Well,
for cizcoeee switches, configuring DHCP snooping and Dynamic ARP
inspection could help (in order to armor switch against arp poisoning
or dhcp impersonation, ie. to be better protected against sniffing on
switch).
P.
On 11/14/05, bofh [EMAIL PROTECTED] wrote:
On 11/13/05, Joachim Schipper
Hi,
slightly OT, I created Frappr! openbsd map
(http://www.frappr.com/openbsd). Join it and well, we could see who
and where does use OpenBSD.
Regards
Petr R.
--
Security is decided by quality -- Theo de Raadt
Vsechno nejlepsi k narozeninam.
Happy birthday from Czech Republic :o)
Petr R.
Happy dirthday OpenBSD !
Do someting in Czech Republic and I'll be more that glad to pay you a
beer (or two :o)
Petr R.
On 10/14/05, Khalid Ahsein [EMAIL PROTECTED] wrote:
HAPPY BIRTHDAY OPENBSD
\ ^__^
\
Fully open now. But I will add a firewall+NAT and let you know.
Petr R.
On 8/31/05, Nino Margetic [EMAIL PROTECTED] wrote:
Petr,
Just one question: how do you firewall your WinXP machine? Or is it just
fully open (i.e. no firewall at at all)??
--Nino
On Mon, 29 Aug 2005, Petr Ruzicka
to $ext_if keep state
pass in on $ext_if proto udp from any to $ext_if port = isakmp keep state
Please note that all BSD's are 3.8-current, XP is without SP2, so
your situation could be different.
Summary : to my suprise everything work as expected :o)
Best regards
Petr Ruzicka
Oh I see, I previous message was meant as answer to original message
from Steve Murdoch.
XP with SP2 firewall on needs rules at all. If you have any other
firewall you basically need to allow esp protocol and udp port 500
(isakmp) to your IPSec GW and vice versa.
Regards
Petr R.
On 8/31/05,
Just to let you know, I spend better part of night configuring my old
setup in VMWare machines and everything work as expected.
I will try add NATing if I found time.
Best regards
Petr R.
On 8/23/05, Steve Murdoch [EMAIL PROTECTED] wrote:
Hi all.
I have several sites linked with ipsec on 3.7
Also check out sec, http://www.estpak.ee/~risto/sec/, it could help
with such (and more difficult as well) tasks.
Regards
Petr R.
Many people have noticed similar problems on their machines, and
there are a few more tools to react to the attacks:
I used to run OpenBSD BIND for a long time. After couple of patches I
decided to try djbdns and it was perfectly OK with me. As for
configuration as for simplicity as for function.
There are some features that are missing in djbdns but otherwise I do
run it for about 4 years (tinydns and dnscache
two more questions
- pix version ?
- is nat in use ?
Petr R.
11 matches
Mail list logo
