On 10/13/06, Alexander Belikov <[EMAIL PROTECTED]> wrote:
I want to fix a problem on one of my servers. The problem is 2 admins
1 server :( Both of us have a root access to it. It was a will of our
Top Managment..
Social problems will never be wholly resolved by technical solutions.
Speak to m
On 10/7/06, Rolf Sommerhalder <[EMAIL PROTECTED]> wrote:
As pointed out earlier, this does the trick. Now, I try to contribute
a proper patch which discriminates between Geode CPUs in Nokia and
WRAP & Soekris boards in order to call an appropriate reset function.
I have quite a few Nokia IP1x0
On 8/27/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
Actually, you got it the wrong way round - nmap assumes a port is
filtered when it gets no response.
You're correct, an oversight on my part.
From the nmap man page (which I clearly failed to read):
'Filtered means that a firewall, filte
On 8/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
For some reason, I'm not "getting it" when it comes to pf... Two
things I can't figure out: (1) filtered vs blocked for some TCP
ports and (2) rules for tun0, my vpn interface.
First, my /etc/pf.conf:
int_if = "vr1"
ext_if = "vr0
On 8/24/06, Anton Karpov <[EMAIL PROTECTED]> wrote:
Removing compiler doesn't bring much more security to your system, but it
can make it a little bit safer. Very little bit, but safer. I mean, if your
system has local root hole, for example, in this case cracker should
compile his sploit someth
On 8/4/06, Hasan USTUNDAG <[EMAIL PROTECTED]> wrote:
http://www.bsdforums.org/forums/showthread.php?t=33480
script works fine for me.
You can also use ping to check host availibilty or perl module
Net::Telnet to check port availibilty for other protocols.
That pf.conf looks ok, but his script i
On 8/4/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
I have a bktr(4) card with an onboard NTSC tuner. I can't control
the bktr(4) setup channel and broadcast type because there is no radio(4)
device attached, probably? because the auto-detect of the tuner failed?
My plan is to pull the card, and
On 8/3/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
I'm getting the following error when I try to access my bktr(4) card.
$ sudo radioctl -f /dev/bktr0 -a
radioctl: RIOCGINFO: Inappropriate ioctl for device
I was trying to set the tuner to cable/NTSC/channel#.
OpenBSD 4.0-beta (GENERIC) #1036
On 8/2/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
We like to do things with commodity
hardware, well let's just say that are "interesting", right now we want to
push wireless across a "desert", with gear we don't care about losing.
It sounds fascinating -- do keep us updated on how OpenBSD
fi
On 8/2/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
Thank you for your concerns, but I can honestly say I have access to some
of the best machine tools in the world.
You're welcome, and I've blessed every last soothsayer's soul that has
told me exactly that! Nevertheless, I suppose your ... r
On 8/2/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
On Tue, 1 Aug 2006, pedro la peu wrote:
> If that combination is necessary a ralink radio is likely a poor choice.
I could do it with bi-quads only on either end but by using the parabolic
I focus the radio signal minimimizing other radios seei
On 7/28/06, Carlos A. Carnero Delgado <[EMAIL PROTECTED]> wrote:
In the mean time, I'd like to keep ftp-proxy running most of the time.
What do you guys use/recommend to watch if a process dies and restart
it?
More to the root of the problem, have you turned on verbose debugging
output to see i
On 7/23/06, NetNeanderthal <[EMAIL PROTECTED]> wrote:
On my todo list are the following:
Put in a PCI video card or attach to the onboard header to have a look
at the BIOS information, but I don't have the necessary parts/pieces
on-hand at the moment.
For the record, I am posti
On 7/24/06, Steve Fairhead <[EMAIL PROTECTED]> wrote:
In general terms, a watchdog is a hardware device that resets the CPU if
it's not "kicked" regularly e.g. every few hundred milliseconds. It should
not be disableable in software; i.e. the code "going off in the weeds"
should not be able to di
I finally got my hands on one of these beasts after seeing it
'supported' by someone on the m0n0wall forums (circa 2003) and decided
to see what it takes to upgrade its hardware and retrofit it with a
modern operating system -- OpenBSD of course. I'm providing this
eMail as a bit of a prod for so
On 7/3/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
On 7/3/06, Giancarlo Razzolini <[EMAIL PROTECTED]> wrote:
> pfctl -sI -vv shows you if an interface is skipped or not.
-w is not documented in pfctl(8). What does it do?
It most certainly is.
Try -vv ('v' 'v', as in 'victor' 'victor'), avoid
On 6/26/06, Kevin <[EMAIL PROTECTED]> wrote:
an official CD set with each order). Anything else I should ask about?
How about dmesg output?
On 6/26/06, Ajith Kumar <[EMAIL PROTECTED]> wrote:
I am able to send and receive mails . But if there is any attachment which
is bigger than 64 KB, i am not able to send.
I am pasting the pf snippet here.
PF does not regulate the size of eMails. Did you see an entry in your
PF log about a bloc
On 6/21/06, John Brahy <[EMAIL PROTECTED]> wrote:
What are my other options? I'd like to have it automatically fail over but
I'm not sure what is required to do that.
Have you considered using a WAN card for your T1 natively on OpenBSD?
As well, you might have a look at ifstated(8) if that's the
On 6/13/06, Hank Cohen <[EMAIL PROTECTED]> wrote:
Folks,
There has been some discussion of late on this list about Hifn's policy
with respect to releasing documentation to the general public. That
discussion lead to a great deal of uninformed speculation and
unflattering statement's about Hifn's
On 6/2/06, Winston <[EMAIL PROTECTED]> wrote:
I have tried the following command to get the hw crypto to work:
openssl speed des-cbc -engine cryptodev
But the result I got is pretty much the same if I don't specify the
cryptodev engine.
The crypto card I have is hifn7956.
Who made the card you
On 5/9/06, Ashley Moran <[EMAIL PROTECTED]> wrote:
I'm trying to put together a firewall for our DMZ and internal network. For
some reason, a server in the DMZ can only hit the external DNS server if it
has keep state on the DMZ interface. Basically the following (relvant
extract) blocks acces
On 5/2/06, jared r r spiegel <[EMAIL PROTECTED]> wrote:
i am not asserting that the compromise-pack did not have
a precompiled sshd binary for openbsd ( the prior hop
up the compromise chain in this case was a debianlinux ),
but if it didn't, it may not have rooted machine B.
This is a
For those of you who are waiting on me to finish testing for OpenBSD
3.9 on the Nokia IP330 firewalls, it appears that the dirty hack that
worked on 3.8 works on 3.9 as well. The main deterrent is that
OpenBSD can't locate a serial port to use as its console, thus giving
the dreaded 'entry point
On 4/24/06, patrick ~ <[EMAIL PROTECTED]> wrote:
> Since I didn't get any reply, I decided to do more digging
> on my own. Although, I didn't even get my pre-dawn misc
> digest either, so maybe something is wrong with the mailing
> list(s).
Not likely; however, you failed to post your entire dmesg
On 4/18/06, Han Boetes <[EMAIL PROTECTED]> wrote:
> More ellegant is:
>
> if ! ifconfig -a | grep -q tun0; then
Yet another way to write this: (Though not quite as readable?)
ifconfig tun0 >/dev/null 2>&1 && ifconfig $_ destroy
On 4/9/06, Vijay Sankar <[EMAIL PROTECTED]> wrote:
> Leonardo Rodrigues wrote:
> Looks like you may want to do a "rdr pass" since otherwise you are doing
> a "block drop in quick" to all priv_nets and your W2K3 server is on one
> of those nets.
Unless you're assuming the connection was sourced fro
On 4/9/06, Leonardo Rodrigues <[EMAIL PROTECTED]> wrote:
> Hello everyone!
>
> I'm having a bit of trouble trying to access a Windows 2003 server
> that is behind an OpenBSD 3.9 -current firewall.
>
> From the LAN, I can remote access the 2k3 server easily, by just
> opening the mstsc and entering
On 3/29/06, Isaac Levy <[EMAIL PROTECTED]> wrote:
> On 3/28/06, NetNeanderthal <[EMAIL PROTECTED]> wrote:
> > [EMAIL PROTECTED] ~]$ man -k python
> > python: nothing appropriate
>
>
> Is your python install broken?
It must be. I checked four other default Op
On 3/28/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
> Well you could always script it:
>
> #dhcpmeep.py
> after it. Of course, it does this in a very bad (and untested) way,
> but you get the idea.
[EMAIL PROTECTED] ~]$ man -k python
python: nothing appropriate
On 3/26/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> My questions are:
> Is it normal for the above server to idle for 50-70% when there is 50Mbit
> network load and 25000 states?
> Is there a way to make it idle even more and lower the interrups? How?
> If the average network load increases t
On 2/26/06, Josh Archambault <[EMAIL PROTECTED]> wrote:
> It appears that no one has tried OpenBSD on this board yet, but the
> prospect of a mini-itx board with 1G VIA chip and 4 Ethernet interfaces
> for less than $200 was interesting enough to me that I bought one
> anyway.
Agreed, they have a s
On 2/25/06, Luke Eckley <[EMAIL PROTECTED]> wrote:
> All documentation I have seen about configuring pf on a bridge states
> to pass in/out all on one interface and filter in/out on the other.
>
> Why not just 'set skip on { lo, $bridge_int_1 }', then filter on
> $bridge_int_0?
Why not filter inbo
On 2/11/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Tobias Weingartner wrote:
>
> I'm outa my depth here, but seems that any implementation
> of something like sudo that belongs to the shell
> is an open invitation to security disasters.
It takes a deliberate act to enable sudo for users in
On 1/22/06, Scott Francis <[EMAIL PROTECTED]> wrote:
> you mean, aside from including man38.tgz? What else are you looking
> for? There's some docs on their website, but why would you need
> anything beyond what ships with OpenBSD? There's a man page for
> everything, and while they don't include a
On 1/20/06, Paul Connally <[EMAIL PROTECTED]> wrote:
> Box with pretty MRTG fonts and graphs:
> 1) OpenBSD 3.5
> 2) MRTG installed via package
> 3) RRDtool compiled locally (1.0.49)
> Box with UGLY MRTG fonts and graphics:
> 1) OpenBSD 3.8
> 2) MRTG installed via package
> 3) RRDtool installed via
On 1/18/06, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote:
> On Wed, Jan 18, 2006 at 11:20:55AM +0100, Joachim Schipper wrote:
> Forget about openvpn, there's no need to fiddle around with third
> party stuff.
OT: OpenVPN has its purposes, though this particular scenario
shouldn't be one of them. On
On 1/19/06, Scott Francis <[EMAIL PROTECTED]> wrote:
> Surprisingly, nobody else has mentioned this on-list yet (perhaps
> because it's been all over the news elsewhere):
> http://news.google.com/news?hl=en&ned=us&q=anonym.os&btnG=Search+News
It was reported on undeadly.org.
> I'm not in the leas
On 1/17/06, Vmctor Gonzalez Salcedo <[EMAIL PROTECTED]> wrote:
> i don't know which hardware will we use, and definitly i'm talking about TCP
> packetes.
> do you know how can i obtain yield statistics, what software can i use?, or
> somewhere there this kind of analysis.
http://www.openbsd.org/fa
On 1/14/06, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> I didn't spend to much time on this one, but I think the above should
> give you an idea as to how to go about it. Might work just as is if you
> add the ports you want to protect inside your LAN, or may need some
> minor changes, but it is su
After searching through http://openbsd.org/i386.html#hardware and
ath(4), I believe I have a currently (as of the latest snapshot)
unsupported USB 2.0 802.11b/g adapter, the Airlink 101 Super G, based
on the Atheros AR5523. The manufacturer's web site is located at
http://www.airlink101.com/produc
In http://openbsd.org/i386.html, I see that the GTGI PowerCrypt 5x is
supported in OpenBSD, and based on the HiFn 7956 security processor.
Does anyone know where to source one of these boards, or must I submit
a quote and sign half a dozen NDAs from GTGI to get one? Soekris has
had their HiFn 795
On 12/16/05, Joe S <[EMAIL PROTECTED]> wrote:
> I've had the same problem for years. :)
> Finally tossed the box. I'm going to regret that move if a solution is
> found. :(
Yes, the solution (read: hack) works and I've verified it with with a
few other people and several units of my own. Throughpu
Ok, here's my quick and dirty hack to get OpenBSD operating on a Nokia
IP330. Please bear in mind that this is not a fully correct solution,
only a hard-coded workaround for legacy hardware.
- relocate the Nokia hard drive into a surrogate machine
- Install OpenBSD 3.8, be sure to include comp.tg
Here is the world's first (that I know of) Nokia IP330 dmesg from
OpenBSD 3.8. Some parts are missing as I've been hacking on the
kernel, boot, and biosboot all night so a real 'fix' will follow this
message after I clean it up a bit and figure out exactly which of the
nasty hacks I used made it p
Would it be possible to modify the following values in
/usr/src/sys/arch/i386/conf/GENERIC to match that of FreeBSD's
GENERIC.hints, then recompile? The biggest challenge is the lack of
debugging/diagnostic information or a way to get to it.
>From OpenBSD
-
#option "KGDB_DEVNAME=\"pcc
Here is an original Checkpoint FW-1 (IPSO 3.7 I believe) dmesg:
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Resizing packet buffers: mbufs 15360 clusters 14000
releng 1217 10.15.2003-024500
CPU: 399-MHz K6-2 (586-class CPU)
On 12/13/05, NetNeanderthal <[EMAIL PROTECTED]> wrote:
> FreeBSD 6.0 dmesg
> ---8<---
> Copyright (c) 1992-2005 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> The Regents of the University of California. All rights
Hi misc@,
Background
I am yet another Nokia IP330 owner seeking help to put a real
OS/Firewall onto one of these devices. I have a handful of these at
my disposal, all with AMD K6-2 400MHz CPUs, 1 SDRAM bank with 256MB of
CAS2 PC100 ECC SDRAM (the other is empty), 2xdc NICs, 3xfxp NICs,
Primary I
49 matches
Mail list logo