Re: pgm to kill 4.3 via vm
On Sat, 5 May 2001, Alfred Perlstein wrote: > * Dennis Glatting <[EMAIL PROTECTED]> [010505 14:38] wrote: > > > > I wrote a trivial program to fill vm and found I can reliably freeze my > > system. It may not work on the first attempt, but certainly within three. > > My command line is: > > > > a.out&;a.out&;a.out&;a.out&;a.out& > > > > The goal of my program is simply to see how the system behaves under > > memory exhaustion which, as it turns out on two similar systems, the > > systems freeze. Specifically, I can switch between consoles but the login > > prompts do not respond and the system does not respond on the network. > > > > I am running 4.3 on a dual processor system. > > > > Below are some things. First, the program. Second, dmesg. Finally, my > > /etc/rc.config. > > > > LOL > > There's no reason to cc two lists. > > You've obviously not bothered to read manpages on setting up system > limits, please do so. > Why is it expected behaviour for a system to freeze, thus requiring a power cycle, regardless of system limit settings? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: ISN number prediction ?
:: I that was what it was, but it doesn't seem to be working now. :: Maybe it needs to know what the OS is in order to figure this out. :: When I run nmap I get :: :: No exact OS matches for host . :: :: suggesting that nmap cannot figure out any more that it is FreeBSD :: (probably because of the new TCP software in the kernel). Same here (against a 4.2-STABLE box): TCP Sequence Prediction: Class=random positive increments Difficulty=38177 (Worthy challenge) No OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: TSeq(Class=RI%gcd=1%SI=7E12) TSeq(Class=RI%gcd=1%SI=3CF6) TSeq(Class=RI%gcd=1%SI=9521) T1(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=N) T3(Resp=Y%DF=Y%W=403D%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=0%ULEN=134%DAT=E) (NMAP 2.53) -- Juha To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
perhaps -v in combo with the -O? for example: nmap -sT -v -O -F ? - Original Message - From: "Stephen Montgomery-Smith" <[EMAIL PROTECTED]> To: "Juha Saarinen" <[EMAIL PROTECTED]> Cc: "Lauri Laupmaa" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 05, 2001 3:43 PM Subject: Re: ISN number prediction ? > Juha Saarinen wrote: > > > > :: I remember that if you run the program nmap on your server with the > > :: right flags, that it will give its opinion on how good this is. > > :: But I don't remember the right sequence of flags to do this - anyone > > :: care to help me? > > > > -O > > I that was what it was, but it doesn't seem to be working now. > Maybe it needs to know what the OS is in order to figure this out. > When I run nmap I get > > No exact OS matches for host . > > suggesting that nmap cannot figure out any more that it is FreeBSD > (probably because of the new TCP software in the kernel). > > > > > -- > Stephen Montgomery-Smith > [EMAIL PROTECTED] > http://www.math.missouri.edu/~stephen > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
On Sat, May 05, 2001 at 05:27:22PM -0500, Stephen Montgomery-Smith wrote: > Lauri Laupmaa wrote: > > > > Hi > > > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points > > out FreeBSD 4 ISN number generation 'is not impressive' It seems to be > > considerably weaker than linux-2.2's... > > > > I remember that if you run the program nmap on your server with the > right flags, that it will give its opinion on how good this is. > But I don't remember the right sequence of flags to do this - anyone > care to help me? Please remember that this is a complicated issue which can't be easily quantified with a single number; nmap can be used as a guide to sequence number predictability, but it's not the whole story. Kris PGP signature
Re: ISN number prediction ?
Juha Saarinen wrote: > > :: I remember that if you run the program nmap on your server with the > :: right flags, that it will give its opinion on how good this is. > :: But I don't remember the right sequence of flags to do this - anyone > :: care to help me? > > -O I that was what it was, but it doesn't seem to be working now. Maybe it needs to know what the OS is in order to figure this out. When I run nmap I get No exact OS matches for host . suggesting that nmap cannot figure out any more that it is FreeBSD (probably because of the new TCP software in the kernel). -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: soft update should be default
> Date: Sat, 05 May 2001 09:31:09 -0700 > From: Nick Sayer <[EMAIL PROTECTED]> > Sender: [EMAIL PROTECTED] > > That may be the original intent, but cheap IDE drives let you turn on > write caching, and they're for sure not battery-backed (nor do they > attempt to store enough power at power-off to write back the cache with > the remaining rotational latency or any such trickery). They lie about it. > > Write caching is evil unless you specifically know that it's being > battery backed. 99.44% of the time, that's not the case. An obvious exception is the laptop. I always turn on write cache on my laptop as I know that it has a LONG battery backup. For a worst-case type of operation (dd), I get 4x faster writes with write-cache enabled on my laptop. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: ISN number prediction ?
:: I remember that if you run the program nmap on your server with the :: right flags, that it will give its opinion on how good this is. :: But I don't remember the right sequence of flags to do this - anyone :: care to help me? -O To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
Lauri Laupmaa wrote: > > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points > out FreeBSD 4 ISN number generation 'is not impressive' It seems to be > considerably weaker than linux-2.2's... > I remember that if you run the program nmap on your server with the right flags, that it will give its opinion on how good this is. But I don't remember the right sequence of flags to do this - anyone care to help me? -- Stephen Montgomery-Smith [EMAIL PROTECTED] http://www.math.missouri.edu/~stephen To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html > points out FreeBSD 4 ISN number generation 'is not impressive' It seems > to be considerably weaker than linux-2.2's... > > Any comments about this ? > Perhaps you missed the recent FreeBSD security advisory: http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-security-notifications and the CERT advisory: http://www.cert.org/advisories/CA-2001-09.html which explain that this has been corrected... -- Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] FreeBSD: The Power To Serve - http://www.FreeBSD.org PGP signature
Re: ISN number prediction ?
On Sun, May 06, 2001 at 12:10:41AM +0300, Lauri Laupmaa wrote: > Hi > > As this analysis http://razor.bindview.com/publish/papers/tcpseq.html > points out FreeBSD 4 ISN number generation 'is not impressive' It seems > to be considerably weaker than linux-2.2's... > > Any comments about this ? Read the advisory we already released about this. Kris PGP signature
ISN number prediction ?
Hi As this analysis http://razor.bindview.com/publish/papers/tcpseq.html points out FreeBSD 4 ISN number generation 'is not impressive' It seems to be considerably weaker than linux-2.2's... Any comments about this ? -- L. On sul minut aega ?
Re: Freebsd 4.2 Stable
Bruce, I used the netscape for Freebsd, and haven't done anything differently with freebsd version 4.2 than I did with 4.0. I didn't have any problems when downloading the latest version of netscape and gziping and installing when using 4.0, however, when doing a fresh install of 4.2 freebsd and doig the same, I get the error message. Thank you, John On Sat, 5 May 2001, Bruce Burden wrote: > > > > > I am trying to get Netscape up and running on Freebsd 4.2. Each time I do > > a build and try and run the program I get an error message saying "ld.so > > error can't find libXt.so.6.0" > > > Which Netscape? The one for Linux, BSDI or FreeBSD? If for > FreeBSD, do you have the 3.x compatability packages installed? > Also, for the FreeBSD browser, you may need to assign LD_LIBRARY_PATH > to be the same as LD_LIBRARY_PATH_AOUT within the netscape shell > in /usr/local/bin. > > Bruce > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: soft update should be default
Nick Barnes wrote: > This sounds as if there isn't _any_ way for the kernel (or, better, an > application) to make sure that its bits have got written. Is that > really true? Shouldn't the man pages for fsync(1), fsync(2), and > sync(8) reflect this? sync(2) has something under "BUGS" Sure there is. 1. Disable write-caching on your drive. Currently this is the default anyway. There is a sysctl to control it. 2. Turn off soft-updates. 3. At that point, so far as I know, sync should work correctly. > > If this is true, it's not good. Presumably fsync(2) will get the data > down the cable to the disk unit. If the CPU, kernel, etc goes toes-up > a microsecond later, will my bits still hit the platter? They will if write caching in the disk is turned off AND the write operation actually completed (that is, the drive acknowledged completion). > I'm assuming > I can keep the power on, which is a separate and well-understood > problem. But if there's a panic and reboot, presumably there's some > kind of "reset now" message sent to the disk unit (the exact details > no doubt depend on the disk type). I believe the disk write caches are only in danger if power is unexpectedly lost. If you actually halt the OS, the disk will have time to finish the writes. > Will it write my bits or flush > them? How do different disk units compare in this respect? > > When I started with FreeBSD, the general understanding was that people > who cared about data integrity used SCSI, people who really cared used > RAID on SCSI, and people who were fanatical about it used hardware > SCSI-to-SCSI RAID in a separate rack unit with redundant PSUs and > controllers and very high-quality cables. Is this still the received > wisdom? I think with write-caching turned off and softupdates anyone should be happy unless they really require transactional recording (that is, if a transaction is acknowledged, then it must not ever be lost). Those folks should probably be running Oracle on a raw partition or some such. :-) With softupdates and no write-cache, I was able to start an untar of the ports tree (truly one of the worst-case scenarios -- lots of directories and tiny files), press RESET and come back up without much hassle. The net result of the fsck was that the filesystem was recovered to an exact moment in time slightly before when I actually hit RESET. That is, the metadata cache lagged behind realtime slightly, but was maintained perfectly. The cutoff between the preserved state and the lost state was perfectly temporal. That's why I would suggest those interested in transaction assurance not use softupdates. :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Freebsd 4.2 Stable
On Sat, 5 May 2001 [EMAIL PROTECTED] wrote: > I am trying to get Netscape up and running on Freebsd 4.2. Each time I do > a build and try and run the program I get an error message saying "ld.so > error can't find libXt.so.6.0" Does anyone have any suggestions? Using the > same browser in Freebsd 4.0 Stable doesn't have this problem. You need the XFree86-aout-libs installed to use Netscape. Install the XFree86-aoutlibs-3.3.3 package or install the port from /usr/ports/x11/XFree86-aoutlibs --- Christopher Shumway [EMAIL PROTECTED] [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message