Re: Why so cool OS doesn't have vuln database?

Hi, Joachim I've got that you wanted to say. There are some tools for that are available. The main problem is that they detect an intrusion *after* the server is compromised. Intrusion detection systems are good but intrusion prevention systems are better. Joachim Schipper wrote: On Sun, May

Re: Why so cool OS doesn't have vuln database?

Yuriy Grishin wrote: Indeed you're right. I've got the same experience with php5-gd library. The audit program told that this library is vulnerable but there was no patch available. So this message was about useless. On the other hand in most cases this sort of applications could save admin's

Re: Why so cool OS doesn't have vuln database?

Indeed you're right. I've got the same experience with php5-gd library. The audit program told that this library is vulnerable but there was no patch available. So this message was about useless. On the other hand in most cases this sort of applications could save admin's time. TomC!E! BodE>C

Re: Why so cool OS doesn't have vuln database?

Thanks a lot! TomC!E! BodE>C!r wrote: Read the FAQ please http://www.openbsd.org/stable.html 1) Get and update source code trough CVS 2) Rebuild kernel and boot with it 3) Rebuild binaries 4) Done There was thread about it last month I think.You haven't packages updated in -stable.You must use

Re: Multiboot OpenBSD with Vista

On Sat, May 16, 2009 at 04:19, Joachim Schipper wrote: > On Fri, May 15, 2009 at 01:08:14PM +0430, MANI wrote: >> Hi, >> >> First of all you need to know I am running OpenBSD on my laptop and PC >> at home happily as sole OS, but unfortunately I need to dual boot my >> PC at Office because of some

Re: Kylin

Common,you think that big western companies which have support from western governments care about it?And please don't make white knight from western civilization.Everywhere are pros and cons.What type of copyright and intellectual property you think?Like Disney which have stories based on older st

Re: Kylin

Jesus Sanchez wrote: > TomC!E! BodE>C!r escribiC3: >> After quick search on web it looks like it's based on FreeBSD 5.3 >> (initial version) with Windows like GUI.So it doesn't looks so secure >> now :-) But government agencies must have reason to receive money so >> why don't make "wave" about dan

Re: old and new pf tandem test ---help

Ingo et all, I suspect "modulate state" may be the culprit. Here is what the manual says: modulate state - works only with TCP. PF will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule. So we have 2 machines generating ISNs for the same connection. Could this be the

Re: old and new pf tandem test ---help

Ingo and the rest of OpenBSD pf-ers, Thanks Ingo for your thoughts. Let me ask a simpler question, is there something wrong with the following line on a FreeBSD 7.2 pf? pass in log quick on em0 inet proto tcp from any to 121.209.23.121 port = imaps flags S/SA modulate state Yudhvir

Re: Kylin

On Sun, 17 May 2009 20:32:59 -0400 "(private) HKS" wrote: > 2009/5/17 Toma Bodar : > > I know,that's why they choose BSD-style licenced OS ;-) > > Yes, because China's respect for copyright and intellectual property > is legendary. > > -HKS > Perhaps this is out of place here, but China's take

Re: Kylin

2009/5/17 Toma Bodar : > I know,that's why they choose BSD-style licenced OS ;-) Yes, because China's respect for copyright and intellectual property is legendary. -HKS > 2009/5/17 Cem Kayali : >> >> Do you really think Chineese governmnt make source public? Not all of course >> ;) >> >> Rega

Re: Kylin

On Sun, 17 May 2009 21:08:57 +0200 TomC!E! BodE>C!r wrote: > I know,that's why they choose BSD-style licenced OS ;-) > > 2009/5/17 Cem Kayali : > > > > Do you really think Chineese governmnt make source public? Not all of course > > ;) > > > > Regards, > > > > > > > > > > Jesus Sanchez, 05/17/09

Package for kde4

Hello! Could it be possible to include kde4 and its dependent ports into (snapshot) packages, so that we can test it? Compiling kde4 takes so much time and few people can test it without pre-built packages. Regards, Cem

Re: old and new pf tandem test ---help

Hi Yudhvir, mehma sarja wrote on Sun, May 17, 2009 at 01:27:12PM -0700: > a. The old firewall is in production and is running as expected - blocking > and passing as we need. > b. I am in the process of replacing it with a new one. It happens that > OpenBSD was inconvenient on the hardware we h

Re: ADSL2+ PCI card

Thanks for all the responses everyone it looks like the viking card may be what im after. - it presents itself as an eathernet adapter - it has a cli to configure te onboard ADSL2+ router - the network adapter REL8139 is suported by the rl driver Thanks all

Re: Why so cool OS doesn't have vuln database?

On Sun, May 17, 2009 at 03:04:18AM +0200, Ingo Schwarze wrote: > Hi Joachim, hi Yurij, > > Joachim Schipper wrote on Sat, May 16, 2009 at 01:23:20PM +0200: > > On Fri, May 15, 2009 at 10:39:06PM +0500, Yuriy Grishin wrote: > > >> I've installed OpenBSD 4.5 on my home gateway. > >> Random pids and

Re: old and new pf tandem test ---help

Ingo, Thanks for a detailed response, really. It is my fault that I did not set the context and here it is: a. The old firewall is in production and is running as expected - blocking and passing as we need. b. I am in the process of replacing it with a new one. It happens that OpenBSD was inconv

mp3 stick as both an mp3 stick and an obsd install

Scenario: 4.5 installed on Emtec 2GB-FM mp3 player, using 1G of the 2G, the rest being 1G of FAT (a separate fdisk partition, labeled as sd0i). Everyting works BSD-wise, provided the machine I plug it in can boot off USB at all. Now, I still want to be able to use it as a mp3 player. I created new

Re: Kylin

I know,that's why they choose BSD-style licenced OS ;-) 2009/5/17 Cem Kayali : > > Do you really think Chineese governmnt make source public? Not all of course > ;) > > Regards, > > > > > Jesus Sanchez, 05/17/09 20:58: >> >> TomC!E! BodE>C!r escribiC3: >>> >>> After quick search on web it looks li

aucat freezes sparc64 on -current

Hi all, I updated my machine to snapshot 2009-05-15 and the machine freezes when I start aucat : mattieu:/home/mattieu:2$ /usr/bin/aucat -l mattieu:/home/maschizo0: pci bus A error The kernel doesn't panic, the machine just stay at this point. This is the output from a serial console. Here is t

Re: Kylin

Do you really think Chineese governmnt make source public? Not all of course ;) Regards, Jesus Sanchez, 05/17/09 20:58: TomC!E! BodE>C!r escribiC3: After quick search on web it looks like it's based on FreeBSD 5.3 (initial version) with Windows like GUI.So it doesn't looks so secure now :-)

Re: old and new pf tandem test ---help

mehma sarja wrote on Sun, May 17, 2009 at 10:35:27AM -0700: > I want to test two pf firewalls in-line - an old openBSD (3.7 #50, That makes absolutely no sense. Don't run real servers with historical software. Run 4.5. > i386) is on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on > the 'i

Re: Kylin

TomC!E! BodE>C!r escribiC3: After quick search on web it looks like it's based on FreeBSD 5.3 (initial version) with Windows like GUI.So it doesn't looks so secure now :-) But government agencies must have reason to receive money so why don't make "wave" about dangerous China with their new ultra

Re: Kylin

After quick search on web it looks like it's based on FreeBSD 5.3 (initial version) with Windows like GUI.So it doesn't looks so secure now :-) But government agencies must have reason to receive money so why don't make "wave" about dangerous China with their new ultra-hyper-super secure system? Of

old and new pf tandem test ---help

I want to test two pf firewalls in-line - an old openBSD (3.7 #50, i386) is on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on the 'inside.' Here is the setup INTERNET ===[outside port bridged to inside port OLD pf] === [outside port bridged to inside port NEW pf] === LAN I took the old pf.co

Re: Kylin

Everyone can try it http://www.honeytechblog.com/downlod-kylin-operating-system-by-chinaqingbo-wu/ 2009/5/17 Duncan Patton a Campbell : > I just noticed this: > > http://www.physorg.com/news161355225.html > > about a "secure" os that's been under > development in China since around 2k > and is now

Kylin

I just noticed this: http://www.physorg.com/news161355225.html about a "secure" os that's been under development in China since around 2k and is now being deployed by the Chinese Gov. Interestingly, it is built for a "hardened" CPU that, I'd guess, lacks many of the advanced "features" of iNTe

Re: route add -interface

On Sun, May 17, 2009 at 4:13 PM, Claudio Jeker wrote: > On Sun, May 17, 2009 at 11:39:43AM +0200, Felipe Alfaro Solana wrote: > > On Sun, May 17, 2009 at 9:57 AM, Claudio Jeker >wrote: > > > > > On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote: > > > > Hi misc, > > > > route a

Re: route add -interface

On Sun, May 17, 2009 at 3:52 PM, Claudio Jeker wrote: > On Sun, May 17, 2009 at 01:38:07PM +, Stuart Henderson wrote: > > On 2009-05-17, Felipe Alfaro Solana wrote: > > > > > > The problem with incorrectly-sourced IP datagrams seems to be NAT: > > > > > > nat on vr2 inet from 172.16.0.1/24 to

Re: route add -interface

On Sun, May 17, 2009 at 3:38 PM, Stuart Henderson wrote: > On 2009-05-17, Felipe Alfaro Solana wrote: > > > > The problem with incorrectly-sourced IP datagrams seems to be NAT: > > > > nat on vr2 inet from 172.16.0.1/24 to any -> (vr2) round-robin > > > > This rule is created as: > > > > nat on $

Re: route add -interface

On Sun, May 17, 2009 at 11:39:43AM +0200, Felipe Alfaro Solana wrote: > On Sun, May 17, 2009 at 9:57 AM, Claudio Jeker > wrote: > > > On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote: > > > Hi misc, > > > route add allows one to specify a directly-connected route reachable ove

Re: Why so cool OS doesn't have vuln database?

Read the FAQ please http://www.openbsd.org/stable.html 1) Get and update source code trough CVS 2) Rebuild kernel and boot with it 3) Rebuild binaries 4) Done There was thread about it last month I think.You haven't packages updated in -stable.You must use -current if you want updated packages.Of

Re: Why so cool OS doesn't have vuln database?

Martin Schrvder wrote: 2009/5/17, Yuriy Grishin : OpenBSD just uses different approach, got it. It's not a technological problem. Search the archives for discussions of security upgrades to ports. In short: The devs all run current and such don't need it; not enough users have steppe

Re: route add -interface

On Sun, May 17, 2009 at 01:38:07PM +, Stuart Henderson wrote: > On 2009-05-17, Felipe Alfaro Solana wrote: > > > > The problem with incorrectly-sourced IP datagrams seems to be NAT: > > > > nat on vr2 inet from 172.16.0.1/24 to any -> (vr2) round-robin > > > > This rule is created as: > > > >

Re: route add -interface

On 2009-05-17, Felipe Alfaro Solana wrote: > > The problem with incorrectly-sourced IP datagrams seems to be NAT: > > nat on vr2 inet from 172.16.0.1/24 to any -> (vr2) round-robin > > This rule is created as: > > nat on $ext_if from $int_if:network to any -> ($ext_if) > > I understand the problem

Re: Why so cool OS doesn't have vuln database?

2009/5/17, Yuriy Grishin : > OpenBSD just uses different approach, got it. It's not a technological problem. Search the archives for discussions of security upgrades to ports. In short: The devs all run current and such don't need it; not enough users have stepped forward and started working on

4.4BSD-Lite sources available

Hi all, I've put the 4.4BSD-Lite sources available in my mirror (1). The complete URL is: ftp://mirror.cdmon.com/pub/bsd-sources/ Currently, I'm playing with the code using the Stevens' volumes; I hope it will be useful for others. (1) Official OpenBSD mirror in ftp://mirror.cdmon.com/pub/O

Re: route add -interface

On Sun, May 17, 2009 at 11:39 AM, Felipe Alfaro Solana < felipe.alf...@gmail.com> wrote: > On Sun, May 17, 2009 at 9:57 AM, Claudio Jeker > wrote: > >> On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote: >> > Hi misc, >> > route add allows one to specify a directly-connected rou

Re: route add -interface

On Sun, May 17, 2009 at 9:57 AM, Claudio Jeker wrote: > On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote: > > Hi misc, > > route add allows one to specify a directly-connected route reachable over > an > > interface, using the -interface switch. However, I can't seem to figure

Re: rt.fm CVS Mirror going funny?

On 5/17/09 2:07 AM, Aaron W. Hsu wrote: Hey All, Has anyone else noticed issues with pulling src/sbin/ping/ping.c from anon...@rt.fm:/cvs? I get this error cvs [server aborted]: EOF while looking for end of string \ in RCS file /cvs/src/sbin/ping/ping.c,v Does anyone kno

Re: route add -interface

On Sun, May 17, 2009 at 01:13:29AM +0200, Felipe Alfaro Solana wrote: > Hi misc, > route add allows one to specify a directly-connected route reachable over an > interface, using the -interface switch. However, I can't seem to figure out > if it's possible to specify just the interface name to the