Hi Folks I have OpenBSD 5.8, with patches up to 008 (presumed - I downloaded the FuguIta ISO on 2nd Dec 2015). By choice I don't have any hard drive. There's 2 GB of RAM.
I now have a TCP connection that remains in the ESTABLISHED state. It's lasted a week, so far. tcp 0 0 192.168.2.1.16327 184.106.110.184.https ESTABLISHED That doesn't change, even when the Ethernet TP cable is removed from the platform. An interesting set of messages in /var/log/messages Mar 14 09:00:01 wdt syslogd: restart Mar 14 09:03:08 wdt dhclient[4858]: send packet: No buffer space available. Mar 14 09:03:42 wdt last message repeated 5 times Mar 14 09:09:09 wdt last message repeated 3 times This message seems to repeat all day long, judging by the earlier entries. The situation has arisen as a result of some hacker sending specially-crafted packets. If I reboot the PC, he will do that again. Therefore if I get the right logging in place I can provide a more detailed report to the OpenBSD project. Hopefully this would lead to isolation of and patching of a bug. The browser is NetSurf 3.3 running as a limited user that I created. I get the impression that hackers have a list of known vulnerabilities for all OSes and all browsers. I see this as an opportunity to remove one of the known vulnerabilities from their list. I'm familiar with tcpdump and could capture that trace. If there's anything else you'd like to inspect on the platform in its current state then please let me know. Can you please recommend an ideal set of logging for when I repeat this exercise, after a reboot ? Cheers Alan K
