Re: booting openbsd on eee without cd-rom

[frantisek holop]

hmm, on Wed, Jan 30, 2008 at 02:39:41PM -0500, Richard Daemon said that
 Does the system support PXE booting? I don't believe it matters (for PXE
 booting that is) if it's not supported by OpenBSD. If so, then maybe you
 could PXE boot and install OpenBSD onto the USB media that way?

as far as i know, pxe needs another computer with openbsd or unix
and i have no access to that.  i am in inet cafes and libraries.

nevertheless, the previous post very well pointed out that i will
need to work with ffs from linux, and i dont know anything about that,
not even if it is supported.

-f
-- 
our world: a 8000 mile in diameter spherical pile of dirt.

Re: booting openbsd on eee without cd-rom

[frantisek holop]

i had a nother idea today, the eee comes with grub...
the more knowledgable are already holding their heads :]

because i dont have the boot sector and /boot, i thought
grub could maybe load bsd.rd

but all i got was the 'boot too old' message
well known from the archives.

it was worth a shot...  is there another boot loader
that can boot bsd.rd wihout chainbooting?

i can use everything available in the linux world
to boot a single bsd.rd: does bsd.rd work without /boot?
until recently i thought /boot just handles the file system
and starts /bsd but now i see some posts that it is handing
over some bios data too...

-f
-- 
two most common in the universe elements: hydrogen, stupidity.

Re: low-MHz server

[abokye4]

Hello,
Maybe it would make sense to lower frequency of your beast Athlon and see how 
your poor wife reacts to such changes? OpenBSD and FreeBSD come with apmd(8) 
and powerd(8) that can change the freq. You may also want to downcloack your 
system through BIOS.

Re: : booting openbsd on eee without cd-rom

[Andre Naehring]

On Wed, 30 Jan 2008, Stuart Henderson wrote:


On 2008/01/30 15:26, Dennis Davis wrote:


wireless driver reports an error and does not work is short on
detail.  It might just be that non-free firmware needs installing
(eg the firmware for the iwi driver) to get it to work.


people with Eee PC need to test -current snapshots, the wd/wdc
changes which are in them (not yet committed) will affect you
(hopefully to your advantage, there should be much lower cpu
use during disk activity).


So, installed current from Jan 28 on an usb stick and booted. Ethernet
works fine on the eee, but the wireless always reports

ath0: unable to reset hardware; hal status 4096

when I want to set something.

according to the manpage, this should not happen.

dmesg follows...

OpenBSD 4.2-current (GENERIC) #652: Mon Jan 28 14:04:36 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 900MHz (GenuineIntel
686-class) 631 MHz
cpu0:

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
real mem  = 527527936 (503MB)
avail mem = 502153216 (478MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.5 @ 0xf06c0 (37 entries)
bios0: vendor American Megatrends Inc. version 0703 date
01/04/2008
bios0: ASUSTeK Computer INC. 701
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 3.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev
0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xf800!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04
agp0 at pchb0: aperture at 0xd000, size 0x1000
vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82915GM Video rev 0x04 at pci0 dev 2 function 1 not
configured
azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04:
irq 5
azalia0: codec[s]: Realtek/0x0662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: irq 5
pci1 at ppb0 bus 4
ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: irq 11
pci2 at ppb1 bus 3
lii0 at pci2 dev 0 function 0 Attansic Technology L2 rev 0xa0: irq
11, address 00:1e:8c:b9:38:d8
ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2:
OUI 0x001374, model 0x0002
ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: irq 10
pci3 at ppb2 bus 1
ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 3
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 7
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 10
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: irq 3
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4
pci4 at ppb3 bus 5
ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM
disabled
pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04:
DMA, channel 0 wired to compatibility, channel 1 wired to
compatibility
wd0 at pciide0 channel 1 drive 0: SILICONMOTION SM223AC
wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04:
irq 7
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
SO-DIMM
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using 

Re: low-MHz server

[Marc Balmer]

Douglas A. Tutty wrote:

Hello,

I have an unusual situation and problem at which I've been chipping
away.  The resultant system will need to run OpenBSD so I'm asking here
for the accumulated wisdom.  The base technology predates my IT
experience.

My wife is sensitive to what she describes as electromagnetic fields.
She gets headaches and other pains when exposed to equipment: the higher
the frequency, the worse her symptoms.  For example, a VT is better than
a regular CRT connected to even a P-II-233 MHZ while a 486DX4-100 is
better than the P-II.  Both are far better than my Athlon64 @3.5 GHz.
And any CRT is better than any LCD/plasma screen.  Even my Palm Zire (I
think 233 MHz) with its ~2x~3 screen is unsuitable within about 30
feet of her.  She can't wear a digital watch.


do the symptoms get worse when you run Linux instead of OpenBSD?

[...]

Re: low-MHz server

[Marcus Andree]

Douglas,

I'm really sorry about you wife's health problems. I was unaware about
this condition and, as a matter of fact, will relay some of the information
passed along this thread to my own wife (she is a trained doctor).

Maybe she provide additional insights that could improve your wife's
conditions.

Back to the technicalities...

You are in need of a system capable of meeting the following requirements:

 - lower CPU (Pentium-class machine or similar)
 - low noise
 - low power requirements
 - memory and disc: more is always better
 - network: 100Mbits should be enough, wifi is not recommended
 - and, of course, able to run OpenBSD :)

So, my best guess would fall into an embedded device. I had made some
searches for embedded or single/small board computers in the past and a few
links were present on my bookmarks lists. As you an see, there is other
companies beyond soekris that can make really useful stuff.

Some equipment have connectors for both IDE HDD and compact flash
cards and their small footprint can help in building EF shields less bulky.

Hope this helps.

Best regards for you and your wife.

Marcus.

http://www.axiomtek.com/products/ListProductType.asp?ptype1=0ptype2=1

http://www.orbitmicro.com/global/35ecxembeddedcompactextendedtechnologyembeddedboards-c-79_191_196.html

http://versalogic.com/Products/

http://www.pcengines.ch/platform.htm

http://www.extremetech.com/article2/0,1697,2194852,00.asp

http://www.zonbu.com/home/index.htm

snip

Re: booting openbsd on eee without cd-rom

[frantisek holop]

hmm, on Wed, Jan 30, 2008 at 03:29:46PM +0100, Stefan Kell said that
 flashboot, see http://www.mindrot.org/projects/flashboot/;. There are 
 binary
 images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | 
 dd
 of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick
 (/dev/sd0 as an example). But I didn't try this myself.

i am trying to make this one work.  but i dont know how the openbsd dd
example translates into the linux one, there is no 'c' for all disk.
if i do a

# zcat image | dd of=/dev/sdd

linux fdisk reports an invalid partition table.
i tried to create an a6 bootable partition and then

# zcat image | dd of=/dev/sdd1

but neither of these boot.  the second one hangs, the first one
gives a partition error...


could someone please upload somewhere a basic install or just bsd.rd
as an image already installed on the media?  and the linux dd/fdisk
dance around it?

-f
-- 
pi seconds is a nanocentury.

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 31, 2008 5:02 AM, Andre Naehring [EMAIL PROTECTED] wrote:

 On Wed, 30 Jan 2008, Stuart Henderson wrote:

  On 2008/01/30 15:26, Dennis Davis wrote:
 
  wireless driver reports an error and does not work is short on
  detail.  It might just be that non-free firmware needs installing
  (eg the firmware for the iwi driver) to get it to work.
 
  people with Eee PC need to test -current snapshots, the wd/wdc
  changes which are in them (not yet committed) will affect you
  (hopefully to your advantage, there should be much lower cpu
  use during disk activity).

 So, installed current from Jan 28 on an usb stick and booted. Ethernet
 works fine on the eee, but the wireless always reports

 ath0: unable to reset hardware; hal status 4096

 when I want to set something.

 according to the manpage, this should not happen.

 dmesg follows...

 OpenBSD 4.2-current (GENERIC) #652: Mon Jan 28 14:04:36 MST 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Celeron(R) M processor 900MHz (GenuineIntel
 686-class) 631 MHz
 cpu0:

 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
 real mem  = 527527936 (503MB)
 avail mem = 502153216 (478MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @
 0xf0010, SMBIOS rev. 2.5 @ 0xf06c0 (37 entries)
 bios0: vendor American Megatrends Inc. version 0703 date
 01/04/2008
 bios0: ASUSTeK Computer INC. 701
 apm0 at bios0: Power Management spec V1.2
 apm0: AC on, battery charge unknown
 acpi at bios0 function 0x0 not configured
 pcibios0 at bios0: rev 3.0 @ 0xf/0x1
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries)
 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev
 0x00)
 pcibios0: PCI bus #5 is the last bus
 bios0: ROM list: 0xc/0xf800!
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04
 agp0 at pchb0: aperture at 0xd000, size 0x1000
 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 Intel 82915GM Video rev 0x04 at pci0 dev 2 function 1 not
 configured
 azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04:
 irq 5
 azalia0: codec[s]: Realtek/0x0662
 audio0 at azalia0
 ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: irq 5
 pci1 at ppb0 bus 4
 ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: irq 11
 pci2 at ppb1 bus 3
 lii0 at pci2 dev 0 function 0 Attansic Technology L2 rev 0xa0: irq
 11, address 00:1e:8c:b9:38:d8
 ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2:
 OUI 0x001374, model 0x0002
 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: irq 10
 pci3 at ppb2 bus 1
 ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10
 ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0
 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 3
 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 7
 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 10
 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5
 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: irq 3
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4
 pci4 at ppb3 bus 5
 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM
 disabled
 pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04:
 DMA, channel 0 wired to compatibility, channel 1 wired to
 compatibility
 wd0 at pciide0 channel 1 drive 0: SILICONMOTION SM223AC
 wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors
 wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04:
 irq 7
 iic0 at ichiic0
 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
 SO-DIMM
 usb1 at uhci0: USB revision 1.0
 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
 usb2 at uhci1: USB revision 1.0
 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
 usb3 at uhci2: USB revision 1.0
 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
 usb4 at uhci3: USB revision 1.0
 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
 isa0 at ichpcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pms0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux 

Re: : booting openbsd on eee without cd-rom

[Raimo Niskanen]

On Thu, Jan 31, 2008 at 01:27:46PM +0100, frantisek holop wrote:
 hmm, on Wed, Jan 30, 2008 at 03:29:46PM +0100, Stefan Kell said that
  flashboot, see http://www.mindrot.org/projects/flashboot/;. There are 
  binary
  images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | 
  dd
  of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick
  (/dev/sd0 as an example). But I didn't try this myself.
 
 i am trying to make this one work.  but i dont know how the openbsd dd
 example translates into the linux one, there is no 'c' for all disk.
 if i do a
 
 # zcat image | dd of=/dev/sdd
 
 linux fdisk reports an invalid partition table.
 i tried to create an a6 bootable partition and then
 
 # zcat image | dd of=/dev/sdd1
 
 but neither of these boot.  the second one hangs, the first one
 gives a partition error...
 
 
 could someone please upload somewhere a basic install or just bsd.rd
 as an image already installed on the media?  and the linux dd/fdisk
 dance around it?
 

Since you probably will need the install sets as well, I have
posted a compressed filesystem image of size 199864838 bytes at 
http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz
It contains the same as install42.iso snapshot Jan 29.

Gunzip it (becomes 262144000 bytes).
Load it to the USB media (in Linux):
# dd if=hd.fs of=/dev/sdf bs=51200 count=5120
Change 'sdf' to what your USB media shows up as in dmesg.
After that, cfdisk /dev/sdf should show an OpenBSD
partition. Quit cfdisk. Reboot.

 -f
 -- 
 pi seconds is a nanocentury.

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: : booting openbsd on eee without cd-rom

[Andre Naehring]

On Thu, 31 Jan 2008, Richard Daemon wrote:


Did you have to do boot boot -a to get it to boot properly off of sd0a,
recompile kernel or something else?

When I try, I never get it to see root on sd0a swap on sd0b dump on sd0b
by itself, at least without boot -a or a kernel recompile...

By chance, have you tried the same with non -current - just wondering if it
boots and detects ok with root on sd0a?



Okay, this is what I did. Got the snapshot from ftp2.de.openbsd.org and
booted a pc with the iso image mounted. I used the complete stick for
OpenBSD, creating 827mb for / and 128m for swap (a  b).
Installed the whole set (except game*) on my 1gb usb stick (which was sd1 
during install) and rebooted
the pc. After that I mounted the stick and edited fstab and changed sd1a
to sd0a.

Took the stick, told the eee to boot from usb and the snapshot was up
and running. Tried to access web and ssh via the integrated lii0
ethernet, it worked. Starting up X, using startx with no config file, it
came up and runs. Nice.

So, there was no need to recompile the kernel in the snapshot from the
ftp mentioned above.

If you are interested, I can take an original 4.2 and install it on the
stick tomorrow and can than post the dmesg.

--

andre

Impression du journal fin de la semaine

[S. Delahay]

Si vous ne visualisez pas correctement ce message, suivez ce lien

Vous recherchez des agents commerciaux ?

Ne manquez pas la parution
de votre offre dans ce numiro unique
envoyi aux 25.000 agents commerciaux
en activiti sur la France !!

ATTENTION : DERNIERE SEMAINE POUR LA PRISE EN COMPTE DE VOTRE OFFRE
PUBLIEE DANS LE JOURNAL AVANT IMPRESSION

NE RATEZ PAS L’OCCASION DE TOUCHER TOUT LE MONDE !

Pour toute diffusion d'offre de mission sur le site www.exploragent.fr
avant le 31 janvier 2008,
l'insertion de cette mjme annonce vous est offerte dans le journal

Pour en savoir plus, cliquez ici

Si vous disirez ne plus recevoir de mail de notre part, cliquez ici

Re: : booting openbsd on eee without cd-rom

[frantisek holop]

hmm, on Thu, Jan 31, 2008 at 02:26:17PM +0100, Raimo Niskanen said that
 Since you probably will need the install sets as well, I have
 posted a compressed filesystem image of size 199864838 bytes at 
 http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz
 It contains the same as install42.iso snapshot Jan 29.

will try asap, thanks a lot.

otherwise i'll ask the Andre chap with the usb install to
post an image :)))

i guess it wouldnt be really hard to provide these images
along with the cd/floppy boot images, what's the official
stance on this by the devs?

as the subnotebook business gona explode after the eee's
success this will be a really handy thing to do i think...

-f
-- 
i'm feeling rather blonde today.

Re: Dell PowerEdge 1950 III / R200

[Reza Muhammad]

Great, thanks for the info.  This is my first time to get a rackmount server, 
and I just wanna make sure
it is supported by OpenBSD ;)

As Juan Miscaro described on Wed, Jan 30, 2008 at 02:48:19PM -0500:
 
 --- Reza Muhammad [EMAIL PROTECTED] wrote:
 
  Hi all,
  
  I'm looking to buy a server that supports OpenBSD and I'm looking at
  either Dell PowerEdge 1950 III
  or Dell PowerEdge R200.  I noticed Marco (marco@)'s message about
  Dell PERC 6i that exists on 
  PowerEdge 1950 III and R2000. But, if I'm not going to use RAID and
  only use Serial ATA hard drive, would I be
  able to install OpenBSD on it?
 
 I just did a test install of a new PowerEdge R200 [1].  4.2 Release
 would not install on it.  I achieved an install only with a very recent
 snapshot (28-01-08).  So far, everything is working.  I do not have any
 RAID card but one that can be purchased with the R200, the LSI/SAS5iR,
 is listed as supported by mpi [2] on the i386 page.
 
 [1]
 http://www.nycbug.org/?NAV=dmesgd;f_dmesg=;f_bsd=;f_nick=;f_descr=;dmesgid=1929#1929
 
 [2]
 http://www.openbsd.org/cgi-bin/man.cgi?query=mpiarch=i386sektion=4
 
 /juan
 
 
   Be smarter than spam. See how smart SpamGuard is at giving junk email 
 the boot with the All-new Yahoo! Mail.  Click on Options in Mail and switch 
 to New Mail today or register for free at http://mail.yahoo.ca 

Re: PF - using overload for port 80 attacks/floods

[Darrin Chandler]

On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote:
 One thing I continually run into on the machines are port 80 attacks
 or floods.  I'd like to do something similar with PF as I'm already
 doing for other protocols to overload these into a table and block
 them, but I'm finding it very hard to come up with a set of rules
 that eliminate any false positives while still catching actual
 attacks.I find in particular there are a few websites behind our
 firewall that have very complex page structures with lots of embedded
 images such that a fast browser with a fast connection viewing
 certain sections of the site can easily do 100's of legit GET's in a
 matter of a couple seconds.

 Does anyone have any suggestions for weeding out the false
 positives?   Merely upping either of max-src-conn or max-src-conn-
 rate seems to be eventually self-defeating as it just allows attacks
 through as well as allowing the fast legit traffic.

Depending on the traffic patterns of legit vs. attack the following idea
might work... use max-src-* with values that may create false positives
and overload into table candidates which will still PASS. Now use
different values for max-src-* on candidate pass rule to look for
longer term abuse and overload to blocked. Effectively this lets you
do 2 stages of evaluation, at the price of taking a bit longer to block
attacks. Make sense?

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

PF - using overload for port 80 attacks/floods

[Cache Hit]

Hello,

I've been successfully using the max-src-conn and max-src-conn-rate
with an overload into a table that I block for our external firewall
that protects a few dozen (mostly Sun) web servers.   As it stands it
works great for blocking ssh, ftp, smtp and several other protocols
when there are attempts at floods or hacks.   I group them by port
and and have different settings for different sets of ports.

One thing I continually run into on the machines are port 80 attacks
or floods.  I'd like to do something similar with PF as I'm already
doing for other protocols to overload these into a table and block
them, but I'm finding it very hard to come up with a set of rules
that eliminate any false positives while still catching actual
attacks.I find in particular there are a few websites behind our
firewall that have very complex page structures with lots of embedded
images such that a fast browser with a fast connection viewing
certain sections of the site can easily do 100's of legit GET's in a
matter of a couple seconds.

Does anyone have any suggestions for weeding out the false
positives?   Merely upping either of max-src-conn or max-src-conn-
rate seems to be eventually self-defeating as it just allows attacks
through as well as allowing the fast legit traffic.

thanks,

--
[EMAIL PROTECTED]
The sky above the port was the color of television, tuned to a dead
station.

Re: carped trunk or trunked carp or what?

[Kent Watsen]

Johan Fredin wrote:
Yep, two boxes with one cable each to the switch. Both with a bunch of 
vlans and carp interfaces on top of that.


This is from one of the machines:

snip

Hey, thanks a lot, I got it working, but it isn't stable - in fact, I 
really only had one successful fail-over... 

When I `shutdown -h -p now` my MASTER, a session I had running through 
the firewall continued working (yeah!) [PS: this with carp on vlans on 
trunk as described yesterday].  But when I powered-up my MASTER box, not 
only did the session I have running thru the firewall hang, but I also 
couldn't run new sessions through the firewall until I reset the switch 
(a Dell PowerConnect 5224).  I'm guessing that this is an issue with the 
switch, but I haven't been able to find it yet...  (any ideas?)


Question:  when rebooting the MASTER, does it reclaim being the MASTER 
*after* pfsync has a chance to synchronize the state tables?  If not, 
then what do people do to bring the MASTERs back online?  - temporarily 
configuration the MASTER's advskew settings so that its higher than the 
BACKUPs and hence will *not* become the MASTER right away?  Does it make 
sense to have both systems always set advskew to 128 on boot and then 
always plan to lower the advskew for the MASTER?


Thanks,
Kent

Re: low-MHz server

[scott]

RE: LOUD

I have x86 machine SCSI hard drives. The fast rpm SCSI are LOUD.  I
suspect they would be the majority culprit in the netra's case too.

There are likely pci-bus/slot ata or s-ata workarounds if the lower-freq
netra is a suitable starting place.  (e.g. I run several
everything-but-X-and-comp (EBXC) x86 obsd hard-drive free boxes on
compact flash and RAM-based mfs mount combinations. No hacking required
unabridged EBXC will fit in 256MB CF (about 180MB used), though 512MB
better.  Happier with 1GB or more depending on non-volatile storage
space requirements.)



-Original Message-
From: johan beisser [EMAIL PROTECTED]
Cc: Douglas A. Tutty [EMAIL PROTECTED], misc@openbsd.org
Subject: Re: low-MHz server
Date: Wed, 30 Jan 2008 23:10:51 -0800
Mailer: Apple Mail (2.915)


Just to keep people informed: Netra T1 is LOUD. I mean, shockingly so.  
I can hear mine through the house, easily. It's also, easily, one of  
the loudest systems in the colo right now.

Re: PF - using overload for port 80 attacks/floods

[scott]

sweet idea.
:-)

-Original Message-
From: Darrin Chandler [EMAIL PROTECTED]
To: Cache Hit [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: PF - using overload for port 80 attacks/floods
Date: Thu, 31 Jan 2008 11:11:25 -0700
Mailer: Mutt/1.5.16 (2007-06-09)

Depending on the traffic patterns of legit vs. attack the following idea
might work... use max-src-* with values that may create false positives
and overload into table candidates which will still PASS. Now use
different values for max-src-* on candidate pass rule to look for
longer term abuse and overload to blocked. Effectively this lets you
do 2 stages of evaluation, at the price of taking a bit longer to block
attacks. Make sense?

Spain -- (not technical question) purchase OpenBSD 4.2 CD set

[ZeXeL Zexelut]

Hi, I'm from Spain, I want to buy the OpenBSD 4.2 CD set by bank
transfer, this method it's not the standard so I wrote to
[EMAIL PROTECTED] and [EMAIL PROTECTED] as explained in
www.openbsd.org/orders.html to get info about the procedure to pay the
CD sets and I didn't get response of my e-mails for a few days.

There is any problem with this? I'm doing something wrong?

Thanks for your time, and sorry for my english, it's not my natural
language.


-
Registra tu dominio en http://dominios.ya.com/. Con cada registro te regalamos
20 cuentas de correo de 100MB cada una.
Ya.com ADSL 24h + Llamadas Nacionales y Locales 24h + Llamadas a MSVILES.
Desde 9,95 /mes+IVA. http://acceso.ya.com/ADSLllamadas/3mbvoz/

Re: low-MHz server

[Woodchuck]

On Wed, 30 Jan 2008, Paul D. Ouderkirk wrote:

 Probably your best bet to cover these requirements would be some old
 school Compaq Proliant
 with 2 or 4-way Pentium Pro CPUs.  You can find them clocked around 200MHz.

OpenBSD has troubles recognizing the SCSI drives on some of these.
(The ones I have, for instance).  Also, Compaqs use a persnickety,
proprietary bios setup routine that resides on disk -- they were
too cheap to pop a 64K ROM into their high end machines.  Compaqs
of this type require tweaking in boot.conf to recognize all their
memory, too.

NetBSD, OTOH, and OpenBSD before 3.9, work.  Proliant 800.

Believe it or not, there are only two obvious P-Pro machines on
ebay (us) right now.  One is an overdrive (330MHz), the other a
diskless Dell Demention (sic ;-) at 180.  They want 96$+ship
for that one.  It must have considerable antique value.

Dave
-- 
  I told you so.
  -- Cassandra

Xorg -STABLE patches?

[Unix Fan]

I've been watching the CVS commits the last few weeks and noticed several Xorg 
related security fixes back ported into 4.1 and 4.2 -STABLE.



Are they important enough to get on the errata pages? Some of us sorta rely on 
that... ;)



Thanks.



-Nix Fan.

Re: PF - using overload for port 80 attacks/floods

[Calomel]

Since you already stated you have valid clients which could open many
connections at once it seems pf might not be the right solution.

Have you thought about using a reverse proxy server in front of your web
servers?

A program like Pound would allow you to specify valid URL regular
expressions which would then goto your web servers. All of the invalid
requests would get an error by the proxy server. If you wanted to, you
could make a script to watch the logs and add ips to the pf blacklist
table.

Pound secure reverse proxy how to
http://calomel.org/pound.html


If your webserver has the ability to use mod_evasive this might also help.
Mod_evasive will return errors for clients who connect over a set limit. I
believe mod_security can blacklist clients who produce too many errors.


If you decide to stick with just PF then take a stab at writing a script to
watch the webserver logs. If you have a web client producing a certain
amount or type of errors put them in a slow queue for a while. Using Pf's
probabilitydirective works really well if you want to slow, but not
completely block the host. You can find pf examples here:

OpenBSD Pf Firewall how to ( pf.conf )
http://calomel.org/pf_config.html


Hope this helps.

--
 Calomel @ http://calomel.org
 Open Source Research and Reference


On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote:
Hello,

I've been successfully using the max-src-conn and max-src-conn-rate
with an overload into a table that I block for our external firewall
that protects a few dozen (mostly Sun) web servers. As it stands it
works great for blocking ssh, ftp, smtp and several other protocols
when there are attempts at floods or hacks. I group them by port
and and have different settings for different sets of ports.

One thing I continually run into on the machines are port 80 attacks
or floods.I'd like to do something similar with PF as I'm already
doing for other protocols to overload these into a table and block
them, but I'm finding it very hard to come up with a set of rules
that eliminate any false positives while still catching actual
attacks.I find in particular there are a few websites behind our
firewall that have very complex page structures with lots of embedded
images such that a fast browser with a fast connection viewing
certain sections of the site can easily do 100's of legit GET's in a
matter of a couple seconds.

Does anyone have any suggestions for weeding out the false
positives? Merely upping either of max-src-conn or max-src-conn-
rate seems to be eventually self-defeating as it just allows attacks
through as well as allowing the fast legit traffic.

thanks,

--
[EMAIL PROTECTED]
The sky above the port was the color of television, tuned to a dead
station.

Re: [squid-users] Squid.conf deleting host...

[Stefan Kell]

Hello Sherwood,

On Wed, 30 Jan 2008, Sherwood Botsford wrote:


Now, the problem:
In accessing any web page, say

http://some.domain.com/path/to/file.html

squid replies with a bad URL message saying that it can't
retrieve /path/to/file.html.  The http:// prefix and the domain name are 
stripped out.


...snip

Relevant section of pf.conf.  Pixel should be 'any' but
this version limits the problem to a single host.  All other
hosts are non-proxied.  $lan is the internal interface.
# squid redirection

rdr  on $lan inet proto tcp from pixel to any  \
port www - 127.0.0.1 port 3128
pass in quick on $lan inet proto tcp from any to 127.0.0.1 \
   port 3128 keep state #label web



You obviously try to install a transparent proxy. This works only if
your WEB-clients use http-protocol 1.1. Notably Microsoft Internet
Explorer uses http 1.0 which does not send the hostname in the GET
request. This leads to your symptoms. A transparent proxy is probably
not a good idea, better is to enter the proxy definition in the browser
preferences or use automatic proxy detection via WPAD.
More on this via Google or your preferred search engine, looking for
ie wpad.dat or similiar. One additional note: there is a known problem
with Microsoft internet explorer, it might use wpad.da as filename.

Regards

Stefan Kell

Snort on openBSD 4.2

[Rami Sik]

Hi All,



I am planning to use an old hardware for snort with mysql on top of
openBSD 4.2. I would appreciate comments/suggestions from anybody using
snort on openBSD!



Thanks,





Rami Sik

Re: : booting openbsd on eee without cd-rom

[Stefan Kell]

Hello,

On Thu, 31 Jan 2008, frantisek holop wrote:


hmm, on Thu, Jan 31, 2008 at 02:26:17PM +0100, Raimo Niskanen said that

Since you probably will need the install sets as well, I have
posted a compressed filesystem image of size 199864838 bytes at
http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz
It contains the same as install42.iso snapshot Jan 29.


will try asap, thanks a lot.

otherwise i'll ask the Andre chap with the usb install to
post an image :)))

i guess it wouldnt be really hard to provide these images
along with the cd/floppy boot images, what's the official
stance on this by the devs?

as the subnotebook business gona explode after the eee's
success this will be a really handy thing to do i think...



I made some experiments booting the eee with following results:

- installing OpenBSD to USB-stick on an other machine and then boot ist
  on the eee works. Release 4.2 has some problems with ethernet,
  -current might be better.

- Using flashboot and dding Generic-rd.image from http://tilde.se to an
  USB-stick works but init-script inside this kernel has some problem
  with fsck. But this is an easy method for you to get a bootable
  USB-stick with only Linux running on the eee.

- The eee CAN boot via PXE if you enable this option in the bios. This
  might be the most easy solution if you have the PXE-infrastructure.

I will try a current snapshot and see how well this works in the next
days. So in principle you don't need special images somewhere for
download, it is all there already.

Regards

Stefan Kell

Re: Squid.conf deleting host... Resolved.

[Sherwood Botsford]

In Squid 2.5, transparent proxying is done with a hack involving 
httpd options, which are not explained well in the config file.
These options are not done by default, even in the -transparent 
version, which means that reverting to an unmodified 
configuration file leaves it in place.


In squid 3.0 transparency is handled differently.

The second problem has gone away, but two events occured almost 
simultaneously.  The first was that I got squid3 running.  The 
second is that our service provider replace the Cat 5 to Fiber 
translator card, claiming that it was dropping some 10-15% of 
packets going through it.  I'm not clear why dropped packets 
would affect files from partiular hosts, but until I can 
reestablish the problem I consider this one closed.


Sherwood Botsford wrote:

I'm stumped.
I was in the process of upgrading squid to 3.0 stable to see if this 
would deal with a bunch of other issues.  I've managed to make squid 
non-operational.


Normally this would be material for the squid list.  And I've had it 
posted there for several days, with no useful results.


So I went to the default troubleshooting system to make the most minimal 
system that exhibits the problem.  Further down you will find a list of 
lines that were added to the default squid.conf file to make the problem 
appear.


Now, the problem:
In accessing any web page, say

http://some.domain.com/path/to/file.html

squid replies with a bad URL message saying that it can't
retrieve /path/to/file.html.  The http:// prefix and the domain name are 
stripped out.


I've gone over my pf.conf file also, and have tried loading a prior 
version of pf.conf labeled that it was a working copy from before.  No 
joy.  The pf.conf rediretion is included below.




 This started because certain files wouldn't
download. They would start, but would stall either immediately or
30K into the file.  Same type of file would have no problems from
other sources. If I went to a computer outside our firewall,
there was no problem.  I figured that before I asked the list for
help, I should have the courtesy of using the current release.
(3.0 Stable 1)

In mangling my file for the new version, I  over mangled
it.  (It complained about unknown options.)

Rolling back to the old version didn't help.

I've also destroyed and recreated the cache directories thinking
that it might be some subtle form of cache corruption.

I've uninstalled and reinstalled squid-2.5. (I know.  That's a winsnooze 
type thing to do.  Grasping as straws.)


I'm a bit at a loss on where else to look.

**

Environment:  Openbsd 3.9 with pf redirecting web requests to
squid.

Message posted to the squid list earlier.

kerberos# squid -v
Squid Cache: Version 2.5.STABLE12
configure options:  --datadir=/usr/local/share/squid
'--enable-auth=basic digest' '--enable-basic-auth-helpers=NCSA
YP' --enable-digest-auth-helpers=password
'--enable-external-acl-helpers=ip_user unix_group'
'--enable-removal-policies=lru heap' --enable-ssl
'--enable-storeio=ufs diskd' --localstatedir=/var/squid
--enable-pf-transparent --prefix=/usr/local --sysconfdir=/etc





Starting from scratch with a copy of the default squid.conf file,
I can reproduce the problem with the following changes to the
default squid.conf file:

http_port 127.0.0.1:3128

cache_mem 64 MB

cache_dir ufs /opt/squidcache 100 10 60

acl our_networks src 192.168.1.0/24
http_access allow our_networks


Relevant section of pf.conf.  Pixel should be 'any' but
this version limits the problem to a single host.  All other
hosts are non-proxied.  $lan is the internal interface.
# squid redirection

rdr  on $lan inet proto tcp from pixel to any  \
port www - 127.0.0.1 port 3128
pass in quick on $lan inet proto tcp from any to 127.0.0.1 \
port 3128 keep state #label web

Re: panic: bogus long slot station count 0

[Frank Bax]

Frank Bax wrote:

panic is easily reproducible...
- power up the OLPC XO
- goto neighbourhood
- click on icon for my router.
- the OpenBSD router panics.


http://www.nabble.com/panic:-bogus-long-slot-station-count-0-td15142434.html

Is this a bug?  Is there anything (workaround?) I can do to get OLPC 
wireless connection?

Re: Snort on openBSD 4.2

[Reyk Floeter]

On Thu, Jan 31, 2008 at 12:10:57PM -0800, Rami Sik wrote:
 Hi All,
 
 
 
 I am planning to use an old hardware for snort with mysql on top of
 openBSD 4.2. I would appreciate comments/suggestions from anybody using
 snort on openBSD!
 
 

what is your question?

yes, snort runs on openbsd 4.2, also with old hardware.

 
 Thanks,
 
 
 
 
 
 Rami Sik

OT:what can be done about attackers/crackers

[Lord Sporkton]

very soon i am getting some static ips for my cable home connections,
currently i have 1 dynamic ip.

Im using pf to block ssh brute force attempts and its working
splendedly. however now i have this pf table full of ips and nice logs
indicating hack attempts via ssh not to mention other services they
are trying to breach. since i have all these nice logs and data, what
can i do about it, other than blocking it. my main concern is that of
someone DoSing my connection which will only be 2up and wont support
any sort of a planned DoS will lag and congest with to much evil
traffic.

i have some experiance with abuse departments i know the usual first
step is to report to a provider however i also know many providers are
unresponsive, so what can i do beyond that?

any opinions welcome, thank you
-- 
-Lawrence

Re: : booting openbsd on eee without cd-rom

[Richard Daemon]

On Jan 31, 2008 8:29 AM, Andre Naehring [EMAIL PROTECTED] wrote:

 On Thu, 31 Jan 2008, Richard Daemon wrote:

  Did you have to do boot boot -a to get it to boot properly off of sd0a,
  recompile kernel or something else?
 
  When I try, I never get it to see root on sd0a swap on sd0b dump on
 sd0b
  by itself, at least without boot -a or a kernel recompile...
 
  By chance, have you tried the same with non -current - just wondering if
 it
  boots and detects ok with root on sd0a?
 

 Okay, this is what I did. Got the snapshot from ftp2.de.openbsd.org and
 booted a pc with the iso image mounted. I used the complete stick for
 OpenBSD, creating 827mb for / and 128m for swap (a  b).
 Installed the whole set (except game*) on my 1gb usb stick (which was sd1
 during install) and rebooted
 the pc. After that I mounted the stick and edited fstab and changed sd1a
 to sd0a.

 Took the stick, told the eee to boot from usb and the snapshot was up
 and running. Tried to access web and ssh via the integrated lii0
 ethernet, it worked. Starting up X, using startx with no config file, it
 came up and runs. Nice.

 So, there was no need to recompile the kernel in the snapshot from the
 ftp mentioned above.

 If you are interested, I can take an original 4.2 and install it on the
 stick tomorrow and can than post the dmesg.

 --

 andre


If you can, so long as it's not trouble for you that would be great!

For me, it's on two standard PCs (i386  AMD64 x2) that I've been having
these weird issues with booting from USB after installing to sd0a, where it
goes into ddb unless I do the boot -a (or recompile kernel accordingly) and
only then it sees the proper root on sd0a, rather than trying root wd0a.


I didn't do a swap, but from the man pages should just exit with a = 1 code
and I wouldn't think that would be the cause.

If you do test with standard release, please let me know the results,
especially if it's on a standard PC - I'm out of systems to test with... :-(

Thank you very much!

Re: OT:what can be done about attackers/crackers

[Richard Daemon]

On Jan 31, 2008 4:30 PM, Lord Sporkton [EMAIL PROTECTED] wrote:

 very soon i am getting some static ips for my cable home connections,
 currently i have 1 dynamic ip.

 Im using pf to block ssh brute force attempts and its working
 splendedly. however now i have this pf table full of ips and nice logs
 indicating hack attempts via ssh not to mention other services they
 are trying to breach. since i have all these nice logs and data, what
 can i do about it, other than blocking it. my main concern is that of
 someone DoSing my connection which will only be 2up and wont support
 any sort of a planned DoS will lag and congest with to much evil
 traffic.

 i have some experiance with abuse departments i know the usual first
 step is to report to a provider however i also know many providers are
 unresponsive, so what can i do beyond that?

 any opinions welcome, thank you
 --
 -Lawrence

 Just curious, what's the reason(s) you're getting 2 static, instead of 1
dynamic? Just curious...

Re: low-MHz server

[bofh]

On Jan 31, 2008 2:04 PM, Woodchuck [EMAIL PROTECTED] wrote:

 Believe it or not, there are only two obvious P-Pro machines on
 ebay (us) right now.  One is an overdrive (330MHz), the other a
 diskless Dell Demention (sic ;-) at 180.  They want 96$+ship
 for that one.  It must have considerable antique value.


Man.  When I recently moved, I threw away 15+ computers, including an old
sgi, dec 2000, dec 5000, some kind of a hp/ux box, 2 dual Ppro200 and
others.

And still, other than this lapdog, the newest computer in the house is at
least 4-5 years old.  Heh.


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.  --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: OT:what can be done about attackers/crackers

[Lord Sporkton]

i currently have 512Kb up  6megs down with one dymanic ip
im getting
2megs up 15 megs down with a block of 8 static ips
im am doing this so i have mobile access to my lab, i work on windows
systems all day but i use unix tools most offten to troubleshoot,
other thing is im gonna run some backups from my colo down to my
house, and some back up servers at my house as well

my question was not so much what can i do to mitigate the attack when
its happening, its more what can i do after someone attacks to stick
it to them

i know with a DDoS im pretty much sol, but with a single origination
point DoS(i dont just mean bandwidth based DoS i mean any DoS, be that
clogging my firewall or clogging my server or what ever) i should be
able to identify a offending ip and have logs to back it up, such as
an ssh attack is usuaully(not always) from a single zombie node or
script kiddy, i would see logs indicating such, so now i have an ip
and logs, what can i do with them, who can i report them to other than
the provider?



On 31/01/2008, Richard Daemon [EMAIL PROTECTED] wrote:


 On Jan 31, 2008 4:30 PM, Lord Sporkton [EMAIL PROTECTED] wrote:
  very soon i am getting some static ips for my cable home connections,
  currently i have 1 dynamic ip.
 
  Im using pf to block ssh brute force attempts and its working
  splendedly. however now i have this pf table full of ips and nice logs
  indicating hack attempts via ssh not to mention other services they
  are trying to breach. since i have all these nice logs and data, what
  can i do about it, other than blocking it. my main concern is that of
  someone DoSing my connection which will only be 2up and wont support
  any sort of a planned DoS will lag and congest with to much evil
  traffic.
 
  i have some experiance with abuse departments i know the usual first
  step is to report to a provider however i also know many providers are
  unresponsive, so what can i do beyond that?
 
  any opinions welcome, thank you
  --
  -Lawrence
 
 
 Just curious, what's the reason(s) you're getting 2 static, instead of 1
 dynamic? Just curious...





-- 
-Lawrence
-Student ID 1028219

Re: low-MHz server

[J.C. Roberts]

On Wednesday 30 January 2008, Douglas A. Tutty wrote:
  I don't need answers to these questions, but if there is a medical
  solution to your wife's sensitivity that might be easier than
  trying to banish all electronics.

 A medical solution would be very nice but not forthcoming.  Note that
 apparently in either Norway or Sweeden (I forget which), a whole
 non-electronic, non-EMF village has been set up for such sensitive
 people.  Hasn't happened in Canada or the US yet.

Actually, I remember reading about an *attempt* at setting up such a
place here in the US. I believe it was in Mendicino, California where
there were votes on similar laws.

Re: low-MHz server

[J.C. Roberts]

On Wednesday 30 January 2008, Douglas A. Tutty wrote:
 My wife is sensitive to what she describes as electromagnetic fields.
 She gets headaches and other pains when exposed to equipment: the
 higher the frequency, the worse her symptoms.  For example, a VT is
 better than a regular CRT connected to even a P-II-233 MHZ while a
 486DX4-100 is better than the P-II.  Both are far better than my
 Athlon64 @3.5 GHz. And any CRT is better than any LCD/plasma screen.
  Even my Palm Zire (I think 233 MHz) with its ~2x~3 screen is
 unsuitable within about 30 feet of her.  She can't wear a digital
 watch.

Doug,

Give me a call. My phone number is available in the whois data for my
project domain. I have countless systems here in my lab, including many
of the well shielded oldies-but-goodies that are hard to find.

Kind Regards,
JCR

Re: low-MHz server

[J.C. Roberts]

On Wednesday 30 January 2008, Douglas A. Tutty wrote:
 On Thu, Jan 31, 2008 at 02:11:54AM +0100, ropers wrote:
  On 30/01/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote:
   She's also sensitive to lower-freq and even DC electric fields
   (e.g. a battery with no external current flow) but in a different
   manner.
 
  I don't understand what you mean by DC electric fields in this
  context. A battery without any current flow is just a container
  with chemicals inside. No electricity, no magnetic field, nothing.

 Sure it does.  It has a static electric field since there's a voltage
 potential between the two poles.  Electricity doesn't just appear
 once you put a meter onto a battery; current yes, potential no. 
 Potential is, well, potential.  Also, no batteries are electrically
 perfect so they all contain some capacitance that can then interact
 if placed in an occilating EMF (IOW, they can act like an antenna).


Voltage is, by definition, potential difference. You can burry two 
plates of metal a meter apart from each other and get voltage. When you 
subject those plates to an increased electro-magnetic field, you get 
more voltage.

http://chem.ch.huji.ac.il/history/bain.html

 It all seems strange.  Yes, I know the physics of it, but before this
 happened, it was something that you paid a lot of money to build a
 detector for, for research.  


Yes and no. Doing it right in a research environment means you'll pay 
extrodinate amounts of money for accurate and sensitive measurement 
equipment (as well as a specialized buildng to use the equipment 
without interference).

*BUT* doing it on the cheap is perfectly possible. One of the most 
fiendishly clever things I've ever seen done was by a Bring-Up 
Engineer (i.e. the guys who debug the initial bring-up of newly 
created circuit board designs) at a poor startup. A very 
mysterious something was causing a component to behave erratically 
when the power was on but the component tested out perfectly on all of 
the prototypes. Since there was no way we could afford proper 
equipment, the guy took a very thin copper wire, wound it around a 
pencil a few times, separated the coil a bit so it wasn't touching 
anywhere, then attached a ohm-meter. He ran it over the running board 
to figure out if the problem was due to significant interference 
causing the part to malfunction. Sure enough he found it, as well as 
the source, made a make-shift faraday cage around the source and 
everything worked.

Debugging your wife (if you pardon the analagy) is really not much 
different; the goal is simply finding and eliminating the sources of 
the interference.

-JCR

Re: booting openbsd on eee without cd-rom

[ropers]

On 31/01/2008, frantisek holop [EMAIL PROTECTED] wrote:

 nevertheless, the previous post very well pointed out that i will
 need to work with ffs from linux, and i dont know anything about that,
 not even if it is supported.

Like most BSDs, OpenBSD uses the Berkeley Fast File System. By
default, GNU/Linux^W^W^WLinux (yes, Linux, motherfucker, Linux!)
allows you to mount Fast File System partitions, but (at least on
Ubuntu 7.10) it can by default only mount them read-only.

For instance to mount an OpenBSD floppy on an Ubuntu 7.10 box, try this:

sudo mkdir /media/floppy
sudo mount -t ufs -o ufstype=44bsd -r /dev/fd0 /media/floppy

Obviously,
sudo umount /media/floppy
when finished, and adapt the above as necessary if you're dealing with
HDDs/USB sticks.

Now you would have been able to figure this out by yourself with man
mount -- but that requires the prior knowledge that (Berkeley) Fast
File System = FFS = UFS = Unix File System to clue in to selecting the
ufs type, and you then have to know that you need to also set the
ufstype option to 44bsd. Thankfully, dmesg|tail is helpful if you
don't set the ufstype option:

[15809.331413] You didn't specify the type of your ufs filesystem
[15809.331417]
[15809.331418] mount -t ufs -o
ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep
...
[15809.331421]
[15809.331421] WARNING Wrong ufstype may corrupt your
filesystem, default is ufstype=old

man mount has this to say about the ufstype option:
 Mount options for ufs
ufstype=value
   UFS is a file system widely used in different operating 
 systems. The
   problem are[sic] differences among  implementations.  Features  
 of
   some  implementations  are undocumented, so its hard to 
 recognize
   the type of ufs automatically.  That's why the user must 
 specify the type
   of ufs by mount option.  Possible values are:

  oldOld  format of ufs, this is the default, read only.  
 (Don't forget to
  give the -r option.)

  44bsd  For filesystems created by a BSD-like system
  (NetBSD,FreeBSD,OpenBSD).

If I read the above correctly, then it should even be possible to
mount the ufs type with the ufstype=44bsd option as read+write, but
when I tried this on Ubuntu 7.10, I got this:

[EMAIL PROTECTED]:~/Desktop$ sudo mount -t ufs -o ufstype=44bsd
/dev/fd0 /media/floppy
mount: wrong fs type, bad option, bad superblock on /dev/fd0,
   missing codepage or helper program, or other error
   In some cases useful info is found in syslog - try
   dmesg | tail  or so

[EMAIL PROTECTED]:~/Desktop$ dmesg|tail
(...)
[16157.855996] ufs was compiled with read-only support, can't be
mounted as read-write
[EMAIL PROTECTED]:~/Desktop$

So maybe it's possible to compile in r+w support into your Linux
kernel, or maybe your favourite distro already comes with write
support for 44bsd FFS compiled in. YMMV.

(I'm sorta considering filing an Ubuntu launchpad bug for this, to ask
the maintainers if they can compile in r+w support for OpenBSD (and
the others) in the next release. Don't count on me though. I'm way
over my head in all sorts of stuff.)

Hopefully this info helps you in your migration from Linux to OpenBSD. ;-P ;-)
Good luck! :)

best regards,
--ropers

Re: low-MHz server

[J.C. Roberts]

On Wednesday 30 January 2008, chefren wrote:
 On 1/31/08 2:25 AM, Douglas A. Tutty wrote:
  We did the double-blind thing many times.  She nails it every time:
  100%

 If true she can get =very= rich with that.


 Please stop this thread that has nothing to do with OpenBSD.


chefren,

I disagree. There is a person on this list with a very specific problem
preventing a computer from being usable. He wants to use OpenBSD as
part of the solution, but needs to figure out what hardware will meet
his requirements.

It may not be a typical problem, but realistically, we're trying to make
a system usable for someone who is disabled. The disability may not be
common like being blind, deaf or crippled, but it is most certainly
still a disability.

Kind Regards,
JCR

Re: modifying base system, need to recompile?

[Vijay Sankar]

On February 1, 2008 05:51:06 pm Aaron wrote:
 I was wanting to set up an antispam/anti-virus mail system and in the
 past i've always used postfix as my mta.  I have read a few posts on the
 list where people suggest sticking w/the openbsd default, sendmail.  I'm
 considering doing this save one question.  I know that when you modify
 things (i'm just not sure what) you have to recompile them.  This will
 make upgrading considerable more difficult.

 So lets say i start w/the base install and change my rc.conf.local to
 point at sendmail.cf , edit the appropriate files in the src directory.
 Things like, sending mail as @mydomain.com instead of
 @myhost.mydomain.com, smart hosts, and whatever else needs to be
 changed.  When i update or upgrade my system, am i going to need to
 manually go back every time and recreate the steps to get my mail system
 working again?  Does the openbsd-proto.mc get overwritten every time i
 update the source via cvs.  I just need this for sendmail now, but as a
 general question:

No, it works very nicely. When you make a change to your sendmail.cf using m4 
or make or whatever you have to place it in /etc anyways. When you are 
upgrading, you will be updating /etc as a separate step. The upgrade FAQ 
explains how to upgrade from one version to the next very well. As long as I 
have followed it, I have not had a problem.


 What changes to configs/files etc, in the base system would dictate that
 a separate rebuild of that component after an update or upgrade?


 Thanks in advance,

 Aaron Martinez



-- 
Vijay Sankar, M.Eng., P.Eng.
President  CEO
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]

CARP PPPoE

[Sevan / Venture37]

Is it possible to have a 2 node firewall using carp  be able to use pppoe?
so if one node dies the other one picks up the  reinitiates the connection
for example.



Sevan / Venture37
_
Free games, great prizes - get gaming at Gamesbox.
http://www.searchgamesbox.com

Results for 4.2.3 20080125 (prerelease) testsuite on i386-unknown-openbsd4.2

[Dongsheng Song]

LAST_UPDATED: Obtained from SVN: tags/gcc-4_2_3-rc1 revision 131847

Native configuration is i386-unknown-openbsd4.2

=== g++ tests ===


Running target unix
FAIL: g++.dg/cpp/_Pragma1.C (test for excess errors)
FAIL: g++.dg/ext/complit4.C (test for excess errors)
WARNING: g++.dg/ext/complit4.C compilation failed to produce executable
FAIL: g++.dg/opt/complex3.C (internal compiler error)
FAIL: g++.dg/opt/complex3.C (test for excess errors)
FAIL: g++.dg/opt/mmx2.C (test for excess errors)
FAIL: g++.dg/other/i386-1.C (test for excess errors)
WARNING: g++.dg/other/i386-1.C compilation failed to produce executable
FAIL: g++.dg/other/i386-2.C (test for excess errors)
FAIL: g++.dg/other/mmintrin.C (test for excess errors)
FAIL: g++.dg/other/offsetof1.C (test for excess errors)
FAIL: g++.dg/other/offsetof2.C (test for excess errors)
FAIL: g++.dg/other/offsetof2.C execution test
FAIL: g++.dg/parse/offsetof1.C (test for excess errors)
FAIL: g++.dg/parse/offsetof2.C (test for excess errors)
FAIL: g++.dg/template/offsetof1.C (test for excess errors)
XPASS: g++.dg/tree-ssa/ivopts-1.C scan-tree-dump-not offset: -4B
XPASS: g++.dg/tree-ssa/ivopts-1.C scan-tree-dump-not x\\[5\\]
FAIL: g++.dg/pch/empty.C (test for excess errors)
FAIL: g++.dg/pch/local-1.C (test for excess errors)
FAIL: g++.dg/pch/local-1.C (test for excess errors)
FAIL: g++.dg/pch/pch.C (test for excess errors)
FAIL: g++.dg/pch/pch.C (test for excess errors)
FAIL: g++.dg/pch/static-1.C (test for excess errors)
FAIL: g++.dg/pch/static-1.C (test for excess errors)
FAIL: g++.dg/pch/template-1.C (test for excess errors)
FAIL: g++.dg/pch/uninst.C (test for excess errors)
FAIL: g++.dg/pch/uninst.C (test for excess errors)
FAIL: g++.dg/pch/wchar-1.C (test for excess errors)
FAIL: g++.dg/special/conpr-2.C execution test
FAIL: g++.dg/special/conpr-3.C execution test
FAIL: g++.dg/special/conpr-4.C execution test
FAIL: g++.dg/special/initp1.C execution test
FAIL: g++.old-deja/g++.other/init18.C execution test
FAIL: g++.old-deja/g++.other/init19.C execution test
FAIL: g++.old-deja/g++.other/init5.C execution test

=== g++ Summary ===

# of expected passes13668
# of unexpected failures32
# of unexpected successes   2
# of expected failures  67
# of untested testcases 11
# of unsupported tests  101
/home/dongsheng/wc/tmp/obj/gcc/testsuite/g++/../../g++  version 4.2.3 20080125 
(prerelease)

=== gcc tests ===


Running target unix
UNRESOLVED: gcc.c-torture/execute/mayalias-2.c execution,  -O3 -g 
FAIL: gcc.dg/cpp/Wmissingdirs.c (internal compiler error)
FAIL: gcc.dg/cpp/Wmissingdirs.c -Wmissing-include-dirs (test for warnings, line 
)
FAIL: gcc.dg/cpp/Wmissingdirs.c (test for excess errors)
FAIL: gcc.dg/cpp/_Pragma6.c (test for excess errors)
FAIL: gcc.dg/20050105-2.c (test for excess errors)
FAIL: gcc.dg/bitfld-12.c  (test for errors, line 10)
FAIL: gcc.dg/bitfld-12.c (test for excess errors)
FAIL: gcc.dg/builtins-20.c (test for excess errors)
FAIL: gcc.dg/c99-float-1.c (test for excess errors)
FAIL: gcc.dg/single-precision-constant.c execution test
FAIL: gcc.dg/va-arg-2.c In file included from (test for errors, line 6)
FAIL: gcc.dg/va-arg-2.c #error 1 (test for errors, line 4)
FAIL: gcc.dg/va-arg-2.c #error 2 (test for errors, line 5)
FAIL: gcc.dg/wint_t-1.c (test for excess errors)
FAIL: gcc.dg/format/array-1.c (test for excess errors)
FAIL: gcc.dg/format/array-1.c (test for excess errors)
FAIL: gcc.dg/format/asm_fprintf-1.c (test for excess errors)
FAIL: gcc.dg/format/asm_fprintf-1.c (test for excess errors)
FAIL: gcc.dg/format/attr-1.c (test for excess errors)
FAIL: gcc.dg/format/attr-1.c (test for excess errors)
FAIL: gcc.dg/format/attr-2.c (test for excess errors)
FAIL: gcc.dg/format/attr-2.c (test for excess errors)
FAIL: gcc.dg/format/attr-3.c (test for excess errors)
FAIL: gcc.dg/format/attr-3.c (test for excess errors)
FAIL: gcc.dg/format/attr-4.c (test for excess errors)
FAIL: gcc.dg/format/attr-4.c (test for excess errors)
FAIL: gcc.dg/format/attr-7.c (test for excess errors)
FAIL: gcc.dg/format/attr-7.c (test for excess errors)
FAIL: gcc.dg/format/bitfld-1.c (test for excess errors)
FAIL: gcc.dg/format/bitfld-1.c (test for excess errors)
FAIL: gcc.dg/format/branch-1.c (test for excess errors)
FAIL: gcc.dg/format/branch-1.c (test for excess errors)
FAIL: gcc.dg/format/builtin-1.c (test for excess errors)
FAIL: gcc.dg/format/builtin-1.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-1.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-1.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-2.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-2.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-3.c (test for excess errors)
FAIL: gcc.dg/format/c90-printf-3.c (test for excess errors)
FAIL: gcc.dg/format/c90-scanf-1.c (test for excess errors)
FAIL: gcc.dg/format/c90-scanf-1.c (test for excess errors)
FAIL: gcc.dg/format/c90-scanf-2.c 

Re: CARP PPPo

[Richard Daemon]

On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote:

 Is it possible to have a 2 node firewall using carp  be able to use
 pppoe?
 so if one node dies the other one picks up the  reinitiates the
 connection
 for example.



 Sevan / Venture37
 _
 Free games, great prizes - get gaming at Gamesbox.
 http://www.searchgamesbox.com


Yes.

I don't know how it would work in the sense of the 'conventional' way. I do
it with dynamic IP's, which even have MAC address reservations and works
good for me... I'm considering posting an undeadly.org article on it with my
scripts on how I do it, just not sure if anyone would be interested?

Re: CARP PPPoE

[Sevan / Venture37]

 Yes.

 I don't know how it would work in the sense of the 'conventional' way. I do
 it with dynamic IP's, which even have MAC address reservations and works
 good for me... I'm considering posting an undeadly.org article on it with
my
 scripts on how I do it, just not sure if anyone would be interested?


I definitely would be!
_
Get Hotmail on your mobile, text MSN to 63463!
http://mobile.uk.msn.com/pc/mail.aspx

Re: CARP PPPo

[Richard Daemon]

On Jan 31, 2008 8:36 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote:


  Yes.
 
  I don't know how it would work in the sense of the 'conventional' way. I
 do
  it with dynamic IP's, which even have MAC address reservations and works
  good for me... I'm considering posting an undeadly.org article on it
 with my
  scripts on how I do it, just not sure if anyone would be interested?
 

 I definitely would be!
I don't have my ISP that does PPPoE anymore, so I have no way to test it...

Is there something specific you're looking to do with CARP?

I *assume* the only thing that wouldn't work properly would be the [pfsync]
porition (assuming your IP changes on each reconnect?). If that is the case,
then in that sense, you could still have redundant Firewall  NAT, etc. in
the event one goes down or you shut-down for maintenance, etc. and the other
will just kick in and continue routing, filtering, etc. without any user
intervention...

Re: CARP PPPo

[Vijay Sankar]

On January 31, 2008 07:30:32 pm Richard Daemon wrote:
 On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote:
  Is it possible to have a 2 node firewall using carp  be able to use
  pppoe?
  so if one node dies the other one picks up the  reinitiates the
  connection
  for example.
 
 
 
  Sevan / Venture37
  _
  Free games, great prizes - get gaming at Gamesbox.
  http://www.searchgamesbox.com

 Yes.

 I don't know how it would work in the sense of the 'conventional' way. I do
 it with dynamic IP's, which even have MAC address reservations and works
 good for me... I'm considering posting an undeadly.org article on it with
 my scripts on how I do it, just not sure if anyone would be interested?

I would be very interested in reading such an article or if appropriate, 
helping write one. I have two PPPoE connections -- one with static addresses 
and framed routes and another with dynamic IP -- and will be happy to help in 
any way I can.

-- 
Vijay Sankar, M.Eng., P.Eng.
President  CEO
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]

Re: Can I just mount my lost swap on raid0?

[Nick Holland]

Matt wrote:
 Hi all,
 
 Perhaps a bit daft but:
 Somehow I have managed to exclude my swap partition from being mounted 
 on my Raid0 array.
 I have no idea why it isn't in fstab but I can only assume I messed 
 something up along the way while copying.

dunno what you were copying, but in a default config. Swap is assumed
to be the 'b' partition on the boot drive, and is thus not in /etc/fstab
normally.  If that's not the case, such as in your situation, you have
to put it manually.

 The swap partition is present as a slice within the virtual raid0 disk.
 Can I safely mount this on a live system or is that a bad idea?

not only is it safe, sometimes it critical to add swap on the fly. :)

Nick.

Re: CARP PPPo

[Richard Daemon]

On Jan 31, 2008 8:58 PM, Vijay Sankar [EMAIL PROTECTED] wrote:

 On January 31, 2008 07:30:32 pm Richard Daemon wrote:
  On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED]
 wrote:
   Is it possible to have a 2 node firewall using carp  be able to use
   pppoe?
   so if one node dies the other one picks up the  reinitiates the
   connection
   for example.
  
  
  
   Sevan / Venture37
   _
   Free games, great prizes - get gaming at Gamesbox.
   http://www.searchgamesbox.com
 
  Yes.
 
  I don't know how it would work in the sense of the 'conventional' way. I
 do
  it with dynamic IP's, which even have MAC address reservations and works
  good for me... I'm considering posting an undeadly.org article on it
 with
  my scripts on how I do it, just not sure if anyone would be interested?

 I would be very interested in reading such an article or if appropriate,
 helping write one. I have two PPPoE connections -- one with static
 addresses
 and framed routes and another with dynamic IP -- and will be happy to help
 in
 any way I can.

 --
 Vijay Sankar, M.Eng., P.Eng.
 President  CEO
 ForeTell Technologies Limited
 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6
 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]


Wow, thank you for the offer!

Help would be great, it's mostly the article, howto or presentation that I'm
not sure how to format yet...

I have most of it already done, but I think it could be better presented.
It's not fully on the website yet and ways on improving the scripts too,
would be great from anyone. It just needs a few mods for PPPoE, but the
working concept and model is in place and fully functional here.

How's the weather in Winnipeg? :-) I'm in Montreal.

Re: CARP PPPo

[Steven Surdock]

Richard Daemon wrote:
 On Jan 31, 2008 8:36 PM, Sevan / Venture37
 [EMAIL PROTECTED] wrote:


 I definitely would be!
 I don't have my ISP that does PPPoE anymore, so I have no way to test
 it...

Carp on pppoe doesn't really make sense, unless I'm missing something.
For fun, I tried it a while back
(http://marc.info/?l=openbsd-miscm=113940624732259w=2).  I suspect the
solution to a redundant firewall cluster with a pppoe interface will
involve ifstated.

-Steve S.

Backup system administrator needed

[Jeff Ross]

Hi all,

If you are in or near (say 50 miles) the Cheyenne, WY area and might be 
interested in some backup systems administrator work, please drop me a line.


Thanks,

Jeff Ross

dhcp error message

[Jim M]

my /var/log/messages file is filled over and over with the line
(obviously the date/time varies)

Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host

The machine is a firewall and has no graphic capabilities.  It is a dhcp
client to get my the IP address for the home network and a dhcp server
for all the machines in the house.  What does this error message mean? 
The firewall works fine as the default router for all the wired Ethernet
machines in the house.  But, I have laptop with built in 802.11 and a
PCMCIA card as well.  When I use the PCMCIA card, everything works fine. 
With the built in 802.11, however, it connects to the WAP, but does not
get an IP address from the firewall.  I can't figure out why the
difference and would appreciate any advice on how to troubleshoot this. 
Thanks

Jim

Re: OT:what can be done about attackers/crackers

[bofh]

On Jan 31, 2008 5:41 PM, Lord Sporkton [EMAIL PROTECTED] wrote:

 my question was not so much what can i do to mitigate the attack when
 its happening, its more what can i do after someone attacks to stick
 it to them


What would you like to do to them?  It all depends on how good you are at
tracking them down.  If you have followed the news, you'll have heard about
the Russian Business Network's links to top political figures in Russia, and
how the RBN is very possibly behind one of the largest botnets.  What are
_you_ going to do about it?  Realistically, nothing.


i know with a DDoS im pretty much sol, but with a single origination
 point DoS(i dont just mean bandwidth based DoS i mean any DoS, be that
 clogging my firewall or clogging my server or what ever) i should be
 able to identify a offending ip and have logs to back it up, such as
 an ssh attack is usuaully(not always) from a single zombie node or
 script kiddy, i would see logs indicating such, so now i have an ip
 and logs, what can i do with them, who can i report them to other than
 the provider?


In the US, you can report it to FCC, and/or FBI, but with FBI, unless
there's some kind of terrorism related things, or is $5k, iirc, they don't
handle it.  If you've mailed them check, the USPS can (and has) go after
them.  Realistically therefore (if you live in .us):

1)  From outside .us -  I wouldn't bother
2)  Spam from inside .us - go read some of those hunt spammer and take them
to small claims court sites
3)  Non-email issues, report to ISP, yours and theirs.
4)  If it's part of a company's range - call their help desk, they may
appreciate you reporting a bot.  Or may not.

Or, you can choose #5
5) Just say fsck it, and go do something more productive.



-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.  --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: CARP PPPo

[Richard Daemon]

On Jan 31, 2008 9:24 PM, Steven Surdock [EMAIL PROTECTED] wrote:

 Richard Daemon wrote:
  On Jan 31, 2008 8:36 PM, Sevan / Venture37
  [EMAIL PROTECTED] wrote:
 
 
  I definitely would be!
  I don't have my ISP that does PPPoE anymore, so I have no way to test
  it...

 Carp on pppoe doesn't really make sense, unless I'm missing something.
 For fun, I tried it a while back
 (http://marc.info/?l=openbsd-miscm=113940624732259w=2).  I suspect the
 solution to a redundant firewall cluster with a pppoe interface will
 involve ifstated.

 -Steve S.


I'm not sure what doesn't make sense?
The thing is, some people just want the redundancy regardless of protocol.
:-)

about your music (an opportunity), please read..

[music]

Hi, 

I heard your music and wanted to invite you to start a free artist page on our 
site. 

IACmusic.com is an indie all-star site, it recently got mention in Rolling 
Stone, and has been called the most innovative music portal on the web. Cashbox 
found the quality of music on the site so outstanding that now all content on 
their Indie Charts comes directly from IAC.  Our traffic is huge and growing, 
word of mouth is off the hook, and our station set-up is years beyond any other 
music site. Meanwhile, our community is thriving with station managers who 
actively pounce on the new releases and will help promote your songs for you. 
Also, IAC stations will soon be available to listen to via any cellphone with 
our recent move into that arena. 

We are about the music and indie culture.  No cookie-cutters were used in the 
making of this site. IAC is colorful and magical, to reflect the creativity of 
the artists themselves. If you choose, you can sell your downloads, set your 
own price and you get 100% of the take. You can build digital CDs called DMDs 
which include the revolutionary IAC Ultrapage. IAC's dedicated support 
department is always there to answer your questions. Check out the site here. 
If you want to find real listeners, this is the place to do it. 

Here's a direct shortcut to start a free page. Any additional exposure can help 
you get your music to the world. 

Hope to hear your songs at IAC soon. 

Toby, ar - IACmusic.com 

PS  Important: I will be glad to answer any questions you have but please send 
them to my personal Email [EMAIL PROTECTED] instead of replying directly to 
this correspondence.. 











If for any reason you do not want to receive these messages, drop a line to 
[EMAIL PROTECTED] 

Re: dhcp error message

[Richard Daemon]

On Jan 31, 2008 9:38 PM, Jim M [EMAIL PROTECTED] wrote:

 my /var/log/messages file is filled over and over with the line
 (obviously the date/time varies)

 Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host

 The machine is a firewall and has no graphic capabilities.  It is a dhcp
 client to get my the IP address for the home network and a dhcp server
 for all the machines in the house.  What does this error message mean?
 The firewall works fine as the default router for all the wired Ethernet
 machines in the house.  But, I have laptop with built in 802.11 and a
 PCMCIA card as well.  When I use the PCMCIA card, everything works fine.
 With the built in 802.11, however, it connects to the WAP, but does not
 get an IP address from the firewall.  I can't figure out why the
 difference and would appreciate any advice on how to troubleshoot this.
 Thanks

 Jim


If I understand you correctly, you mean the firewall is a dhcp client on the
external side, dhcp server on the internal and serving as a WAP for the
wireless systems, but the laptop doesn't connect to it via the built in
Wireless NIC and only with the PCMCIA one. The laptop and firewall are both
OpenBSD?

Y love you!!!

[notification]

Oi!!!
Algumas das fotinhus que eu esqueci de mandar! agora ta ai!!
Beijao!

anexo:

foto-01.jpg (196kb)

foto-02.jpg (196kb)

ospf problems when re-joining networks

[Linden]

Hi

We are running OpenBSD 4.2 and ospfd on 3 boxes which are joined to each 
other by 3 seperate wan links.


I find when a particular wan link fails to a box, packets now take the 
other higher cost route as expected. But when the link comes back up, 
ospfd does not change back to using the original, shorter and adjacent 
route. Why could this be occurring?


Thanks
- Linden

IPsec from server to network

[Will]

I have been encountering a bit of trouble getting a fileserver to
establish a vpn to my local network. I do not have access to the
machines at the moment, so my first question is this - do both
machines need to have incoming access to ports 500/4500? I am trying
to make the fileserver in question act somewhat like a roadwarrior
(although NAT-T should not be needed) in the sense that it is
firewalled off.

pf.conf should be irrelevant, as I have added set skip on enc0 and
pass quick on $ext_if from x.x.x.x.

Neither the network B gateway nor network B hosts are able to ping the
fileserver and vice versa. Also, ipsecctl -sa shows normal SAD and
FLOWS - so it doesn't seem to be a problem with establishing the
connection.

Here is the information I have at the moment. More to come if needed.

Fileserver: 1.2.3.4 (no incoming ports allowed, but not behind NAT)
Network B Gateway: 5.6.7.8
Network B: 192.168.1.0/24

Fileserver ipsec.conf:
ike esp from 1.2.3.4 to 192.168.1.0/24 peer 5.6.7.8 psk password
ike esp from 1.2.3.4 to 5.6.7.8 psk password

Network B Gateway ipsec.conf:
ike passive esp from 192.168.1.0/24 to 1.2.3.4 psk password
ike passive esp from 5.6.7.8 to 1.2.3.4 psk password

Re: CARP PPPo

[Claer]

On Thu, Jan 31 2008 at 24:21, Steven Surdock wrote:
 Richard Daemon wrote:
  On Jan 31, 2008 8:36 PM, Sevan / Venture37
  [EMAIL PROTECTED] wrote:
 
 
  I definitely would be!
  I don't have my ISP that does PPPoE anymore, so I have no way to test
  it...
 
 Carp on pppoe doesn't really make sense, unless I'm missing something.
 For fun, I tried it a while back
 (http://marc.info/?l=openbsd-miscm=113940624732259w=2).  I suspect the
 solution to a redundant firewall cluster with a pppoe interface will
 involve ifstated.

It's the way I solved the same problem. All interfaces are carped but
pppoe. I use ifstated to track carp status.
  If the master goes down, then shutdown isakmpd and pppoe
  If the slave goes up, then activate pppoe and wait till fully
functionnal (got an ip address)
  If the pppoe link become OK, start isakmpd and reapply pf just in case

For the moment, I didn't have any issues on the primary :)

Claer

Re: hotplugd(8) mount flash drive

[Chris]

 # Maybe some debugging will help:
 #
 exec  /tmp/logfile 21
 set -x

i changed the /etc/hotplugd/attach script with JetFlash* and also
enabled debugging - any further help would be much appreciated.
Thanks.

/var/log/messages output -

Feb  1 17:30:11 red /bsd: umass0 at uhub0 port 2 configuration 1 interface 0
Feb  1 17:30:11 red /bsd:
Feb  1 17:30:11 red /bsd: umass0: JetFlash Mass Storage Device, rev
2.00/1.41, addr 2
Feb  1 17:30:11 red /bsd: umass0: using SCSI over Bulk-Only
Feb  1 17:30:11 red /bsd: scsibus2 at umass0: 2 targets
Feb  1 17:30:12 red /bsd: sd1 at scsibus2 targ 1 lun 0: JetFlash,
TS8GJFV30, 8.07 SCSI2 0/direct removable
Feb  1 17:30:12 red /bsd: sd1: 7799MB, 994 cyl, 255 head, 63 sec, 512
bytes/sec, 15974398 sec total

/etc/hotplugd/attach script -

#!/bin/sh
exec  /tmp/logfile 21
set -x

   DEVCLASS=$1
   DEVNAME=$2

   case $DEVCLASS in
   2)
   # disk devices

   disklabel=`/sbin/disklabel $DEVNAME 21 | sed -n '/^label: /
s/^label: //p'`
  echo disklabel
   case $disklabel in
   JetFlash*)
   # flash drive

   mount /dev/$DEVNAMEi /mnt/flash
echo mount
   ;;
   esac
   ;;

debug output from /tmp/logfile -

+ DEVCLASS=2
+ DEVNAME=sd1
+ sed -n /^label: /s/^label: //p
+ DEVCLASS=0
+ DEVNAME=scsibus2
+ /sbin/disklabel sd1
+ 21
+ DEVCLASS=0
+ DEVNAME=umass0
+ disklabel=TS8GJFV30
+ echo disklabel
disklabel

avoid logging useless ssh brute force attempts

[Chris]

my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.

Any suggestions would be much appreciated. Thanks.

Re: Spain -- (not technical question) purchase OpenBSD 4.2 CD set

[Peter N. M. Hansteen]

ZeXeL Zexelut [EMAIL PROTECTED] writes:

 There is any problem with this? I'm doing something wrong?

My guess is that Wim is off to an event and will handle his mail and
other backlog when he's back. 

Looking at http://www.openbsd.org/events.html the French event could
be the likely cause.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: avoid logging useless ssh brute force attempts

[johan beisser]

I've simply added in an overload rule to pf on my server. This has  
helped significantly.



On Jan 31, 2008, at 11:11 PM, Chris wrote:


my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.

Any suggestions would be much appreciated. Thanks.

Re: PF - using overload for port 80 attacks/floods

[Peter N. M. Hansteen]

Darrin Chandler [EMAIL PROTECTED] writes:

 Depending on the traffic patterns of legit vs. attack the following idea
 might work... use max-src-* with values that may create false positives
 and overload into table candidates which will still PASS. Now use
 different values for max-src-* on candidate pass rule to look for
 longer term abuse and overload to blocked. Effectively this lets you
 do 2 stages of evaluation, at the price of taking a bit longer to block
 attacks. Make sense?

That's what I call an excellent idea.  Finding the right set of values
is a worthy excercise for the reader, but I *like* that approach.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: avoid logging useless ssh brute force attempts

[Peter N. M. Hansteen]

Chris [EMAIL PROTECTED] writes:

 my logs are filled with useless ssh bruteforce attempts - is there
 anything i can do to avoid logging random brute force attacks? since i
 disallow ssh root login and use the allowuser acl - i guess i could
 just avoid logging all these random attacks in my logs.

I suppose you already have a PF rule set with overload rules[1]?  If
not, writing a few simple rules like the one in that example will rid
you of most of the noise.

[1] see eg http://home.nuug.no/~peter/pf/en/bruteforce.html

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Spain -- (not technical question) purchase OpenBSD 4.2 CD set

[Nicolas Szalay]

Le vendredi 01 fC)vrier 2008 C  08:17 +0100, Peter N. M. Hansteen a
C)crit :

Hi,

 My guess is that Wim is off to an event and will handle his mail and
 other backlog when he's back. 
 
 Looking at http://www.openbsd.org/events.html the French event could
 be the likely cause.

You're right, wim was here was much good stuff, as usual !

Nico.