Re: booting openbsd on eee without cd-rom
hmm, on Wed, Jan 30, 2008 at 02:39:41PM -0500, Richard Daemon said that Does the system support PXE booting? I don't believe it matters (for PXE booting that is) if it's not supported by OpenBSD. If so, then maybe you could PXE boot and install OpenBSD onto the USB media that way? as far as i know, pxe needs another computer with openbsd or unix and i have no access to that. i am in inet cafes and libraries. nevertheless, the previous post very well pointed out that i will need to work with ffs from linux, and i dont know anything about that, not even if it is supported. -f -- our world: a 8000 mile in diameter spherical pile of dirt.
Re: booting openbsd on eee without cd-rom
i had a nother idea today, the eee comes with grub... the more knowledgable are already holding their heads :] because i dont have the boot sector and /boot, i thought grub could maybe load bsd.rd but all i got was the 'boot too old' message well known from the archives. it was worth a shot... is there another boot loader that can boot bsd.rd wihout chainbooting? i can use everything available in the linux world to boot a single bsd.rd: does bsd.rd work without /boot? until recently i thought /boot just handles the file system and starts /bsd but now i see some posts that it is handing over some bios data too... -f -- two most common in the universe elements: hydrogen, stupidity.
Re: low-MHz server
Hello, Maybe it would make sense to lower frequency of your beast Athlon and see how your poor wife reacts to such changes? OpenBSD and FreeBSD come with apmd(8) and powerd(8) that can change the freq. You may also want to downcloack your system through BIOS.
Re: : booting openbsd on eee without cd-rom
On Wed, 30 Jan 2008, Stuart Henderson wrote: On 2008/01/30 15:26, Dennis Davis wrote: wireless driver reports an error and does not work is short on detail. It might just be that non-free firmware needs installing (eg the firmware for the iwi driver) to get it to work. people with Eee PC need to test -current snapshots, the wd/wdc changes which are in them (not yet committed) will affect you (hopefully to your advantage, there should be much lower cpu use during disk activity). So, installed current from Jan 28 on an usb stick and booted. Ethernet works fine on the eee, but the wireless always reports ath0: unable to reset hardware; hal status 4096 when I want to set something. according to the manpage, this should not happen. dmesg follows... OpenBSD 4.2-current (GENERIC) #652: Mon Jan 28 14:04:36 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 900MHz (GenuineIntel 686-class) 631 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 527527936 (503MB) avail mem = 502153216 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06c0 (37 entries) bios0: vendor American Megatrends Inc. version 0703 date 01/04/2008 bios0: ASUSTeK Computer INC. 701 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xf800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04 agp0 at pchb0: aperture at 0xd000, size 0x1000 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82915GM Video rev 0x04 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: irq 5 azalia0: codec[s]: Realtek/0x0662 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: irq 5 pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: irq 11 pci2 at ppb1 bus 3 lii0 at pci2 dev 0 function 0 Attansic Technology L2 rev 0xa0: irq 11, address 00:1e:8c:b9:38:d8 ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI 0x001374, model 0x0002 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: irq 10 pci3 at ppb2 bus 1 ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10 ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 3 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 7 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4 pci4 at ppb3 bus 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 1 drive 0: SILICONMOTION SM223AC wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04: irq 7 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using
Re: low-MHz server
Douglas A. Tutty wrote: Hello, I have an unusual situation and problem at which I've been chipping away. The resultant system will need to run OpenBSD so I'm asking here for the accumulated wisdom. The base technology predates my IT experience. My wife is sensitive to what she describes as electromagnetic fields. She gets headaches and other pains when exposed to equipment: the higher the frequency, the worse her symptoms. For example, a VT is better than a regular CRT connected to even a P-II-233 MHZ while a 486DX4-100 is better than the P-II. Both are far better than my Athlon64 @3.5 GHz. And any CRT is better than any LCD/plasma screen. Even my Palm Zire (I think 233 MHz) with its ~2x~3 screen is unsuitable within about 30 feet of her. She can't wear a digital watch. do the symptoms get worse when you run Linux instead of OpenBSD? [...]
Re: low-MHz server
Douglas, I'm really sorry about you wife's health problems. I was unaware about this condition and, as a matter of fact, will relay some of the information passed along this thread to my own wife (she is a trained doctor). Maybe she provide additional insights that could improve your wife's conditions. Back to the technicalities... You are in need of a system capable of meeting the following requirements: - lower CPU (Pentium-class machine or similar) - low noise - low power requirements - memory and disc: more is always better - network: 100Mbits should be enough, wifi is not recommended - and, of course, able to run OpenBSD :) So, my best guess would fall into an embedded device. I had made some searches for embedded or single/small board computers in the past and a few links were present on my bookmarks lists. As you an see, there is other companies beyond soekris that can make really useful stuff. Some equipment have connectors for both IDE HDD and compact flash cards and their small footprint can help in building EF shields less bulky. Hope this helps. Best regards for you and your wife. Marcus. http://www.axiomtek.com/products/ListProductType.asp?ptype1=0ptype2=1 http://www.orbitmicro.com/global/35ecxembeddedcompactextendedtechnologyembeddedboards-c-79_191_196.html http://versalogic.com/Products/ http://www.pcengines.ch/platform.htm http://www.extremetech.com/article2/0,1697,2194852,00.asp http://www.zonbu.com/home/index.htm snip
Re: booting openbsd on eee without cd-rom
hmm, on Wed, Jan 30, 2008 at 03:29:46PM +0100, Stefan Kell said that flashboot, see http://www.mindrot.org/projects/flashboot/;. There are binary images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | dd of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick (/dev/sd0 as an example). But I didn't try this myself. i am trying to make this one work. but i dont know how the openbsd dd example translates into the linux one, there is no 'c' for all disk. if i do a # zcat image | dd of=/dev/sdd linux fdisk reports an invalid partition table. i tried to create an a6 bootable partition and then # zcat image | dd of=/dev/sdd1 but neither of these boot. the second one hangs, the first one gives a partition error... could someone please upload somewhere a basic install or just bsd.rd as an image already installed on the media? and the linux dd/fdisk dance around it? -f -- pi seconds is a nanocentury.
Re: : booting openbsd on eee without cd-rom
On Jan 31, 2008 5:02 AM, Andre Naehring [EMAIL PROTECTED] wrote: On Wed, 30 Jan 2008, Stuart Henderson wrote: On 2008/01/30 15:26, Dennis Davis wrote: wireless driver reports an error and does not work is short on detail. It might just be that non-free firmware needs installing (eg the firmware for the iwi driver) to get it to work. people with Eee PC need to test -current snapshots, the wd/wdc changes which are in them (not yet committed) will affect you (hopefully to your advantage, there should be much lower cpu use during disk activity). So, installed current from Jan 28 on an usb stick and booted. Ethernet works fine on the eee, but the wireless always reports ath0: unable to reset hardware; hal status 4096 when I want to set something. according to the manpage, this should not happen. dmesg follows... OpenBSD 4.2-current (GENERIC) #652: Mon Jan 28 14:04:36 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 900MHz (GenuineIntel 686-class) 631 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 527527936 (503MB) avail mem = 502153216 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/04/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06c0 (37 entries) bios0: vendor American Megatrends Inc. version 0703 date 01/04/2008 bios0: ASUSTeK Computer INC. 701 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf76b0/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xf800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04 agp0 at pchb0: aperture at 0xd000, size 0x1000 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82915GM Video rev 0x04 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: irq 5 azalia0: codec[s]: Realtek/0x0662 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: irq 5 pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x04: irq 11 pci2 at ppb1 bus 3 lii0 at pci2 dev 0 function 0 Attansic Technology L2 rev 0xa0: irq 11, address 00:1e:8c:b9:38:d8 ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI 0x001374, model 0x0002 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: irq 10 pci3 at ppb2 bus 1 ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: irq 10 ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR0W, address 00:15:af:75:d9:e0 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 3 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 7 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4 pci4 at ppb3 bus 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 1 drive 0: SILICONMOTION SM223AC wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x04: irq 7 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux
Re: : booting openbsd on eee without cd-rom
On Thu, Jan 31, 2008 at 01:27:46PM +0100, frantisek holop wrote: hmm, on Wed, Jan 30, 2008 at 03:29:46PM +0100, Stefan Kell said that flashboot, see http://www.mindrot.org/projects/flashboot/;. There are binary images available at http://tilde.se/flashboot/;. zcat GENERIC-RD.image | dd of=/dev/sd0 under Linux on the eee should give you a bootable USB-Stick (/dev/sd0 as an example). But I didn't try this myself. i am trying to make this one work. but i dont know how the openbsd dd example translates into the linux one, there is no 'c' for all disk. if i do a # zcat image | dd of=/dev/sdd linux fdisk reports an invalid partition table. i tried to create an a6 bootable partition and then # zcat image | dd of=/dev/sdd1 but neither of these boot. the second one hangs, the first one gives a partition error... could someone please upload somewhere a basic install or just bsd.rd as an image already installed on the media? and the linux dd/fdisk dance around it? Since you probably will need the install sets as well, I have posted a compressed filesystem image of size 199864838 bytes at http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz It contains the same as install42.iso snapshot Jan 29. Gunzip it (becomes 262144000 bytes). Load it to the USB media (in Linux): # dd if=hd.fs of=/dev/sdf bs=51200 count=5120 Change 'sdf' to what your USB media shows up as in dmesg. After that, cfdisk /dev/sdf should show an OpenBSD partition. Quit cfdisk. Reboot. -f -- pi seconds is a nanocentury. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: : booting openbsd on eee without cd-rom
On Thu, 31 Jan 2008, Richard Daemon wrote: Did you have to do boot boot -a to get it to boot properly off of sd0a, recompile kernel or something else? When I try, I never get it to see root on sd0a swap on sd0b dump on sd0b by itself, at least without boot -a or a kernel recompile... By chance, have you tried the same with non -current - just wondering if it boots and detects ok with root on sd0a? Okay, this is what I did. Got the snapshot from ftp2.de.openbsd.org and booted a pc with the iso image mounted. I used the complete stick for OpenBSD, creating 827mb for / and 128m for swap (a b). Installed the whole set (except game*) on my 1gb usb stick (which was sd1 during install) and rebooted the pc. After that I mounted the stick and edited fstab and changed sd1a to sd0a. Took the stick, told the eee to boot from usb and the snapshot was up and running. Tried to access web and ssh via the integrated lii0 ethernet, it worked. Starting up X, using startx with no config file, it came up and runs. Nice. So, there was no need to recompile the kernel in the snapshot from the ftp mentioned above. If you are interested, I can take an original 4.2 and install it on the stick tomorrow and can than post the dmesg. -- andre
Impression du journal fin de la semaine
Si vous ne visualisez pas correctement ce message, suivez ce lien Vous recherchez des agents commerciaux ? Ne manquez pas la parution de votre offre dans ce numiro unique envoyi aux 25.000 agents commerciaux en activiti sur la France !! ATTENTION : DERNIERE SEMAINE POUR LA PRISE EN COMPTE DE VOTRE OFFRE PUBLIEE DANS LE JOURNAL AVANT IMPRESSION NE RATEZ PAS LâOCCASION DE TOUCHER TOUT LE MONDE ! Pour toute diffusion d'offre de mission sur le site www.exploragent.fr avant le 31 janvier 2008, l'insertion de cette mjme annonce vous est offerte dans le journal Pour en savoir plus, cliquez ici Si vous disirez ne plus recevoir de mail de notre part, cliquez ici
Re: : booting openbsd on eee without cd-rom
hmm, on Thu, Jan 31, 2008 at 02:26:17PM +0100, Raimo Niskanen said that Since you probably will need the install sets as well, I have posted a compressed filesystem image of size 199864838 bytes at http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz It contains the same as install42.iso snapshot Jan 29. will try asap, thanks a lot. otherwise i'll ask the Andre chap with the usb install to post an image :))) i guess it wouldnt be really hard to provide these images along with the cd/floppy boot images, what's the official stance on this by the devs? as the subnotebook business gona explode after the eee's success this will be a really handy thing to do i think... -f -- i'm feeling rather blonde today.
Re: Dell PowerEdge 1950 III / R200
Great, thanks for the info. This is my first time to get a rackmount server, and I just wanna make sure it is supported by OpenBSD ;) As Juan Miscaro described on Wed, Jan 30, 2008 at 02:48:19PM -0500: --- Reza Muhammad [EMAIL PROTECTED] wrote: Hi all, I'm looking to buy a server that supports OpenBSD and I'm looking at either Dell PowerEdge 1950 III or Dell PowerEdge R200. I noticed Marco (marco@)'s message about Dell PERC 6i that exists on PowerEdge 1950 III and R2000. But, if I'm not going to use RAID and only use Serial ATA hard drive, would I be able to install OpenBSD on it? I just did a test install of a new PowerEdge R200 [1]. 4.2 Release would not install on it. I achieved an install only with a very recent snapshot (28-01-08). So far, everything is working. I do not have any RAID card but one that can be purchased with the R200, the LSI/SAS5iR, is listed as supported by mpi [2] on the i386 page. [1] http://www.nycbug.org/?NAV=dmesgd;f_dmesg=;f_bsd=;f_nick=;f_descr=;dmesgid=1929#1929 [2] http://www.openbsd.org/cgi-bin/man.cgi?query=mpiarch=i386sektion=4 /juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca
Re: PF - using overload for port 80 attacks/floods
On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote: One thing I continually run into on the machines are port 80 attacks or floods. I'd like to do something similar with PF as I'm already doing for other protocols to overload these into a table and block them, but I'm finding it very hard to come up with a set of rules that eliminate any false positives while still catching actual attacks.I find in particular there are a few websites behind our firewall that have very complex page structures with lots of embedded images such that a fast browser with a fast connection viewing certain sections of the site can easily do 100's of legit GET's in a matter of a couple seconds. Does anyone have any suggestions for weeding out the false positives? Merely upping either of max-src-conn or max-src-conn- rate seems to be eventually self-defeating as it just allows attacks through as well as allowing the fast legit traffic. Depending on the traffic patterns of legit vs. attack the following idea might work... use max-src-* with values that may create false positives and overload into table candidates which will still PASS. Now use different values for max-src-* on candidate pass rule to look for longer term abuse and overload to blocked. Effectively this lets you do 2 stages of evaluation, at the price of taking a bit longer to block attacks. Make sense? -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
PF - using overload for port 80 attacks/floods
Hello, I've been successfully using the max-src-conn and max-src-conn-rate with an overload into a table that I block for our external firewall that protects a few dozen (mostly Sun) web servers. As it stands it works great for blocking ssh, ftp, smtp and several other protocols when there are attempts at floods or hacks. I group them by port and and have different settings for different sets of ports. One thing I continually run into on the machines are port 80 attacks or floods. I'd like to do something similar with PF as I'm already doing for other protocols to overload these into a table and block them, but I'm finding it very hard to come up with a set of rules that eliminate any false positives while still catching actual attacks.I find in particular there are a few websites behind our firewall that have very complex page structures with lots of embedded images such that a fast browser with a fast connection viewing certain sections of the site can easily do 100's of legit GET's in a matter of a couple seconds. Does anyone have any suggestions for weeding out the false positives? Merely upping either of max-src-conn or max-src-conn- rate seems to be eventually self-defeating as it just allows attacks through as well as allowing the fast legit traffic. thanks, -- [EMAIL PROTECTED] The sky above the port was the color of television, tuned to a dead station.
Re: carped trunk or trunked carp or what?
Johan Fredin wrote: Yep, two boxes with one cable each to the switch. Both with a bunch of vlans and carp interfaces on top of that. This is from one of the machines: snip Hey, thanks a lot, I got it working, but it isn't stable - in fact, I really only had one successful fail-over... When I `shutdown -h -p now` my MASTER, a session I had running through the firewall continued working (yeah!) [PS: this with carp on vlans on trunk as described yesterday]. But when I powered-up my MASTER box, not only did the session I have running thru the firewall hang, but I also couldn't run new sessions through the firewall until I reset the switch (a Dell PowerConnect 5224). I'm guessing that this is an issue with the switch, but I haven't been able to find it yet... (any ideas?) Question: when rebooting the MASTER, does it reclaim being the MASTER *after* pfsync has a chance to synchronize the state tables? If not, then what do people do to bring the MASTERs back online? - temporarily configuration the MASTER's advskew settings so that its higher than the BACKUPs and hence will *not* become the MASTER right away? Does it make sense to have both systems always set advskew to 128 on boot and then always plan to lower the advskew for the MASTER? Thanks, Kent
Re: low-MHz server
RE: LOUD I have x86 machine SCSI hard drives. The fast rpm SCSI are LOUD. I suspect they would be the majority culprit in the netra's case too. There are likely pci-bus/slot ata or s-ata workarounds if the lower-freq netra is a suitable starting place. (e.g. I run several everything-but-X-and-comp (EBXC) x86 obsd hard-drive free boxes on compact flash and RAM-based mfs mount combinations. No hacking required unabridged EBXC will fit in 256MB CF (about 180MB used), though 512MB better. Happier with 1GB or more depending on non-volatile storage space requirements.) -Original Message- From: johan beisser [EMAIL PROTECTED] Cc: Douglas A. Tutty [EMAIL PROTECTED], misc@openbsd.org Subject: Re: low-MHz server Date: Wed, 30 Jan 2008 23:10:51 -0800 Mailer: Apple Mail (2.915) Just to keep people informed: Netra T1 is LOUD. I mean, shockingly so. I can hear mine through the house, easily. It's also, easily, one of the loudest systems in the colo right now.
Re: PF - using overload for port 80 attacks/floods
sweet idea. :-) -Original Message- From: Darrin Chandler [EMAIL PROTECTED] To: Cache Hit [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: PF - using overload for port 80 attacks/floods Date: Thu, 31 Jan 2008 11:11:25 -0700 Mailer: Mutt/1.5.16 (2007-06-09) Depending on the traffic patterns of legit vs. attack the following idea might work... use max-src-* with values that may create false positives and overload into table candidates which will still PASS. Now use different values for max-src-* on candidate pass rule to look for longer term abuse and overload to blocked. Effectively this lets you do 2 stages of evaluation, at the price of taking a bit longer to block attacks. Make sense?
Spain -- (not technical question) purchase OpenBSD 4.2 CD set
Hi, I'm from Spain, I want to buy the OpenBSD 4.2 CD set by bank transfer, this method it's not the standard so I wrote to [EMAIL PROTECTED] and [EMAIL PROTECTED] as explained in www.openbsd.org/orders.html to get info about the procedure to pay the CD sets and I didn't get response of my e-mails for a few days. There is any problem with this? I'm doing something wrong? Thanks for your time, and sorry for my english, it's not my natural language. - Registra tu dominio en http://dominios.ya.com/. Con cada registro te regalamos 20 cuentas de correo de 100MB cada una. Ya.com ADSL 24h + Llamadas Nacionales y Locales 24h + Llamadas a MSVILES. Desde 9,95 /mes+IVA. http://acceso.ya.com/ADSLllamadas/3mbvoz/
Re: low-MHz server
On Wed, 30 Jan 2008, Paul D. Ouderkirk wrote: Probably your best bet to cover these requirements would be some old school Compaq Proliant with 2 or 4-way Pentium Pro CPUs. You can find them clocked around 200MHz. OpenBSD has troubles recognizing the SCSI drives on some of these. (The ones I have, for instance). Also, Compaqs use a persnickety, proprietary bios setup routine that resides on disk -- they were too cheap to pop a 64K ROM into their high end machines. Compaqs of this type require tweaking in boot.conf to recognize all their memory, too. NetBSD, OTOH, and OpenBSD before 3.9, work. Proliant 800. Believe it or not, there are only two obvious P-Pro machines on ebay (us) right now. One is an overdrive (330MHz), the other a diskless Dell Demention (sic ;-) at 180. They want 96$+ship for that one. It must have considerable antique value. Dave -- I told you so. -- Cassandra
Xorg -STABLE patches?
I've been watching the CVS commits the last few weeks and noticed several Xorg related security fixes back ported into 4.1 and 4.2 -STABLE. Are they important enough to get on the errata pages? Some of us sorta rely on that... ;) Thanks. -Nix Fan.
Re: PF - using overload for port 80 attacks/floods
Since you already stated you have valid clients which could open many connections at once it seems pf might not be the right solution. Have you thought about using a reverse proxy server in front of your web servers? A program like Pound would allow you to specify valid URL regular expressions which would then goto your web servers. All of the invalid requests would get an error by the proxy server. If you wanted to, you could make a script to watch the logs and add ips to the pf blacklist table. Pound secure reverse proxy how to http://calomel.org/pound.html If your webserver has the ability to use mod_evasive this might also help. Mod_evasive will return errors for clients who connect over a set limit. I believe mod_security can blacklist clients who produce too many errors. If you decide to stick with just PF then take a stab at writing a script to watch the webserver logs. If you have a web client producing a certain amount or type of errors put them in a slow queue for a while. Using Pf's probabilitydirective works really well if you want to slow, but not completely block the host. You can find pf examples here: OpenBSD Pf Firewall how to ( pf.conf ) http://calomel.org/pf_config.html Hope this helps. -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote: Hello, I've been successfully using the max-src-conn and max-src-conn-rate with an overload into a table that I block for our external firewall that protects a few dozen (mostly Sun) web servers. As it stands it works great for blocking ssh, ftp, smtp and several other protocols when there are attempts at floods or hacks. I group them by port and and have different settings for different sets of ports. One thing I continually run into on the machines are port 80 attacks or floods.I'd like to do something similar with PF as I'm already doing for other protocols to overload these into a table and block them, but I'm finding it very hard to come up with a set of rules that eliminate any false positives while still catching actual attacks.I find in particular there are a few websites behind our firewall that have very complex page structures with lots of embedded images such that a fast browser with a fast connection viewing certain sections of the site can easily do 100's of legit GET's in a matter of a couple seconds. Does anyone have any suggestions for weeding out the false positives? Merely upping either of max-src-conn or max-src-conn- rate seems to be eventually self-defeating as it just allows attacks through as well as allowing the fast legit traffic. thanks, -- [EMAIL PROTECTED] The sky above the port was the color of television, tuned to a dead station.
Re: [squid-users] Squid.conf deleting host...
Hello Sherwood, On Wed, 30 Jan 2008, Sherwood Botsford wrote: Now, the problem: In accessing any web page, say http://some.domain.com/path/to/file.html squid replies with a bad URL message saying that it can't retrieve /path/to/file.html. The http:// prefix and the domain name are stripped out. ...snip Relevant section of pf.conf. Pixel should be 'any' but this version limits the problem to a single host. All other hosts are non-proxied. $lan is the internal interface. # squid redirection rdr on $lan inet proto tcp from pixel to any \ port www - 127.0.0.1 port 3128 pass in quick on $lan inet proto tcp from any to 127.0.0.1 \ port 3128 keep state #label web You obviously try to install a transparent proxy. This works only if your WEB-clients use http-protocol 1.1. Notably Microsoft Internet Explorer uses http 1.0 which does not send the hostname in the GET request. This leads to your symptoms. A transparent proxy is probably not a good idea, better is to enter the proxy definition in the browser preferences or use automatic proxy detection via WPAD. More on this via Google or your preferred search engine, looking for ie wpad.dat or similiar. One additional note: there is a known problem with Microsoft internet explorer, it might use wpad.da as filename. Regards Stefan Kell
Snort on openBSD 4.2
Hi All, I am planning to use an old hardware for snort with mysql on top of openBSD 4.2. I would appreciate comments/suggestions from anybody using snort on openBSD! Thanks, Rami Sik
Re: : booting openbsd on eee without cd-rom
Hello, On Thu, 31 Jan 2008, frantisek holop wrote: hmm, on Thu, Jan 31, 2008 at 02:26:17PM +0100, Raimo Niskanen said that Since you probably will need the install sets as well, I have posted a compressed filesystem image of size 199864838 bytes at http://www.erlang.org/~raimo/OpenBSD/snapshots/i386/hd.fs.gz It contains the same as install42.iso snapshot Jan 29. will try asap, thanks a lot. otherwise i'll ask the Andre chap with the usb install to post an image :))) i guess it wouldnt be really hard to provide these images along with the cd/floppy boot images, what's the official stance on this by the devs? as the subnotebook business gona explode after the eee's success this will be a really handy thing to do i think... I made some experiments booting the eee with following results: - installing OpenBSD to USB-stick on an other machine and then boot ist on the eee works. Release 4.2 has some problems with ethernet, -current might be better. - Using flashboot and dding Generic-rd.image from http://tilde.se to an USB-stick works but init-script inside this kernel has some problem with fsck. But this is an easy method for you to get a bootable USB-stick with only Linux running on the eee. - The eee CAN boot via PXE if you enable this option in the bios. This might be the most easy solution if you have the PXE-infrastructure. I will try a current snapshot and see how well this works in the next days. So in principle you don't need special images somewhere for download, it is all there already. Regards Stefan Kell
Re: Squid.conf deleting host... Resolved.
In Squid 2.5, transparent proxying is done with a hack involving httpd options, which are not explained well in the config file. These options are not done by default, even in the -transparent version, which means that reverting to an unmodified configuration file leaves it in place. In squid 3.0 transparency is handled differently. The second problem has gone away, but two events occured almost simultaneously. The first was that I got squid3 running. The second is that our service provider replace the Cat 5 to Fiber translator card, claiming that it was dropping some 10-15% of packets going through it. I'm not clear why dropped packets would affect files from partiular hosts, but until I can reestablish the problem I consider this one closed. Sherwood Botsford wrote: I'm stumped. I was in the process of upgrading squid to 3.0 stable to see if this would deal with a bunch of other issues. I've managed to make squid non-operational. Normally this would be material for the squid list. And I've had it posted there for several days, with no useful results. So I went to the default troubleshooting system to make the most minimal system that exhibits the problem. Further down you will find a list of lines that were added to the default squid.conf file to make the problem appear. Now, the problem: In accessing any web page, say http://some.domain.com/path/to/file.html squid replies with a bad URL message saying that it can't retrieve /path/to/file.html. The http:// prefix and the domain name are stripped out. I've gone over my pf.conf file also, and have tried loading a prior version of pf.conf labeled that it was a working copy from before. No joy. The pf.conf rediretion is included below. This started because certain files wouldn't download. They would start, but would stall either immediately or 30K into the file. Same type of file would have no problems from other sources. If I went to a computer outside our firewall, there was no problem. I figured that before I asked the list for help, I should have the courtesy of using the current release. (3.0 Stable 1) In mangling my file for the new version, I over mangled it. (It complained about unknown options.) Rolling back to the old version didn't help. I've also destroyed and recreated the cache directories thinking that it might be some subtle form of cache corruption. I've uninstalled and reinstalled squid-2.5. (I know. That's a winsnooze type thing to do. Grasping as straws.) I'm a bit at a loss on where else to look. ** Environment: Openbsd 3.9 with pf redirecting web requests to squid. Message posted to the squid list earlier. kerberos# squid -v Squid Cache: Version 2.5.STABLE12 configure options: --datadir=/usr/local/share/squid '--enable-auth=basic digest' '--enable-basic-auth-helpers=NCSA YP' --enable-digest-auth-helpers=password '--enable-external-acl-helpers=ip_user unix_group' '--enable-removal-policies=lru heap' --enable-ssl '--enable-storeio=ufs diskd' --localstatedir=/var/squid --enable-pf-transparent --prefix=/usr/local --sysconfdir=/etc Starting from scratch with a copy of the default squid.conf file, I can reproduce the problem with the following changes to the default squid.conf file: http_port 127.0.0.1:3128 cache_mem 64 MB cache_dir ufs /opt/squidcache 100 10 60 acl our_networks src 192.168.1.0/24 http_access allow our_networks Relevant section of pf.conf. Pixel should be 'any' but this version limits the problem to a single host. All other hosts are non-proxied. $lan is the internal interface. # squid redirection rdr on $lan inet proto tcp from pixel to any \ port www - 127.0.0.1 port 3128 pass in quick on $lan inet proto tcp from any to 127.0.0.1 \ port 3128 keep state #label web
Re: panic: bogus long slot station count 0
Frank Bax wrote: panic is easily reproducible... - power up the OLPC XO - goto neighbourhood - click on icon for my router. - the OpenBSD router panics. http://www.nabble.com/panic:-bogus-long-slot-station-count-0-td15142434.html Is this a bug? Is there anything (workaround?) I can do to get OLPC wireless connection?
Re: Snort on openBSD 4.2
On Thu, Jan 31, 2008 at 12:10:57PM -0800, Rami Sik wrote: Hi All, I am planning to use an old hardware for snort with mysql on top of openBSD 4.2. I would appreciate comments/suggestions from anybody using snort on openBSD! what is your question? yes, snort runs on openbsd 4.2, also with old hardware. Thanks, Rami Sik
OT:what can be done about attackers/crackers
very soon i am getting some static ips for my cable home connections, currently i have 1 dynamic ip. Im using pf to block ssh brute force attempts and its working splendedly. however now i have this pf table full of ips and nice logs indicating hack attempts via ssh not to mention other services they are trying to breach. since i have all these nice logs and data, what can i do about it, other than blocking it. my main concern is that of someone DoSing my connection which will only be 2up and wont support any sort of a planned DoS will lag and congest with to much evil traffic. i have some experiance with abuse departments i know the usual first step is to report to a provider however i also know many providers are unresponsive, so what can i do beyond that? any opinions welcome, thank you -- -Lawrence
Re: : booting openbsd on eee without cd-rom
On Jan 31, 2008 8:29 AM, Andre Naehring [EMAIL PROTECTED] wrote: On Thu, 31 Jan 2008, Richard Daemon wrote: Did you have to do boot boot -a to get it to boot properly off of sd0a, recompile kernel or something else? When I try, I never get it to see root on sd0a swap on sd0b dump on sd0b by itself, at least without boot -a or a kernel recompile... By chance, have you tried the same with non -current - just wondering if it boots and detects ok with root on sd0a? Okay, this is what I did. Got the snapshot from ftp2.de.openbsd.org and booted a pc with the iso image mounted. I used the complete stick for OpenBSD, creating 827mb for / and 128m for swap (a b). Installed the whole set (except game*) on my 1gb usb stick (which was sd1 during install) and rebooted the pc. After that I mounted the stick and edited fstab and changed sd1a to sd0a. Took the stick, told the eee to boot from usb and the snapshot was up and running. Tried to access web and ssh via the integrated lii0 ethernet, it worked. Starting up X, using startx with no config file, it came up and runs. Nice. So, there was no need to recompile the kernel in the snapshot from the ftp mentioned above. If you are interested, I can take an original 4.2 and install it on the stick tomorrow and can than post the dmesg. -- andre If you can, so long as it's not trouble for you that would be great! For me, it's on two standard PCs (i386 AMD64 x2) that I've been having these weird issues with booting from USB after installing to sd0a, where it goes into ddb unless I do the boot -a (or recompile kernel accordingly) and only then it sees the proper root on sd0a, rather than trying root wd0a. I didn't do a swap, but from the man pages should just exit with a = 1 code and I wouldn't think that would be the cause. If you do test with standard release, please let me know the results, especially if it's on a standard PC - I'm out of systems to test with... :-( Thank you very much!
Re: OT:what can be done about attackers/crackers
On Jan 31, 2008 4:30 PM, Lord Sporkton [EMAIL PROTECTED] wrote: very soon i am getting some static ips for my cable home connections, currently i have 1 dynamic ip. Im using pf to block ssh brute force attempts and its working splendedly. however now i have this pf table full of ips and nice logs indicating hack attempts via ssh not to mention other services they are trying to breach. since i have all these nice logs and data, what can i do about it, other than blocking it. my main concern is that of someone DoSing my connection which will only be 2up and wont support any sort of a planned DoS will lag and congest with to much evil traffic. i have some experiance with abuse departments i know the usual first step is to report to a provider however i also know many providers are unresponsive, so what can i do beyond that? any opinions welcome, thank you -- -Lawrence Just curious, what's the reason(s) you're getting 2 static, instead of 1 dynamic? Just curious...
Re: low-MHz server
On Jan 31, 2008 2:04 PM, Woodchuck [EMAIL PROTECTED] wrote: Believe it or not, there are only two obvious P-Pro machines on ebay (us) right now. One is an overdrive (330MHz), the other a diskless Dell Demention (sic ;-) at 180. They want 96$+ship for that one. It must have considerable antique value. Man. When I recently moved, I threw away 15+ computers, including an old sgi, dec 2000, dec 5000, some kind of a hp/ux box, 2 dual Ppro200 and others. And still, other than this lapdog, the newest computer in the house is at least 4-5 years old. Heh. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: OT:what can be done about attackers/crackers
i currently have 512Kb up 6megs down with one dymanic ip im getting 2megs up 15 megs down with a block of 8 static ips im am doing this so i have mobile access to my lab, i work on windows systems all day but i use unix tools most offten to troubleshoot, other thing is im gonna run some backups from my colo down to my house, and some back up servers at my house as well my question was not so much what can i do to mitigate the attack when its happening, its more what can i do after someone attacks to stick it to them i know with a DDoS im pretty much sol, but with a single origination point DoS(i dont just mean bandwidth based DoS i mean any DoS, be that clogging my firewall or clogging my server or what ever) i should be able to identify a offending ip and have logs to back it up, such as an ssh attack is usuaully(not always) from a single zombie node or script kiddy, i would see logs indicating such, so now i have an ip and logs, what can i do with them, who can i report them to other than the provider? On 31/01/2008, Richard Daemon [EMAIL PROTECTED] wrote: On Jan 31, 2008 4:30 PM, Lord Sporkton [EMAIL PROTECTED] wrote: very soon i am getting some static ips for my cable home connections, currently i have 1 dynamic ip. Im using pf to block ssh brute force attempts and its working splendedly. however now i have this pf table full of ips and nice logs indicating hack attempts via ssh not to mention other services they are trying to breach. since i have all these nice logs and data, what can i do about it, other than blocking it. my main concern is that of someone DoSing my connection which will only be 2up and wont support any sort of a planned DoS will lag and congest with to much evil traffic. i have some experiance with abuse departments i know the usual first step is to report to a provider however i also know many providers are unresponsive, so what can i do beyond that? any opinions welcome, thank you -- -Lawrence Just curious, what's the reason(s) you're getting 2 static, instead of 1 dynamic? Just curious... -- -Lawrence -Student ID 1028219
Re: low-MHz server
On Wednesday 30 January 2008, Douglas A. Tutty wrote: I don't need answers to these questions, but if there is a medical solution to your wife's sensitivity that might be easier than trying to banish all electronics. A medical solution would be very nice but not forthcoming. Note that apparently in either Norway or Sweeden (I forget which), a whole non-electronic, non-EMF village has been set up for such sensitive people. Hasn't happened in Canada or the US yet. Actually, I remember reading about an *attempt* at setting up such a place here in the US. I believe it was in Mendicino, California where there were votes on similar laws.
Re: low-MHz server
On Wednesday 30 January 2008, Douglas A. Tutty wrote: My wife is sensitive to what she describes as electromagnetic fields. She gets headaches and other pains when exposed to equipment: the higher the frequency, the worse her symptoms. For example, a VT is better than a regular CRT connected to even a P-II-233 MHZ while a 486DX4-100 is better than the P-II. Both are far better than my Athlon64 @3.5 GHz. And any CRT is better than any LCD/plasma screen. Even my Palm Zire (I think 233 MHz) with its ~2x~3 screen is unsuitable within about 30 feet of her. She can't wear a digital watch. Doug, Give me a call. My phone number is available in the whois data for my project domain. I have countless systems here in my lab, including many of the well shielded oldies-but-goodies that are hard to find. Kind Regards, JCR
Re: low-MHz server
On Wednesday 30 January 2008, Douglas A. Tutty wrote: On Thu, Jan 31, 2008 at 02:11:54AM +0100, ropers wrote: On 30/01/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote: She's also sensitive to lower-freq and even DC electric fields (e.g. a battery with no external current flow) but in a different manner. I don't understand what you mean by DC electric fields in this context. A battery without any current flow is just a container with chemicals inside. No electricity, no magnetic field, nothing. Sure it does. It has a static electric field since there's a voltage potential between the two poles. Electricity doesn't just appear once you put a meter onto a battery; current yes, potential no. Potential is, well, potential. Also, no batteries are electrically perfect so they all contain some capacitance that can then interact if placed in an occilating EMF (IOW, they can act like an antenna). Voltage is, by definition, potential difference. You can burry two plates of metal a meter apart from each other and get voltage. When you subject those plates to an increased electro-magnetic field, you get more voltage. http://chem.ch.huji.ac.il/history/bain.html It all seems strange. Yes, I know the physics of it, but before this happened, it was something that you paid a lot of money to build a detector for, for research. Yes and no. Doing it right in a research environment means you'll pay extrodinate amounts of money for accurate and sensitive measurement equipment (as well as a specialized buildng to use the equipment without interference). *BUT* doing it on the cheap is perfectly possible. One of the most fiendishly clever things I've ever seen done was by a Bring-Up Engineer (i.e. the guys who debug the initial bring-up of newly created circuit board designs) at a poor startup. A very mysterious something was causing a component to behave erratically when the power was on but the component tested out perfectly on all of the prototypes. Since there was no way we could afford proper equipment, the guy took a very thin copper wire, wound it around a pencil a few times, separated the coil a bit so it wasn't touching anywhere, then attached a ohm-meter. He ran it over the running board to figure out if the problem was due to significant interference causing the part to malfunction. Sure enough he found it, as well as the source, made a make-shift faraday cage around the source and everything worked. Debugging your wife (if you pardon the analagy) is really not much different; the goal is simply finding and eliminating the sources of the interference. -JCR
Re: booting openbsd on eee without cd-rom
On 31/01/2008, frantisek holop [EMAIL PROTECTED] wrote: nevertheless, the previous post very well pointed out that i will need to work with ffs from linux, and i dont know anything about that, not even if it is supported. Like most BSDs, OpenBSD uses the Berkeley Fast File System. By default, GNU/Linux^W^W^WLinux (yes, Linux, motherfucker, Linux!) allows you to mount Fast File System partitions, but (at least on Ubuntu 7.10) it can by default only mount them read-only. For instance to mount an OpenBSD floppy on an Ubuntu 7.10 box, try this: sudo mkdir /media/floppy sudo mount -t ufs -o ufstype=44bsd -r /dev/fd0 /media/floppy Obviously, sudo umount /media/floppy when finished, and adapt the above as necessary if you're dealing with HDDs/USB sticks. Now you would have been able to figure this out by yourself with man mount -- but that requires the prior knowledge that (Berkeley) Fast File System = FFS = UFS = Unix File System to clue in to selecting the ufs type, and you then have to know that you need to also set the ufstype option to 44bsd. Thankfully, dmesg|tail is helpful if you don't set the ufstype option: [15809.331413] You didn't specify the type of your ufs filesystem [15809.331417] [15809.331418] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [15809.331421] [15809.331421] WARNING Wrong ufstype may corrupt your filesystem, default is ufstype=old man mount has this to say about the ufstype option: Mount options for ufs ufstype=value UFS is a file system widely used in different operating systems. The problem are[sic] differences among implementations. Features of some implementations are undocumented, so its hard to recognize the type of ufs automatically. That's why the user must specify the type of ufs by mount option. Possible values are: oldOld format of ufs, this is the default, read only. (Don't forget to give the -r option.) 44bsd For filesystems created by a BSD-like system (NetBSD,FreeBSD,OpenBSD). If I read the above correctly, then it should even be possible to mount the ufs type with the ufstype=44bsd option as read+write, but when I tried this on Ubuntu 7.10, I got this: [EMAIL PROTECTED]:~/Desktop$ sudo mount -t ufs -o ufstype=44bsd /dev/fd0 /media/floppy mount: wrong fs type, bad option, bad superblock on /dev/fd0, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so [EMAIL PROTECTED]:~/Desktop$ dmesg|tail (...) [16157.855996] ufs was compiled with read-only support, can't be mounted as read-write [EMAIL PROTECTED]:~/Desktop$ So maybe it's possible to compile in r+w support into your Linux kernel, or maybe your favourite distro already comes with write support for 44bsd FFS compiled in. YMMV. (I'm sorta considering filing an Ubuntu launchpad bug for this, to ask the maintainers if they can compile in r+w support for OpenBSD (and the others) in the next release. Don't count on me though. I'm way over my head in all sorts of stuff.) Hopefully this info helps you in your migration from Linux to OpenBSD. ;-P ;-) Good luck! :) best regards, --ropers
Re: low-MHz server
On Wednesday 30 January 2008, chefren wrote: On 1/31/08 2:25 AM, Douglas A. Tutty wrote: We did the double-blind thing many times. She nails it every time: 100% If true she can get =very= rich with that. Please stop this thread that has nothing to do with OpenBSD. chefren, I disagree. There is a person on this list with a very specific problem preventing a computer from being usable. He wants to use OpenBSD as part of the solution, but needs to figure out what hardware will meet his requirements. It may not be a typical problem, but realistically, we're trying to make a system usable for someone who is disabled. The disability may not be common like being blind, deaf or crippled, but it is most certainly still a disability. Kind Regards, JCR
Re: modifying base system, need to recompile?
On February 1, 2008 05:51:06 pm Aaron wrote: I was wanting to set up an antispam/anti-virus mail system and in the past i've always used postfix as my mta. I have read a few posts on the list where people suggest sticking w/the openbsd default, sendmail. I'm considering doing this save one question. I know that when you modify things (i'm just not sure what) you have to recompile them. This will make upgrading considerable more difficult. So lets say i start w/the base install and change my rc.conf.local to point at sendmail.cf , edit the appropriate files in the src directory. Things like, sending mail as @mydomain.com instead of @myhost.mydomain.com, smart hosts, and whatever else needs to be changed. When i update or upgrade my system, am i going to need to manually go back every time and recreate the steps to get my mail system working again? Does the openbsd-proto.mc get overwritten every time i update the source via cvs. I just need this for sendmail now, but as a general question: No, it works very nicely. When you make a change to your sendmail.cf using m4 or make or whatever you have to place it in /etc anyways. When you are upgrading, you will be updating /etc as a separate step. The upgrade FAQ explains how to upgrade from one version to the next very well. As long as I have followed it, I have not had a problem. What changes to configs/files etc, in the base system would dictate that a separate rebuild of that component after an update or upgrade? Thanks in advance, Aaron Martinez -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
CARP PPPoE
Is it possible to have a 2 node firewall using carp be able to use pppoe? so if one node dies the other one picks up the reinitiates the connection for example. Sevan / Venture37 _ Free games, great prizes - get gaming at Gamesbox. http://www.searchgamesbox.com
Results for 4.2.3 20080125 (prerelease) testsuite on i386-unknown-openbsd4.2
LAST_UPDATED: Obtained from SVN: tags/gcc-4_2_3-rc1 revision 131847 Native configuration is i386-unknown-openbsd4.2 === g++ tests === Running target unix FAIL: g++.dg/cpp/_Pragma1.C (test for excess errors) FAIL: g++.dg/ext/complit4.C (test for excess errors) WARNING: g++.dg/ext/complit4.C compilation failed to produce executable FAIL: g++.dg/opt/complex3.C (internal compiler error) FAIL: g++.dg/opt/complex3.C (test for excess errors) FAIL: g++.dg/opt/mmx2.C (test for excess errors) FAIL: g++.dg/other/i386-1.C (test for excess errors) WARNING: g++.dg/other/i386-1.C compilation failed to produce executable FAIL: g++.dg/other/i386-2.C (test for excess errors) FAIL: g++.dg/other/mmintrin.C (test for excess errors) FAIL: g++.dg/other/offsetof1.C (test for excess errors) FAIL: g++.dg/other/offsetof2.C (test for excess errors) FAIL: g++.dg/other/offsetof2.C execution test FAIL: g++.dg/parse/offsetof1.C (test for excess errors) FAIL: g++.dg/parse/offsetof2.C (test for excess errors) FAIL: g++.dg/template/offsetof1.C (test for excess errors) XPASS: g++.dg/tree-ssa/ivopts-1.C scan-tree-dump-not offset: -4B XPASS: g++.dg/tree-ssa/ivopts-1.C scan-tree-dump-not x\\[5\\] FAIL: g++.dg/pch/empty.C (test for excess errors) FAIL: g++.dg/pch/local-1.C (test for excess errors) FAIL: g++.dg/pch/local-1.C (test for excess errors) FAIL: g++.dg/pch/pch.C (test for excess errors) FAIL: g++.dg/pch/pch.C (test for excess errors) FAIL: g++.dg/pch/static-1.C (test for excess errors) FAIL: g++.dg/pch/static-1.C (test for excess errors) FAIL: g++.dg/pch/template-1.C (test for excess errors) FAIL: g++.dg/pch/uninst.C (test for excess errors) FAIL: g++.dg/pch/uninst.C (test for excess errors) FAIL: g++.dg/pch/wchar-1.C (test for excess errors) FAIL: g++.dg/special/conpr-2.C execution test FAIL: g++.dg/special/conpr-3.C execution test FAIL: g++.dg/special/conpr-4.C execution test FAIL: g++.dg/special/initp1.C execution test FAIL: g++.old-deja/g++.other/init18.C execution test FAIL: g++.old-deja/g++.other/init19.C execution test FAIL: g++.old-deja/g++.other/init5.C execution test === g++ Summary === # of expected passes13668 # of unexpected failures32 # of unexpected successes 2 # of expected failures 67 # of untested testcases 11 # of unsupported tests 101 /home/dongsheng/wc/tmp/obj/gcc/testsuite/g++/../../g++ version 4.2.3 20080125 (prerelease) === gcc tests === Running target unix UNRESOLVED: gcc.c-torture/execute/mayalias-2.c execution, -O3 -g FAIL: gcc.dg/cpp/Wmissingdirs.c (internal compiler error) FAIL: gcc.dg/cpp/Wmissingdirs.c -Wmissing-include-dirs (test for warnings, line ) FAIL: gcc.dg/cpp/Wmissingdirs.c (test for excess errors) FAIL: gcc.dg/cpp/_Pragma6.c (test for excess errors) FAIL: gcc.dg/20050105-2.c (test for excess errors) FAIL: gcc.dg/bitfld-12.c (test for errors, line 10) FAIL: gcc.dg/bitfld-12.c (test for excess errors) FAIL: gcc.dg/builtins-20.c (test for excess errors) FAIL: gcc.dg/c99-float-1.c (test for excess errors) FAIL: gcc.dg/single-precision-constant.c execution test FAIL: gcc.dg/va-arg-2.c In file included from (test for errors, line 6) FAIL: gcc.dg/va-arg-2.c #error 1 (test for errors, line 4) FAIL: gcc.dg/va-arg-2.c #error 2 (test for errors, line 5) FAIL: gcc.dg/wint_t-1.c (test for excess errors) FAIL: gcc.dg/format/array-1.c (test for excess errors) FAIL: gcc.dg/format/array-1.c (test for excess errors) FAIL: gcc.dg/format/asm_fprintf-1.c (test for excess errors) FAIL: gcc.dg/format/asm_fprintf-1.c (test for excess errors) FAIL: gcc.dg/format/attr-1.c (test for excess errors) FAIL: gcc.dg/format/attr-1.c (test for excess errors) FAIL: gcc.dg/format/attr-2.c (test for excess errors) FAIL: gcc.dg/format/attr-2.c (test for excess errors) FAIL: gcc.dg/format/attr-3.c (test for excess errors) FAIL: gcc.dg/format/attr-3.c (test for excess errors) FAIL: gcc.dg/format/attr-4.c (test for excess errors) FAIL: gcc.dg/format/attr-4.c (test for excess errors) FAIL: gcc.dg/format/attr-7.c (test for excess errors) FAIL: gcc.dg/format/attr-7.c (test for excess errors) FAIL: gcc.dg/format/bitfld-1.c (test for excess errors) FAIL: gcc.dg/format/bitfld-1.c (test for excess errors) FAIL: gcc.dg/format/branch-1.c (test for excess errors) FAIL: gcc.dg/format/branch-1.c (test for excess errors) FAIL: gcc.dg/format/builtin-1.c (test for excess errors) FAIL: gcc.dg/format/builtin-1.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-1.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-1.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-2.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-2.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-3.c (test for excess errors) FAIL: gcc.dg/format/c90-printf-3.c (test for excess errors) FAIL: gcc.dg/format/c90-scanf-1.c (test for excess errors) FAIL: gcc.dg/format/c90-scanf-1.c (test for excess errors) FAIL: gcc.dg/format/c90-scanf-2.c
Re: CARP PPPo
On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: Is it possible to have a 2 node firewall using carp be able to use pppoe? so if one node dies the other one picks up the reinitiates the connection for example. Sevan / Venture37 _ Free games, great prizes - get gaming at Gamesbox. http://www.searchgamesbox.com Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested?
Re: CARP PPPoE
Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested? I definitely would be! _ Get Hotmail on your mobile, text MSN to 63463! http://mobile.uk.msn.com/pc/mail.aspx
Re: CARP PPPo
On Jan 31, 2008 8:36 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested? I definitely would be! I don't have my ISP that does PPPoE anymore, so I have no way to test it... Is there something specific you're looking to do with CARP? I *assume* the only thing that wouldn't work properly would be the [pfsync] porition (assuming your IP changes on each reconnect?). If that is the case, then in that sense, you could still have redundant Firewall NAT, etc. in the event one goes down or you shut-down for maintenance, etc. and the other will just kick in and continue routing, filtering, etc. without any user intervention...
Re: CARP PPPo
On January 31, 2008 07:30:32 pm Richard Daemon wrote: On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: Is it possible to have a 2 node firewall using carp be able to use pppoe? so if one node dies the other one picks up the reinitiates the connection for example. Sevan / Venture37 _ Free games, great prizes - get gaming at Gamesbox. http://www.searchgamesbox.com Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested? I would be very interested in reading such an article or if appropriate, helping write one. I have two PPPoE connections -- one with static addresses and framed routes and another with dynamic IP -- and will be happy to help in any way I can. -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED]
Re: Can I just mount my lost swap on raid0?
Matt wrote: Hi all, Perhaps a bit daft but: Somehow I have managed to exclude my swap partition from being mounted on my Raid0 array. I have no idea why it isn't in fstab but I can only assume I messed something up along the way while copying. dunno what you were copying, but in a default config. Swap is assumed to be the 'b' partition on the boot drive, and is thus not in /etc/fstab normally. If that's not the case, such as in your situation, you have to put it manually. The swap partition is present as a slice within the virtual raid0 disk. Can I safely mount this on a live system or is that a bad idea? not only is it safe, sometimes it critical to add swap on the fly. :) Nick.
Re: CARP PPPo
On Jan 31, 2008 8:58 PM, Vijay Sankar [EMAIL PROTECTED] wrote: On January 31, 2008 07:30:32 pm Richard Daemon wrote: On Jan 31, 2008 7:32 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: Is it possible to have a 2 node firewall using carp be able to use pppoe? so if one node dies the other one picks up the reinitiates the connection for example. Sevan / Venture37 _ Free games, great prizes - get gaming at Gamesbox. http://www.searchgamesbox.com Yes. I don't know how it would work in the sense of the 'conventional' way. I do it with dynamic IP's, which even have MAC address reservations and works good for me... I'm considering posting an undeadly.org article on it with my scripts on how I do it, just not sure if anyone would be interested? I would be very interested in reading such an article or if appropriate, helping write one. I have two PPPoE connections -- one with static addresses and framed routes and another with dynamic IP -- and will be happy to help in any way I can. -- Vijay Sankar, M.Eng., P.Eng. President CEO ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB Canada R3J 0X6 Phone: +1 204 885 9535, E-Mail: [EMAIL PROTECTED] Wow, thank you for the offer! Help would be great, it's mostly the article, howto or presentation that I'm not sure how to format yet... I have most of it already done, but I think it could be better presented. It's not fully on the website yet and ways on improving the scripts too, would be great from anyone. It just needs a few mods for PPPoE, but the working concept and model is in place and fully functional here. How's the weather in Winnipeg? :-) I'm in Montreal.
Re: CARP PPPo
Richard Daemon wrote: On Jan 31, 2008 8:36 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: I definitely would be! I don't have my ISP that does PPPoE anymore, so I have no way to test it... Carp on pppoe doesn't really make sense, unless I'm missing something. For fun, I tried it a while back (http://marc.info/?l=openbsd-miscm=113940624732259w=2). I suspect the solution to a redundant firewall cluster with a pppoe interface will involve ifstated. -Steve S.
Backup system administrator needed
Hi all, If you are in or near (say 50 miles) the Cheyenne, WY area and might be interested in some backup systems administrator work, please drop me a line. Thanks, Jeff Ross
dhcp error message
my /var/log/messages file is filled over and over with the line (obviously the date/time varies) Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host The machine is a firewall and has no graphic capabilities. It is a dhcp client to get my the IP address for the home network and a dhcp server for all the machines in the house. What does this error message mean? The firewall works fine as the default router for all the wired Ethernet machines in the house. But, I have laptop with built in 802.11 and a PCMCIA card as well. When I use the PCMCIA card, everything works fine. With the built in 802.11, however, it connects to the WAP, but does not get an IP address from the firewall. I can't figure out why the difference and would appreciate any advice on how to troubleshoot this. Thanks Jim
Re: OT:what can be done about attackers/crackers
On Jan 31, 2008 5:41 PM, Lord Sporkton [EMAIL PROTECTED] wrote: my question was not so much what can i do to mitigate the attack when its happening, its more what can i do after someone attacks to stick it to them What would you like to do to them? It all depends on how good you are at tracking them down. If you have followed the news, you'll have heard about the Russian Business Network's links to top political figures in Russia, and how the RBN is very possibly behind one of the largest botnets. What are _you_ going to do about it? Realistically, nothing. i know with a DDoS im pretty much sol, but with a single origination point DoS(i dont just mean bandwidth based DoS i mean any DoS, be that clogging my firewall or clogging my server or what ever) i should be able to identify a offending ip and have logs to back it up, such as an ssh attack is usuaully(not always) from a single zombie node or script kiddy, i would see logs indicating such, so now i have an ip and logs, what can i do with them, who can i report them to other than the provider? In the US, you can report it to FCC, and/or FBI, but with FBI, unless there's some kind of terrorism related things, or is $5k, iirc, they don't handle it. If you've mailed them check, the USPS can (and has) go after them. Realistically therefore (if you live in .us): 1) From outside .us - I wouldn't bother 2) Spam from inside .us - go read some of those hunt spammer and take them to small claims court sites 3) Non-email issues, report to ISP, yours and theirs. 4) If it's part of a company's range - call their help desk, they may appreciate you reporting a bot. Or may not. Or, you can choose #5 5) Just say fsck it, and go do something more productive. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: CARP PPPo
On Jan 31, 2008 9:24 PM, Steven Surdock [EMAIL PROTECTED] wrote: Richard Daemon wrote: On Jan 31, 2008 8:36 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: I definitely would be! I don't have my ISP that does PPPoE anymore, so I have no way to test it... Carp on pppoe doesn't really make sense, unless I'm missing something. For fun, I tried it a while back (http://marc.info/?l=openbsd-miscm=113940624732259w=2). I suspect the solution to a redundant firewall cluster with a pppoe interface will involve ifstated. -Steve S. I'm not sure what doesn't make sense? The thing is, some people just want the redundancy regardless of protocol. :-)
about your music (an opportunity), please read..
Hi, I heard your music and wanted to invite you to start a free artist page on our site. IACmusic.com is an indie all-star site, it recently got mention in Rolling Stone, and has been called the most innovative music portal on the web. Cashbox found the quality of music on the site so outstanding that now all content on their Indie Charts comes directly from IAC. Our traffic is huge and growing, word of mouth is off the hook, and our station set-up is years beyond any other music site. Meanwhile, our community is thriving with station managers who actively pounce on the new releases and will help promote your songs for you. Also, IAC stations will soon be available to listen to via any cellphone with our recent move into that arena. We are about the music and indie culture. No cookie-cutters were used in the making of this site. IAC is colorful and magical, to reflect the creativity of the artists themselves. If you choose, you can sell your downloads, set your own price and you get 100% of the take. You can build digital CDs called DMDs which include the revolutionary IAC Ultrapage. IAC's dedicated support department is always there to answer your questions. Check out the site here. If you want to find real listeners, this is the place to do it. Here's a direct shortcut to start a free page. Any additional exposure can help you get your music to the world. Hope to hear your songs at IAC soon. Toby, ar - IACmusic.com PS Important: I will be glad to answer any questions you have but please send them to my personal Email [EMAIL PROTECTED] instead of replying directly to this correspondence.. If for any reason you do not want to receive these messages, drop a line to [EMAIL PROTECTED]
Re: dhcp error message
On Jan 31, 2008 9:38 PM, Jim M [EMAIL PROTECTED] wrote: my /var/log/messages file is filled over and over with the line (obviously the date/time varies) Jan 31 20:17:00 balrog dhclient: send_fallback: No route to host The machine is a firewall and has no graphic capabilities. It is a dhcp client to get my the IP address for the home network and a dhcp server for all the machines in the house. What does this error message mean? The firewall works fine as the default router for all the wired Ethernet machines in the house. But, I have laptop with built in 802.11 and a PCMCIA card as well. When I use the PCMCIA card, everything works fine. With the built in 802.11, however, it connects to the WAP, but does not get an IP address from the firewall. I can't figure out why the difference and would appreciate any advice on how to troubleshoot this. Thanks Jim If I understand you correctly, you mean the firewall is a dhcp client on the external side, dhcp server on the internal and serving as a WAP for the wireless systems, but the laptop doesn't connect to it via the built in Wireless NIC and only with the PCMCIA one. The laptop and firewall are both OpenBSD?
Y love you!!!
Oi!!! Algumas das fotinhus que eu esqueci de mandar! agora ta ai!! Beijao! anexo: foto-01.jpg (196kb) foto-02.jpg (196kb)
ospf problems when re-joining networks
Hi We are running OpenBSD 4.2 and ospfd on 3 boxes which are joined to each other by 3 seperate wan links. I find when a particular wan link fails to a box, packets now take the other higher cost route as expected. But when the link comes back up, ospfd does not change back to using the original, shorter and adjacent route. Why could this be occurring? Thanks - Linden
IPsec from server to network
I have been encountering a bit of trouble getting a fileserver to establish a vpn to my local network. I do not have access to the machines at the moment, so my first question is this - do both machines need to have incoming access to ports 500/4500? I am trying to make the fileserver in question act somewhat like a roadwarrior (although NAT-T should not be needed) in the sense that it is firewalled off. pf.conf should be irrelevant, as I have added set skip on enc0 and pass quick on $ext_if from x.x.x.x. Neither the network B gateway nor network B hosts are able to ping the fileserver and vice versa. Also, ipsecctl -sa shows normal SAD and FLOWS - so it doesn't seem to be a problem with establishing the connection. Here is the information I have at the moment. More to come if needed. Fileserver: 1.2.3.4 (no incoming ports allowed, but not behind NAT) Network B Gateway: 5.6.7.8 Network B: 192.168.1.0/24 Fileserver ipsec.conf: ike esp from 1.2.3.4 to 192.168.1.0/24 peer 5.6.7.8 psk password ike esp from 1.2.3.4 to 5.6.7.8 psk password Network B Gateway ipsec.conf: ike passive esp from 192.168.1.0/24 to 1.2.3.4 psk password ike passive esp from 5.6.7.8 to 1.2.3.4 psk password
Re: CARP PPPo
On Thu, Jan 31 2008 at 24:21, Steven Surdock wrote: Richard Daemon wrote: On Jan 31, 2008 8:36 PM, Sevan / Venture37 [EMAIL PROTECTED] wrote: I definitely would be! I don't have my ISP that does PPPoE anymore, so I have no way to test it... Carp on pppoe doesn't really make sense, unless I'm missing something. For fun, I tried it a while back (http://marc.info/?l=openbsd-miscm=113940624732259w=2). I suspect the solution to a redundant firewall cluster with a pppoe interface will involve ifstated. It's the way I solved the same problem. All interfaces are carped but pppoe. I use ifstated to track carp status. If the master goes down, then shutdown isakmpd and pppoe If the slave goes up, then activate pppoe and wait till fully functionnal (got an ip address) If the pppoe link become OK, start isakmpd and reapply pf just in case For the moment, I didn't have any issues on the primary :) Claer
Re: hotplugd(8) mount flash drive
# Maybe some debugging will help: # exec /tmp/logfile 21 set -x i changed the /etc/hotplugd/attach script with JetFlash* and also enabled debugging - any further help would be much appreciated. Thanks. /var/log/messages output - Feb 1 17:30:11 red /bsd: umass0 at uhub0 port 2 configuration 1 interface 0 Feb 1 17:30:11 red /bsd: Feb 1 17:30:11 red /bsd: umass0: JetFlash Mass Storage Device, rev 2.00/1.41, addr 2 Feb 1 17:30:11 red /bsd: umass0: using SCSI over Bulk-Only Feb 1 17:30:11 red /bsd: scsibus2 at umass0: 2 targets Feb 1 17:30:12 red /bsd: sd1 at scsibus2 targ 1 lun 0: JetFlash, TS8GJFV30, 8.07 SCSI2 0/direct removable Feb 1 17:30:12 red /bsd: sd1: 7799MB, 994 cyl, 255 head, 63 sec, 512 bytes/sec, 15974398 sec total /etc/hotplugd/attach script - #!/bin/sh exec /tmp/logfile 21 set -x DEVCLASS=$1 DEVNAME=$2 case $DEVCLASS in 2) # disk devices disklabel=`/sbin/disklabel $DEVNAME 21 | sed -n '/^label: / s/^label: //p'` echo disklabel case $disklabel in JetFlash*) # flash drive mount /dev/$DEVNAMEi /mnt/flash echo mount ;; esac ;; debug output from /tmp/logfile - + DEVCLASS=2 + DEVNAME=sd1 + sed -n /^label: /s/^label: //p + DEVCLASS=0 + DEVNAME=scsibus2 + /sbin/disklabel sd1 + 21 + DEVCLASS=0 + DEVNAME=umass0 + disklabel=TS8GJFV30 + echo disklabel disklabel
avoid logging useless ssh brute force attempts
my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs. Any suggestions would be much appreciated. Thanks.
Re: Spain -- (not technical question) purchase OpenBSD 4.2 CD set
ZeXeL Zexelut [EMAIL PROTECTED] writes: There is any problem with this? I'm doing something wrong? My guess is that Wim is off to an event and will handle his mail and other backlog when he's back. Looking at http://www.openbsd.org/events.html the French event could be the likely cause. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: avoid logging useless ssh brute force attempts
I've simply added in an overload rule to pf on my server. This has helped significantly. On Jan 31, 2008, at 11:11 PM, Chris wrote: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs. Any suggestions would be much appreciated. Thanks.
Re: PF - using overload for port 80 attacks/floods
Darrin Chandler [EMAIL PROTECTED] writes: Depending on the traffic patterns of legit vs. attack the following idea might work... use max-src-* with values that may create false positives and overload into table candidates which will still PASS. Now use different values for max-src-* on candidate pass rule to look for longer term abuse and overload to blocked. Effectively this lets you do 2 stages of evaluation, at the price of taking a bit longer to block attacks. Make sense? That's what I call an excellent idea. Finding the right set of values is a worthy excercise for the reader, but I *like* that approach. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: avoid logging useless ssh brute force attempts
Chris [EMAIL PROTECTED] writes: my logs are filled with useless ssh bruteforce attempts - is there anything i can do to avoid logging random brute force attacks? since i disallow ssh root login and use the allowuser acl - i guess i could just avoid logging all these random attacks in my logs. I suppose you already have a PF rule set with overload rules[1]? If not, writing a few simple rules like the one in that example will rid you of most of the noise. [1] see eg http://home.nuug.no/~peter/pf/en/bruteforce.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Spain -- (not technical question) purchase OpenBSD 4.2 CD set
Le vendredi 01 fC)vrier 2008 C 08:17 +0100, Peter N. M. Hansteen a C)crit : Hi, My guess is that Wim is off to an event and will handle his mail and other backlog when he's back. Looking at http://www.openbsd.org/events.html the French event could be the likely cause. You're right, wim was here was much good stuff, as usual ! Nico.