Re: [PF] bug in port range.
* Patrick Lamaiziere patf...@davenulle.org [2012-01-03 19:00]: Well because for me 80:82 is (80, 81, 82) and 82:80 the same items and so the same range. but it is NOT the same. I'd claim your expectations is strange ;) So what is the meaning for PF of the range 82:80? If this is a non sense, an error from pfctl would be cool. it isn't nonsense, it just can't match. that is not an error, strictly speaking. it comes down to basic unix philosophy. the system doesn't assume it is more clever than its operator. it does exactly what you tell it to do, no more, no less. port 82 80 defines a range that can't match, and it doesn't. as in, all is good. when you mean 80 82 you ought to write 80 82 and not 82 80. Sure, but when using service name it's easy to make a mistake. In fact I've found this strange behavior while translating a Cisco acl : permit tcp any any range ftp ftp-data Translated to port ftp:ftp-data, which if I understand well does not mean anything for PF. right. pilot error. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: PF Snort tutorial
Hi, Perhaps, this can be helpful ;-) http://www.procyonlabs.com/guides/openbsd/snort/ Cheers, Wesley MOUEDINE ASSABY http://mouedine.net/ruleset50.aspx On Tue, 3 Jan 2012 17:56:13 -0500, Bentley, Dain dbent...@nas.edu wrote: ughthat's what I thought. I'm reading through some OSSEC docs right now and it seems pretty promising. Having trouble finding anything about having it read from pflog. From: Andres Genovez [andresgeno...@gmail.com] Sent: Tuesday, January 03, 2012 3:04 PM To: Bentley, Dain Cc: misc@openbsd.org Subject: Re: PF Snort tutorial 2012/1/3 Bentley, Dain dbent...@nas.edumailto:dbent...@nas.edu I've been looking around for a good tutorial on implementing snort with PF and everything I see is old, does anyone know of or have implemented a solution using an IDS/IPS with PF on the same box? If possible I'd like snort of some other IDS inspect packets and have pf drop them based on the fact they match certain signatures. Thanks in advance. Implimenting that is really a Pain in the hell out..I did it on a 4.9, i need to do it from sources, there is no complete tutorial, it works on 4.9, not implemented with PF tought... Greetings... -- Atentamente Andris Genovez Tobar / Tecnico Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT http://www.puntonet.ec
Re: PF Snort tutorial
Also, an idea, add scanlogd package, and do a small script to add ip in log to your pf table ;-) Cheers, Wesley MOUEDINE ASSABY http://mouedine.net/ruleset50.aspx On Tue, 3 Jan 2012 17:56:13 -0500, Bentley, Dain dbent...@nas.edu wrote: ughthat's what I thought. I'm reading through some OSSEC docs right now and it seems pretty promising. Having trouble finding anything about having it read from pflog. From: Andres Genovez [andresgeno...@gmail.com] Sent: Tuesday, January 03, 2012 3:04 PM To: Bentley, Dain Cc: misc@openbsd.org Subject: Re: PF Snort tutorial 2012/1/3 Bentley, Dain dbent...@nas.edumailto:dbent...@nas.edu I've been looking around for a good tutorial on implementing snort with PF and everything I see is old, does anyone know of or have implemented a solution using an IDS/IPS with PF on the same box? If possible I'd like snort of some other IDS inspect packets and have pf drop them based on the fact they match certain signatures. Thanks in advance. Implimenting that is really a Pain in the hell out..I did it on a 4.9, i need to do it from sources, there is no complete tutorial, it works on 4.9, not implemented with PF tought... Greetings... -- Atentamente Andris Genovez Tobar / Tecnico Elastix ECE - Linux LPI-1 - Novell CLA - Apple ACMT http://www.puntonet.ec
Happy New Year 2012
Dear If you can't see the animation on this card please click here: http://www.setit.rnu.tn/NewYear2012/New_Year_2012.html All the staff of the organization committee of the 6th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT 2012) as well as the staff of the Research Unit: Sciences Technologies of Image and Telecommunications would like to wish you a very Happy and Successful New Years 2012. May it be full of health, wealth and happiness for you, for your families and for your loved ones. Best Regards. Mohamed Salim BOUHLEL General Chair, SETIT 2012 Head of Research Unit:Sciences Technologies of Image and Telecommunications ( Sfax University ) GSM +216 20 20 00 05 = = This email is sent out to all those on the SETIT database. If you want to be removed from this database, please send an email to unsubscribe.se...@gmail.com with subject Unsubscribe = =
ISAKMPD question: ID-type ASN1_...?
Hi, I've run into an interoperability problem with an Astaro, which does not like our certificate. The certificate basically looks like ... Subject: C=DE, L=..., CN=IP-number ... Subject Alternative Name: IPv4 Address: IP-number ... Now the Astaro is said to require an ID type of ASN1-DN, when used in conjunction with X.509 certificates, but it also appears that OpenBSD can't send that to the remote side. Or am I wrong? TIA! Kind regards, --Toni++
Re: ISAKMPD question: ID-type ASN1_...?
Hi Toni, Toni Mueller wrote on Wed, Jan 04, 2012 at 06:09:55PM +0100: I've run into an interoperability problem with an Astaro, which does not like our certificate. The certificate basically looks like ... Subject: C=DE, L=..., CN=IP-number ... Subject Alternative Name: IPv4 Address: IP-number ... Now the Astaro is said to require an ID type of ASN1-DN, when used in conjunction with X.509 certificates, A colleague of mine working on the IPsec subsystem of the ASG says that the ASG can be configured to accept an ID-type of IP-number, if i understand correctly what he says. So maybe, the problem might not be on the OpenBSD side, but the ASG might be misconfigured. In case you do not manage to solve this yourself, consider calling Astaro support or check out the Astaro User Bulletin Board (astaro.org, a public support forum). Yours, Ingo -- ingo.schwa...@sophos.com | Software Engineer, Network Security Astaro GmbH Co. KG - a Sophos company | 76227 Karlsruhe, Germany www.astaro.com | www.sophos.com
#bom dia#
esta C) uma boa chance para vocC* nosso site principalmente vender muitos tipos de telefone, cCmera, laptop.watch ... se vocC* comprar um produto. podemos enviar outros produtos, oferecemos tambC)m o custo frete grC!tis s i te: www. heidow.com 1:17:27
ro / and /etc on mfs - clarification
Hello, I was reading couple of howtos (yeah!) about read-only / with /etc as mfs. I suppose these howtos overlook problem with unavailability of some important files. I suppose boot and init needs some files in /etc before running /etc/rc, like ttys and master.passwd etc... If you mount /etc as mfs over old /etc used by init, I think you can see following: * you cannot modify files hidden under monted over /etc ...and... * init in single user would ask you different root's password then used in normal state I apologize if anybody would complain that this is not supported solution but anyway, what is your workaround and what do you think about solution below? jirib files before init: == /etc/boot.conf files needed by init: = /etc/rc /etc/ttys /etc/passwd /etc/master.passwd /etc/ptmp # ignore! /etc/pwd.db /etc/spwd.db /etc/login.conf files used by /etc/rc before `mount' /etc/defaultdomain # ignored by me /etc/rc.conf # this could be theoretically skipped # if moved later in /etc/rc /etc/raid$dev.conf # ignored by me /etc/fstab scenario: = * mkdir /proto_etc * cp -Rp /etc/* /proto_etc * mkdir /pre_etc * cd /pre_etc * for i in boot.conf rc ttys passwd master.passwd pwd.db spwd.db login.conf fstab rc.conf ; do ln /etc/$i $i done * mount_mfs -s 20M -P /proto-etc swap /etc * rsync -vhaz --delete \ --exclude boot.conf \ --exclude rc \ --exclude ttys \ --exclude passwd \ --exclude master.passwd \ --exclude pwd.db \ --exclude spwd.db \ --exclude login.conf \ --exclude fstab \ --exclude rc.conf /etc/ /proto_etc/ * cd /etc * for i in boot.conf rc ttys passwd master.passwd pwd.db spwd.db login.conf fstab rc.conf ; do cat /etc/$i /pre_etc/$i done
Inscripciones Compranet 5.0 ActualizaciĆ³n de la Plataforma
[IMAGE] Zltimos dmas con promocisn! Manejo Sptimo de la Plataforma Compranet 5.0 25 de Enero Mixico D.F. y 27 de Enero Guadalajara, Jalisco. Si desea participar Inscrmbase Ahora: 1.-Favor de enviar por esta vma datos fiscales para la emisisn de su factura. 2.-Proporcionar el o los nombres completos de los participantes para enviar su ficha de registro !Solicite Mayores Informes! Por favor responda este e-mail con los datos siguientes. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: En breve recibira la informacisn completa de este inigualable evento. Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741. 10 lmneas a su servicio Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJACOMP Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJACOMP Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of image002.jpg]
Re: Install without the DNS domain name from DHCP
There are other free ones, but dyndns have been severely abused by all the cheap router manufacturers. Someone needs to pay the electric bill. And I believe the sysadmins like to eat every now and then. If you don't want to pay for it, then it is a want, not a need. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4
Re: PF Snort tutorial
Wesley M. open...@e-solutions.re writes: Perhaps, this can be helpful ;-) http://www.procyonlabs.com/guides/openbsd/snort/ It's possible it's quite valid for the Snort parts, but unfortunately this HOWTO shows several of the features typical of docs maintained by people who are not, in fact, terribly familiar with OpenBSD: first off, consider the statement One thing a lot of people overlook is patching their OpenBSD system(s). This is because it is a major pain in the ass. Show of hands, how many of people here agree with that statement? Next, the only part of the system he considers important enough to patch is the kernel. (OpenBSD has patches for all parts of the base system, the only patch so far for 4.9 is for bind, not the kernel). He then moves on to rebuild all packages locally from the ports tree, but there are no indications that he builds special flavors that are not already available as downloadable packages. And finally, he then proceeds to download -- to /usr/src of all places -- the source archives for Snort and supporting software (which may or may not be due to some appropriate reason such as the packages (aka ports) lagging behind upstream), builds and installs them. All this while working as root (not a sudo in sight, but this may be one of my grumpier nights). If you find this is a useful document, it would be a very smart move to prod its author to check that the information is still up to date and to make any changes that are necessary for OpenBSD 5.0. It's only been two months, but even busy and forgetful people who take an active interest *should* be able to find the time for keeping their stuff up to date. As others have said here earlier, any document that claims to be about OpenBSD and does not live somewhere on http://www.openbsd.org/ should be treated with caution, one of the things to look out for is some basic familiarity with OpenBSD such as the points (possibly minor) I pointed out earlier. Cheers, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ro / and /etc on mfs - clarification
On 2012-01-04, Jiri B ji...@devio.us wrote: Hello, I was reading couple of howtos (yeah!) about read-only / with /etc as mfs. I suppose these howtos overlook problem with unavailability of some important files. I suppose boot and init needs some files in /etc before running /etc/rc, like ttys and master.passwd etc... If you mount /etc as mfs over old /etc used by init, I think you can see following: * you cannot modify files hidden under monted over /etc ...and... * init in single user would ask you different root's password then used in normal state I apologize if anybody would complain that this is not supported solution but anyway, what is your workaround and what do you think about solution below? What's the advantage in having /etc on mfs? Why not just remount / readonly after booting and mount it read/write when you need to make changes? If you're looking at something more than this then take a look at how flashboot does things but I'd only consider that in special cases..
Re: ro / and /etc on mfs - clarification
On Thu, Jan 05, 2012 at 01:12:43AM +, Stuart Henderson wrote: What's the advantage in having /etc on mfs? Why not just remount / readonly after booting and mount it read/write when you need to make changes? If you're looking at something more than this then take a look at how flashboot does things but I'd only consider that in special cases.. As I'm not building super-small embedded appliance the flasboot is not optimal. I wanted to separate service from (not much important) data thus I installed OpenBSD on little usb stick and dedicated normal disk for my own data (mp3, source repo, etc...). If the disk would go down, no problem, dns/ssh/pf etc would still work OK. (I'm ignoring here discussion if the problem is more disk or power supply.) So why /etc on mfs? Maybe I'm thinking that always remounting rw / because little changement of a config file would be too much work when computers could do that for us invisible in background :) (If it would not crash before sync, of course.) jirib
consulta
Ver Listado de Combos * Postales 9x15 cm. full color doble faz en papel ilustracion de 300 gr. + Laca UV x 1.000 unid. $349.99 * Flyers 9x10 cm. full color doble faz en papel ilustracion de 300 gr. + Laca UV x 1.000 unid. $279.99 * Tarjetas Personales 9x5 cm. full color doble faz en papel ilustracion de 300 gr. + Laca UV x 1.000 unid. $99.99 * Hojas Membrete formato A4 full color en papel obra de 90 gr. x 1.000 unid. $459.99 * Dipticos 25x36 cm. (abierto) full color doble faz en papel ilustracion de 300 gr. + Laca UV + doblado x 1.000 unid. $1.799.- * Carpetas con solapa formato A4 full color en papel ilustracion de 300 gr. + Laca UV x 1.000 unid. $2.89 c/u. QUIENES SOMOS? Somos una joven pero pujante empresa, cuyo objetivo principal es acercarle a nuestros clientes la mejor tecnologia en servicios graficos al menor costo. A la izquierda de estas lineas podran observar algunas de nuestras publicidades en diferentes medios, para verlas ampliadas, solo haga click sobre la imagen. En DAS DRUCKEN contamos con equipos de gran formato (Heidelberg Speedmaster SM-102 AP 72x102 8 colores - 4/4 en linea, Komori Lithrone L-440 EM 72x102 5 colores y Komori Lithrone L-426 BP 66x48 4 colores) e impresion digital de ultima generacion, lo que nos permite optimizar costos, brindar mayor velocidad de entrega y reducir los margenes de error en la impresion, sin descuidar la calidad de nuestro trabajo. En DAS DRUCKEN simplificamos las necesidades de nuestros clientes, somos la primera empresa grafica en ofrecer la opcion del pago de sus trabajos con tarjeta de credito hasta en 12 cuotas. Los invitamos a seguirnos a traves de Facebook, donde encontraran promociones y contenido exclusivo para nuestros seguidores, y asi comenzar a ser parte de nuestra historia, descubriran un nuevo concepto en artes graficas. NUESTROS SERVICIOS Tarjetas Personales Folletos Volantes Dipticos Tripticos Posters Catalogos Revistas Calendarios Sentilde;aladores Calcomanias / Stickers Imanes Carpetas Institucionales Carpetas de Presentacion Sobres Papeleria Comercial Impresiones Offset gran formato Armado de Mailing Promocional Impresion con Datos Variables Afiches Estuches y Cajas Packaging Naipes Publicitarios Material de POP Articulos para Promocion Y mucho, pero mucho mas!!! Servicio de envio propio a Cap.Fed. y GBA. Realizamos envios al interior. Tarjetas de Credito hasta en 12 cuotas. Consultanos por diferentes cantidades. CONTACTO Florida 1973 - B1868CHE Avellaneda - Buenos Aires - Argentina Tel./Fax: (54)(11) 5983-0920 (Rot.) Cel.: (11)(15) 6399-1276 - ID: 703*2545 dasdruc...@yahoo.com.ar Formulario para Consultas Descarga nuestra Carpeta de Presentacion en PDF PRESUPUESTOS Para solicitar presupuesto, clickea aqui Florida 1973 - B1868CHE - Avellaneda - Buenos Aires - Argentina - Tel./Fax: (54)(11) 5983-0920 - dasdruc...@yahoo.com.ar Consideramos que este tipo de informacion puede ser de su interes. Si quiere dejar de recibir estas comunicaciones responda este mensaje haciendo click aqui En caso de que estas comunicaciones le lleguen a mas de una direccion, por favor indiquenos las siguientes en el cuerpo del mensaje, a fin de no volver a molestarlos. Gracias. Este mensaje no puede ser considerado SPAM al contener un metodo para ser removidode la lista de destinatarios, de acuerdo a la Ley N: 25.326 Art. 27 Inc. 3 (Ley de Habeas Data) de la Republica Argentina.