255.255.255.248
Looks like a stereotypical bump-on-the-wire bridging firewall to me.
Dante: see http://www.openbsd.org/faq/faq6.html#Bridge And in OpenBSD
I'd address only one of the interfaces (or none of them if you wish to
increase security by forcing all management to be done from the
con
in.
Try dropping a
pass out all
into the rule set to see if things get better. (As a test, think about
the implications before you put that into production.)
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
.example.com";
allow-query { any; };
};
The upshot is that client addresses can send queries, including
recursive ones, for anything. The rest of the world can only send
non-recursive queries for the zones for which this server is authoritative.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
Monah Baki wrote:
> Why the 4.2 CD set is missing in https://https.openbsd.org/cgi-bin/order
It's there now, down with the other past releases.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
en all the garbage from
brute force attempts you'll find entries of legitimate attempts with
small typos in the password. Suddenly your log file has become really
dangerous.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
p device that it wants to pay attention
to broadcasts?
Obligatory dmesg found below.
Thanks.
--Jon Radel
OpenBSD 4.2-stable (GENERIC) #0: Wed Mar 26 16:54:32 UTC 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80
cpu0: Intel(R) Pentium(R) 4 CPU 2.
than via
some tunneling service. Unless you're interested in the technology for
its own sake, there's nothing much you can do with it that you can't do
with less bother using IPv4.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
Rico Secada wrote:
> Again lets ask Boing.
>
I'm fully aware that spelling flames are terribly tasteless, but the
image of planes loaded with Ada code going boing, boing, boing down the
runway just won't leave my mind.
It's Boeing.
--Jon Radel
[EMAIL PROTECTED]
P.S.
nto other people's
> computers, and want to operate in a secure environment
> (with-in those walls)
How can you prove that you aren't attempting to social engineer us
into launching a denial of service attack against some perfectly
innocent "net lice?" Think about the model a bit more.
--Jon Radel
[EMAIL PROTECTED]
t; People with a need to multihome can get one.
>
Getting a /24 (or bigger) so that BGP is more than a theoretical
exercise, and convincing certain classes of ISPs that they wish to do
BGP, are the bigger hurdles. At least in the U.S.
--Jon Radel
[demime 1.01d removed an attachment of type a
use those 2 or 3 servers as their source. It's so easy to
remove single points of failure in this case that you might as well do so.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
mpressive. ;-)
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
ht
be confused with yours in commerce. You've just proven that Unix gets
confused with UNIX. ;-)
See http://tess2.uspto.gov/bin/gate.exe?f=tess&state=95mrtn.1.1 to look
"UNIX" up for yourself.
YMMV in other countries and I not be a lawyer.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
ed to dc2. You won't want to be using X.X.X.25 for dc0
anymore, but you could still use that address as a PAT address for
traffic coming from dc1.
If you have only the one server in your DMZ and want the easiest
solution, I'd go for option 1.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
unresolvable matters such as "is
making it harder for outsiders to map your network merely security
through obscurity, which is naturally below the dignity of any right
thinking network engineer, or does it have value in today's Internet?"
:-)
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
d substitution: kv
total revisions: 1; selected revisions: 1
description:
A test file
revision 1.1
date: 2006/11/27 16:39:47; author: jon; state: Exp;
Initial revision
=========
$
Thanks.
--Jon Radel
[EMAIL PROTECTED]
appropriate, and
when the material was written and last updated.
--Jon Radel
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
ially
if you mix NAT in. See
http://en.wikipedia.org/wiki/Session_Border_Controller for more,
including some nice references.
--Jon Radel
[EMAIL PROTECTED]
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
18 matches
Mail list logo