On 9/23/05, Csaba Nemes [EMAIL PROTECTED] wrote:
Hi all
it boots from an unofficial cdrom, but it doesn't find my cdrom
here is my dmesg:
Booting is done by the BIOS and once the OS comes up if you need to
use the CDROM your operating system should support it. (If you have
installed MS
Quoting Clint M. Sand [EMAIL PROTECTED]:
On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote:
People keep yammering this bullshit about Security is a process.
Bullshit! Lies! It's about paying attention to the frigging details
when they are right in front of your face.
On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote:
appreciable added risk. The only loose end is that sshd doesn't
currently log the RSA/DSA key that is used to gain access. Ideally it
Hu? Try
LogLevel VERBOSE
Best
Martin
--
http://www.tm.oneiros.de
[EMAIL PROTECTED] wrote:
Security is everything you've ever said, plus a process.
If it is secure, it doesn't need a process. So why would security be a
process again? Because of the vendors making mistakes and fix it later?
Jimmy Scott
It is a process in the same way that making toast is
Making is a process.
Toast is not a process.
- --- Original Message --- -
From: [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Fri, 23 Sep 2005 02:30:10
[EMAIL PROTECTED] wrote:
Security is everything you've ever said, plus a
process.
If it is secure, it doesn't need a
Hello,
is there any known problem related to em interfaces and carp? They take
25 seconds longer to switch status from master to backup compared to an
fxp one ...
Output of 'while true; do date; ifconfig| grep carp:; sleep 1;done'
while rebooting the master (=advskew 50):
Fri Sep 23
Hi list,
I have a odd problem with clamav.
I am following the openbsd 3.7 (release + fix) and i have clamav-0.86.2p0,
smtp-vilter and sendmail.
When a mail with a zip attachment arrives sometime i have the following
message in /var/log/maillog :
Milter: data, reject=451 4.3.2 Please try
I checked OpenBSD/i386, saw MegaRAID 320 was supported.
I intend to get a MegaRAID SCSI 320-1 Kit(3201064KIT) - per LSI LOGIC catalog.
Supported by 3.7 stable ?
Thanks.
Any chance the em's are on a switch doing spanning tree? Or that the
fxp port (on the master is set to port fast)? Sounds like STP locking
out the em ports on the master to me.
--Bill
On 9/23/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote:
Hello,
is there any known problem related to em
On Fri, Sep 23, 2005 at 09:08:28AM -0500, eric wrote:
First of all, thanks everyone for your replies. They are much appreciated.
On Thu, 2005-09-22 at 18:53:23 -0500, Marco Peereboom proclaimed...
Have you tried by any chance tried a 3.8 with aac enabled?
This seems to go wrong in em and
I have been working with a local OS friendly hosting company to add support
for OpenBSD. Unfortunately, they also support with Red Hat, SuSE, and
Apple, and these vendors offer an 'Open Source Indemnification', ostensibly
protecting against legal action from contributors.
Of course, the OBSD
Marco Peereboom wrote:
On Wed, Sep 21, 2005 at 02:05:31PM -0600, Tom Geman wrote:
I was hoping someone here could answer a few questions.
Can I install OpenBSD on this PV 220, or is it just a bunch of disks with
no processor?
This question is very ambiguous. You can't install
Martin SchrC6der [EMAIL PROTECTED] writes:
On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote:
appreciable added risk. The only loose end is that sshd doesn't
currently log the RSA/DSA key that is used to gain access. Ideally it
Hu? Try
LogLevel VERBOSE
Your eloquent reply aside,
Hi,
there is a problem with Intel ICH6-M chipset support in current snapshot
(2005-09-22), it doesn't recognize devices (eg. sata controller).
I've checked, that it should be supported in current.
dmesg
--
OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005
[EMAIL
On 23/09/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi all,
Is atheros driver supported under Alpha platform on OpenBSD 3.7??
--
CL Martinez
carlopmart {at} gmail {d0t} com
Why didn't you check, at least, www.openbsd.org/alpha.html?
IIRC there are scripts what will automatically add lines to your
hosts.deny file. Sorry, but I can't remember the names. I suggest you
also create some keys for yourself to use and disable password
authentication. With password auth disabled the attacks won't go be
more than an annoyance for the
Have snort or portsentry add those ips to a table in pf.conf.
--Bryan
On 9/23/05, John Marten [EMAIL PROTECTED] wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But
John Marten ([EMAIL PROTECTED]) dixit:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
sshd Invalid user somename from ###.##.##.###
why not use max-connections ? and dump them into a
table with no access. Or if this is a home machine just
move the port to some high port, most scripts wont bother
looking.
cheers
rm
John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess
On Friday 23 September 2005 02:40 pm, John Marten wrote:
There's got to be a better way, and I'm open to suggestions.
Use a non-standard port and/or public key exchange.
Chris
John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
sshd Invalid user somename from ###.##.##.###
input_userauth_request:
You could use connection throttling, it won't eliminate them, but it will
make it take longer. If you don't need ssh on that host (although, you
probably do, I'd be lost without it) disable it. You could bind sshd to a
different port, and disable port 22 (most of these attacks are automated
bots).
-
Original Message:
From: Bryan Irvine [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Friday, September 23 2005 09:55 AM
Subject: Re: is there a way to block sshd trolling?
Have snort or portsentry add those ips to a table in pf.conf.
--Bryan
On 9/23/05, John Marten
Use the tarpit patch that I wrote
http://www.linbsd.org/openssh-samepasswd.patch
-Ober
On Fri, 23 Sep 2005, Marcos Latas wrote:
On 23/09/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi all,
Is atheros driver supported under Alpha platform on OpenBSD 3.7??
--
CL Martinez
carlopmart
Thanks, my question was exactly about that, the lack of some hardware
support on 3.7 :-)
Nick Holland wrote:
Mariano Benedettini wrote:
I wrote last week, about some problems I've experienced with 3.7 GENERIC.MP
on a PowerEdge 1850 dual Xeon [1].
Some people suggested to try a 3.8 snapshot,
On Fri, Sep 23, 2005 at 11:40:36AM -0700, John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
You can change the port number in /etc/ssh/sshd_config . It's 100%
effective against that kind of bots.
Greetings,
Tomasz
Is there any way to accomplish this:
1. Use ssh with passwords internally (lan to lan connections)
2 Use ssh with publickeys externally (wan to lan connections)
...thanks!
J.D. Bronson
Off The Hook Phone Repair, Inc.
24 Hour Service // Free Estimates
For Fast Repairs: CALL US - IF YOU
My only question is what if I traceroute to you, find out the IP number of your
upstream router? Then I make a bunch of connection attempts to your IP but
forge the packets to make them look like they came from your upstream. Don't
*you* end up blacklisting your default route and you become
On Fri, 23 Sep 2005, L. V. Lammert wrote:
so WE all know this isn't an issue here, but, unfortunately, the hosting
company has lawyer(s) asking for similar 'Indemnification' for OBSD before
they will officially allow OBSD on premesis.
We've solved this in the past by running 'FooBSD' and
On Fri, Sep 23, 2005 at 08:28:29PM +0200, [EMAIL PROTECTED] wrote:
Hi all,
Is atheros driver supported under Alpha platform on OpenBSD 3.7??
no, but i would be really happy about a donated alpha to port ath(4)
to this platform ;).
reyk
On Fri, 2005-09-23 at 14:44:20 -0500, J.D. Bronson proclaimed...
Is there any way to accomplish this:
1. Use ssh with passwords internally (lan to lan connections)
Yes.
2 Use ssh with publickeys externally (wan to lan connections)
Yes!
...thanks!
Thank you!
You could use pf to block linux ssh access.
block in log quick on $EXT_IF inet proto tcp from any os Linux to port
22 label Blocked Linux ssh access:
That'll reduce it quite a lot.
John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess
J.D. Bronson wrote:
No. Its not answering wrong. It crossed my mind...but I am not sure I
can actually do this and if so, how do I specify the alternate config?
start is as 'sshd -f BLAH' ?
At 03:27 PM 9/23/2005, you wrote:
just a guess, but can you run two instances of sshd with
On Fri, 23 Sep 2005 11:40:36 -0700
John Marten [EMAIL PROTECTED] wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
sshd Invalid
Use the tarpit patch that I wrote
http://www.linbsd.org/openssh-samepasswd.patch
-Ober
-Ober
On Fri, 23 Sep 2005, Abraham Al-Saleh wrote:
You could use connection throttling, it won't eliminate them, but it will
make it take longer. If you don't need ssh on that host (although, you
Roy Morris wrote:
why not use max-connections ? and dump them into a
table with no access. Or if this is a home machine just
move the port to some high port, most scripts wont bother
looking.
Yup, I forgot to add that you can put another thing in that max-conn...
that handles the
On Friday 23 September 2005 03:15 pm, Mr.Slippery wrote:
That's how I handle this type of annoyance:
http://data.homeip.net/projects/ssh_wall.php
Slick. Er...slippery, that is.
just a guess, but can you run two instances of sshd with
different conf files? .. each binding to a specific interface?
is this answering a question with a question?
J.D. Bronson wrote:
Is there any way to accomplish this:
1. Use ssh with passwords internally (lan to lan connections)
2 Use
No. Its not answering wrong. It crossed my mind...but I am not sure I
can actually do this and if so, how do I specify the alternate config?
start is as 'sshd -f BLAH' ?
At 03:27 PM 9/23/2005, you wrote:
just a guess, but can you run two instances of sshd with
different conf files? .. each
Is it possible to get such a client running in passive mode using pf rdr/rules?
I understand that I can't use ftp-proxy for this b/c the PORT command coming
back from the FTP server is encrypted. Is there any way to do this? thanks
Tired of spam? Yahoo! Mail has the best spam protection
On Fri, 23 Sep 2005 21:55:12 +0200
Tomasz Baranowski [EMAIL PROTECTED] wrote:
You can change the port number in /etc/ssh/sshd_config . It's 100%
effective against that kind of bots.
Some intelligent scripts look at tcp responses to port scans, ssh
responds with SSH-2.0, which isn't too hard to
John Marten wrote:
There's got to be a better way, and I'm open to suggestions.
Use public key authentication to start with. It's very easy to setup and
much more secure than password authentication. With public key
authentication, passwords will never work. You might also want to make
it
From: J.D. Bronson [mailto:[EMAIL PROTECTED]
Is there any way to accomplish this:
1. Use ssh with passwords internally (lan to lan connections)
2 Use ssh with publickeys externally (wan to lan connections)
...thanks!
I can't think of a way to do it with the same user account, but you
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
My only question is what if I traceroute to you, find out the
IP number of your upstream router? Then I make a bunch of
connection attempts to your IP but forge the packets to make
them look like they came from your upstream. Don't *you*
--On 23 September 2005 15:05 -0500, [EMAIL PROTECTED] wrote:
My only question is what if I traceroute to you, find out the IP
number of your upstream router? Then I make a bunch of connection
attempts to your IP but forge the packets to make them look like they
came from your upstream.
The
John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
sshd Invalid user somename from ###.##.##.###
On Fri, 23 Sep 2005 13:45:45 -0700 (PDT)
Daniel Smereka [EMAIL PROTECTED] wrote:
Is it possible to get such a client running in passive mode using pf
rdr/rules?
I understand that I can't use ftp-proxy for this b/c the PORT command
coming back from the FTP server is encrypted. Is there any
[EMAIL PROTECTED] writes:
My only question is what if I traceroute to you, find out the IP number of
your upstream router? Then I make a bunch of connection attempts to your IP
but forge the packets to make them look like they came from your upstream.
Don't *you* end up blacklisting your
Hello.
I am still relatively new to openbsd.
I have followed the docs pretty closely, and seem to have a vice nice
system going. I have a couple snags, however.
One of them is that I am not getting any sound while I am running KDE.
I had the same problem running 3.6, I thought I would try
Achtung: Wenn Sie ein Skeptiker und f|r neue innovative Mvglichkeiten nicht
aufgeschlossen sind, dann sollten Sie diese Webseite verlassen!
Anderenfalls bewahren Sie sich einfach Ihr gesundes Ma_ an Misstrauen und
starten Sie.
That4s Business
450.000 Euro
in 7 Monaten mvglich!
Durch
Oh no!
My eyes must have slipped up the page! (I have the docs open on my
other machine, and I am going back and forth). I have been at this too
long! Thank you Mitja!
I actually did do it right the first time.. but it errored out.
Interesting that using the current didn't error out in the
'tcpdump -r /var/log/pflog' shows a lot of entries like this:
14:31:38.279681 33:0:0:0:0:0 3d:2:1:0:6e:65 null I (s=0,r=0,C) len=98
14:31:41.794668 33:0:0:0:0:0 3d:2:1:0:6e:65 null I (s=0,r=0,C) len=98
14:31:42.464382 33:0:0:0:0:0 3d:2:1:0:6e:65 null I (s=0,r=0,C) len=98
14:31:42.614922
just to add my $0.02. The best they could hope for would be disallowing your
default gateway from connecting to your ssh server... whoop-de-doo.
On 9/23/05, Wolfgang S. Rupprecht
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] writes:
My only question is what if I traceroute to you, find out the
From: Wolfgang S. Rupprecht
2) Forging the source IP in a TCP packet and succeeding in negotiating
the 3-way handshake isn't all that simple any more. I wouldn't
worry about it. If someone could forge that reliably, there is
much better game to go after (like breaking into machines
Spruell, Darren-Perot [EMAIL PROTECTED] writes:
From: Wolfgang S. Rupprecht
2) Forging the source IP in a TCP packet and succeeding in negotiating
the 3-way handshake isn't all that simple any more. I wouldn't
worry about it. If someone could forge that reliably, there is
much
L. V. Lammert wrote:
I have been working with a local OS friendly hosting company to add support
for OpenBSD. Unfortunately, they also support with Red Hat, SuSE, and
Apple, and these vendors offer an 'Open Source Indemnification', ostensibly
protecting against legal action from
dear all
i guess this is stupid question, but since i very young in the openbsd land, i
have a lof of question :
1. how important to make our system (OS and packages) always up-to-date (
except with security reason of course ), because some people says
you should update your system at least
Hi Ed thx for the reply. First I should mention that all non-ssl ftp traffic
works great through the firewall (setup according to FAQ on openbsd site).
My setup is:
my client - my nat'd OpenBSD - internet - remote ftp-ssl server
I don't have any control over the remote server. The client
Budhi Setiawan wrote:
dear all
i guess this is stupid question, but since i very young in the openbsd land,
i have a lof of question :
1. how important to make our system (OS and packages) always up-to-date (
except with security reason of course ), because some people says
you should
On Friday 23 September 2005 14:40, John Marten wrote:
You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
sshd Invalid user somename from
On Fri, 23 Sep 2005, nate wrote:
ok thats the kind of info I wanted to hear, so kernel
space can go up to ~300MB ? is this a tunable
paramter anywhere or is it hard coded?
it is actually 768MB on i386, but you can't use anywhere close to all of
it for pf states. it is hard coded.
is this
Some intelligent scripts look at tcp responses to port scans, ssh
responds with SSH-2.0, which isn't too hard to identify. I don't know if
changing the greeting would break the protocol, but I suspect it might
break certain clients.
I wonder if it's possible to fingerprint these programs. I
On Fri, Sep 23, 2005 at 08:24:15PM -0700, Bryan Irvine wrote:
Some intelligent scripts look at tcp responses to port scans, ssh
responds with SSH-2.0, which isn't too hard to identify. I don't know if
changing the greeting would break the protocol, but I suspect it might
break certain
63 matches
Mail list logo
