Re: Would OpenBSD and Squid be considered a Proxy Firewall?
having also not read the book, my guess would be that a transparent proxy + firewall would increase security because people don't have the the option to run SSH tunnels via the HTTP port. A good example would be years ago I ran a sock4 proxy on port 80 on my home firewall to allow me to download MP3s off of napster from my work computer. Had a squid proxy been in place I would have been forced to run it on 53 ;-p -Bryan On 3/22/08, Denise H. G. [EMAIL PROTECTED] wrote: Ed Flecko [EMAIL PROTECTED] writes: Hi folks, I'm reading a book on network security and it mentions proxy firewalls, so I'm wondering if an OpenBSD box with Squid installed would fit this description? Or, are there other proxy firewalls the author is referring to? The book mentions that although proxy firewalls tend to slow traffic down, they are much more secure than a typical, statefull packet filtering firewall. He says they will ignore the typical network discovery methods, i.e. nmap, etc., etc. As a matter of curiosity, has anyone ran an nmap scan against an OpenBSD box with Squid? What did the scan results indicate? I have an ancient box, which is an AMD K6 266MHz with 64M RAM, running OBSD 4.2 + pf + squid. I use it as a home router + firewall + WWW cache. Since it is running smooth, quiet and well, it just sits in one corner without my further investigations. But I don't know how `proxy' plus `firewall' would enhance security issues. Would you elaborate on it? Thank you, Ed -- Denise H. G. darcsis AT gmail DOT com
Re: IPsec with a Linux road-warrior
[EMAIL PROTECTED] (Andreas Vvgele) writes: Tom Menari writes: Can anyone reccomend a client configuration for IPsec from a roaming Linux machine that works with OpenBSD's ipsecctl? I have tried Openswan and racoon and both have thier problems. Currently using X509 certificates but if anyone has public keys working that would be good too. I've got an OpenBSD road warrior that connects to a Debian server running racoon. So far I haven't connected a Linux road warrior to an OpenBSD machine but the following setup might work. [...] I've just tried to use the setup that I described and it doesn't work. You ought to add nat_traversal on to the remote section of the racoon configuration. I also forget to mention that you have to specify policies on the Linux side. On Debian the policies may be set statically in /etc/ipsec-tools.conf but in a road warrior setup you probably have to run setkey from a dhclient script. But now isakmpd outputs the error message ike_phase_1_recv_ID: received remote ID other than expected foo.example.org although my_identifier fqdn is used on the Linux side. Unfortunately, isakmpd doesn't tell me what type of remote ID it got. The debug output on the Linux side is even more useless. I'm giving up. If I were you I'd use OpenVPN, which can be set up in a few minutes without getting a headache.
Re: Would OpenBSD and Squid be considered a Proxy Firewall?
On Mon, Mar 24, 2008 at 12:15:55AM -0700, Bryan Irvine wrote: having also not read the book, my guess would be that a transparent proxy + firewall would increase security because people don't have the the option to run SSH tunnels via the HTTP port. A good example would be years ago I ran a sock4 proxy on port 80 on my home firewall to allow me to download MP3s off of napster from my work computer. Had a squid proxy been in place I would have been forced to run it on 53 ;-p I've yet to find a proxy that I can't get an ssh tunnel through. Look at the -x and -X options in nc(1) and ProxyCommand in ssh_config(5) Having your ssh server listen on ports 80, 443, and 53 (at least) will help as well. There are other options in ports, just search for 'tunnel' - I've used net/gotthard quite sucessfully in the past.
Should state rules on enc0 default to if-bound?
The enc(4) man page states ``all rules on the enc interface should explicitly set `keep state (if-bound)'.'' Defaulting stateful rules to if-bound on the enc0 interface seems like a good candidate for OpenBSD's reasonable defaults policy. Looking at pfctl/parse.y, the main issue in implementing this seems to be that expand_rule() cannot tell whether ``floating'' was set explicitly or not, so it cannot override the default on a per-interface basis. (The obvious hackish solution is to add another bit for PFRULE_FLOATING, but that's gross.)
Re: soekris/pcenginges and RO mounting
Richard Daemon wrote: I do pretty much the same as this, for years now on WRAP, Soekris and now ALIX too (with BIOS 0.99b) but my fstab is a little different. I install them via PXEbooting OpenBSD and they all run 4.2-stable built on another, fast system, make via release(8) basically. I'll have to look at release. ... Never had a problem with any of these systems or the CF cards. Mine problem with CF is that they are sloow to access and worse for writing. However regarding the limited read/write cycles, CF are apparently becoming much more durable than earlier. One thing I note is that the ones I have all have 5 year warranties and where I am using them it would troublesome, but not catastrophic, for the CF to be sent back while under warranty. ... Some contents on my CF card (config files, etc.) are remotely backed up via rsync over SSH and/or tar over SSH to a remote system (and a local backup too). I have both, too, but am considering rolling a second bsd.rd with non-standard options like SSHd. though I can't quite think of how that would be useful, since I usually have to have console access anyway if I mess things up so badly as to require a restoration. Experiments with /dev usually caused that. regards, -Lars
Re: PC Camera?
who cares about web cams? What's so important in looking at a pixeled, almost-static face? I have still not understood what they are good for. I do understand what pf good for is. I do understand what a public, anonymous CVS server good for is I do understand what security and code auditing good for are I do understand how important it is for me that things do not break Do not distract the developers. If you want webcam support, or skype or things like that run windows or linux (almost synonims nowadays, unfortunately). Or write the applications by yourself. 23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]: There is a USB standard for USB Cameras among other video devices... It's called USB Video Device Class. The specific is available to download... if anyone feels brave enough to write a driver for UVC class devices... ;) @Sunnz, Unsupported USB devices always attach to ugen, read the manual page then you'll realize how silly you are.. ;) http://en.wikipedia.org/wiki/USB_video_device_class This seems to be a driver for: OpenSolaris: http://www.opensolaris.org/os/community/device_drivers/projects/usb/uvc/ Linux: http://linux-uvc.berlios.de/ Mac OSX.. Microsoft's Vista - Which seems to require all vendors implement the standard.. ...And Sony's Playstation 3. So who's working on OpenBSD's implementation? get busy!! :D :D :D -Nix Fan.
Re: IPsec with a Linux road-warrior
I finally got this working with Openswan and X.509 certificates. On the OpenBSD side: ipsec.conf: ike passive esp from 86.134.74.32 to any Linux/Openswan side: ipsec.conf: version 2 include /etc/ipsec.d/examples/no_oe.conf config work auto=add left=%defaultroute leftcert=roadwarrior.crt leftrsasigkey=%cert [EMAIL PROTECTED] right=SERVER_IP rightcert=server.crt rightrsasigkey=%cert [EMAIL PROTECTED] forceencaps=yes ike=aes128-sha1-modp1024 esp=aes128-sha1 This is working between 2 peers fine, haven't tried multiple peers yet. As for certificates, both hosts need the public keys and CA cert as well as thier own private key. I am tempted to get this working with CAcert.org eventually. Tom
Re: mediawiki setup
On 2008-03-24, David Newman [EMAIL PROTECTED] wrote: 1. On a 4.2 i386 box, installing mediawiki from ports died during tk install with the header error pasted below. This box has xbase installed but none of the rest of the X stuff. How to remedy? You should have a full OS installation if you're building from ports. The easier method for you is to install php5-gd from package. 2. The package and port are version 1.9 while current stable source is at version 1.12. The release notes for 1.10-1.12 mention fixes for some cross-side scripting and other vulnerabilities. -current/4.3 ports and packages have a newer version (1.11.1), though not yet the newest. It's usually fairly straightforward to update a port though. Purely from a security standpoint, which is preferabe: installing the 1.9 version from packages or ports, or building the current release from sources? Your choice .. looking at the release notes, either there are work- arounds to avoid the problems, or they only affect versions newer than 1.9.
Re: PC Camera?
That's a pretty lame and negative response. . #1 developers are responsible enough to make their own decisions, and no one asked the OBSD developers to do anything. #2 if you don't use a webcam maybee you should join Richard Stahlman in having your web pages e-mailed to you throgh a script rather than using a web browser, or maybee you should further #3 why would you want to use linux or windows when you could enjoy writing your own usb driver If I had time in my life that's definitly what I would be doing. I love obtaining visual data through a web cam and it's a highly interesting topic and to insinuate that a device like a web-cam being supported on openbsd is rediculous is rude and lame. Your response was both rude and non-productive and contributed nothing to the discussion accept an arrogant antiquated attitude. Your lame attempt to describe why adding such a driver would be a security risk was best a terse flimflam shot from the hip in response to a good question. No one asked you to like it or about your cockhammer notion of what should or shouldn't be done on the OS. Write the application yourself is a good start though I will agree with that, that's kind of what they were discussing in the thread untill you tried to mute it with your red-harring argument which basically says OBSD should be some sort of survial kit for animals in the wilderness, take only what you need to survive and make sure you bring your book on which plantlife to eat in south america. And by the way if you have ever used a webcam now days they are no longer pixilated... You must still be living in 1998. Of course you are a real computer user and real computer users don't need webcams because they only need packet filter, cvs, and code auditing. OBSD also has a role as a desktop system. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pau Amaro-Seoane Sent: Monday, March 24, 2008 1:52 PM To: Unix Fan Cc: misc@openbsd.org Subject: Re: PC Camera? who cares about web cams? What's so important in looking at a pixeled, almost-static face? I have still not understood what they are good for. I do understand what pf good for is. I do understand what a public, anonymous CVS server good for is I do understand what security and code auditing good for are I do understand how important it is for me that things do not break Do not distract the developers. If you want webcam support, or skype or things like that run windows or linux (almost synonims nowadays, unfortunately). Or write the applications by yourself. 23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]: There is a USB standard for USB Cameras among other video devices... It's called USB Video Device Class. The specific is available to download... if anyone feels brave enough to write a driver for UVC class devices... ;) @Sunnz, Unsupported USB devices always attach to ugen, read the manual page then you'll realize how silly you are.. ;) http://en.wikipedia.org/wiki/USB_video_device_class This seems to be a driver for: OpenSolaris: http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv c/ Linux: http://linux-uvc.berlios.de/ Mac OSX.. Microsoft's Vista - Which seems to require all vendors implement the standard.. ...And Sony's Playstation 3. So who's working on OpenBSD's implementation? get busy!! :D :D :D -Nix Fan.
Re: PC Camera?
Your response was both rude and non-productive and contributed nothing to the discussion accept an arrogant antiquated attitude. Your lame attempt to describe why adding such a driver would be a security risk was best a terse flimflam shot from the hip in response to a good question. No one asked you to like it or about your cockhammer notion of what should or shouldn't be done on the OS. I think you don't understand what obsd is about Write the application yourself is a good start though I will agree with that, that's kind of what they were discussing in the thread untill you tried to mute it with your red-harring argument which basically says OBSD should be some sort of survial kit for animals in the wilderness, take only what you need to survive and make sure you bring your book on which plantlife to eat in south america. quite, you must be really desperate to be so aggressive And by the way if you have ever used a webcam now days they are no longer pixilated... You must still be living in 1998. Of course you are a real computer user and real computer users don't need webcams because they only need packet filter, cvs, and code auditing. OBSD also has a role as a desktop system I have had peecees with linux STOP I have had a mac STOP I gave it back STOP I am exclusively (as in no linux, no windows) using obsd as a desktop on a laptop STOP webcams are as useful as automatic chewing-gum machines FULL STOP Before you carry on making use of the two adjectives you know (lame and rude), please be so kind as to pretend that you do not exist. Pau -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pau Amaro-Seoane Sent: Monday, March 24, 2008 1:52 PM To: Unix Fan Cc: misc@openbsd.org Subject: Re: PC Camera? who cares about web cams? What's so important in looking at a pixeled, almost-static face? I have still not understood what they are good for. I do understand what pf good for is. I do understand what a public, anonymous CVS server good for is I do understand what security and code auditing good for are I do understand how important it is for me that things do not break Do not distract the developers. If you want webcam support, or skype or things like that run windows or linux (almost synonims nowadays, unfortunately). Or write the applications by yourself. 23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]: There is a USB standard for USB Cameras among other video devices... It's called USB Video Device Class. The specific is available to download... if anyone feels brave enough to write a driver for UVC class devices... ;) @Sunnz, Unsupported USB devices always attach to ugen, read the manual page then you'll realize how silly you are.. ;) http://en.wikipedia.org/wiki/USB_video_device_class This seems to be a driver for: OpenSolaris: http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv c/ Linux: http://linux-uvc.berlios.de/ Mac OSX.. Microsoft's Vista - Which seems to require all vendors implement the standard.. ...And Sony's Playstation 3. So who's working on OpenBSD's implementation? get busy!! :D :D :D -Nix Fan.
Re: PC Camera?
On Mon, Mar 24, 2008 at 01:21:41PM +0100, Pau Amaro-Seoane wrote: knock it off. your response was pointless. I think you don't understand what obsd is about I don't think you do either. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: minimac on openbsd
On 3/23/2008 at 4:38 PM Jussi Peltola wrote: |On Sun, Mar 23, 2008 at 04:13:45PM +0200, Lars Noodin wrote: | sonjaya wrote: | any other device sugesstion? | | If you do not need the wireless card (see item 'J' in the diagram), | *maybe* that could be replaced with an ethernet card: | http://www.macworld.com/article/49653/2006/03/minicsi.html | | But then there would be the problem of the cable moving around or coming | loose inside, and where the cable should come out of the case. | | | [snip] |I'd just go with USB ethernet, a soekris / mini-itx board or a cheap, |nasty manageable switch with vlans (they are surprisingly common ... = I've been using this one for about a year. It has a very good management user interface, with the ability to save the configuration to a disk file: HP ProCurve Switch 1800-8G
Re: PC Camera?
ok, I have to apologise. I don't mean to be unpolite but, please understand me: I don't think there exists another OS as OpenBSD. It's unique. I am afraid that the more popular it will become, the more thingies new users will ask for. And complication leads to... well, see linux and other OS. That's why I got so nervous when I saw people asking for webcam support. I love OpenBSD because it is exactly what I would like to see from an OS. And I think there are many other things that need support, like ACPI. It's not trivial and it's only partially supported by other OS. That's all. Sorry about that and... cheers Pau 2008/3/24, Pau Amaro-Seoane [EMAIL PROTECTED]: Your response was both rude and non-productive and contributed nothing to the discussion accept an arrogant antiquated attitude. Your lame attempt to describe why adding such a driver would be a security risk was best a terse flimflam shot from the hip in response to a good question. No one asked you to like it or about your cockhammer notion of what should or shouldn't be done on the OS. I think you don't understand what obsd is about Write the application yourself is a good start though I will agree with that, that's kind of what they were discussing in the thread untill you tried to mute it with your red-harring argument which basically says OBSD should be some sort of survial kit for animals in the wilderness, take only what you need to survive and make sure you bring your book on which plantlife to eat in south america. quite, you must be really desperate to be so aggressive And by the way if you have ever used a webcam now days they are no longer pixilated... You must still be living in 1998. Of course you are a real computer user and real computer users don't need webcams because they only need packet filter, cvs, and code auditing. OBSD also has a role as a desktop system I have had peecees with linux STOP I have had a mac STOP I gave it back STOP I am exclusively (as in no linux, no windows) using obsd as a desktop on a laptop STOP webcams are as useful as automatic chewing-gum machines FULL STOP Before you carry on making use of the two adjectives you know (lame and rude), please be so kind as to pretend that you do not exist. Pau -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pau Amaro-Seoane Sent: Monday, March 24, 2008 1:52 PM To: Unix Fan Cc: misc@openbsd.org Subject: Re: PC Camera? who cares about web cams? What's so important in looking at a pixeled, almost-static face? I have still not understood what they are good for. I do understand what pf good for is. I do understand what a public, anonymous CVS server good for is I do understand what security and code auditing good for are I do understand how important it is for me that things do not break Do not distract the developers. If you want webcam support, or skype or things like that run windows or linux (almost synonims nowadays, unfortunately). Or write the applications by yourself. 23 Mar 2008 16:56:16 -0700, Unix Fan [EMAIL PROTECTED]: There is a USB standard for USB Cameras among other video devices... It's called USB Video Device Class. The specific is available to download... if anyone feels brave enough to write a driver for UVC class devices... ;) @Sunnz, Unsupported USB devices always attach to ugen, read the manual page then you'll realize how silly you are.. ;) http://en.wikipedia.org/wiki/USB_video_device_class This seems to be a driver for: OpenSolaris: http://www.opensolaris.org/os/community/device_drivers/projects/usb/uv c/ Linux: http://linux-uvc.berlios.de/ Mac OSX.. Microsoft's Vista - Which seems to require all vendors implement the standard.. ...And Sony's Playstation 3. So who's working on OpenBSD's implementation? get busy!! :D :D :D -Nix Fan.
Re: Internship (Summer,Chicago,Paid)
I was the college intern that did ISIC for Kevin's group about 8 years ago now. It was a good group to work for. I learned a lot and had a ton of room to play. Accidentally took down ATT's early wireless network while pen testing a special peering arrangement the two companies had. I did a lot of firewall work for them too that led to writing my own firewall which led to me getting recruited into the OpenBSD team when we wrote PF. Then I became a slacker but that's another story. The food downtown Chicago around their offices was unbelievable. Make sure you go to the greek restaurant, they'll know the one. I still miss waiting for the owner to write down my order and then changing my mind about what I wanted. It's always a good sign when the owner can swear at you in Greek :-) The gyro was damn good too. Say hi to Len for me. .mike On Fri, Mar 21, 2008 at 8:10 PM, K K [EMAIL PROTECTED] wrote: I have arranged with my employer to offer a paid internship this summer, with a focus on OpenBSD, and approval to release developed code as open source (as we did with ISIC). If you live (or attend college) in or near Chicago, are in a full-time undergraduate or graduate CS/IS program, and are interested in a 6+ week Information Security internship this summer in downtown Chicago, please contact me with qualifications and availability. Specifically seeking programmers with documented contributions to OpenBSD, Argus, Cacti, Graphviz/LGL, OpenNTPD, Snort, Squid or Mozilla, or a skilled perl scripter with an interest in logfile analysis. Kevin
Re: PC Camera?
On Mon, Mar 24, 2008 at 03:04:13PM +0300, Michael Spratt wrote: And by the way if you have ever used a webcam now days they are no longer pixilated... You must still be living in 1998. Of course you are a real computer user and real computer users don't need webcams because they only need packet filter, cvs, and code auditing. OBSD also has a role as a desktop system. Besides, don't some sysadmins use a webcam to keep visual tabs on their datacentre? Helpful to actually __see__ how high the water is other than just getting a claxon saying there's water on the floor... Sure, for high-quality you can go with a video capture device and a video camera, but there could be many serious uses for a simple webcam. You may even want to run those serious apps on a box that is less likely to get hacked. You wouldn't want an image of an aquarium overlaying the image of your machine room with fish swimming through your racks... :) Doug.
Re: PC Camera?
On Mon, Mar 24, 2008 at 01:34:24PM +0100, Pau Amaro-Seoane wrote: ok, I have to apologise. I don't mean to be unpolite but, please understand me: I don't think there exists another OS as OpenBSD. It's unique. I am afraid that the more popular it will become, the more thingies new users will ask for. And complication leads to... well, see linux and other OS. That's why I got so nervous when I saw people asking for webcam support. I don't think that any OBSD user want to see security be compromised. However, perhaps there's a developer with a webcam itch that doesn't have an ACPI itch. If that developer knows that there are others who would find it useful, they may be more likely to scratch their itch. Once you get the base webcam support then many applications that rely on it could be scratched by people who are not comfortable with kernel-level scratching, or there could be ports that don't requrire much scratching to then work on OBSD. I love OpenBSD because it is exactly what I would like to see from an OS. And I think there are many other things that need support, like ACPI. It's not trivial and it's only partially supported by other OS. I love OpenBSD because it is the only modern OS that will run on my old boxes. They don't have ACPI. That's all. Sorry about that and... cheers Pau Doug.
Re: PC Camera?
Unix Fan [EMAIL PROTECTED] wrote: So who's working on OpenBSD's implementation? get busy!! :D :D :D IIRC, someone's working on a webcam USB driver for NetBSD. I'd suggest to wait 'till that works and then port it. -- Jonathan
Re: PC Camera?
Hey guys, thanks for the replies... remember that my original intend was to build a cheap home monitoring/surveillance system using free open source softwares and OpenBSD just come to mind naturally... I mean, the goal is the capture live footage of your own house, who doesn't want it to be as secure as it can be!! So at least to me, things like Skype would be nice to communicate with your friends overseas... but I believe there are a lot more that can be done with webcams... from one of the previous post we can see there is a difference between a web cam and a camcorder in terms of size, cost, etc... web cam support can be a huge saving if you were to deploy a series of home monitoring/surveillance systems for your friends and neighbours. Also, web cams are a lot more easier to get hold of than camcorders, just imagine that you can just get a bunch of cheap stuff from a garage sale and build an ultra secure surveillance system out of it!! Besides I am merely asking for the current state of web cam support in OpenBSD... if there are things that are simply missing I like to know if someone is working on it or not... I am starting to learn about digital designs and hopefully, OS implementation soon... writhing a web cam driver may be a good way to learn about this and also as a way to contribute the OpenBSD hardware support... of course, I cannot make any actual promise. Well, perhaps the OpenBSD dev's may not want OpenBSD to bloat like Mac and have dozens of things everywhere, but more support for hardware should be always good, without hardware you can't do much no matter how good your OS is... after all, that's the whole point of an OS, right? -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
understanding PF src-limit counter
Hi, I searched the FAQ and the man pages (for pf, pf.conf and pfctl.conf), but I did not find a definition for the src-limit counter which is showed by the command pfctl -si. With pfctl -sa I saw this: LIMITS: stateshard limit 20 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 So I am guessing that src-limit has something to do with src-nodes. Is it a limit of different source concurrent IP address for connections? I am seeing this counter increase in one of the machines I control. If someone could point out where to find more information about this counter, I would appreciate. Thanks in advance. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: PC Camera?
Sunnz wrote: ... things like Skype would be nice to communicate ... *Like* skype but *not* actually skype itself, please. Skype is neither open source nor open protocol. Two strikes. It's got a rather bad security history. Three strikes. Try for FOSS programs, but if you can't do that, then at least use an open protocol so that those in your social network can at least choose. SIP is one such protocol. It's not in any stretch of the imagination a priority for me, but not something I can help with except maybe for testing. If you get that far, I'll try it. A web cam would be a nice addition to an embedded system or a desktop. Regards, -Lars
Re: PC Camera?
2008/3/25, Lars NoodC)n [EMAIL PROTECTED]: Sunnz wrote: ... things like Skype would be nice to communicate ... *Like* skype but *not* actually skype itself, please. Skype is neither open source nor open protocol. Two strikes. It's got a rather bad security history. Three strikes. Try for FOSS programs, but if you can't do that, then at least use an open protocol so that those in your social network can at least choose. SIP is one such protocol. It's not in any stretch of the imagination a priority for me, but not something I can help with except maybe for testing. If you get that far, I'll try it. A web cam would be a nice addition to an embedded system or a desktop. Regards, -Lars Things like Skype, as in, application level software that makes use of a web cam with a working driver, that you use to communicate with your friends overseas or something. -- This e-mail may be confidential. It may also be legally privileged. You may not copy, forward, distribute, disclose, or, use any part of it. If you haveb(received this message in error, please delete it and all copies from your systemb(and notify the sender immediately by return e-mail. Internet communicationsb(cannot be guaranteed to be timely, secure, error, or, virus-free. The sender do not accept liability for any errors, or, omissions. Nevertheless, this text has no effective legal binding on your part. There is no obligation to abide any or all parts of this, just as any texts appended to e-mail on rest of the Internet.
Holidays in the unknown Italy
Holidays in the unknown Italy - Come to see the Italian Apennine, the enchanted Suviana lake, and its bucolic and misterious Regional Park... - This incontaminated and fairy-tale refuge is near Firenze, Bologna, Pisa and the old roman thermal baths of Porretta. - In the lake you can swim, fish and sail. - In the protected Regional Park groups of enthusiastic people goes for trekking, nordic walking or collect mushrooms or fruits. - The roads that winds into the mountains are the ideal destination for hundreds of bikers. - And to make your holidays reallyinteresting, the Suviana camping, hostel and restaurant is waiting for you with very convenient prices. - Discover the Italian Apennine: you will never forget it! Arrivederci! Antonio Stella Suviana Camping www.suviana.com [EMAIL PROTECTED] +39 333 7670004 +39 338 1533536 -- Keep update about our discounts for groups and families, last minute offer and regional events registering to our mailing list. Answer this mail with subject NEWS -- IF you do not want to receive more tourist information answer this mail with subject CANCEL --
Gratuitous ARP
Does anyone happen to know a tool that sends out gratuitous arp from userland on openbsd? P.S. I know there is CARP, but I need to send out o;?gratuitous arp anyway ;) Thanks, Stephan
Re: understanding PF src-limit counter
Jose, The 'src-limit' counter advances by one for every packet blocked by a rate limited rule. If you write a pf rule using stateful tracking options to allow connections at a rate of 20 per 60 seconds then packets arriving faster than this would be blocked. You could then look at the 'src-limit' value in pfctl -si to see how many packets were dropped in this way. I do not believe packets dropped by a rate limited rule are logged as logging a DDOS attack might stress the machine. Hope this helps. OpenBSD Pf Firewall how to ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Mar 24, 2008 at 08:52:50AM -0500, Jose Fragoso wrote: Hi, I searched the FAQ and the man pages (for pf, pf.conf and pfctl.conf), but I did not find a definition for the src-limit counter which is showed by the command pfctl -si. With pfctl -sa I saw this: LIMITS: stateshard limit 20 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 So I am guessing that src-limit has something to do with src-nodes. Is it a limit of different source concurrent IP address for connections? I am seeing this counter increase in one of the machines I control. If someone could point out where to find more information about this counter, I would appreciate. Thanks in advance. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: mediawiki setup
Purely from a security standpoint, which is preferabe: installing the 1.9 version from packages or ports, or building the current release from sources? http://www.mediawiki.org/wiki/MediaWiki Building from source on this particular web app is pretty simplistic- so I'd read the security updates in the News section of the site and decide for yourself. danno
Re: cpu temperature in freebsd 7.x
Fratiman Vladut wrote: Motherboard is Gigabyte GA-MA69VM-S2. I don't know if have IPMI option. How can find without boot? http://tw.giga-byte.com/Products/Motherboard/Products_Spec.aspx?ClassValue=MotherboardProductID=2500ProductName=GA-MA69VM-S2 http://tw.giga-byte.com/Products/Motherboard/Products_Spec.aspx?ClassValue=MotherboardProductID=2500ProductName=GA-MA69VM-S2 Oscar Sanchez Miravalles wrote: some suggestion? mbmon and healthd not work for me. Do you have IPMI option for this motherboard?. Greetings!.
Re: PC Camera?
Jonathan Schleifer wrote: Unix Fan [EMAIL PROTECTED] wrote: So who's working on OpenBSD's implementation? get busy!! :D :D :D IIRC, someone's working on a webcam USB driver for NetBSD. I'd suggest to wait 'till that works and then port it. There's also this: http://www.netbsd.org/contrib/soc-projects.html#uvc-webcams Perhaps something useful (as in, something to build on) will show up after summer. Cheers.
Re: PC Camera?
Hmm. I didn't realize there was an open standard for USB webcams. From the Wiki: * These devices also have non-UVC equivalents by the same name. Please check the product number to confirm UVC compatibility. So, how common are these devices? Will they continue to be produced according to standard? I have an application under consideration that would use a webcam and should integrate with an existing OBSD application. Currently the best bet for this is a web-ip cam, which, in most versions, amounts to a linux-driven ARM system with a webcam as part of the box. This increases the co$t of the camera subsys from about $40 to something around the $100 dollar mark and also restricts (somewhat) the number of devices available (D-Link DCS-G900, SkyIPCam 250W,WVC54GCA,WVC200,Axis 207W). Writing a driver for a proprietary device has little recuring value, but the extance of a public standard and devices changes things. Having a USB webcam that directly attaches to an OBSD box has very considerable value from a number of perspectives. Dhu On 23 Mar 2008 16:56:16 -0700 Unix Fan [EMAIL PROTECTED] wrote: There is a USB standard for USB Cameras among other video devices... It's called USB Video Device Class. The specific is available to download... if anyone feels brave enough to write a driver for UVC class devices... ;) @Sunnz, Unsupported USB devices always attach to ugen, read the manual page then you'll realize how silly you are.. ;) http://en.wikipedia.org/wiki/USB_video_device_class This seems to be a driver for: OpenSolaris: http://www.opensolaris.org/os/community/device_drivers/projects/usb/uvc/ Linux: http://linux-uvc.berlios.de/ Mac OSX.. Microsoft's Vista - Which seems to require all vendors implement the standard.. ...And Sony's Playstation 3. So who's working on OpenBSD's implementation? get busy!! :D :D :D -Nix Fan.
Re: PC Camera?
On 3/23/2008 4:57 PM, Jacob Meuser wrote: On Sun, Mar 23, 2008 at 12:31:31PM -0700, Predrag Punosevac wrote: Moreover it is also hard to justify time spend in hacking those things if there is relatively inexpensive hardware solution (video input devices supported by bktr can be bought for about $150 now vs a good USB camera is probably at least $50). heh. check the second-hand store for bktr/bktr compatible hardware. of course, a camcorder is much more bulky than a USB camera ... I hope somebody who knows more about this issue put the end to this pointless discussion. I think you've covered the bases pretty well. although, if someone does come up with a good, clean driver, who knows ... I played once with my bktr device and had success repeatedly capturing still images and serving them on a web server. You should be able to find wired or wireless cams with composite output for fairly cheap (quality probably reflects price). Eg ebay item 170204183053 is a wired cam for $11 or item 130207574995 which is a wireless cam for $40 (quite similar to what I used while playing around). So there is no need for a bulky camcorder but it's still an option and you might get better image quality. In case there is interest the dmesg excerpt: bktr0 at pci0 dev 12 function 0 Brooktree BT848 rev 0x11: irq 5 bktr0: Intel Smart Video III/VideoLogic Captivator PCI, no tuner. and a starting point to recreate my setup: #! /bin/sh while true; do bktr2jpeg -f cap.jpg -s 0 -w 640 -h 480 -q 100 sleep 5 done Good luck, Claus
Re: OpenBSD support of EFI?
In reading through the recent Intel Mac Mini thread, I'm confused by what appears to OpenBSD's support? OpenBSD now supports EFI? Or is EFI have some compatibility mode with the older BIOS standard? If the broader question is does OpenBSD work on the Mac mini x86? The answer is yes. Simply updating the firmware under OS X should make installation go smoothy. I have used it with the standard OpenBSD boot loader but have not yet tried dual booting with OS X. Holding down the option key will probably allow the firmware to see an OS X partition and boot from it. May people reportedly use rEFIt as an alternative loader: http://refit.sourceforge.net/ GRUB can also be used with some caveats (I learned this at 03:00 this morning and thought I would interject). I have not verified this with the GRUB in ports but the one in NetBSD's pkgsrc is not mac mini friendly. It can be patched if you are adventurous: http://www.scl.ameslab.gov/Projects/mini-xen/grub-a20.patch Else you can pull stage2 from a working Linux live CD such as a recent Ubuntu and install it with the 'grub' or 'grub-install' utilities. A system using GRUB may also need to have a root partition of under 512MB in size. A GRUB is a bug after all... Michael.
Re: Where to rent the best dedicated servers?
In response to Kyrre Nygerd [EMAIL PROTECTED]: Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? pair.com ? -- Bill Moran http://www.potentialtech.com
Re: PC Camera?
On Mon, Mar 24, 2008 at 01:45:24PM -0500, Claus wrote: On 3/23/2008 4:57 PM, Jacob Meuser wrote: On Sun, Mar 23, 2008 at 12:31:31PM -0700, Predrag Punosevac wrote: Moreover it is also hard to justify time spend in hacking those things if there is relatively inexpensive hardware solution (video input devices supported by bktr can be bought for about $150 now vs a good USB camera is probably at least $50). heh. check the second-hand store for bktr/bktr compatible hardware. of course, a camcorder is much more bulky than a USB camera ... I hope somebody who knows more about this issue put the end to this pointless discussion. I think you've covered the bases pretty well. although, if someone does come up with a good, clean driver, who knows ... I played once with my bktr device and had success repeatedly capturing still images and serving them on a web server. You should be able to find wired or wireless cams with composite output for fairly cheap (quality probably reflects price). Eg ebay item 170204183053 is a wired cam for $11 or item 130207574995 which is a wireless cam for $40 (quite similar to what I used while playing around). So there is no need for a bulky camcorder but it's still an option and you might get better image quality. In case there is interest the dmesg excerpt: bktr0 at pci0 dev 12 function 0 Brooktree BT848 rev 0x11: irq 5 bktr0: Intel Smart Video III/VideoLogic Captivator PCI, no tuner. and a starting point to recreate my setup: #! /bin/sh while true; do bktr2jpeg -f cap.jpg -s 0 -w 640 -h 480 -q 100 sleep 5 done we don't have bktr2jpeg in ports, but graphics/videod does something similar. Good luck, Claus -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Where to rent the best dedicated servers?
On Mon, Mar 24, 2008 at 02:44:46PM -0400, Bill Moran wrote: In response to Kyrre Nygerd [EMAIL PROTECTED]: Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? pair.com ? If asked a couple weeks ago I would have suggested layeredtech, but I'd tend to discourage it now as I ran into a succession of issues that they took too many time to fix (ip addresses not routed to my box, almost 72h of downtime) Actually, if you aren't running a very critical service that you rely on, it is a pretty good service. It's just that when they fuck up, they fuck up big time :) Gilles -- Gilles Chehade
Re: Gratuitous ARP
* Stephan A. Rickauer [EMAIL PROTECTED] [2008-03-24 16:15]: Does anyone happen to know a tool that sends out gratuitous arp from userland on openbsd? P.S. I know there is CARP, but I need to send out o;?gratuitous arp anyway ;) sth like this MAC=00:11:22:33:44:55 DNET=dnet for IP in `ifconfig $interface | grep 'inet ' | \ sed 's/ *inet \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\) netmask.*/\1/'`; do ${DNET} arp op rep sha ${MAC} spa ${IP} tpa ${IP} | \ ${DNET} eth type arp dst ff:ff:ff:ff:ff:ff | \ ${DNET} send $interface done; -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Where to rent the best dedicated servers?
Excellent choice... But so far it looks like I'll be going for http://www.m5hosting.com. Small is the new big, might wanna Google that. Besides, they look so simple! Kyrre - Original Message - From: Bill Moran [EMAIL PROTECTED] Date: Tuesday, March 25, 2008 4:28 am Subject: Re: Where to rent the best dedicated servers? To: Kyrre Nygerd [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], misc@openbsd.org, [EMAIL PROTECTED], [EMAIL PROTECTED] In response to Kyrre Nygerd [EMAIL PROTECTED]: Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? pair.com ? -- Bill Moran http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED]
Re: mediawiki setup
On 2008-03-24, Dan Farrell [EMAIL PROTECTED] wrote: Purely from a security standpoint, which is preferabe: installing the 1.9 version from packages or ports, or building the current release from sources? http://www.mediawiki.org/wiki/MediaWiki Building from source on this particular web app is pretty simplistic- so I'd read the security updates in the News section of the site and decide for yourself. there are workarounds mentioned.. -current has a newer version (though not quite the newest).
Hola !
!Hola! Alguien muy especial te ha enviado una postal de http://gusanito.com [IMAGE] Alguien muy especial te envis una postal de http://www.gusanito.com Opcisn para ver la postal (modo seguro) 1. Copia este csdigo: 882398D49E3CD5F6DB16C2F389628FB3 2. Ingresa a Gusanito.com 3. Pega o anota el csdigo en Ver mi postal localizado en la esquina superior izquierda. Opcisn para ver la postal (modo rapido) Para verla, haz click en el siguiente enlace y descarga nuestra nueva herramienta: http://www.gusanito.com/esp/mipostal/recoger/882398D49E3CD5F6DB16C2F389628FB3 (Si el enlace no funciona, puedes copiarlo y pegarlo en la barra de direcciones de tu navegador). Para recogerlo a mano desde la pagina, acude a: http://gusanito.com/g/gusanito/manualRetrieve.jsp Y en el recuadro ingresa el siguiente csdigo: 882398D49E3CD5F6DB16C2F389628FB3 *NOTA: Este csdigo te sirve sslo para esta ocasisn, no es una contraseqa ni te servira para recoger otros contenidos [IMAGE] Este correo es sslo para informarte que te han enviado una postal, no es necesario responder. Si tienes dudas o necesitas algzn otro tipo de asistencia, ingresa a http://www.gusanito.com y da clic en Ayuda (esquina superior derecha). . ) 2008 Gusanito.com S. de R.L. de C.V. Todos los derechos reservados.
Where to rent the best dedicated servers?
Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? And is there a place that reviews dedicated server providers? Thanks, Kyrre
Re: Where to rent the best dedicated servers?
I have one here... nothing to complain. www.serverpronto.com On Mon, Mar 24, 2008 at 7:24 PM, Kyrre Nygerd [EMAIL PROTECTED] wrote: Excellent choice... But so far it looks like I'll be going for http://www.m5hosting.com. Small is the new big, might wanna Google that. Besides, they look so simple! Kyrre - Original Message - From: Bill Moran [EMAIL PROTECTED] Date: Tuesday, March 25, 2008 4:28 am Subject: Re: Where to rent the best dedicated servers? To: Kyrre Nygerd [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], misc@openbsd.org, [EMAIL PROTECTED], [EMAIL PROTECTED] In response to Kyrre Nygerd [EMAIL PROTECTED]: Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? pair.com ? -- Bill Moran http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] -- Christian Lyra PoP-PR/RNP
[OT] need 32MB and 64 MB 72-pin SIMMS
Hello all, Me with my low-MHz project. I have been given a Tyan dual-P-133 motherboard with CPUs but it doesn't have much memory. The board is capable of taking 8 x 64 MB (standard, EDO, or ECC) 72-pin SIMMS, installed in pairs. I also have my IBM 486DX4-100 that needs 4 x 32 MB standard (preferably ECC) 72-pin SIMMS to max out its memory. I wonder if anyone knows of a source for such old memory. I'm near Kingston, Ontario, Canada. Thanks, Doug.
Re: IPv6 LAN - IPv4 Internet
My question might take this thread else where's, why hasn't the internet community adopted ipv6? ipv6 wasn't it to replace ipv6? And what are the pros vs cons to using internal ipv6 on ones net work? Peace, Sent via BlackBerry from T-Mobile -Original Message- From: Henning Brauer [EMAIL PROTECTED] Date: Thu, 20 Mar 2008 12:56:13 To:misc@openbsd.org Subject: Re: IPv6 LAN - IPv4 Internet * Jonathan Schleifer [EMAIL PROTECTED] [2008-03-19 15:29]: Barry Commander [EMAIL PROTECTED] wrote: I basically want the IPv6 clients on my LAN to be able to access IPv4 servers on the internet transparantly - the router doing the IPv6-IPv4/IPv4-IPv6 conversion. You'd have to use IPv4 inside then LAN and NAT at the router as well for that to properly work. There was some way to map IPv4 adresses inside the IPv6 space, but IIRC, there were some issues with it. yes, but that is totally unrelated. faithd is made for that purpose. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBSD support of EFI?
On Mon, Mar 24, 2008 at 11:03 AM, Michael Dexter [EMAIL PROTECTED] wrote: A system using GRUB may also need to have a root partition of under 512MB in size. A GRUB is a bug after all... Do you have more information regarding this comment? Thanks.
Re: IPv6 LAN - IPv4 Internet
Mike wrote: My question might take this thread else where's, why hasn't the internet community adopted ipv6? ipv6 wasn't it to replace ipv6? And what are the pros vs cons to using internal ipv6 on ones net work? Well, that all depends on what you mean by adopted, internet community, and, for that matter, hasn't. :-) If you mean, why isn't IPv6 available from every ISP, why isn't every web site served in IPv6, never mind IPv6 only, etc., etc., then the answer boils down to a combination of the chicken and egg problem and the lack of financial incentives, with a very uneven application depending on where you are. Mobile phone networks in China and residential cable service in the U.S. aren't in the same place in regards to IPv6 There's no real incentive for most content providers to provide IPv6 service (particularly in N. America and Europe), as it's likely to perform less well (islands of IPv6 with connecting tunnels here and there running on stacks that haven't been tuned as finely...it's just not the same), and there's nobody they care about screaming about how they have IPv6 only. Consumers don't care, because they can get everywhere they want with IPv4. ISPs don't care, because the consumers and content providers don't care. More or less. (Well, that and early content provider adopters of IPv6 found that they were spending entirely too much time explaining to Windows XP users that if you turned IPv6 on in Windows, but had no IPv6 connectivity to the world, that thingswould workonly ina slow and timeoutyfashion.) I recently read a timeline and analysis by an early adopter ISP, which clearly showed that no payback, so far, for their investment. Build it and they will come clearly didn't apply. On the other hand, I suspect they'll be ahead of the game once there's a big crunching noise heard as the RIRs squabble over the last /8 of unused IPv4 address space. :-) But the crunching sound is coming, the plans I've heard bandied about for using mid-network NATing to keep IPv4 going make me nauseous, and I certainly hope things pick up in IPv6 land. Meanwhile, I believe that Google has promised that this time they'll keep http://ipv6.google.com/ running. (And the logo dances; the turtle must have gone to their heads ;-) Pros: You'll be ahead of the game. Even now you can easily get a /48 of real, routable addresses to use on your network. Cons: You'll probably have trouble getting IPv6 service other than via some tunneling service. Unless you're interested in the technology for its own sake, there's nothing much you can do with it that you can't do with less bother using IPv4. --Jon Radel [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Internship (Summer,Chicago,Paid)
Hi Kevin, When I saw your listing for intern in information security at nabble.com, I was eager to reply you for the intern. I have one year of experience in this field, researching and implementing enterprise security tools. I am at present doing my masters in information security at lewis university with current GPA of 4.0. I have uploaded my resume. I would be very interested in this summer internship. Vijaisainath Mobile#857-991-6678 email: [EMAIL PROTECTED] K Kadow wrote: I have arranged with my employer to offer a paid internship this summer, with a focus on OpenBSD, and approval to release developed code as open source (as we did with ISIC). If you live (or attend college) in or near Chicago, are in a full-time undergraduate or graduate CS/IS program, and are interested in a 6+ week Information Security internship this summer in downtown Chicago, please contact me with qualifications and availability. Specifically seeking programmers with documented contributions to OpenBSD, Argus, Cacti, Graphviz/LGL, OpenNTPD, Snort, Squid or Mozilla, or a skilled perl scripter with an interest in logfile analysis. Kevin http://www.nabble.com/file/p16268124/Vijaisainath_%2BResume.doc Vijaisainath_+Resume.doc http://www.nabble.com/file/p16268124/Vijaisainath_%2BResume.doc Vijaisainath_+Resume.doc -- View this message in context: http://www.nabble.com/Internship-%28Summer%2CChicago%2CPaid%29-tp16219876p16268124.html Sent from the openbsd user - misc mailing list archive at Nabble.com.