev team. :

Today's snapshot fixed a USB problem I wasn't aware I had

1 and the USB drive was recognized and mountable. I had vaguely noticed some USB related commits recently, but hey, you fixed things! dmesg from today is up at https://home.nuug.no/~peter/dmesg_elke_20160920.txt. Thanks! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 impl

Re: bugs

_add -v wget > > > > cant find wget See previous. > > 4. > > > > cd /usr/games > > > > hangman Check your PATH. > > nothing works Start with the FAQ. It has lots of useful information and possibly some useful links to other resources. -- Peter N. M.

Re: 6.0 appreciation

There are no callouts for suggestions. The themes are chosen internally, described on http://www.openbsd.org/lyrics.html. Thanks for enjoying the releases, and of course: Be sure to drink your OpenBSD. Or Ovaltine. I mean OpenBSD. On 2016 Sep 20 (Tue) at 13:52:39 +1000 (+1000), Aaron Mason

Re: PPPoE (5.9 still): https gets stuck

and give a passthrough to the router, I don't know if the Draytek Vigor can do this. Regards, -peter On 09/13/16 11:51, Harald Dunkel wrote: > Hi folks, > > I am using an openbsd (5.9) box as gateway/firewall to the > internet. ISP is Deutsche Telekom. In between is a Vigor 130 > VDSL2 mo

Re: Routing 10-40 Mpps on OpenBSD

- P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

mariadb-server and OpenBSD 6.0

After installing mariadb-server-10.0.25p0v1.tgz and rcctl enable mysqld /etc/rc.d/mysqld start I got errors Directly running /usr/local/libexec/mysqld gave 160908 10:07:09 [Note] /usr/local/libexec/mysqld (mysqld 10.0.25-MariaDB) starting as process 15703 ... 160908 10:07:09 [Warning]

OpenBSD 6.0 and emacs-24.5p2-gtk2

Whenever I start emacs on an OpenBSD 6.0 , from an xterm start from a remote windows system running cygwin Xwin I get: (emacs:17220): GLib-GIO-CRITICAL **: g_settings_schema_source_lookup: assertion 'source != NULL' failed The failed assertion does not seem to cause any trouble, and I expect

Re: Building OpenBSD 6.0 -stable - Error

Yes, the repos should be done with their surgery now. Please let us know if you still see issues. On 2016 Sep 03 (Sat) at 13:11:42 +0200 (+0200), Teno Deuter wrote: :meaning I shall try at a later time? : :Thank you : :On Sat, Sep 3, 2016 at 12:40 PM, Ted Unangst wrote: :>

<    3   4   5   6   7   8   9   10   11   12   >