OpenBSD 5.0 PF and Syn attak
Hi Everyone, I am trying to put a pair of OBSD box together to provide Syn, UDP and ICMP flood protection with pretty graphs. May I know if anyone has accomplished this? If you had, I have the following question 1. What is the hardware spec you use? What is the maximum attack PPS and Bandwidth were you able to absorb? 2. What do you use for graphing? Thank you for your time :)
Re: F5 FirePass SSL VPN on OpenBSD
Hi Mikolaj, Here is the Perl script on F5 Dev Central which is used for *nix system http://devcentral.f5.com/Default.aspx?tabid=63articleType=ArticleViewarticleId=32 I have used it with great success on Linux but it should very pretty straight forward for *BSD Good Luck! Edy Mikolaj Kucharski wrote: Hi, Anyone knows any open-source client so OpenBSD could connect to it?
Re: httpdump?
why not tcpdump and filter it on port 80? Jeff Simmons wrote: Anyone know of a text-based program that will dump http protocol packets? Like tcpdump, but for http.
Re: Spamd table
Hi, Those IP addresses in spamd-white table are loaded when i ran the spamd-setup command which has ua and nixspam enabled only. Now i am worried because it is loading spammer IP addresses into the would be legitimate table spamd-white When i look at spamd it is still as empty as ever. ta -e Girish Venkatachalam wrote: On 23:45:06 May 11, Pui Edylie wrote: Hi When i ran pfctl -t spamd-white -T show it shows a list of IP addresses and those IP addresses are mostly from China and etc ... (IE spamming countries) I have enabled syslog logging with -v from the log file when tailing it, i did not see any (WHITE) entry only (GREY) and (BLACK) I am interested where do i find out the whitelisted IP address? This is the rc.local.conf spamd_flags=-v -G 2:4:864 -y fxp3 -Y fxp3 -n SolOne SMTP OpenBSD 4.1 table spamd-white persist rdr pass inet proto tcp from !spamd-white to any \ port smtp - $spamvip port spamd I think it is pretty obvious to anybody reading this e-mail why spamd is doing the exact opposite of what you want it to do. Any guesses? I will take the suspense away. You really should give a passtime of at least 10 minutes. Ideal values might be around 30. Default is 25. So either leave the -G flag alone or use something like -G 10:4:864. In case you want whitelisting to happen sooner than normal. Best of luck! -Girish
pftop question
Good Day, I was looking at pftop and noticed the following and would like to understand its meaning DROP_P DROP_B QLEN SUSPEN I have tried to search the man and google but luck was not with me. ta -e
Re: pftop question
Hi Stuart, Thank you for the reply. May i ask uner what circumtances that a packet could be in suspends category? ta -e - Original Message - From: Stuart Henderson [EMAIL PROTECTED] To: Pui Edylie [EMAIL PROTECTED] Cc: misc misc@openbsd.org Sent: Wednesday, June 27, 2007 1:05 AM Subject: Re: pftop question On 2007/06/27 00:43, Pui Edylie wrote: Good Day, I was looking at pftop and noticed the following and would like to understand its meaning they're for queues. DROP_P dropped packets DROP_B dropped bytes QLEN queue length SUSPEN suspends
OpenBSD - High Performance 1u box
Good Day, I am building a 1u box for OpenBGP with PF. Any hardware recommendation so it can achieved the best throughput/performance? Thank you -e
Re: OpenBSD router playing up
Hi Karl, How about tcpdump the interface when the issues is occuring? Are you able to replicate the problem at will or this happens randomly? -e - Original Message - From: Karl Kopp [EMAIL PROTECTED] To: misc@openbsd.org Sent: Wednesday, June 06, 2007 8:21 AM Subject: OpenBSD router playing up Hi All, I have a strange issue. We are using a OpenBSD 3.9 box running on an AMD64 CPU. Its doing BGP with our upstream provider and has some basic pf rules. Occasionally, the network slows to a crawl. I setup some external monitoring, and while a few simple HTTP checks of boxes on our network normally take a second or 2 (from 2 separate locations outside our network), this just went up to over 100 seconds and was only resolved by restarting the box. I'm learning this stuff, so am super keen if a) this is normal behavior (I'm guessing not) and b) how can I work out what is causing the problems? I've checked messages, and there is nothing strange in there (just some ftp-proxy 'client reset connection' and 'server refused connection' messages) and daemon (a few BGP updates not many). On restart, I get a flood of BGP updates. Where should I be looking? Should I just restart bgpd next time or does this seem like something else?? Any advice would be greatly appreciated! Cheers! Karl
Re: Limiting root ssh without limiting other users
Have you looked at OpenSSH 4.6? This version has some really nice new features, like per-user authentication config. Cheers, Edy - Original Message - From: Dustin Lundquist [EMAIL PROTECTED] To: misc misc@openbsd.org Sent: Saturday, March 10, 2007 2:21 AM Subject: Limiting root ssh without limiting other users I'm looking for a way to limit ssh access by root to public key authentication from a single network without affecting other users ssh access. So far the best solution I've come up with is to run two instances of sshd, is there are more elegant way? Thanks, Dustin Lundquist
OpenBSD 4.0 - brconfig error message
Hi, I am running OpenBSD 4.0 and when the system booting up the following message was printed on the screen brconfig: bridge0 Operation not permitted May i know what causes the error message? It seems the bridge is running ok? even though with the error message The following is the output of brconfig, ifconfig and the /etc/bridgename.bridge0 shu:/root# cat /etc/bridgename.bridge0 add fxp0 add fxp1 stp fxp0 stp fxp1 hellotime 2 maxage 20 fwddelay 15 up shu:/root# ifconfig bridge0 bridge0: flags=41UP,RUNNING mtu 1500 groups: bridge shu:/root# brconfig bridge0 bridge0: flags=41UP,RUNNING priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:04:27:c0:e9:00 priority 10 fxp1 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 2 ifpriority 128 ifcost 65535 discarding role alternate fxp0 flags=abLEARNING,DISCOVER,STP,AUTOEDGE,AUTOP2P port 1 ifpriority 128 ifcost 65535 forwarding role root Addresses (max cache: 100, timeout: 240): 00:03:31:e1:93:fc fxp0 0 flags=0 Thank you Edy