On 21/11/13 00:54, John Hasler wrote:
The CAcert certificate is included by Debian, most other Linux
distributions, and by OpenBSD. It is at least as trustworthy as most
commercial certificates.
That's mainly because Microsoft accepts so many obscure certifiers by
default and. However, as I
Rob nom...@example.com writes:
Uwe Klein u...@klein-habertwedt.de wrote:
However, what I don't understand is why an IPv6 address does not fit
into a struct sockaddr, and why this fact is so badly documented.
It took me a lot of time to find why my queried IPv6 addresses were
truncated.
Uwe Klein u...@klein-habertwedt.de wrote:
However, what I don't understand is why an IPv6 address does not fit
into a struct sockaddr, and why this fact is so badly documented.
It took me a lot of time to find why my queried IPv6 addresses were
truncated.
struct sockaddr was a catch all and
Casper H.S Dik casper@orspamcle.com wrote:
Rob nom...@example.com writes:
Uwe Klein u...@klein-habertwedt.de wrote:
However, what I don't understand is why an IPv6 address does not fit
into a struct sockaddr, and why this fact is so badly documented.
It took me a lot of time to find why
mike cook wrote:
I plugged certificates into the NTF web sites search box
and got no hits. Is there a policy doc on this?
As a comment to lead OL. We are now in a situation where
we can only trust our enemies. CAcert.org is an Australian
based org IIRC.
They are in the same Trust
On Thursday, 21 November 2013 11:42:39 UTC-5, Rudolf E. Steiner wrote:
Hi.
We have strong reflection-attacks on our public timeserver (ntpd 4.2.6p5).
The strange behavior is the server received one packet and sends 100 packets
to the target.
Incoming packet:
-
Hi.
We have strong reflection-attacks on our public timeserver (ntpd 4.2.6p5).
The strange behavior is the server received one packet and sends 100 packets
to the target.
Incoming packet:
- begin -
Network Time Protocol (NTP Version 2, private)
Flags: 0x17
0... = Response bit:
On 11/21/2013 08:42, Rudolf E. Steiner wrote:
Hi.
We have strong reflection-attacks on our public timeserver (ntpd 4.2.6p5).
The strange behavior is the server received one packet and sends 100 packets
to the target.
Yes, this is becoming increasingly common, and everyone operating NTP
Now that I've had some quality time with Wireshark, I can confirm that I'm
seeing exactly what Rudolph was seeing. Since implementing Michael's
suggesting, I'm still getting the packets, but not responding to them.
That will do for now...
Ian
___
Michael Sinatra wrote:
I believe the key command is 'noquery' which means that the server can't
be queried for information (it does NOT affect the server's ability to
respond to time requests).
That's it. To simple. RTFM! :-(
I have deleted noquery at the time of installation. I thought it
在 2013年11月20日星期三UTC+8上午8时17分32秒,David Woolley写道:
On 19/11/13 08:41, Brian Inglis wrote:
Someone else asked: what are you trying to do by changing this parameter?
The defaults have been set based on running and simulating different
control
algorithms, settings, and scenarios.
On 11/21/2013 8:27 AM, John Hasler wrote:
mike cook writes:
As a comment to lead OL. We are now in a situation where we can only
trust our enemies. CAcert.org is an Australian based org IIRC. They
are in the same Trust league as the US, UK, CAN, all of whom have
proved to be woefully lacking in
mike cook writes:
As a comment to lead OL. We are now in a situation where we can only
trust our enemies. CAcert.org is an Australian based org IIRC. They
are in the same Trust league as the US, UK, CAN, all of whom have
proved to be woefully lacking in probity.
Are you afraid that the NSA is
Rob nom...@example.com wrote:
You need to jump through different hoops now, and the man page will
tell you *nothing* about that. Neither will the abundant examples on
the net. You will need to bump into exactly the right comment on an
obscure forum (as it is today...) to know about
David Woolley writes:
Actually I would expect the name on their root certificates, the
generic Root CA to send warning bells to anyone who was security
conscious, but not already familiar with them.
Anyone who is really serious about security will accept certificates
only in person, by hand
On 2013-11-21, Greg Troxel g...@ir.bbn.com wrote:
From: E-Mail Sent to this address will be added to the BlackLists
Null@BlackList.Anitech-Systems.invalid
I might have sent this by private mail, but the sender is both stating
they will ignore replies and being anonymous.
Two
On 2013-11-21, Michael Sinatra mich...@rancid.berkeley.edu wrote:
There are several ways, but having a basic 'restrict' statement in
your config like this will help mitigate [reflection attacks]:
restrict default noquery nomodify notrap nopeer
restrict -6 default noquery nomodify notrap
17 matches
Mail list logo