Re: new OpenSSL flaws

2014-06-05 Thread David Goldsmith
G: 4096R/77B981BC Probably ipfilter http://christopher-technicalmusings.blogspot.com/2009/03/switching-firewalls- from-ipf-to-pf-on.html -- David Goldsmith [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: bnx[01] -> trunk0 -> vlan119 -> carp119 problem

2012-04-19 Thread David Goldsmith
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/19/2012 11:17 AM, Matt Hamilton wrote: > David Goldsmith sans.org> writes: > >> I believe the "inet" option is missing a 3rd component. After >> the CARP IP and the netmask, you also need the 'last' IP

Re: bnx[01] -> trunk0 -> vlan119 -> carp119 problem

2012-04-18 Thread David Goldsmith
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/18/2012 2:40 PM, Matt Hamilton wrote: > David Goldsmith sans.org> writes: > >>> Any ideas why this might be happening? I'm probably doing >>> something stupid, but can't spot it. >> >> Plea

Re: bnx[01] -> trunk0 -> vlan119 -> carp119 problem

2012-04-18 Thread David Goldsmith
nts of the /etc/hostname.carp119 file on both servers. - -- David Goldsmith Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+O23oACgkQ417vU8/9QfnGrwCghRad5I3/Y/ALMU035wjC7wVb 8owAoKciyEB1SIHvgwXqwFpVv3llWm6M =DmJz -END PGP SIGNATURE-

Issues with Newer Broadcom NICs on OpenBSD 4.6

2010-03-29 Thread David Goldsmith
of these NICs (BCM5709S or BCM57711) currently supported in OpenBSD 4.6? 2) Are either of these NICs (BCM5709S or BCM57711) currently supported in OpenBSD 4.7? If no for both, I am willing to work with an OpenBSD developer to use this hardware to update the bnx driver so it will support these chipse

Re: VLANs, OpenBSD, Cisco HP

2010-01-14 Thread David Goldsmith
fxp1 http://www.openbsd.org/faq/faq6.html#Setup.if David Goldsmith

Re: Ramifications of blocking SYN+FIN TCP packets

2009-03-11 Thread David Goldsmith
ng all the traffic. The problem is pf considers SYN-RST packets to be illegal and drops them (good) but only considers SYN-FIN packets to be ambiguous and so it "normalizes" them and clears the FIN bit (in this case for the PCI scan - bad) Then your server behind the firewall received

Re: Problems with Sticky-Address Not Sticking with Hoststated

2008-01-25 Thread David Goldsmith
refered to keeping the 'rdr' statement in the pf.conf file along with the 'sticky-address' keyword. Some of the prior resources I had referred to were: http://www.openbsd.org/papers/eurobsdcon07/pyr-loadbalancing/ The OpenBSD PF Packet Filter Book man hoststated.conf | R

Problems with Sticky-Address Not Sticking with Hoststated

2008-01-25 Thread David Goldsmith
12000 states src.track 60s LIMITS: stateshard limit1 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 10 TABLES: webpool OS FINGERPRINTS: 696 fingerprints loaded = Thanks - -- David Goldsmith, SANS NOC Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmilZ417vU8/9QfkRAtyeAJ49P6AmhbJhGMtQ8vbBHy+rj1zhUQCfSayh 2fsJx0IHcNWuP0aSF0dM6do= =IcyZ -END PGP SIGNATURE-