4.2 wget package depend broken?
I know that 4.3 is approaching release and happened to notice that the depends for wget in the 4.2 packages is broken. Hopefully this isn't something that has been automated and will be propagated to the 4.3 packages?
Re: Logging failed SSH users and the passwords they typed
On Wed, Apr 23, 2008 at 1:01 PM, Jon Radel <[EMAIL PROTECTED]> wrote: > Sam Fourman Jr. wrote: > >> Is there a way to login the passwords that were used in the bruteforce > >> attack? [...] > > Not only that, if you read any history of Unix's early days you should > come across some instructive stories as to why logging the passwords of > failed attempts is now generally considered a really bad idea. Or doing silly things like typing your password in the username spot (moving around between lots of different keyboards of different form factors sometimes plays havoc with my touch typing, forcing me to look at the keyboard rather than the screen). The value of logging brutes is probably minimal... all you're reallying doing is observing the passing fads in point and click tools used by knee-biting rift-raft. If you're planning on building a dictionary or attack profile, I think you'll find that most brutes are just targeting some insecure default install. Back-off strategies are more than adequate for dealing with them. ...and there are so many other fun things that you can do beside just build up another useless data set. If you own a significant amount of infrastructure, passing specific host routes to bit buckets or honey pots up the network can be a fun creative way to handle this kind of trash traffic.
Routerboard 532 Bounty
I'm not sure where to ask this; so, I thought I'd start here in "misc" first. I think I have convinced myself that I want to sponsor an architecture port effort. Specifically, I would like to see OpenBSD ported to the Routerboard 532 (IDT MIPS32 4Kc processor). After STFW, I see that a few other people have posted questions about this in the past without a lot of positive response (it seems that there might have been a port that would have been suitable at one point in time, but is no longer part of the current distribution). I'm curious what the non-technical (finical) stewardship requirements might be for bringing back a dropped architecture and making sure that it works on a very specific set of target boards (starting with the 532). I don't think this is too much of a technical undertaking (but at the moment it's beyond my ability and time constraints)... the routerboard 532 boots off of compaq flash (no need to muck about with the on-board flash). The only things that worry me are the slim resources (64MB of memory max) and support for the first NIC (IDT Korina 10/100 Mbit/s Fast Ethernet port). I would be willing to forgo support for the IDT NIC just to get things started quickly (the other NICs are VIA VT6105). I would want support for at least one commodity 802.11(series) wireless NIC in both the 2.4ghz and 5ghz ranges. Other potential issue include the funky bootstrap code (which looks for ELF), custom BIOS and MIPS endedness. I don't want this to be a goatrope where I send off a bunch a Routerboard hardware and nobody even tries to collect the bounty, but I know the OpenBSD project has a pretty good reputation for getting things done when equipment and funds are provided (if I'm off mark with that semi-acquired assumption, please someone fill me in off-line). Where do I start and who do I need to talk to?
Re: Blocking web content
On 4/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Nick Holland <[EMAIL PROTECTED]> wrote: > > >I'm very fond of DNS blocking: > > http://www.holland-consulting.net/tech/imblock.html > >simple effective, in spite of theoretical shortcomings... > > I found this to be effective too, but... I used it to block > internet radio sites at my former company. The users still found > other internet radio sites. So, instead, I used an old computer > running nst linux and ran bandwidthd on the network. Instead of > wasting time on what sites to block, I just had a VP talk to the > top 10 people who were using most of the bandwidth. This seemed to > be the most effective and least time wasting solution. On a side note there is a patch that allows pdnsd to act as a "root" level resolver for whatever domains you would like to supplant. Nice and very light weight. I've been using patched pdnsd in combination with pf redirection of all port 53 traffic to prevent TCP over DNS/ICMP leaching techniques and it works great for captive portals as well (and could be handy for making all those naughty Vista desktops resolve "teredo.ipv6.microsoft.com" to a local IPv6 tunnel broker... so you can actually *know* what kind of traffic is bypassing your IPv4 only firewall... but I haven't used it in this capacity yet). Now... if there were only a good way to proxy arbitrary SSL/SSH traffic (I'm sure there is and I'm all ears to know what other people have done). Still... won't stop users from plugging sites they want into c:\windows\system32\drivers\etc\hosts (which is why you should use squid in addition). How many ways are there into and out of a network; let me count the ways and then think of a few more.
