Re: Logging failed SSH users and the passwords they typed
HDC, I am interested in finding out more of how to setup something like that . On Wed, Apr 23, 2008 at 4:06 PM, HDC [EMAIL PROTECTED] wrote: I have 3 sshd deamons in my border firewall, 2 in no common ports for my use, and 1 on default port (without real access) for prevention statistics. Depending of the prevention statistic I design de security policy to SSH and passwords. It nice to see the statistics of ilegal access on the default port of your sshd :) Greetings, Hernan OpenBSDeros.org On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Ed Ahlsen-Girard [EMAIL PROTECTED] writes: When I was getting brute forced that way I just turned off remote password login and use keypairs exclusively. Which won't work for everybody, I guess. plus, of course, the fact that overload + flush global is fun to watch - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- # /dev/hdc - OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: Dell R200
On Fri, Apr 25 2008 at 45:17, Mart?n Coco wrote: Hi misc, Hi, I'll be buying a couple of Dell R200 Rackmount servers to use as firewalls/routers. I found this thread in the archives about it: http://marc.info/?l=openbsd-miscm=120167827217058w=2 And it seems to be working with snapshots. But my question is: will it be supported by the 4.3 release? We're not used to run -current on our firewalls, and we'd prefer to continue with -release and -stable. We tested r200 servers this week with a 4.3 stable release. It seems to work fine for the moment. Claer
azalia problem on 4.2-release: loud tone
have a little via c7 machine for my home workstation and the audio chipset is detected as an azalia device azalia0 at pci4 dev 1 function 0 VIA HD Audio rev 0x00: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: VIA/0x1708 (rev. 5.0), HDA version 1.0 when i play music through xmms, i do hear it but it is pretty much washed out by a loud, constant, irritating tone that is substantially louder than the music itself. AFAICT there is nothing else outputting audio on the machine. advice on how to do any of the following would be appreciated: - determine if something on the machine is generating this sound - stop the sound - fix the driver i took a glance over the commits to azalia.c azalia_codec.c and nothing popped out at me as an obvious fix. cheers, jake
chroot issues with accessing /dev/ entries
I am setting up an embedded system that's supposed to run from RAMDISK only. Therefore I create a ramdisk, copy everything into it and then chroot. I encounter problems when accessing pcap-libs (or devices in /dev generally) as soon as I actually chroot: # ls -l /dev/bpf0 crw--- 1 root wheel 23, 0 Sep 27 2006 /dev/bpf0 # ls -l /tmp/chroot/dev/bpf0 crw--- 1 root wheel 23, 0 Sep 28 2006 /tmp/chroot/dev/bpf0 # tcpdump tcpdump: listening on fxp0, link-type EN10MB [...] 60 packets received by filter 0 packets dropped by kernel # chroot /tmp/chroot/ /bin/ksh: No controlling tty (open /dev/tty: Device not configured) /bin/ksh: warning: won't have full job control # tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured tcpdump is just an example. Other programs access bpf0 (exactly) correctly when in the native system and fail to access bpf0 when in chrooted environment. What am I missing? And why is there this tty warning message? The tty device entry is in the chrooted /dev just like it is in the source system. Help will be appreciated! T.
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 03:58:25PM +0200, Torsten wrote: # tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted nodev? Look at mount(8). -ME
Re: Logging failed SSH users and the passwords they typed
Hi Mike! At this moment I am traveling for business, and when I get back I have to move to another house (I have all servers off). I will send you more information about the implementation ASAP. Greetings! On Sat, Apr 26, 2008 at 3:48 AM, Mike [EMAIL PROTECTED] wrote: HDC, I am interested in finding out more of how to setup something like that . On Wed, Apr 23, 2008 at 4:06 PM, HDC [EMAIL PROTECTED] wrote: I have 3 sshd deamons in my border firewall, 2 in no common ports for my use, and 1 on default port (without real access) for prevention statistics. Depending of the prevention statistic I design de security policy to SSH and passwords. It nice to see the statistics of ilegal access on the default port of your sshd :) Greetings, Hernan OpenBSDeros.org On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Ed Ahlsen-Girard [EMAIL PROTECTED] writes: When I was getting brute forced that way I just turned off remote password login and use keypairs exclusively. Which won't work for everybody, I guess. plus, of course, the fact that overload + flush global is fun to watch - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- # /dev/hdc - OpenBSDeros.org hdc [at] openbsderos [dot] org -- # /dev/hdc - OpenBSDeros.org hdc [at] openbsderos [dot] org
Re: chroot issues with accessing /dev/ entries
# tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted nodev? OK, thank you, that got me onto the right track, now I think I know what the problem is: mount_mfs. This is how I set up the ramdisk: /sbin/mount_mfs -s 9 swap /mnt Is there a way to have devices under that mountpoint?
Re: chroot issues with accessing /dev/ entries
On Sat, Apr 26, 2008 at 05:51:22PM +0200, Torsten wrote: Is there a way to have devices under that mountpoint? If you mount it without nodev, refer to MAKEDEV(8). -ME
Re: chroot issues with accessing /dev/ entries
Hi! On Sat, Apr 26, 2008 at 05:51:22PM +0200, Torsten wrote: # tcpdump tcpdump: Failed to open bpf device for fxp0: Device not configured Is /tmp mounted nodev? OK, thank you, that got me onto the right track, now I think I know what the problem is: mount_mfs. This is how I set up the ramdisk: /sbin/mount_mfs -s 9 swap /mnt Is there a way to have devices under that mountpoint? Of course, just mknod(8) them (each time after creating the mfs), after having mounted the mfs without the nodev flag. Or use the -P flag to mount_mfs. Kind regards, Hannah.
Re: chroot issues with accessing /dev/ entries
I am setting up an embedded system that's supposed to run from RAMDISK only. You really should not do this. The RAMDISK kernel uses the SMALL_KERNEL option, and this can have all sorts of unknown effects. It is castrated Unix, for the purpose of installation. For now, what that option changes in the kernel is fairly limited. But if we start hitting more size constraints regarding the install media space, we the RAMDISK kernel will start violating Unix rules more.
Re: poll(2) vs kqueue(2) performance
I found the doxygen docs far less useful than the man page. On Apr 23, 2008, at 10:31 PM, Niels Provos [EMAIL PROTECTED] wrote: On Mon, Apr 21, 2008 at 2:05 PM, Gilles Chehade [EMAIL PROTECTED] wrote: Yay, I too fell in love with it and it's various API's despite the lack of documentation for most of them, header help understanding how things work but I wasted quite some time on bufferevents ;-) The documentation has actually become much better over time: http://www.monkey.org/~provos/libevent/doxygen-1.4.3/ However, I'd be happy to see any patches to improve the documentation. Thanks, Niels.
4.2 wget package depend broken?
I know that 4.3 is approaching release and happened to notice that the depends for wget in the 4.2 packages is broken. Hopefully this isn't something that has been automated and will be propagated to the 4.3 packages?
Re: Logging failed SSH users and the passwords they typed
On Wed, Apr 23, 2008 at 1:01 PM, Jon Radel [EMAIL PROTECTED] wrote: Sam Fourman Jr. wrote: Is there a way to login the passwords that were used in the bruteforce attack? [...] Not only that, if you read any history of Unix's early days you should come across some instructive stories as to why logging the passwords of failed attempts is now generally considered a really bad idea. Or doing silly things like typing your password in the username spot (moving around between lots of different keyboards of different form factors sometimes plays havoc with my touch typing, forcing me to look at the keyboard rather than the screen). The value of logging brutes is probably minimal... all you're reallying doing is observing the passing fads in point and click tools used by knee-biting rift-raft. If you're planning on building a dictionary or attack profile, I think you'll find that most brutes are just targeting some insecure default install. Back-off strategies are more than adequate for dealing with them. ...and there are so many other fun things that you can do beside just build up another useless data set. If you own a significant amount of infrastructure, passing specific host routes to bit buckets or honey pots up the network can be a fun creative way to handle this kind of trash traffic.
Re: 4.2 wget package depend broken?
No it's not you arrogant mutt, it sounds to me, like you haven't installed xbase42.. wget needs gettext, guess where it is? ;) 4.3 has it in base.tgz, please keep informed... -Nix Fan.
Re: ntfs usb drive fail to mount
On Thu, Apr 24, 2008 at 06:03:13PM -0400, jmc wrote: --- Lord Sporkton [Thu, Apr 24, 2008 at 02:32:37PM -0700]: ---7 I have an NTFS drive attached via USB that was previously attached to an XP home system [ ... ] # mount -t ntfs -r /dev/sd0i /mnt/usb2 mount_ntfs: /dev/sd0i on /mnt/usb2: Operation not supported you don't say if7you're using a GENERIC kernel or not, but from: http://www.openbsd.org/faq/faq14.html#foreignfs Once you have determined which partition it is you want to use, you can move to the final step: mounting the filesystem contained in it. Most filesystems are supported in the GENERIC kernel: just have a look at the kernel configuration file, located in the /usr/src/sys/arch/arch/conf directory. However, some are not, e.g. the NTFS support is experimental and therefore not included in GENERIC. If you want to use one of the filesystems not supported in GENERIC, you will need to build a custom kernel. Would it be a good idea to note the lack of support for NTFS filesystems in a GENERIC kerel in mount_ntfs(8)? If it is appreciated I will send a diff. Regards, Ivo van der Sangen
Re: azalia problem on 4.2-release: loud tone
On Sat, Apr 26, 2008 at 09:51:00AM -0500, Jacob Yocom-Piatt wrote: have a little via c7 machine for my home workstation and the audio chipset is detected as an azalia device azalia0 at pci4 dev 1 function 0 VIA HD Audio rev 0x00: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: VIA/0x1708 (rev. 5.0), HDA version 1.0 when i play music through xmms, i do hear it but it is pretty much washed out by a loud, constant, irritating tone that is substantially louder than the music itself. AFAICT there is nothing else outputting audio on the machine. advice on how to do any of the following would be appreciated: - determine if something on the machine is generating this sound use a simpler audio client, like aucat(1), or just cat(1). e.g. this should be silent: $ audioctl play.encoding=slinear_le play.precision=16 $ cat /dev/zero /dev/sound - stop the sound - fix the driver i took a glance over the commits to azalia.c azalia_codec.c and nothing popped out at me as an obvious fix. is there an entry for your codec in azalia_codec.c? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: 4.2 wget package depend broken?
On Sat, Apr 26, 2008 at 12:14:51PM -0700, Unix Fan wrote: No it's not you arrogant mutt, it sounds to me, like you haven't installed xbase42.. wget needs gettext, guess where it is? ;) 4.3 has it in base.tgz, please keep informed... gettext is most definitely not in base. you must be thinking of libexpat. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
PF , redirection and NAT-ing question?
Hi, I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs. I setup an OpenBSD box with PF to do firewalling and redirection. Do I also have to put the 2 external IPs on the external interface of my PF box as aliases? If I do put in the aliases and I am also doing NAT-ing on the internal lan , would PF do some kind of round-robin using different EXTERNAL IPs to go out to the net? I don't want that behaviour. How can I make PF go out on only one pre-determined external IP and not the aliases that I am using for the webservers? Thanks Parvinder Bhasin
Re: PF , redirection and NAT-ing question?
On Sat, Apr 26, 2008 at 6:17 PM, Parvinder Bhasin [EMAIL PROTECTED] wrote: I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs. I setup an OpenBSD box with PF to do firewalling and redirection. Do I also have to put the 2 external IPs on the external interface of my PF box as aliases? For pf to redirect IP traffic, those packets have to pass through the OpenBSD host. In your case, the easiest way to do this is simply add those addresses as aliases to the external interface. (You could also assign those IPs to a subnet that is routed to the OpenBSD host, but that takes more work if you don't already have your network setup to accommodate it.) If I do put in the aliases and I am also doing NAT-ing on the internal lan , would PF do some kind of round-robin using different EXTERNAL IPs to go out to the net? I don't want that behaviour. How can I make PF go out on only one pre-determined external IP and not the aliases that I am using for the webservers? You can specify $ext_if:0 after the - in the nat-rule, e.g.: nat on $ext_if from $int_if:network to any - $ext_if:0
Nvidia Quadro NVS 140M
Hi, We've got a few Lenovo T61 with Nvidia Quadro NVS 140M video cards. As far as I know, these cards are based on the GeForce 8400M G or GS chip set (not an expert), and provides some entry level 3D performance, more than enough to run X. Will this cards supported in the upcoming 4.3? mufurcz
Re: minimac on openbsd
On Apr 25, 2008, at 8:42 PM, Aaron Glenn wrote: On Sun, Mar 23, 2008 at 6:15 AM, sonjaya [EMAIL PROTECTED] wrote: Also default minimac is only 1 ethernet how to add another ethernet can support in minimac and openbsd. I'd find a low power switch capable of dot1q tagging and use the single ethernet port as a trunk port on the macmini. but if power is an issue adding another device is silly; get a soekris (or something cheaper) with multiple ethernet ports. aaron.glenn Curious if you have any hardware recommendations here? I have a specific need for one of these, it would be very useful. -Adam
Re: Nvidia Quadro NVS 140M
Do you mean basic support for the card or for 3D? Basic performance (no 3D) should be supported by Xorg`s nv driver. There seems to be some problems with that though (https://bugs.freedesktop.org/show_bug.cgi?id=14803).