Re: Wim
Hi Kili, On Thu, 02.04.2009 at 22:15:13 +0200, Matthias Kilian wrote: > Wim *does* filter traffic from cvs.openbsd.org. At least on ports > 25 and 80: > > $ telnet www.kd85.com 25 > Trying 62.116.6.182... > > [nothing] > Silly. So silly. I've seen many kinds of breakage, but right now, I can telnet to his server to port 25 from here. If you can't, then I tend to agree that port 25 is filtered. I also think that such kind of filtering - for policy reasons - is a stupid idea. -- Kind regards, --Toni++
Re: Wim
Hi! On Thu, Apr 02, 2009 at 06:48:48PM -0400, Ted Unangst wrote: >On Thu, Apr 2, 2009 at 6:31 PM, Hannah Schroeter wrote: >> On Thu, Apr 02, 2009 at 10:15:13PM +0200, Matthias Kilian wrote: >>>Wim *does* filter traffic from cvs.openbsd.org. At least on ports >>>25 and 80: >> Port 80 works from a private dialup as well as a private rented server. >The problem is a man in the middle attack stealing all the ARP packets from >cvs. That must be it. That I haven't thought of that... *rolls eyes* The gaping security hole in OpenBSD... *rolls eyes more* I can't sleep anymore as long as I keep running any OpenBSD host... SCNR, Hannah.
Re: Wim
On Thu, Apr 2, 2009 at 6:31 PM, Hannah Schroeter wrote: > On Thu, Apr 02, 2009 at 10:15:13PM +0200, Matthias Kilian wrote: >>Wim *does* filter traffic from cvs.openbsd.org. At least on ports >>25 and 80: > Port 80 works from a private dialup as well as a private rented server. The problem is a man in the middle attack stealing all the ARP packets from cvs.
Re: Wim
2009/4/2 Matthias Kilian : > > Wim *does* filter traffic from cvs.openbsd.org. At least on ports > 25 and 80: > > $ telnet www.kd85.com 25 > Trying 62.116.6.182... > > [nothing] By way of comparison -- this is from an Ubuntu PC NOT at cvs.openbsd.org: $ netstat -ie | grep inet\ addr inet addr:95.***.***.*** Bcast:95.***.***.*** Mask:255.***.***.*** inet addr:127.0.0.1 Mask:255.0.0.0 $ telnet www.kd85.com 25 Trying 62.116.6.182... Connected to spargel.kd85.com. Escape character is '^]'. 220 spargel.kd85.com ESMTP Sendmail 8.13.8/8.13.6; Fri, 3 Apr 2009 00:26:06 +0200 (CEST) HELO podgeandrodge.ballydung.com 250 spargel.kd85.com Hello 95-***-***-***-***.***.*** [95.***.***.***] (may be forged), pleased to meet you MAIL FROM: 250 2.1.0 ... Sender ok ^] telnet> quit Connection closed. > $ telnet www.kd85.com 80 > Trying 62.116.6.182... > > [nothing] Also from here: $ telnet www.kd85.com 80 Trying 62.116.6.182... Connected to spargel.kd85.com. Escape character is '^]'. GET / HTTP/1.1 Host: www.kd85.com HTTP/1.1 200 OK Date: Thu, 02 Apr 2009 22:11:41 GMT Server: Apache/1.3.29 (Unix) mod_ssl/2.8.16 OpenSSL/0.9.7j Transfer-Encoding: chunked Content-Type: text/html 1000 mailto:w...@kd85.com> (...) $ date Fri Apr 3 00:30:35 CEST 2009 Any questions? Thanks and regards, --ropers
Re: Wim
Hi! On Thu, Apr 02, 2009 at 10:15:13PM +0200, Matthias Kilian wrote: >Wim *does* filter traffic from cvs.openbsd.org. At least on ports >25 and 80: >$ telnet www.kd85.com 25 >Trying 62.116.6.182... >[nothing] >$ telnet www.kd85.com 80 >Trying 62.116.6.182... >[nothing] Port 80 works from a private dialup as well as a private rented server. Do you want to send mail to x...@*www.*kd85.com? I'd rather try the MX record of kd85.com, which is ok13.kd85.com. That worked for me too, from the same both sources (spamd's greeting with the first few octets stuttered). But JFTR, www.kd85.com also responds on 25, with a Sendmail greeting. Did you retry to double-check that it wasn't the machine being rebooted and just coming up pre-start of the daemons? Kind regards, Hannah.
Re: Wim
Come on!! 2009/4/2 Matthias Kilian : > On Thu, Apr 02, 2009 at 09:59:38PM +0200, Toni Mueller wrote: >> > This guy some of you think is so honest. He's filtering port 25 >> > from cvs.openbsd.org. >> >> did you try sending from a different server thereafter? > > Wim *does* filter traffic from cvs.openbsd.org. At least on ports > 25 and 80: > > $ telnet www.kd85.com 25 > Trying 62.116.6.182... > > [nothing] > > $ telnet www.kd85.com 80 > Trying 62.116.6.182... > > [nothing] > > Silly. So silly. > > Ciao, >Kili
Re: Wim
On Thu, Apr 02, 2009 at 09:59:38PM +0200, Toni Mueller wrote: > > This guy some of you think is so honest. He's filtering port 25 > > from cvs.openbsd.org. > > did you try sending from a different server thereafter? Wim *does* filter traffic from cvs.openbsd.org. At least on ports 25 and 80: $ telnet www.kd85.com 25 Trying 62.116.6.182... [nothing] $ telnet www.kd85.com 80 Trying 62.116.6.182... [nothing] Silly. So silly. Ciao, Kili
Re: Wim
> On Thu, 02.04.2009 at 00:17:35 -0600, Theo de Raadt > wrote: > > This guy some of you think is so honest. He's filtering port 25 > > from cvs.openbsd.org. > > did you try sending from a different server thereafter? > > > > I've seen a failure mode where a machine appears to be up, but slowly > stops accepting ever more tcp connections over time, until the system > comes to a grinding halt, the last thing being becoming unresponsive to > ping and finally, console lockup, on several machines. They are all > different hardware, but are intel or AMD CPUs. I've seen this for a > long time (years), but have no way to reproduce it, and also no way to > catch debug info in the actual cases (eg. "boot crash" doesn't do > anything), and therefore not reported it, since you don't want > incomplete bug reports. I was so far unable to detect a pattern. A > machine usually runs fine for months, then takes a few hours or up to > 2-3 days, to get into that state. If it happens, I can usually only > press the reset button. thanks for lesson in how the Internet works.
Re: Wim
Hi, On Thu, 02.04.2009 at 00:17:35 -0600, Theo de Raadt wrote: > This guy some of you think is so honest. He's filtering port 25 > from cvs.openbsd.org. did you try sending from a different server thereafter? I've seen a failure mode where a machine appears to be up, but slowly stops accepting ever more tcp connections over time, until the system comes to a grinding halt, the last thing being becoming unresponsive to ping and finally, console lockup, on several machines. They are all different hardware, but are intel or AMD CPUs. I've seen this for a long time (years), but have no way to reproduce it, and also no way to catch debug info in the actual cases (eg. "boot crash" doesn't do anything), and therefore not reported it, since you don't want incomplete bug reports. I was so far unable to detect a pattern. A machine usually runs fine for months, then takes a few hours or up to 2-3 days, to get into that state. If it happens, I can usually only press the reset button. If I may have a wish granted, then please, pretty please, try to keep USB, and especially USB keyboards, alive for as long as possible, because otherwise, I can't do anything in most cases of such a lockup. > For what reason would he do that? I don't know, either, but since he's allegedly on the road, it might be difficult for him to fix it soonish, if it is a problem like the one described above. Kind regards, --Toni++
Re: Wim
2009/4/2 Theo de Raadt : > This guy some of you think is so honest. He's filtering port 25 > from cvs.openbsd.org. > > For what reason would he do that? > > Today was the first time I tried to mail him, cc'd to misc@openbsd.org, > in a couple of months. > > So what's that all about? He's so honest, some of you think, because > he bought you a beer. > in a couple of months. > > So what's that all about? He's so honest, some of you think, because > he bought you a beer. Hi Teo: Did you try to mail him to wim.vandepu...@gmail.com? This message appear in his web. "Important: Email is working fine but because I use greylisting, if it's urgent, don't just email me at w...@kd85.com but also put wim.vandepu...@gmail.com in cc:. Greylisting inserts a 30 to 60 minute latency" Humberto Pirez