CanSecWest/core02 reminder
Hello to those of you I haven't talked in a while, and last two years conference attendees. (Sorry if you get two copies of this, it means you've either got two ids in my addressbook or my perl hash script-foo is not leet enough. :-) This is a quick note to remind you that the deadline for reduced fares for travel to Vancouver for the CanSecWest/core02 conference in Vancouver is coming up so if you haven't booked your ticket, or taken advantage of the lower registration rates this month Also agenda details and a schedule will be posted shortly at http://www.cansecwest.com cheers, --dr -- --drhttp://dragos.com/dr-dursec.asc CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Re: Sysadmin article
I would heartily endorse having the out of the box FreeBSD install be tuned better... Sysadmin can't be knocked for not doing the tuning as running an out of the box config is what a vast majority of users do, imho, so their performance tests and the poor results from FreeBSD are perfectly valid indication of what can be expected without tuning. Softupdates on by default sounds great to me, as I can't think of any common situations that would be hurt by it. But I'm sure someone will correct me if I'm wrong on this. Now if we could only speed up SMP too... cheers, --dr On Friday 15 June 2001 04:23, Robert Watson wrote: On Fri, 15 Jun 2001, Alfred Perlstein wrote: * Rajappa Iyer [EMAIL PROTECTED] [010614 22:23] wrote: http://www.sysadminmag.com/articles/2001/0107/0107a/0107a.htm Any obvious reasons why FreeBSD performed so poorly for these people? Because they did benchmarks on systems without tuning. A simple email to the lists asking for help would have probably done a world of difference. There was some discussion of this on freebsd-advocacy yesterday and today, and it sounded like it came down to poor tuning (not enabling soft updates, et al) in combination with a heavy reliance on threading, where we currently don't do so well. A question I posed on -advocacy was when, if ever, we should consider simply enabling soft updates by default on non-root file systems. We claim that soft updates improves both performance and reliability (at the cost of increased kernel complexity), making it a prime candidate for the limelight. Would people be opposed to a change to sysinstall so that (once we're clear that soft updates has stabilized in -CURRENT) such that selecting the default partitioning enables soft updates on any file system not mounted as / unless specifically toggled off? How about other tuning: we've previously discussed increasing the default max socket buffer sizes, for example, to allow better tuning for faster network segments. The point has been made that on FreeBSD, we select somewhat conservative (safe) settings by default, and give admins the option to trade off safety and performance as they see fit. On the other hand, there may be further changes we can make that stay well within the realm of safe, yet improve default performance helping us out on Joe Blow's Untuned Performance Test (as you know, many performance tests in popular media don't involve consulting the authors of the code first for tuning help). Likewise, we've gradually been shifting in stance from a we want to run well on tiny systems to we recognize that memory is cheap, and performance is important, let the little guys do more tuning than the medium guys. Robert N M Watson FreeBSD Core Team, TrustedBSD Project [EMAIL PROTECTED] NAI Labs, Safeport Network Services To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-hackers in the body of the message
Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
agement. Packets are quickly saved on file, therefore buffers are freed and the incoming packets can be received with a small number of drops. FreeBSD is the clear looser because of its different buffering architecture that is not able to sustain heavy data rates. Notice that WinDump has been launched with the standard kernel buffer (1MB); in presence of heavy traffic the size of this buffer can be increased with a simple command line switch, improving further the overall performance of the system. Our conclusions are that BPF architecture for Windows performs well, that the dynamic buffer improves effectively the overall performances and that, among all the Windows flavors, Windows 2000 is the best platform for an high performance network analyzer. -- Dragos Ruiu [EMAIL PROTECTED] dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: TCPDUMP patch v1.1 and AppleTalk
On Tue, 07 Nov 2000, Kris Kennaway wrote: On Tue, Nov 07, 2000 at 01:56:21PM +0100, Konrad Heuer wrote: After patching and installing, tcpdump can't be used anymore since it puts very heavy load onto the network via xl0 and AppleTalk broadcast messages (one message each 0.2 ms). Sorry, in the moment I don't know more details ... tcpdump shouldn't be sending any appletalk packets, I thought (I may be wrong, never used it on an appletalk network). Are you sure this is the problem? I've never run this kind of a scenario here so I'm speaking from a vacuum of knowledge and pure conjecture... ;-) but could it be generating packets through name resolutions ??? Does it still generate the packets with -n ? cheers, --dr To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Not a virus warning. This message is declared safe by Dumbscan2000
This mail message was not automatically generated by our Stupid2000 release of Dumbscan which did not find any virus infected files in the (0) or more attached file(s) in this message(s) in this/these posting(s). As such it seems to be an exceptional condition and we are choosing to respond to everyone and their dog to notify them of this rare occurence for this list. Should any other actual highly rare human generated messages be detected on this otherwise mail robot dominated list, our software will definitely notify you of this extraordinary occurence and deliver a novel form of list managed DoS through automated replies and thereby guarantee that your supply of highly repetitive robot messages is not put in jeopardy. We now return you to your regularly scheduled robots... -- Dragos Ruiu [EMAIL PROTECTED] dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Possible undelete
On Tue, 10 Oct 2000, Adam Klinkel wrote: I'm sorry for bothering. I created a static link to a users directory; ln -s /usr/home/user user in my directory to do some work with some of his files. Once I had completed the work, I typed rm -r user/ . You can see my situation already I'm sure. I meant to type rm user to remove the link. Is there anyway I can retrieve the files? Unfortunately I cannot unmount the device because it hosts critical applications. Check out the unrm/lazarus tools in Dan Farmer's and Wietse Venema's The Coroner's Toolkit (TCT) http://www.porcupine.org/forensics/tct.html --dr To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Possible undelete
On Tue, 10 Oct 2000, Dragos Ruiu wrote: Is there anyway I can retrieve the files? Unfortunately I cannot unmount the device because it hosts critical applications. Check out the unrm/lazarus tools in Dan Farmer's and Wietse Venema's The Coroner's Toolkit (TCT) http://www.porcupine.org/forensics/tct.html --dr Oh and you'll have better mileage if you try to keep the disk as quiet as possible before. Compile TCT on another machine or the make could start walking over the files you're trying to save. cheers, --dr -- Dragos Ruiu [EMAIL PROTECTED] dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: What's the best PCMCIA Ethernet card?
On Sun, 10 Sep 2000, Stephen Hocking wrote: Hi, I'd just like to say that I dont think non cardbus cards are capable of doing more than 10bt speeds even if it talks 100bt. I have not met one that did and I assume it is a limit of the pcmcia design. Just warning you not to waste your money on one if you get near 10bt speeds already. Benchmarked Host laptop, Sharp Acius A100 233 MMX, OS Linux Two cards same type/mfgr, cardbus and non-cardbus (linksys EtherFast): -Non Cardbus: 16Mbps transfer rate -Cardbus: 32Mbps transfer rate ymmv, --dr -- dursec.com ltd. / kyx.net - we're from the future pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D pgp key: http://www.dursec.com/drkey.asc To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: GPS heads up
On Wed, 03 May 2000, Matthew Dillon wrote: Ok, this has nothing to do with FreeBSD, but I just had to post something since nobody else has. Actually this is pretty relevant to network applications Here is some more info from a mailing list I maintain of tech clippings and other such geek stuff This has big implications for network applications as GPS is now sufficiently accurate to time even high speed ATM (I believe you need 14ns accuracy to sychronize to 53 byte cells on an OC3). cheers, --dr -- Forwarded Message -- Subject: kyxspam: GPS descrambled Date: Wed, 3 May 2000 10:55:47 -0700 From: Dragos Ruiu [EMAIL PROTECTED] (Ok, I'm a network guy, why should I give a flying donut about GPS descrambling? Well one of the big blocks to using GPS receivers to synchronizing clocks on sniffers for high speed networks was the timing uncertainty they injected to allow military units to be more accurate than consumer ones. It was possible to use consumer GPS for high-speed capture synchronization before IF you bought expensive $3-10K differential GPS units that linked to multiple satellites and made multiple measurements to remove inaccuracies - making it unfeasible for distributed systems on cost. The impact of this new decision means that a whole bunch of new applications are now possible with consumer stuff with costs in the hundreds of dollars and not thousands. This now becomes a perfect method for synchronizing those distributed gigabit net appliances. Cool... --dr) url: http://geography.about.com/education/geography/library/weekly/aa050400a.htm President Turns Off GPS Selective Availability Dateline: 05/02/00 In plain English, we are unscrambling the GPS signal. It's rare that someone can press a button and make something you own instantly more valuable, but that's exactly what's going to happen today. All the people who bought a GPS receiver for a boat or a car, or their riding lawn mower or whatever, to use in business and in recreation, are going to find that they're suddenly 10 times more accurate as of midnight tonight. - Dr. Neal Lane, Director of the Office of Science and Technology. With SA activated, you really only know if you are on the field or in the stands at that football stadium; with SA switched off, you know which yard marker you are standing on. - Comparison of Positions With and Without Selective Availability. If you take a look at your handheld or automobile Global Positioning System (GPS) unit today, you'll notice that it's much, much more accurate now than it was on May 1. The reason? U.S. President Bill Clinton ordered Selective Availability (SA) turned off at midnight May 1 (Coordinated Universal Time). Now, civilian GPS users around the world will no longer experience the up to 100 meter (approximate 300 feet) random errors that SA added to keep GPS a more powerful tool for the military. Today, GPS units are accurate to within 20 meters (approximately 60 feet); although in good conditions, units should display an error of less than 10 meters. In 1998, President Clinton directed that SA should be turned off between 2000 and 2006. Fortunately, it happened early in that range of years. The U.S. military was able to quickly develop and test their ability to selectively block accurate GPS transmissions in areas of conflict or where U.S. security was at risk. When the U.S. Air Force Space Command turned off SA last night, GPS became incredibly accurate for the entire planet. GPS operates through the use of 24 satellites, paid for by the U.S. government but free for the world to use, that are orbiting the earth. The satellites broadcast extremely accurate time signals (accurate to within 40 billionths of a second) using their onboard atomic clocks. GPS units on the earth triangulate the time signals from the satellites to provide location, velocity, and elevation of the units themselves. When Selective Availability was on, GPS units received a scrambled signal from the satellites, which hindered private and commercial use of GPS. The current worldwide GPS industry is estimated to be approximately U.S. $8 billion and there are about four million GPS users worldwide. Now, experts expect that the demand and use of GPS will skyrocket, leading to $16 billion industry within three years. Use of GPS in a variety of areas has automatically been vastly improved. For example, automobile GPS units and mapping software under SA would often place the car one to two blocks from its actual location; today, GPS can tell which side of the freeway a car is on. GPS is actually now more accurate than the accuracy standard for United States Geological Survey topographic maps so outdoor enthusiasts should truly appreciate the new accuracy of their GPS units. Soon, the U.S. Federal Communications Commission will require location determination technology in cellular phones for use in emergencies as part
Re: Spammage: I Surf, YOU GET PAID!!!!!! Promise
I would recommend that everyone who received this forward it back to Mr. Pio at [EMAIL PROTECTED] to make the point that this is unacceptable behaviour. Just once each should suffice, and not contravene any usage policies :-). I did... Call it distributed spam negative reinforcement. :-) :-) :-} Let's hope this will be sufficient to reinforce the lesson about what not to do on public technical mailing lists. cheers, --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/EY, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Mouse Sync Problems with KVM
I'll try asking here now I have a freebsd system(3.4S) on a KVM and every time the monitored system is switched, the mouse driver gets fuxored, and when you switch back to the system the driver starts outputting oodles of the following messages to syslog every time the mouse is moved: Apr 26 18:49:45 kyxbot /kernel: psmintr: out of sync (00c8 != 0008). Apr 26 18:49:45 kyxbot /kernel: psmintr: out of sync ( != 0008). mouse type is PS/2 Has anyone seen this before? Or do I have to get down and dirty with the driver? This may be an issue with the KVM switch because it does this on two different 3.4 systems on different KVMs, both KVM brands are identical(masterview)... But the KVM works with Wintendo/NT, Linux and OpenBSD just fine... on the same HW. thank you, --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/EY, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Mouse Sync Problems with KVM
On Thu, 27 Apr 2000, Kazutaka YOKOTA wrote: I have a freebsd system(3.4S) on a KVM and every time the monitored system is switched, the mouse driver gets fuxored, and when you switch back to the system the driver starts outputting oodles of the following messages to syslog every time the mouse is moved: Which model is it? I suspect it is one of those mice with the "wheel". Yep, Logitech TrackBall... love them because they are optical and easy to clean. Yep, it has the stupid wheel I hate it But no-one sells the old model without it. (I find it uncomfortable and long for the simple old middle button) Well, if the mouse works fine when you directly connect the mouse to the host computer, but it doesn't work as expected when you use a KVM, I would say the KVM is not compatible enough and is the cause of the problem Some other KVMs are said to be smart enough to remember settings or understand wheel mouse protocols, and are free from such problem. But, the fact is, it appears that the firmware in many KVMs knows very limited number of various protocols (IntelliMouse protocol is not the only wheel mouse protocol in the market, you know), and can be easily confused and is not able to forward mouse data properly in a timely manner to the host computer. Mouse works fine until you switch Yes, KVM is a smart one that spoofs monitor/mouse... but it you hit it on the nose when you said that it doesn't recognize anything beyond a simple set of drivers... as a matter of fact it makes the wheel inoperative even on Wintendo with the special Logitech drivers. I wonder how many KVM products can handle dual-wheel mice from A4 Tech, IBM ScrollPoint mouse, and Logitech wheel mice when their proprietary drivers are installed in W*ndows95/98... None that I've found :-( But the KVM works with Wintendo/NT, Linux and OpenBSD just fine... on the same HW. If your mouse is a wheel mouse, do you have its driver installed on NT? If it isn't, the mouse is just acting as the standard 2 button mouse without wheel's functionality. That's why you don't see any problem with NT. The PS/2 mouse drivers in Linux and OpenBSD do not detect and initialize the wheel mouse. XFree86 servers try to activate the wheel, if you specify an appropriate wheel mouse protocol in XF86Config. I suspect you will see the mouse cursor go crazy if you switch KVM away from and back to the Linux/OpenBSD box while running the X server in this case. Doesn't go crazy... just starts to lose button input, and movements quickly saturate syslog with a zillion alternating (different dammit so the duplicate entry logic doesn't even kick in!) lines. You can force FreeBSD to use the mouse as the standard PS/2 mouse by specifying the flags 0x200 to the psm driver. This way, the mouse should always work. But, you cannot use the wheel. I really couldn't give a damn about the pesky wheel. I will try this. Where are the flags set? Kernel Config? boot manager? Where is that handbook again... :-) I'll report back if this is succesfull. BTW this sounds very promising MANY THANKS. cheers, --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/EY, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Mouse Sync Problems with KVM
On Thu, 27 Apr 2000, Dragos Ruiu wrote: On Thu, 27 Apr 2000, Kazutaka YOKOTA wrote: I have a freebsd system(3.4S) on a KVM and every time the monitored system is switched, the mouse driver gets fuxored, and when you switch back to the system the driver starts outputting oodles of the following messages to syslog every time the mouse is moved: You can force FreeBSD to use the mouse as the standard PS/2 mouse by specifying the flags 0x200 to the psm driver. This way, the mouse should always work. But, you cannot use the wheel. Problem Solved... Flags of 0x100 from psm(4) look promising too to get it working with the wheel, but I couldn't care less about the friggin wheelie thing... so my system is happy. Many thanks, --dr -- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/EY, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message