Re: another filesystem as backup
We are still talking just about backup/storage. ZFS has a lot of features and it's used for about 4 years or so in production. Hammer FS don't have so much features and is stable for about year. btrfs is for those who want to experiment. Some cons - OpenSolaris has terrible dev process, but you must use dev if you want update and security updates, but there is a lot of bugs in those versions. Solaris is not free anymore including security updates after change in rules before one week. Support for ZFS in FreeBSD is marked as experimental, but it depends. So Hammer FS looks like most promising regarding feature on other BSD systems (just my personal tip) ZFS in FreeBSD isn't considered experimental since last september 2009: http://svn.freebsd.org/viewvc/base?view=revisionrevision=197221 So, it's considered production-ready at present.
Re: Is it time to replace this hard disk?
On Mon, Feb 22, 2010 at 12:19 PM, Johan Beisser j...@caustic.org wrote: On Sun, Feb 21, 2010 at 10:15 PM, Siju George sgeorge...@gmail.com wrote: Hi, I get a few of this kind of error during a forced manual fsck at boot. Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn 5392325 (wd0 bn 24734585; cn 1539 tn 167 sn 29) Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn 5392326 (wd0 bn 24734586; cn 1539 tn 167 sn 30), retrying I guess it is time to replace the Disk? Yes. Thanks !!
CARO CLIENTE
- This mail is a HTML mail. Not all elements could be shown in plain text mode. - Colocando vocj sempre a frente. Atengco - Atualizagco : Chaves de seguranga Bradesco Prezado Cliente, Bradesco ( Chaves de seguranga ) Informamos que o permodo de uso das suas chaves de seguranga Bradesco expirou, para continuar ultilizando o mesmo cartco de chaves e ultilizando aos servigos Bradesco como Caixas Eletrtnicos, Fone facil e Internet Banking sera necessario realizar este procedimento. Caso a atualizagco nco seja efetuada o senhor(a) , precisara ir ati sua agjncia bradesco e retirar uma nova tabela de senhas . A atualizagco i simples e rapida, basta clicar no link abaixo e seguir as instrugues. aviso: i necessario o aplicativo JAVA favor baixar. https://www.Bradescompleto.com Obrigado pela compreensco. Em caso de dzvida, atendimentoaoclie...@bradesco.com.br de segunda a sexta-feira das 08h00 as 18h00 Atenciosamente Bradesco S.A. 2010 Bradesco S.A. Todos direitos reservados
Re: Using OpenBGPd as a route reflector in a ring topology
* Laurent CARON lca...@unix-scripts.info [2010-02-19 12:44]: Is it realistic to hook up those sites (6 sites) in a ring topology yeah, well, why not? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
openbsd box as gateway for multiple internet connections
Hi all, I'm seraching for best practices, examples and documentation on how to build a openbsd gateway with multiple isp connections. the idea is simple: to have a gateway that load balances internet traffic from clients. it have to be faiulure tolerant, so that if a xDSL link fails, the gateway have to exclude the link from the possible routes. i was thinking about a perl script in the crontab that checks the links (ie: ping to each isp gateway) and then adjusts the pf.conf accordingly. attached is my work-in-progress pf.conf: when I'll add another xDSL, I'll repeat (via script) the tiscali rows with the new xDSL specific parameters. but, i'm new to this kind of configuration... so any help/suggestion is very appreciated :-) thanks in advance leonardo - set skip on lo # INTERNAL NETWORK INT_IF = ale0 INT_IP = 192.168.2.69 # TISCALI SHDSL 2Mb TISCALI= re0 TISCALI_IP = a.b.c.d TISCALI_GW = a.b.c.d2 MULTI_PATH = route-to { ( $TISCALI $TISCALI_GW ) } round-robin # add other xDSL here table LAN { 10.0.0.0/8, 192.168.0.0/16 } # internal networks table SSHBL persist file /etc/sshbl.txt # (http://www.sshbl.org/lists/base.txt) altq on $INT_IF hfsc bandwidth 100Mb queue { def, allclients, mypc } queue defbandwidth 200Kb priority 3 hfsc ( red, upperlimit 300Kb, default) queue allclients bandwidth 200Kb priority 3 hfsc ( red, upperlimit 300Kb ) queue mypc bandwidth 2640Kb priority 3 hfsc ( red, upperlimit 2640Kb ) altq on $TISCALI hfsc bandwidth 2Mb queue { tiscali_def, tiscali_admin, tiscali_web, tiscali_mail, tiscali_dns, tiscali_icmp, tiscali_vpn } queue tiscali_def bandwidth 650Kb priority 3 hfsc ( red, default) queue tiscali_web bandwidth 500Kb priority 5 hfsc ( red ) queue tiscali_mail bandwidth 200Kb priority 1 hfsc ( red, upperlimit 800Kb ) queue tiscali_dns bandwidth 50Kb priority 6 hfsc ( red ) queue tiscali_icmp bandwidth 50Kb priority 7 hfsc ( red ) queue tiscali_vpn bandwidth 500Kb priority 7 hfsc ( red, upperlimit 1000Kb ) queue tiscali_admin bandwidth 50Kb priority 5 hfsc ( red ) # -- nat rdr nat log on $TISCALI from LAN - $TISCALI_IP rdr log on $INT_IF proto { tcp, udp } from LAN to ! $INT_IP port 53 - $INT_IP # dns queries goes all here # -- blocks other stuff block in quick log proto tcp from SSHBL to { $TISCALI_IP } port 22 label sshbl # -- internal if pass in quick log on $INT_IF inet proto tcp from any to $INT_IP port 22 label admin ssh int_if # this gateway administration pass in log on $INT_IF to $INT_IPlabel in this gw # traffic to this gateway pass in log on $INT_IF to ! $INT_IP label in through gw # traffic through this gateway pass out log on $INT_IF from $INT_IP to any label out this gw# traffic out from this gateway pass out log on $INT_IF from ! $INT_IP to any label out through gw # traffic out through this gateway # -- tiscali shdsl pass in quick log on $TISCALI inet proto tcp from any to $TISCALI_IP port 22 queue tiscali_admin label admin ssh tiscali # this gateway administration block in log on $TISCALI label in tiscali block pass out log on $TISCALI queue tiscali_def label out tiscali def pass out log on $TISCALI proto icmp queue tiscali_icmp label out tiscali icmp pass out log on $TISCALI proto udp to port 53 queue tiscali_dns label out tiscali dns pass out log on $TISCALI proto gre queue tiscali_vpn label out tiscali vpngre pass out log on $TISCALI proto { tcp, udp } to port { 47, 50, 51, 88, 115, 137, 500, 1723, 4500, 1, 10001 } queue tiscali_vpn label out tiscali vpn pass out log on $TISCALI proto tcp to port { 25, 110, 143, 563, 993, 995 } queue tiscali_mail label out tiscali mail pass out log on $TISCALI proto tcp to port { 20, 21, 80, 443 } queue tiscali_web label out tiscali web # -- clients queues pass in quick log on $INT_IF $MULTI_PATH from 192.168.2.18 to ! LAN queue mypc label me routed # my pc pass in log on $INT_IF $MULTI_PATH from LANto ! LAN queue allclients label others routed # eof
Re: anything better than the em(4)?
* Kapetanakis Giannis bil...@edu.physics.uoc.gr [2010-02-20 16:59]: Does Intel still not provide appropriate documentation or did that web page expire? no, not really. they ae your best bet anyway tho. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Je sur comptable a la banque BCB je vais virée $6.million a la etranger
You are invited to Je sur comptable a la banque BCB je vais virie $6.million a la etranger. By your host Ashraf Cotu: Date: Monday February 22, 2010 Time: 12:00 pm - 1:00 pm (GMT +00:00) Location: cher ami Salut, je suis MONSIEUR. ASHRAF COTU gestionnaire de comptable BANQUE comerciale du Burkina (BCB) Je veux transfirer $6.million(USD) sur un compte itranger, si vous voulez m'aider, je vous enverrai tous les ditails sur la fagon dont il sera fait et Notez igalement que vous aurez 30% du montant. Si vous jtes d'accord pour m'aider ` exicuter cette opiration riponse me dhs que posssible, et s'il vous plant tenir comfidential Guests: * microouv...@hotmail.com * micso...@hotmail.fr * midi...@yahoo.fr * migar...@hotmail.com * migt...@yahoo.com * mihailovich...@yahoo.fr * miiss-tchiikybrah-57...@hotmail.fr * miiss_diie...@hotmail.fr.html * miiss_ferni...@hotmail.fr * mika94...@hotmail.fr * mikaelf0...@hotmail.fr * mik...@hotmail.fr * mike@hotmail.fr * mike_...@hotmail.com * mikeydog...@hotmail.com * mikky_bike...@live.com * mikla_seen_97...@hotmail.fr * milads2...@hotmail.com * milady-b...@hotmail.fr * milan-the-big-b...@hotmail.fr * milazzob...@yahoo.fr * milderk...@hotmail.com * milene.koua...@yahoo.fr * miloublo...@yahoo.ca * mimi_fifi_hors...@hotmail.fr * mimicha-...@hotmail.fr * mimide...@hotmail.com * mimidragonl...@hotmail.com * mimigu...@hotmail.fr * mimine...@hotmail.fr * minamalo...@hotmail.com * minfp...@yahoo.fr * minidou12...@hotmail.com * minie_kouxine...@hotmail.com * minimal-p...@hotmail.fr * miniprix...@yahoo.ca * minkosso_e...@yahoo.fr * mirabelle...@hotmail.com * mireillecar...@hotmail.com * mireillepda...@yahoo.ca * mir...@yahoo.com * miriamlieuten...@hotmail.com * mirianne...@hotmail.fr * miro-...@hotmail.com * mir...@hotmail.fr * misc@openbsd.org * miss-blairo...@hotmail.fr * miss-g...@live.us * miss-ninounette-da...@hotmail.fr * miss-peyton-saw...@hotmail.fr * miss-t-ingue...@hotmail.fr * miss20092...@hotmail.fr * miss_k-...@hotmail.fr * miss_no...@hotmail.com * miss_pinki2...@hotmail.fr * misscarlot...@hotmail.com * missdia...@hotmail.com * missflofl...@hotmail.fr * missidled...@yahoo.com * missionn...@yahoo.fr * missjulye...@hotmail.fr * misskarin...@hotmail.fr * misskok...@hotmail.com * missm...@yahoo.fr * missnat...@hotmail.com * misspeyton_dessinatriceamoure...@hotmail.fr * mister-rowl...@hotmail.fr * misterp...@hotmail.fr * mitch.coo...@hotmail.fr * mixi...@hotmail.com * miyukic...@hotmail.fr * mj-the-leg...@hotmail.fr * mja...@hotmail.com * mjc9...@hotmail.fr * mjcfronti...@hotmail.fr * mjguerrer...@yahoo.com * mjlac...@hotmail.com * mjlessar...@yahoo.ca * mjm...@aei.ca * mjosdescha...@hotmail.com invitation_add_to_your_yahoo_calendar: http://calendar.yahoo.com/?v=60ST=20100222T12%2BTITLE=Je+sur+comptable+a+la+banque+BCB+je+vais+vir%c3%a9e+$6.million+a+la+etrangerDUR=0100VIEW=din_loc=cher+ami+Salut,+je+suis+MONSIEUR.+ASHRAF+COTU+gestionnaire+de+comptable+BANQUE+comerciale+du+Burkina+(BCB)+Je+veux+transf%c3%a9rer+$6.million(USD)+sur+un+compte+%c3%a9tranger,+si+vous+voulez+m%27aider,+je+vous+enverrai+tous+les+d%c3%a9tails+sur+la+fa%c3%a7on+dont+il+sera+fait+et+Notez+%c3%a9galement+que+vous+aurez+30%25+du+montant.+Si+vous+%c3%aates+d%27accord+pour+m%27aider+%c3%a0+ex%c3%a9cuter+cette+op%c3%a9ration+r%c3%a9ponse+me+d%c3%a8s+que+posssible,+et+s%27il+vous+pla%c3%aet+tenir+comfidentialTYPE=10 Copyright ) 2010 All Rights Reserved www.yahoo.com Privacy Policy: http://privacy.yahoo.com/privacy/us Terms of Service: http://docs.yahoo.com/info/terms/
Re: another filesystem as backup
irrelevant advice. br...@quigon $ man newfs_hammerfs man: no entry for newfs_hammerfs in the manual. br...@quigon $ man newfs_zfs man: no entry for newfs_zfs in the manual. * Tomas Bodzar tomas.bod...@gmail.com [2010-02-21 16:12]: For storage/backup you may find much more better Hammer FS or ZFS On Sun, Feb 21, 2010 at 3:15 PM, Jean-Francois jfsimon1...@gmail.com wrote: Hi All, Do you believe it is not a bad idea to use ext2 as a file system for the regular back-up (dumps) of the filesystem ? Actually, I would like to be able to read from a simple Linux the disk that contents the dumps - reaon why. Are there any constraints in doing so ? May you strongly recommand to keep ffs as file system on the backup disk for relevant reasons ? Regards -- http://www.openbsd.org/lyrics.html -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: RAID1 : offline - online (how to?)
* Rogier Krieger rkrie...@gmail.com [2010-02-21 21:39]: On Sun, Feb 21, 2010 at 19:47, Jean-Francois jfsimon1...@gmail.com wrote: Seems appropriate in the latest man, but did not appear in my man page. The -R is'nt available in version 4.4 ? any way to proceed ? As far as I know, softraid didn't support rebuilds in 4.4; it was added later. Judging from the man page differences between releases, I'd say it was between 4.4 and 4.5. i'm pretty sure it was after 4.5. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: anything better than the em(4)?
On Mon, Feb 22, 2010 at 01:56:54PM +0100, Henning Brauer wrote: * Kapetanakis Giannis bil...@edu.physics.uoc.gr [2010-02-20 16:59]: Does Intel still not provide appropriate documentation or did that web page expire? no, not really. they ae your best bet anyway tho. There is some documentation for em(4) on the intel webpage but it is still missing some important bits. The driver developer docs are only out for some chips and there is almost no errata information available. Still Intel is doing a better job then Marvell or Broadcom. -- :wq Claudio
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
EAL4 is meaningless. The auditor is not required to view the software in any way (binary or source). Any vendor with money can get its OS to be certified at least at EAL 4 because all that means is that the OS has some mechanisms in place for implementing security. It does not guarantee that those mechanisms really work or that the OS is not full of security holes. Security certifications are futile. At best, they can certify the *model*, not the *implementation*. I seriously doubt .mil or .gov has such requirements for high security networks. I see this kind of nonsense in the Enterprise world. On Mon, Feb 22, 2010 at 7:03 AM, Lori Barfield itdirec...@gmail.com wrote: On Sun, Feb 21, 2010 at 8:39 PM, Darrin Chandler dwchand...@stilyagin.comwrote: On Sun, Feb 21, 2010 at 03:35:32PM -0800, Michael Dexter wrote: Thank you Seth and Brooke for materializing and putting on a great OpenBSD booth at SCaLE in Los Angeles. Seth and Brooke? I know those two! Good people. i volunteer for SCaLE and worked with a lot of the exhibitors this year, and would like to say you guys did a nice job. ...lori -- Aram HDvDrneanu
Re: anything better than the em(4)?
On 22/02/10 14:56, Henning Brauer wrote: * Kapetanakis Giannisbil...@edu.physics.uoc.gr [2010-02-20 16:59]: Does Intel still not provide appropriate documentation or did that web page expire? no, not really. they ae your best bet anyway tho. thanks for clarifying that. Giannis
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote: EAL4 is meaningless. The auditor is not required to view the software in any way (binary or source). Any vendor with money can get its OS to be certified at least at EAL 4 because all that means is that the OS has some mechanisms in place for implementing security. It does not guarantee that those mechanisms really work or that the OS is not full of security holes. Security certifications are futile. At best, they can certify the *model*, not the *implementation*. I seriously doubt .mil or .gov has such requirements for high security networks. I see this kind of nonsense in the Enterprise world. Besides what's written above. EAL is meaningless unless you read the Protection Profile. EAL is the assurance level *against* the protection profile. If your PP specifies only that in your systems, users login using passwords you can easily get EAL7, but that would be so meaningless... -- Aram HDvDrneanu
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote: On Mon, Feb 22, 2010 at 3:51 PM, Aram HDvDrneanu ara...@mgk.ro wrote: EAL4 is meaningless. The auditor is not required to view the software in any way (binary or source). Any vendor with money can get its OS to be certified at least at EAL 4 because all that means is that the OS has some mechanisms in place for implementing security. It does not guarantee that those mechanisms really work or that the OS is not full of security holes. Security certifications are futile. At best, they can certify the *model*, not the *implementation*. I seriously doubt .mil or .gov has such requirements for high security networks. I see this kind of nonsense in the Enterprise world. Besides what's written above. EAL is meaningless unless you read the Technically meaningless, yes, but managerially meaningful in some cases, as there are organizations which require some level of certification for software to be used off-the-shelf. Would it be useful for OpenBSD to get some sort of certification level for this purpose? Possibly. Is it going to happen unless somebody absolutely needs it in order to deploy a solution? No. Unless some benefactor is willing to come forward and deal with the logistical headache of doing the paperwork and keeping it all as up to date as it needs to be, it's not going to happen, even if getting an EAL meant ponies, rainbows, and money trees for everybody. Protection Profile. EAL is the assurance level *against* the protection profile. If your PP specifies only that in your systems, users login using passwords you can easily get EAL7, but that would be so meaningless... -- Aram HDvDrneanu
Re: pfctl table cleared time is jumping around
Hi, it's a slightly weird side-effect. a quick glance indicates that the tzero timestamp is part of the stats struct and tables don't keep stats/counters by default any more. for some time tho. i don't remember any recent changes to the table code (as if anybody wanted to touch that mess) by default, does that mean it is possible to somehow keep the stats/counters with a configuration option and have it work again? I couldn't find anything regarding that in the pf.conf manpage. Michael
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Mon, 22 Feb 2010, Aram HD~CvD~Crneanu wrote: SNIP *model*, not the *implementation*. I seriously doubt .mil or .gov has such requirements for high security networks. I see this kind of nonsense in the Enterprise world. Chuckle, you are living in a fantasy world if you think this kind of nonsense only exists in the Enterprise world. diana
Re: pfctl table cleared time is jumping around
On 2010-02-22, Michael Lechtermann mich...@lechtermann.net wrote: Hi, it's a slightly weird side-effect. a quick glance indicates that the tzero timestamp is part of the stats struct and tables don't keep stats/counters by default any more. for some time tho. i don't remember any recent changes to the table code (as if anybody wanted to touch that mess) by default, does that mean it is possible to somehow keep the stats/counters with a configuration option and have it work again? Add 'counters' to the table definition.
Join our online comunity for free / Inregistreaza-te gratis
Join the best Torrent Files comunity online. Download newest Movies, Music, Applications, Video Clips and many more. Visit www.torrentfiles.ro and signup free! AlÄturaÅ£i-vÄ comunitatii online Torrent Files. Descarca Filme, MuzicÄ, Aplicatii, Vizual Clips Åi multe alte noutati. Intra pe www.torrentfiles.ro Åi inregistreaza-te gratuit! In conformitate cu legea 365/2002 privind comertul electronic, acest mesaj nu este si nu poate fi considerat spam, deoarece contine datele noastre de identificare si optiunea de dezabonare, acceptarea de primire a ofertei nu va implica financiar. V-a fost oferit datorita unuia dintre urmatoarele motive: sunteti in baza noastra de date ca urmare a unor corespondente anterioare, ati solicitat primirea ofertei noastre, adresa Dvs. a fost selectata dintr-o baza de date la care ati subscris, adresa dvs a fost facuta publica prin afisari cu caracter publicitar. Acest mesaj va este adresat cu scopul de a va invita sa beneficiati de serviciile companiei noastre si va este transmis in dorinta de a va tine la curent cu cele mai noi si mai profitabile servicii pe care vi le putem oferi. Pentru ca intelegem si apreciem dorinta dumneavoastra de intimitate, ne cerem scuze daca acest mesaj a ajuns din greseala la dvs, iar daca doriti sa nu mai primiti astfel de mesaje in viitor va rugam sa urmariti indicatiile din josul paginii pentru Dezabonare (Unsubscribe). Daca vi s-au parut interesante ofertele noastre le puteti trimite unui prieten folosind legatura Forward email. Va multumim pentru intelegere! Pentru dezabonare trimite-ti un email cu subiectul Dezabonare.
Re: IPSEC encodes traffic to local IP? [SOLVED, kindof...]
Hi, Problem found (?), so for the records in case someone else runs into the same issue... When configuring the host-host ipsec manually [1] no option is available to specify the src_flow/dst_flow for the security associations (SAD) and this seems to cause the problems. If the setup is done through isakmpd then those options are set automatically [2] and everything works fine. So from what I understand there is no way to setup a clean host-host manually through ipsec.conf only; instead you have to let isakmpd do the negotiation (which is a good idea anyway) to get src/dst_flow set. [1] setup done manually (= problems) *) pc50_root# isakmpd -K -4 -a *) ipsec.conf flow esp from 10.10.1.50 to 10.10.1.51 \ local 10.10.1.50 peer 10.10.1.51 \ srcid 10.10.1.50 dstid 10.10.1.51 \ type require esp transport from 10.10.1.50 to 10.10.1.51 spi 0xabd9da39:0xc9dbb83d \ srcid 10.10.1.50 dstid 10.10.1.51 \ authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \ enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d *) pc50_root# ipsecctl -f /etc/ipsec.conf *) pc50_root# ipsecctl -kvvs all FLOWS: @0 flow esp in from 10.10.1.51 to 10.10.1.50 local 10.10.1.50 peer 10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type require @1 flow esp out from 10.10.1.50 to 10.10.1.51 local 10.10.1.50 peer 10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type require SAD: @0 esp transport from 10.10.1.50 to 10.10.1.51 spi 0xabd9da39 auth hmac-sha2-256 enc aes \ authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8 \ enckey 0xb341aa065c3850edd6a61e150d6a5fd3 sa: spi 0xabd9da39 auth hmac-sha2-256 enc aes state mature replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1266866658 first 0 address_src: 10.10.1.50 address_dst: 10.10.1.51 key_auth: bits 256: 54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8 key_encrypt: bits 128: b341aa065c3850edd6a61e150d6a5fd3 @0 esp transport from 10.10.1.51 to 10.10.1.50 spi 0xc9dbb83d auth hmac-sha2-256 enc aes \ authkey 0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \ enckey 0xf7795f6bdd697a43a4d28dcf1b79062d sa: spi 0xc9dbb83d auth hmac-sha2-256 enc aes state mature replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1266866658 first 0 address_src: 10.10.1.51 address_dst: 10.10.1.50 key_auth: bits 256: 7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 key_encrypt: bits 128: f7795f6bdd697a43a4d28dcf1b79062d [2] setup through isakmpd (= works fine) *) pc50_root# isakmpd -K -4 *) ipsec.conf ike passive esp transport \ from 10.10.1.50 to 10.10.1.51 \ local 10.10.1.50 peer 10.10.1.51 \ srcid 10.10.1.50 dstid 10.10.1.51 \ psk TEST *) pc50_root# ipsecctl -f /etc/ipsec.conf *) pc50_root# ipsecctl -kvvs all FLOWS: @0 flow esp in from 10.10.1.51 to 10.10.1.50 peer 10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type use @1 flow esp out from 10.10.1.50 to 10.10.1.51 peer 10.10.1.51 srcid 10.10.1.50 dstid 10.10.1.51 type require SAD: @0 esp transport from 10.10.1.51 to 10.10.1.50 spi 0x7709d9c3 auth hmac-sha2-256 enc aes \ authkey 0x79b951f992cf17d041f1224d3c4a9703b9a66db0c5012b65b656fc5109ae59eb \ enckey 0x367fd3fee168706968f605bbf00699f0 sa: spi 0x7709d9c3 auth hmac-sha2-256 enc aes state mature replay 16 flags 0 lifetime_cur: alloc 0 bytes 2448 add 1266865920 first 1266866026 lifetime_hard: alloc 0 bytes 0 add 1200 first 0 lifetime_soft: alloc 0 bytes 0 add 1080 first 0 address_src: 10.10.1.51 address_dst: 10.10.1.50 key_auth: bits 256: 79b951f992cf17d041f1224d3c4a9703b9a66db0c5012b65b656fc5109ae59eb key_encrypt: bits 128: 367fd3fee168706968f605bbf00699f0 identity_src: type fqdn id 0: 10.10.1.51 identity_dst: type fqdn id 0: 10.10.1.50 src_mask: 255.255.255.255 dst_mask: 255.255.255.255 protocol: proto 0 flags 0 flow_type: type use direction in src_flow: 10.10.1.51 dst_flow: 10.10.1.50 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1266866075 @0 esp transport from 10.10.1.50 to 10.10.1.51 spi 0x9aec4ceb auth hmac-sha2-256 enc aes \ authkey 0x0e277d8457bbdb4ae5f9d391f2e568250b6d11af6226b1a0406b8ad92e155d28 \ enckey 0x205ddd7b6fb2dd9876b49281beef9a8b sa: spi 0x9aec4ceb auth hmac-sha2-256 enc aes state mature replay 16 flags 0 lifetime_cur: alloc 0 bytes 1581 add 1266865920 first 1266866026 lifetime_hard: alloc 0 bytes 0 add 1200 first 0 lifetime_soft: alloc 0 bytes 0 add 1080 first 0 address_src: 10.10.1.50 address_dst: 10.10.1.51 key_auth: bits 256: 0e277d8457bbdb4ae5f9d391f2e568250b6d11af6226b1a0406b8ad92e155d28
Re: pfctl table cleared time is jumping around
Hi, it's a slightly weird side-effect. a quick glance indicates that the tzero timestamp is part of the stats struct and tables don't keep stats/counters by default any more. for some time tho. i don't remember any recent changes to the table code (as if anybody wanted to touch that mess) by default, does that mean it is possible to somehow keep the stats/counters with a configuration option and have it work again? Add 'counters' to the table definition. That didn't fix it. The stats are shown now, but the dates are still jumping around. :-( Michael
Re: pf packet tagging and keep state
Henning Brauer wrote: err? packets matching the state are of course queued in the queue specified in the rule, what else? Maybe I am influenced too much with linux traffic-shaping/firewalling. And from that point, I was not concious about what pf keeps track of with its state-engine because I did not read anything about this in the man-pages. I only read that no further rule-elevation at all will be done on packets matching a state. All references on stickyness of attributes in the man-page are about further rules matching a packet, not those which allready matched a state. Maybe it should be stated in pf.conf(5) what the state-engine keeps track of, just to clarify. At least that does not seem intuitive to me. Another inconsistency for me would be scrub, or now match .. scrub, will all packets be scrubbed in a state, will they be matched or just scrubbed by the state-engine? If matched, then there would be an elevation after all. Sorry for misusing this thread for that but with the first post of the OP it seemed the right place. Bye and thanks in advance, Andreas Mueller.
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Monday, February 22, 2010, Bret S. Lambert bret.lamb...@gmail.com wrote: Unless some benefactor is willing to come forward and deal with the logistical headache of doing the paperwork and keeping it all as up to date as it needs to be, it's not going to happen, even if getting an EAL meant ponies, rainbows, and money trees for everybody. Ponies and rainbows? Forget it. Money tree? Drop me an email. I would love to get paid to do somethng with my CISA... -N
Beach POaradise Cancun 5* noche Gratis, Hotetur
En caso de no poder ver correctamente este correo favor de dar haga clic aqum Le interesa recibir nuestros email? Promocisn 5X4 (comisionable al 10% para las Agencias de Viajes) Tarifa especial de 950 pesos Por Persona en PLAN ALL INCLUSIVE base Doble en habitacisn standard con vista al mar o a la laguna LA QUINTA NOCHE ES GRATIS (no acumulable ni combinable con otras promociones) Suplemento Sencilla: $300.00 pesos por noche Exclusivo Mercado Nacional Fechas de Viaje: del 01 de Marzo al 30 de Abril, 2010 (Sujeto a espacio) Reservar antes del 15 de Abril, 2010 Observaciones: Ocupacisn Maxima: 4 personas TODAS LAS TARIFAS SON POR PERSONA POR NOCHE Tarifas en pesos Mexicanos, todos los impuestos incluidos Promocisn Niqos GRATIS: Promocisn hasta 2 menores de 0-12 aqos GRATIS compartiendo habitacisn con dos adultos de Ene 30 - Dic 20, 2010. En caso de que exista hasta un 3er Menor (0-12 aqos) este tendrma que pagar costo de menor $ 350 pesos y solo es permitido en la habitacisn tipo estandar. En los casos que el uso de la habitacisn sea en base SENCILLA, los niqos de (03-12) aqos pagan el costo de menor $ 350 pesos (solo mercado Nacional) Especial para Lunamieleros Upgrade a One bedroom Suite (Sujeto a disponibilidad) Decoracisn de manera especial la habitacisn 01 botella de vino espumoso 01 Canasto de frutas Suplementos One bedroom suite: Para la habitacisn One Bedroom Suite se tendra que cobrar un Suplemento de $ 125 pesos por persona por noche Nota: El hotel no acepta grupos de estudiantes Spring Break email: reservas.parad...@hotetur.com o reserve www.hotetur.com Este mensaje fue enviado para informacisn de nuestras promociones. No pretendemos saturar su correo ni causarle molestias. Este mensaje de correo electrsnico no se considera SPAM, ya que cumple con lo establecido en el capmtulo VIII BIS de los lineamientos sobre comercio electrsnico publicados por la PROFECO, ademas de contener instrucciones y una forma electrsnica para notificar y solicitar la cancelacisn de su envmo y no continuar recibiindolo. Si no desea recibir en un futuro estos mensajes favor de hacer clic en ( unsuscr...@pqstravel.com ) y sera removido de nuestra lista en 72 horas. Si desea informacisn sobre nuestros servicios, contactennos a m...@pqstravel.com
$100 to configure ALTQ on a 4.6 router
I have a simple setup; a soekris box running 4.6 doing NAT for my local network. I'd like a configuration to give skype traffic top priority, then my DNS server, then ssh sessions, then http and SSL, then everything else, and bittorrent. I have so little upload bandwidth I don't want to waste any; only 80k up on a good day, and the web server is hosting stuff almost constantly. If this is up your alley, and you know this stuff inside out, please contact me and I'll fill in a couple more details of my internal network and provide the current NAT configuration in use (which has some stuff in it to work with the special DNS setup) Ted -- Nothing is true unless it makes you laugh, But you don't understand it until it makes you weep. Name:Ted Walther Phone: 208-310-7032 Skype: tederific Email: t...@reactor-core.org Address: #225 17700 58 Ave, Cloverdale, BC V3S1L6
Re: $100 to configure ALTQ on a 4.6 router
On Mon, Feb 22, 2010 at 05:59:18PM -0800, Ted Walther wrote: I have a simple setup; a soekris box running 4.6 doing NAT for my local network. I'd like a configuration to give skype traffic top priority, then my DNS server, then ssh sessions, then http and SSL, then everything else, and bittorrent. I have so little upload bandwidth I don't want to waste any; only 80k up on a good day, and the web server is hosting stuff almost constantly. If this is up your alley, and you know this stuff inside out, please contact me and I'll fill in a couple more details of my internal network and provide the current NAT configuration in use (which has some stuff in it to work with the special DNS setup) Look at altq, in the man pages and maybe the faq. I don't know this stuff inside outby any means, but honestly, check it out, experiment, and then donate the $100 to OpenBSD. Or whatever you want, but you'll make the baby Jigglypuff cry. Ted -- Nothing is true unless it makes you laugh, But you don't understand it until it makes you weep. Name:Ted Walther Phone: 208-310-7032 Skype: tederific Email: t...@reactor-core.org Address: #225 17700 58 Ave, Cloverdale, BC V3S1L6
Re: Is it time to replace this hard disk?
On Tue, Feb 23, 2010 at 7:45 AM, Jason Beaudoin jasonbeaud...@gmail.com wrote: On Mon, Feb 22, 2010 at 4:00 AM, Siju George sgeorge...@gmail.com wrote: On Mon, Feb 22, 2010 at 12:19 PM, Johan Beisser j...@caustic.org wrote: On Sun, Feb 21, 2010 at 10:15 PM, Siju George sgeorge...@gmail.com wrote: Hi, I get a few of this kind of error during a forced manual fsck at boot. Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn 5392325 (wd0 bn 24734585; cn 1539 tn 167 sn 29) Feb 15 15:43:51 fw2 /bsd: wd0g: uncorrectable data error reading fsbn 5392326 (wd0 bn 24734586; cn 1539 tn 167 sn 30), retrying I guess it is time to replace the Disk? Yes. not necessarily.. I had a wacky HD controller that provided similar results in dmesg, but if the op asked, I'm guessing that isn't the case :P Ok I am running with that disk any way to see how far it goes :-) It is a second firewall and if it goes I can route the traffic throguh the first one. So no problem thanks --Siju
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On 2/22/2010 9:23 AM, Bret S. Lambert wrote: Unless some benefactor is willing to come forward and deal with the logistical headache of doing the paperwork and keeping it all as up to date as it needs to be, it's not going to happen, even if getting an EAL meant ponies, rainbows, and money trees for everybody. Can't someone just port it from FreeBSD?
Sparc classic serial ports ttya vs cuaa
Hi all, I've been working on getting gpsd working on one of my old Sun IPXes but I've run into a problem with ldattach needing the /dev/cuaa device. The serial port /dev/ttya is working with gpsd directly but ldattach requires /dev/cuaa. However, according to the system logs, ldattach issues the error (ldattach is run as root): ldattach: can't open /dev/cuaa: Device not configured However, the device does exist in the /dev tree: # ls -l /dev/cuaa crw-rw 1 uucp dialer 12, 128 Feb 21 18:52 /dev/cuaa THe matching tty also exists # ls -l /dev/ttya crw-rw 1 uucp dialer 12, 0 Feb 21 18:52 /dev/ttya I'm at a loss to understand what's going on. Straight use of /dev/ttya and gpsd works fine, gpsd is able to detect the GPS receiver plugged into the port. However, I need ldattach for the PPS discipline that I'm feeding through the DCD line. The system is being booted with a keyboard and display plugged in so, as far as I know, no gettys are attaching to the serial ports. Thanks
Re: OT: opinions on IDS / IPS solutions
Having looked into BroIDS and a couple of potential options/setups, I'd be interested in hearing anyone's experience working with either or both BroIDS / Snort.. - i like that BroIDS is network-based as opposed to signature, though it doesn't seem like Bro has frontend as polished as one might like.. are the alarms only sent out via mail/etc.. or are there utilities to help parse/graph/htmlize the results? I like the idea of something like BASE for analysis. - anyone running BroIDS / snort who might be able to share the system specs and what sort of traffic / analysis / capturing they are doing? - is BroIDS capable of working in sentry mode, as a sensor reporting to one analysis system? I see the options for full capturing and offline analysis, but this is just going to spit out some flat files.. getting them to another system for analysis seems a bit cumbersome.. - in terms of BroIDS/Snort and PF.. who comes first in processing network traffic? - is Bro able to log, compress, store and index events for later reviewing/searching? or should I just have the events forwarded to a central logging server running splunk..? thanks for the insight.. ~Jason
ULTIMOS DÍAS - Talleres de capacitación empresarial de la IMM - Febrero 2010
TALLERES DE VERANO 2010 UNIDAD PYMES (IMM) Seminario de capacitacisn en Gestisn de recursos humanos A cargo estaran 3 docentes uruguayos de amplia experiencia y formacisn. Carga horaria: 12 horas de capacitacisn en 3 jornadas. Se incluyen materiales extra, coffee break y certificado. Inicio: Jueves 25 de febrero de 18 a 22 hs. - Parque Batlle, Montevideo. Seminario de capacitacisn en Gestisn de cobranzas y fidelizacisn de clientes Docentes: Prof. Daniel Alcoba - Martmn Lima Carga horaria: 12 horas de capacitacisn en 3 jornadas. Se incluyen materiales extra, coffee break y certificado. Inicio: Miircoles 3 de marzo de 18 a 22 hs. - Parque Batlle, Montevideo. Inversisn de cada taller: 600 pesos uruguayos (precio final). Puede abonar por BROU, ABITAB o Cobrador. Informes: 314.1688* ULTIMOS DMAS - CUPOS LIMITADOS Si desea no recibir mas novedades por mail puede enviar un correo con el asunto: BAJA, para ser automaticamente eliminado. [demime 1.01d removed an attachment of type image/jpeg which had a name of mail_esag_logo4.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of mail_mail.jpg]
Re: OT: opinions on IDS / IPS solutions
On Tue, Feb 23, 2010 at 12:40 AM, Johan Beisser j...@caustic.org wrote: On Mon, Feb 22, 2010 at 8:53 PM, Jason Beaudoin jasonbeaud...@gmail.com wrote: - in terms of BroIDS/Snort and PF.. who comes first in processing network traffic? hardware interface kernel device driver bpf/pcap -- application (tcpdump, snort, BroIDS, etc) packet filter (PF) thanks you Johan!
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
Steve Shockley wrote: On 2/22/2010 9:23 AM, Bret S. Lambert wrote: Unless some benefactor is willing to come forward and deal with the logistical headache of doing the paperwork and keeping it all as up to date as it needs to be, it's not going to happen, even if getting an EAL meant ponies, rainbows, and money trees for everybody. Can't someone just port it from FreeBSD? Can't port a process but a group certification may be an option. Note the recent Re: Is OpenBSD + PF accredited or certified in any way ? thread. I'll inquire with GeNUA, FreeBSD and the person who asked at the conference. Do any OpenBSD Foundation people care about EAL? Michael
Η ΖΩΗ ΑΝΤΑΠΟΚΡΙΝΕΤΑΙ ΣΤΙΣ ΔΙΕΚΔΙΚΗΣΕΙΣ! - σεμινάριο
LAHE MA DIEJDIJEIS! (Assertiveness Training) S\bbato 27 Vebqouaq_ou, ?qer 17:45 21:00 Ap| tg fy^ dem pa_qmoule |,ti an_foule akk\ |,ti diejdijo}le! O jgr Accek\jgr paqousi\fei lia spouda_a epist^loma jai j\mei s}mtolg eisacyc^ stgm +t]wmg; tou ma lpoqo}le ma diejdijo}le jai ma pa_qmoule |ka |sa lar an_foum stg fy^, stg doukei\ jai stir sw]seir. Diejdijgtij|tgta omol\foule tgm ijam|tgta tou at|lou ma lpoqe_ ma ejvq\fei tir apait^seir tou jah~r jai tgm ijam|tgt\ tou ma tir pqaclatopoi^sei. To diejdijgtij| \tolo elpiste}etai tom eaut| tou |ti lpoqe_ ma ejvq\sei tir epihul_er tour jai mi~hei |ti ]wei tir ijam|tgter cia ma tir pqaclatopoi^sei. Eisgc^tqia : AMASTASIA SOVIAMOPOUKOU, Jkimij^ Xuwok|cor Xuwoheqape}tqia H Amastas_a Soviamopo}kou e_mai ap|voitor tou Pqocq\llator Xuwokoc_ar tgr Vikosovij^r Swok^r tou Pamepistgl_ou Ahgm~m, jai tou Letaptuwiajo} Pqocq\llator Eid_jeusgr stgm Jkimij^ Xuwokoc_a tou id_ou Tl^lator. Ap| tom Ojt~bqio 2008 e_mai upox^via Did\jtyq Jkimij^r Xuwokoc_ar sto Pamepist^lio Ahgm~m. Ejpaide}tgje sto Imstito}to 8qeumar jai Heqape_ar tgr Sulpeqivoq\r yr Xuwoheqape}tqia cmysiaj^r/ sulpeqivoqistij^r jate}humsgr. 8wei did\nei se vqomtistgqiaj\ lah^lata jai selim\qia tou Pqocq\llator Xuwokoc_ar, jai ]wei sullet\swei le pqovoqij]r jai amaqtgl]mer amajoim~seir se Pamekk^mia jai Euqypazj\ Sum]dqia. 8wei sumeqcaste_ stgm pqosaqloc^ sta ekkgmij\ heqapeutij~m ecweiqid_ym sto w~qo tgr cmysiaj^r-sulpeqivoqistij^r heqape_ar, jah~r jai stg succqav^ \qhqym jai epistglomij~m jevaka_ym se ekkgmij\ jai nem|ckyssa bibk_a. Ap| to 2008 sumeqc\fetai le to Imstito}to 8qeumar jai Heqape_ar tgr Sulpeqivoq\r se ejpaideutij\ jai eqeumgtij\ h]lata, em~ ap| tom Iamou\qio 2010 e_mai epistglomij^ sumeqc\tida tou Tl^lator Heqapei~m Paidi~m jai Ev^bym tou IEHS. Paq\kkgka eqc\fetai idiytij\ yr Jkimij^ Xuwok|cor Xuwoheqape}tqia. St|wor tou selimaq_ou : Ma jatamo^sete e}joka jai biylatij\ le poiour tq|pour lpoqe_te ma aun^sete tgm autopepo_hgs^ sar ~ste ma +oqh~mete; paq\stgla jai ma lpoqe_te ma diejdije_te le ^qelo jai apovasistij| tq|po |ka |sa piste}ete |ti sar an_foum stgm pqosypij^ jai eqcasiaj^ sar fy^. Se poio}r apeuh}metai: To selim\qio e_mai eidij\ swediasl]mo cia \tola pou h]koum ma dumal~soum apotekeslatij\ to dija_yla ma fgto}m jai ma pa_qmoum, wyq_r ma ]qwomtai se sucjqo}seir le tour \kkour amhq~pour. Paq\kkgka, ma bogh^sei ma apojt^sete aj|la jak}teqer deni|tgter se h]lata diapqosypij^r sulpeqivoq\r jai epijoimym_ar. Emdeijtij^ Helatokoc_a: To selim\qio e_mai pko}sio se ukij| se apk^ jai jatamogt^ ck~ssa, ap| tewmij]r pou aun\moum tgm autopepo_hgsg jai sar laha_moum ma diejdije_te le epituw_a, l]sa ap| biylatij]r asj^seir. * L]sa ap| apk^, jatamogt^ jai biylatij^ xuwo-ejpa_deusg jai asj^seir, ha c_mete cm~ster |kym tym diavoqetij~m loqv~m epijoimym_ar. * P~r ma lpoqe_te ma epik]cete tgm pio jat\kkgkg cia tgm j\he peq_stasg. * Poier e_mai oi pio apotekeslatij]r tewmij]r jai pqajtij]r evaqloc]r tgr diejdijgtij^r sulpeqivoq\r. * P~r ma diaweiq_feste ta sumaish^lat\ sar |tam bq_sjeste se jatast\seir pou pqojako}m p_esg, algwam_a, abebai|tgta jai ejmeuqisl| le ap~teqo st|wo tgm a}ngsg tgr autopepo_hgsgr sar jai tg bekt_ysg tou tq|pou pou epijoimyme_te, diapqaclate}este jai ejvq\fete tir epihul_er jai epidi~neir sar. Til^ sulletow^r 110 - G til^ sulletow^r sulpeqikalb\mei sglei~seir jai Beba_ysg Paqajoko}hgsgr. Tgk]vyma sulletow~m 210-2512988 210-2584880 i...@image-a.gr Am dem epihule_te ma kalb\mete tgm paqap\my akkgkocqav_a, paqajako}le pat^ste ed~