Re: Logging failed SSH users and the passwords they typed
HDC, I am interested in finding out more of how to setup something like that . On Wed, Apr 23, 2008 at 4:06 PM, HDC <[EMAIL PROTECTED]> wrote: > I have 3 sshd deamons in my border firewall, 2 in no common ports for > my use, and 1 on default port (without real access) for "prevention > statistics". > Depending of the "prevention statistic" I design de security policy to > SSH and passwords. > > It nice to see the statistics of ilegal access on the default port of > your sshd :) > > Greetings, > Hernan > OpenBSDeros.org > > On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen <[EMAIL PROTECTED]> > wrote: > > "Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes: > > > > > When I was getting brute forced that way I just turned off remote > password > > > login and use keypairs exclusively. > > > > > > Which won't work for everybody, I guess. > > > > plus, of course, the fact that overload + flush global is fun to watch > > > > - P > > -- > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > > "Remember to set the evil bit on all malicious network traffic" > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > > > > > -- > # /dev/hdc > -> OpenBSDeros.org > hdc [at] openbsderos [dot] org
Re: Dell R200
On Fri, Apr 25 2008 at 45:17, Mart?n Coco wrote: > Hi misc, Hi, > I'll be buying a couple of Dell R200 Rackmount servers to use as > firewalls/routers. > > I found this thread in the archives about it: > http://marc.info/?l=openbsd-misc&m=120167827217058&w=2 > > And it seems to be working with snapshots. > > But my question is: will it be supported by the 4.3 release? We're not used > to run -current on our firewalls, and we'd prefer to continue with -release > and -stable. We tested r200 servers this week with a 4.3 stable release. It seems to work fine for the moment. Claer
azalia problem on 4.2-release: loud tone
have a little via c7 machine for my home workstation and the audio chipset is detected as an azalia device azalia0 at pci4 dev 1 function 0 "VIA HD Audio" rev 0x00: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: VIA/0x1708 (rev. 5.0), HDA version 1.0 when i play music through xmms, i do hear it but it is pretty much washed out by a loud, constant, irritating tone that is substantially louder than the music itself. AFAICT there is nothing else outputting audio on the machine. advice on how to do any of the following would be appreciated: - determine if something on the machine is generating this sound - stop the sound - fix the driver i took a glance over the commits to azalia.c azalia_codec.c and nothing popped out at me as an obvious fix. cheers, jake
chroot issues with accessing /dev/ entries
I am setting up an embedded system that's supposed to run from RAMDISK only. Therefore I create a ramdisk, copy everything into it and then chroot. I encounter problems when accessing pcap-libs (or devices in /dev generally) as soon as I actually chroot: # ls -l /dev/bpf0 crw--- 1 root wheel 23, 0 Sep 27 2006 /dev/bpf0 # ls -l /tmp/chroot/dev/bpf0 crw--- 1 root wheel 23, 0 Sep 28 2006 /tmp/chroot/dev/bpf0 # tcpdump tcpdump: listening on fxp0, link-type EN10MB [...] 60 packets received by filter 0 packets dropped by kernel # chroot /tmp/chroot/ /bin/ksh: No controlling tty (open /dev/tty: Device not configured) /bin/ksh: warning: won't have full job control # tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured tcpdump is just an example. Other programs access bpf0 (exactly) correctly when in the native system and fail to access bpf0 when in chrooted environment. What am I missing? And why is there this tty warning message? The tty device entry is in the chrooted /dev just like it is in the source system. Help will be appreciated! T.
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 03:58:25PM +0200, Torsten wrote: > # tcpdump > tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted "nodev"? Look at mount(8). -ME
Re: Logging failed SSH users and the passwords they typed
Hi Mike! At this moment I am traveling for business, and when I get back I have to move to another house (I have all servers off). I will send you more information about the implementation ASAP. Greetings! On Sat, Apr 26, 2008 at 3:48 AM, Mike <[EMAIL PROTECTED]> wrote: > HDC, > > I am interested in finding out more of how to setup something like that . > > > > > On Wed, Apr 23, 2008 at 4:06 PM, HDC <[EMAIL PROTECTED]> wrote: > > > > > I have 3 sshd deamons in my border firewall, 2 in no common ports for > > my use, and 1 on default port (without real access) for "prevention > > statistics". > > Depending of the "prevention statistic" I design de security policy to > > SSH and passwords. > > > > It nice to see the statistics of ilegal access on the default port of > > your sshd :) > > > > Greetings, > > Hernan > > > > OpenBSDeros.org > > > > On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen <[EMAIL PROTECTED]> > > wrote: > > > > > > > > > "Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes: > > > > > > > When I was getting brute forced that way I just turned off remote > > password > > > > login and use keypairs exclusively. > > > > > > > > Which won't work for everybody, I guess. > > > > > > plus, of course, the fact that overload + flush global is fun to watch > > > > > > - P > > > -- > > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > > > "Remember to set the evil bit on all malicious network traffic" > > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > > > > > > > > > > > > > > -- > > # /dev/hdc > > -> OpenBSDeros.org > > hdc [at] openbsderos [dot] org > > > > > > -- # /dev/hdc -> OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: chroot issues with accessing /dev/ entries
# tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted "nodev"? OK, thank you, that got me onto the right track, now I think I know what the problem is: mount_mfs. This is how I set up the ramdisk: /sbin/mount_mfs -s 9 swap /mnt Is there a way to have devices under that mountpoint?
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 05:51:22PM +0200, Torsten wrote: > Is there a way to have devices under that mountpoint? If you mount it without "nodev", refer to MAKEDEV(8). -ME
Re: chroot issues with accessing /dev/ entries
Hi! On Sat, Apr 26, 2008 at 05:51:22PM +0200, Torsten wrote: >>># tcpdump >>>tcpdump: Failed to open bpf device for fxp0: Device not configured >>Is /tmp mounted "nodev"? >OK, thank you, that got me onto the right track, now I think I know what >the problem is: mount_mfs. >This is how I set up the ramdisk: >/sbin/mount_mfs -s 9 swap /mnt >Is there a way to have devices under that mountpoint? Of course, just mknod(8) them (each time after creating the mfs), after having mounted the mfs without the nodev flag. Or use the -P flag to mount_mfs. Kind regards, Hannah.
Re: chroot issues with accessing /dev/ entries
> I am setting up an embedded system that's supposed to run from RAMDISK > only. You really should not do this. The RAMDISK kernel uses the SMALL_KERNEL option, and this can have all sorts of unknown effects. It is castrated Unix, for the purpose of installation. For now, what that option changes in the kernel is fairly limited. But if we start hitting more size constraints regarding the install media space, we the RAMDISK kernel will start violating Unix rules more.
Re: poll(2) vs kqueue(2) performance
I found the doxygen docs far less useful than the man page. On Apr 23, 2008, at 10:31 PM, "Niels Provos" <[EMAIL PROTECTED]> wrote: On Mon, Apr 21, 2008 at 2:05 PM, Gilles Chehade <[EMAIL PROTECTED]> wrote: Yay, I too fell in love with it and it's various API's despite the lack of documentation for most of them, header help understanding how things work but I wasted quite some time on bufferevents ;-) The documentation has actually become much better over time: http://www.monkey.org/~provos/libevent/doxygen-1.4.3/ However, I'd be happy to see any patches to improve the documentation. Thanks, Niels.
4.2 wget package depend broken?
I know that 4.3 is approaching release and happened to notice that the depends for wget in the 4.2 packages is broken. Hopefully this isn't something that has been automated and will be propagated to the 4.3 packages?
Re: Logging failed SSH users and the passwords they typed
On Wed, Apr 23, 2008 at 1:01 PM, Jon Radel <[EMAIL PROTECTED]> wrote: > Sam Fourman Jr. wrote: > >> Is there a way to login the passwords that were used in the bruteforce > >> attack? [...] > > Not only that, if you read any history of Unix's early days you should > come across some instructive stories as to why logging the passwords of > failed attempts is now generally considered a really bad idea. Or doing silly things like typing your password in the username spot (moving around between lots of different keyboards of different form factors sometimes plays havoc with my touch typing, forcing me to look at the keyboard rather than the screen). The value of logging brutes is probably minimal... all you're reallying doing is observing the passing fads in point and click tools used by knee-biting rift-raft. If you're planning on building a dictionary or attack profile, I think you'll find that most brutes are just targeting some insecure default install. Back-off strategies are more than adequate for dealing with them. ...and there are so many other fun things that you can do beside just build up another useless data set. If you own a significant amount of infrastructure, passing specific host routes to bit buckets or honey pots up the network can be a fun creative way to handle this kind of trash traffic.
Re: 4.2 wget package depend broken?
No it's not you arrogant mutt, it sounds to me, like you haven't installed xbase42.. wget needs gettext, guess where it is? ;) 4.3 has it in base.tgz, please keep informed... -Nix Fan.
Re: ntfs usb drive fail to mount
On Thu, Apr 24, 2008 at 06:03:13PM -0400, jmc wrote: > --- Lord Sporkton [Thu, Apr 24, 2008 at 02:32:37PM -0700]: ---7 > > I have an NTFS drive attached via USB that was previously attached to > > an XP home system > > [ ... ] > > > # mount -t ntfs -r /dev/sd0i /mnt/usb2 > > mount_ntfs: /dev/sd0i on /mnt/usb2: Operation not supported > > you don't say if7you're using a GENERIC kernel or not, but from: > > http://www.openbsd.org/faq/faq14.html#foreignfs > > > Once you have determined which partition it is you want to use, you can > > move to the final step: mounting the filesystem contained in it. Most > > filesystems are supported in the GENERIC kernel: just have a look at the > > kernel configuration file, located in the /usr/src/sys/arch//conf > > directory. However, some are not, e.g. the NTFS support is experimental > > and therefore not included in GENERIC. If you want to use one of the > > filesystems not supported in GENERIC, you will need to build a custom > > kernel. > Would it be a good idea to note the lack of support for NTFS filesystems in a GENERIC kerel in mount_ntfs(8)? If it is appreciated I will send a diff. Regards, Ivo van der Sangen
Re: azalia problem on 4.2-release: loud tone
On Sat, Apr 26, 2008 at 09:51:00AM -0500, Jacob Yocom-Piatt wrote: > have a little via c7 machine for my home workstation and the audio > chipset is detected as an azalia device > > azalia0 at pci4 dev 1 function 0 "VIA HD Audio" rev 0x00: irq 5 > azalia0: host: High Definition Audio rev. 1.0 > azalia0: codec: VIA/0x1708 (rev. 5.0), HDA version 1.0 > > when i play music through xmms, i do hear it but it is pretty much > washed out by a loud, constant, irritating tone that is substantially > louder than the music itself. AFAICT there is nothing else outputting > audio on the machine. > > advice on how to do any of the following would be appreciated: > > - determine if something on the machine is generating this sound use a simpler audio client, like aucat(1), or just cat(1). e.g. this should be silent: $ audioctl play.encoding=slinear_le play.precision=16 $ cat /dev/zero > /dev/sound > - stop the sound > - fix the driver > > i took a glance over the commits to azalia.c azalia_codec.c and nothing > popped out at me as an obvious fix. is there an entry for your codec in azalia_codec.c? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: 4.2 wget package depend broken?
On Sat, Apr 26, 2008 at 12:14:51PM -0700, Unix Fan wrote: > No it's not you arrogant mutt, it sounds to me, like you haven't installed > xbase42.. wget needs gettext, guess where it is? ;) > > 4.3 has it in base.tgz, please keep informed... gettext is most definitely not in base. you must be thinking of libexpat. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
PF , redirection and NAT-ing question?
Hi, I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs. I setup an OpenBSD box with PF to do firewalling and redirection. Do I also have to put the 2 external IPs on the external interface of my PF box as aliases? If I do put in the aliases and I am also doing NAT-ing on the internal lan , would PF do some kind of round-robin using different EXTERNAL IPs to go out to the net? I don't want that behaviour. How can I make PF go out on only one pre-determined external IP and not the aliases that I am using for the webservers? Thanks Parvinder Bhasin
Re: PF , redirection and NAT-ing question?
On Sat, Apr 26, 2008 at 6:17 PM, Parvinder Bhasin <[EMAIL PROTECTED]> wrote: > I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs. > I setup an OpenBSD box with PF to do firewalling and redirection. Do I also > have to put the 2 external IPs on the external interface of my PF box as > aliases? For pf to redirect IP traffic, those packets have to pass through the OpenBSD host. In your case, the easiest way to do this is simply add those addresses as aliases to the external interface. (You could also assign those IPs to a subnet that is routed to the OpenBSD host, but that takes more work if you don't already have your network setup to accommodate it.) > If I do put in the aliases and I am also doing NAT-ing on the internal lan > , would PF do some kind of round-robin using different EXTERNAL IPs to go > out to the net? I don't want that behaviour. How can I make PF go out on > only one pre-determined external IP and not the aliases that I am using for > the webservers? You can specify $ext_if:0 after the "->" in the nat-rule, e.g.: nat on $ext_if from $int_if:network to any -> $ext_if:0
Nvidia Quadro NVS 140M
Hi, We've got a few Lenovo T61 with Nvidia Quadro NVS 140M video cards. As far as I know, these cards are based on the GeForce 8400M G or GS chip set (not an expert), and provides some entry level 3D performance, more than enough to run X. Will this cards supported in the upcoming 4.3? mufurcz
Re: minimac on openbsd
On Apr 25, 2008, at 8:42 PM, Aaron Glenn wrote: On Sun, Mar 23, 2008 at 6:15 AM, sonjaya <[EMAIL PROTECTED]> wrote: Also default minimac is only 1 ethernet how to add another ethernet can support in minimac and openbsd. I'd find a low power switch capable of dot1q tagging and use the single ethernet port as a trunk port on the macmini. but if power is an issue adding another device is silly; get a soekris (or something cheaper) with multiple ethernet ports. aaron.glenn Curious if you have any hardware recommendations here? I have a specific need for one of these, it would be very useful. -Adam
Re: Nvidia Quadro NVS 140M
Do you mean basic support for the card or for 3D? Basic performance (no 3D) should be supported by Xorg`s nv driver. There seems to be some problems with that though (https://bugs.freedesktop.org/show_bug.cgi?id=14803).
Re: ntfs usb drive fail to mount
2008/4/25 Siju George <[EMAIL PROTECTED]>: > On Fri, Apr 25, 2008 at 3:47 AM, Lord Sporkton <[EMAIL PROTECTED]> wrote: > > My appologies, i am indeed using GENERIC, > > I did think that perhaps it did not support ntfs, but then i also > > thought it would be rather absent minded to have included mount_ntfs > > if support was not included, thus since i had mount_ntfs, i assumed i > > had support for it. > > > > Rather than calling people "absent minded" don't you think you should > be thankful that they put mount_ntfs in its place so that you can > straight away mount NTFS filesystems once you complie the kernel with > the option enabled which is not very difficult if you have the > sources. If they hadn't put it there, after you compiled the kernel > you will have to go looking for it. > > Don't call other people "absent minded" because you assumed the wrong things. > What happened here is that you failed to read the Documentation and > just assumed things. > This happens to many of us once in a while but going to the extreme of > calling people "absent minded" and names like that when the mistake is > actually on your part will be looked upon as a direct insult in this > list. :-) > > --Siju > Personally i feel it is wrong to include a controlling mechanism for a feature that is not included. I feel if i have to go so far as to rebuild my kernel, then i can certainly take a few more steps to add mount_ntfs. 2008/4/26 Ivo van der Sangen <[EMAIL PROTECTED]>: > > On Thu, Apr 24, 2008 at 06:03:13PM -0400, jmc wrote: > > --- Lord Sporkton [Thu, Apr 24, 2008 at 02:32:37PM -0700]: ---7 > > > I have an NTFS drive attached via USB that was previously attached to > > > an XP home system > > > > [ ... ] > > > > > # mount -t ntfs -r /dev/sd0i /mnt/usb2 > > > mount_ntfs: /dev/sd0i on /mnt/usb2: Operation not supported > > > > you don't say if7you're using a GENERIC kernel or not, but from: > > > > http://www.openbsd.org/faq/faq14.html#foreignfs > > > > > Once you have determined which partition it is you want to use, you can > > > move to the final step: mounting the filesystem contained in it. Most > > > filesystems are supported in the GENERIC kernel: just have a look at the > > > kernel configuration file, located in the /usr/src/sys/arch//conf > > > directory. However, some are not, e.g. the NTFS support is experimental > > > and therefore not included in GENERIC. If you want to use one of the > > > filesystems not supported in GENERIC, you will need to build a custom > > > kernel. > > > > Would it be a good idea to note the lack of support for NTFS > filesystems in a GENERIC kerel in mount_ntfs(8)? If it is appreciated > I will send a diff. > > Regards, > > Ivo van der Sangen > > I would most certainly appreciate that, because THAT was the documention i read when i was trying to make this happen. -- -Lawrence
Re: Nvidia Quadro NVS 140M
On Sun, Apr 27, 2008 at 6:06 AM, Leonardo Rodrigues <[EMAIL PROTECTED]> wrote: > Do you mean basic support for the card or for 3D? > Basic performance (no 3D) should be supported by Xorg`s nv driver. > There seems to be some problems with that though > (https://bugs.freedesktop.org/show_bug.cgi?id=14803). > Those performance issues with the open source nv driver for X are a real problem, and there's almost not chance to see them fixed. There is some hope that the nouveau driver (the new driver developed independently from nvidia) will work better, but it's still a long road before it's supported under OpenBSD. So OpenBSD's graphical performance is going to suck on those machines for quite some time. Avoid nVidia hardware for open source work. -- Matthieu
