Oportunidades de Licitaciones Públicas para 2011 en D.F.
[IMAGE] !Promociones Especiales para grupos! Capacitacisn Impartida por: Mtro. Alberto Ledesma Gonzalez. Pms Capacitacisn Efectiva de Mixico presenta: Licitaciones Pzblicas de Adquisiciones, Arrendamientos y Servicios Experto Consultor Mtro. Alberto Ledesma Gonzalez Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJALICITA Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJALICITA Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of adquisicionespromo.jpg]
Re: Laptop Issues
On Wed, Jan 12, 2011 at 5:52 PM, Nicholas Schmidt oneguyn...@gmail.com wrote: I am working on a laptop HOWTO and I am stuck on the synaptics touchpad. Google has turned up nothing, but I was hoping someone could point me in the right direction. Thanks - Nick Hi, Have a look at: http://marc.info/?l=openbsd-techm=128880691916170 Ciao David
Re: High CPU interrups, low network performace
On 2011-01-12, Bernd Bornkessel bbornkes...@dunkel.de wrote: unfortunately I'm facing a problem with my OBSD routers running 4.8-RELEASE With top I can see very high interrupt cpu states, when forwarding high packet rates. Is there much difference if you switch to GENERIC instead of GENERIC.MP? (probably installed as /bsd.sp; you can either rename the file, or type 'boot bsd.sp' at the boot prompt, or 'echo set image bsd.sp /etc/boot.conf')
Re: Is it possible: IPsec tunnel with no static addresses?
On 2011-01-01, Matt Evans m...@mattevans.org wrote: I've never seen an example where hostnames are used in place of static IP addresses in configuration files. Is it the case that anywhere I see an ip address (filenames, conf file values, etc), I could just as easily put in foo.dyndns.org? In many cases this works, though in some cases there are hidden problems (e.g. it is often not advisable to do this in pf.conf). With most configuration files in OpenBSD (including, particularly relevant here, ipsec.conf) the name is resolved _when the configuration file is read_ so you will need some way to monitor for address changes and reload the configuration. You might find that OpenVPN is better for this usage case as it has specific support for dynamic endpoints (i.e. it re-resolves the name when keepalives fail).
Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
First they ignore you, then they ridicule you, then they fight you, then you win. -- Mahatma Ghandi. Well if Fox's new comedy show Breaking In is any indication, infosec has now entered Ghandi's second stage. http://goo.gl/ZpLDp [youtube] (hat tip to Adam O'Donnell for this humorous find, and Sam Bowne for the quote/quip) But on a slightly more serious note. CanSecWest is nearing in the second week of March, and this year I've waited on sending out the CFP note/reminder. It's been up on the site for a while with a Dec 29 deadline, but this is the real last call for submissions. If you don't get them in by this weekend they won't make the selections review process next week. We'll try to announce the selections the week following. After 11 years, most of you should know the drill, but for those who haven't submitted or attended before, the fine print and usual further information is attached below. Other info: We are doing more dojo training courses than ever this year (17!) and they will be up for registration next week. I've also confirmed with Aaron/TippingPoint/HP that we will again be holding PWN2OWN with both browser and mobile targets, so stand by for some announcements there. There will also be some other new experiments and conference goings on, some fascinating keynotes that have been invited, as well as some interesting new sponsors exhibiting new security wares that you'll see announced on the conference site in the coming weeks, but for now, get your talk proposals in so that our grumpy, cynical, and battle-scarred reviewers can complain about them, err, I mean provide informative feedback.;-) cheers, --dr (@dragosr) The usual CFP boilerplate info: Call For Papers The CanSecWest 2011 CFP is now open. Deadline is January 17th, 2011. CanSecWest CALL FOR PAPERS VANCOUVER, Canada -- The twelfth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Sheraton Wall Centre on March 9-11, 2011. The most significant new discoveries about computer network hack attacks and defenses, commercial security solutions, and pragmatic real world security experience will be presented in a series of informative tutorials. The CanSecWest meeting provides international researchers a relaxed, comfortable environment to learn from informative tutorials on key developments in security technology, and to collaborate and socialize with their peers in one of the world's most scenic cities - a short drive away from one of North America's top skiing areas. The CanSecWest conference will also feature the availability of the Security Masters Dojo expert network security sensei instructors, and their advanced, and intermediate, hands-on training courses - featuring small class sizes and practical application exercises to maximize information transfer. We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the CanSecWest technical review committee. This year we will be doing one hour talks, and some shorter talk sessions. Please make your paper proposal submissions before January 17th, 2011. Some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and accommodations for the speakers. If you have a proposal for a tutorial session then please make your submission by emailing a synopsis of the material and your biography, papers and, speaking background to secwes...@cansecwest.com . Only slides will be needed for the March paper deadline, full text does not have to be submitted - but will be accepted if available. This year we will be opening CanSecWest presentation guidelines to include talks not in English (particularly Chinese and Korean) which we will offer to translate for the speaker if you are not a native English speaker. The CanSecWest 2011 conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and new education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is
Donations AMD smp nodes
Hi, Emailed dev but think the mail was stripped because of attachments. We have some racks of appro AMD blade servers that have been decommissioned and are set to be disposed of. I got ok to donate some or all.These were used in energy HPC environment for seismic data processing. Email offlist if interested. Mb
X not working on latest snapshot
X failed completely for me on a previous snapshot, complete lock up, black screen. I built X with CFLAGS=-g, changed sysctl to kern.nosuidcoredump=2 and ran startx -- /usr/X11R6/bin/X -keepPriv I was able to kill remotely and did not get a black screen.No /var/crash nor Xorg.0.log. I just installed latest -snapshot, no X, but I am able to log in from another console and kill it. Small improvement. Still no Xorg.0.log. I also tried using a diferent video card with previous snapshot, did not help. dmesg: OpenBSD 4.8-current (GENERIC.MP) #737: Tue Jan 11 15:26:17 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR real mem = 517255168 (493MB) avail mem = 498667520 (475MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/16/06, SMBIOS rev. 2.4 @ 0xe4410 (32 entries) bios0: vendor Intel Corp. version MQ96510J.86A.0816.2006.0716.2308 date 07/16/2006 bios0: Intel Corporation DQ963FX acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S4) UAR2(S4) ILAN(S4) PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) EHCI(S3) EHC2(S3) UH42(S3) UHC5(S3) AZAL(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 201MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.23 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (P32_) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus 2 (PEX1) acpiprt4 at acpi0: bus 3 (PEX2) acpiprt5 at acpi0: bus 4 (PEX3) acpiprt6 at acpi0: bus 5 (PEX4) acpiprt7 at acpi0: bus -1 (PEX5) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: SLPB bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82Q965 Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82Q965 Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0x2000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 Intel 82Q965 HECI rev 0x02 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH8 IGP C rev 0x02: apic 2 int 20 (irq 9), address 00:16:76:d5:c8:08 uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: apic 2 int 16 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: apic 2 int 21 (irq 10) ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x02: apic 2 int 18 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x02: apic 2 int 22 (irq 9) azalia0: codecs: Sigmatel STAC9227X audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x02: apic 2 int 17 (irq 255) pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x02: apic 2 int 16 (irq 255) pci2 at ppb1 bus 2 pciide0 at pci2 dev 0 function 0 Marvell 88SE6101 IDE rev 0xb1: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 2 int 17 (irq 10) for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: ST3200822A wd0: 16-sector PIO, LBA48, 190782MB, 390721968 sectors pciide0: channel 1 ignored (not responding; disabled or no drives?) ppb2 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x02: apic 2 int 18 (irq 255) pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x02: apic 2 int 19 (irq 255) pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x02: apic 2 int 17 (irq 255) pci5 at ppb4 bus 5 uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x02: apic 2 int 23 (irq 11) uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x02: apic 2 int 19 (irq 11) uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x02: apic 2 int 18 (irq 11) ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x02: apic 2 int 23 (irq 11) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xf2 pci6 at ppb5 bus 6 ichpcib0 at pci0 dev 31 function 0 Intel 82801H LPC rev 0x02: PM
Re: Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
Dragos == Dragos Ruiu d...@kyx.net writes: Dragos It's been up on the site for a while with a Dec 29 deadline, Dragos but this is the real last call for submissions. Really? Then why did you use Penultimate (which means next to last) instead of Ultimate in the subject line? Yours for a more literate education, -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion
Re: Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
On Thu, Jan 13, 2011 at 5:02 PM, Randal L. Schwartz mer...@stonehenge.com wrote: Dragos == Dragos Ruiu d...@kyx.net writes: Dragos It's been up on the site for a while with a Dec 29 deadline, Dragos but this is the real last call for submissions. Really? Then why did you use Penultimate (which means next to last) instead of Ultimate in the subject line? http://en.wikipedia.org/wiki/Humor Yours for a more literate education, -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion
Re: pf and traceroute
On 1/13/2011 at 5:59 AM David Walker wrote: |Hi Mike. | |Here's a couple of points. | |First, Windows uses ICMP only on traceroute (tracert) so there's |consistency between your Windows and FreeBSD internal hosts - it's an |ICMP blocked (in or out) issue. | |http://technet.microsoft.com/en-us/library/cc940128.aspx | Hi David, Yes, I know that Windows uses ICMP for traceroute (I use both the Windows tracert command line utility and the SamSpade GUI utility). However, I have found that troubleshooting is always easier if one can eliminate Windows from the mix, that's why I reproduced the problem on the FreeBSD box (and also an OpenBSD notebook, but I didn't show those logs. They're the same as the FreeBSD results). |Can you ping and traceroute your router from your internal hosts? ping: yestraceroute (UDP): yestraceroute (ICMP): yes |Can you go the other way? ping: yestraceroute (UDP): yestraceroute (ICMP): yes |Second, and here we go into grey area, I'm no expert at the pf thing |and I do it slightly different to you. | [big snip] Many thanks for the additional info. I will do some exploring, reading and testing. One quick note, though, after a quick read of what you mentioned --- I think you might have hit upon something when you mentioned something to do with the order of your match/block versus my block/pass. Traceroutes were working here previously. I rewrote the rules surrounding NAT when the new pf.conf syntax appeared, that's when I started noticing the traceroute issues.
Re: High CPU interrups, low network performace
On 2011-01-12, Bernd Bornkessel bbornkes...@dunkel.de wrote: unfortunately I'm facing a problem with my OBSD routers running 4.8-RELEASE With top I can see very high interrupt cpu states, when forwarding high packet rates. Is there much difference if you switch to GENERIC instead of GENERIC.MP? (probably installed as /bsd.sp; you can either rename the file, or type 'boot bsd.sp' at the boot prompt, or 'echo set image bsd.sp /etc/boot.conf') I cant see much difference running GENERIC. Maybe a little bit more throughput, but still with the cpu on fire.
Taller de Organización de Existencias 2011, 27 de Enero México D.F.
[IMAGE] !Promociones Especiales para grupos! Capacitacisn Impartida por: Lic. Ariel Valero Cruz. Pms Capacitacisn Efectiva de Mixico presenta: Estrategias y Ticnicas de Supervisisn y Organizacisn de Almacenes e Inventarios. Experto Consultor Mtro. Lic. Ariel Valero Cruz Empresa Registrada ante la STPS Reg. COLG640205CP30005 Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAALMACENES Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAALMACENES Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of almacenespromo.jpg]
Re: [Full-disclosure] Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
On 2011-01-13, at 7:31 AM, valdis.kletni...@vt.edu wrote: On Thu, 13 Jan 2011 03:23:49 PST, Dragos Ruiu said: It's been up on the site for a while with a Dec 29 deadline, but this is the real last call for submissions. vocabulary-nazi If it's the real last call, it's not the penultimate, it's the ultimate. The penultimate is the second to last one. /vocabulary-nazi On 2011-01-13, at 8:02 AM, Randal L. Schwartz wrote: Dragos == Dragos Ruiu d...@kyx.net writes: Dragos It's been up on the site for a while with a Dec 29 deadline, Dragos but this is the real last call for submissions. Really? Then why did you use Penultimate (which means next to last) instead of Ultimate in the subject line? Yours for a more literate education, And a few others... For the record, I'm perfectly aware of the definition of penultimate. It was my (apparently) lame attempt at being whimsical. Should have made it Final, Really, Really, Last, Almost Definitely, Penultimate, Call For Papers. - to poke fun at ourselves and extending deadlines. In my defense it was 3 a.m. and I'd been working on stuff since six in the morning so I'm sure I wasn't firing on all cylinders. This is why I work with computers instead of doing stand up. I guess I should leave the humor to the SecurityClowns. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada, March 9-11 2011 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp @dragosr
[OOT] AMD64 4.8 -stable Symux graph spike everytime pf(4) reload
Hi Misc@, Has anyone encountered symux rrd graph spike on an AMD64 4.8-stable? I have a Cacti installed on an amd64 4.8-stable and i386 4.7-stable. Graph spike happens every time pf is reload (pfctl -f /etc/pf.conf) in an AMD64 machines, but doesn't happen on i386 4.7-stable. I see there is a difference in symux version ( 2.79 on 4.7 and 2.82 on 4.8). Anyone had a clue? Thanks, Insan Praja DMESG (AMD64-stable): OpenBSD 4.8-stable (GENERIC.MP) #1: Sun Dec 19 01:03:57 WIT 2010 r...@ns2.mygreenlinks.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2110259200 (2012MB) avail mem = 2040262656 (1945MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf06d0 (48 entries) bios0: vendor American Megatrends Inc. version 0604 date 07/22/2010 bios0: ASUSTeK Computer INC. P5G41T-M LX acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI acpi0: wakeup devices P0P2(S4) P0P3(S4) P0P1(S4) UAR1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz, 2934.52 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu0: 3MB 64b/line 8-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz, 2934.17 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG cpu1: 3MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus -1 (P0P3) acpiprt3 at acpi0: bus 2 (P0P1) acpiprt4 at acpi0: bus 1 (P0P4) acpiprt5 at acpi0: bus -1 (P0P5) acpicpu0 at acpi0 acpicpu1 at acpi0 aibs0 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB cpu0: unknown Enhanced SpeedStep CPU, msr 0x06160b2506000b25 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2934 MHz: speeds: 2933, 1600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel G41 Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel G41 Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 10) drm0 at inteldrm0 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: apic 2 int 21 (irq 5) azalia0: codecs: Realtek/0x0887 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 2 int 16 (irq 10) pci1 at ppb0 bus 1 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 3) uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 (irq 10) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 (irq 6) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 (irq 10) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 3) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci2 at ppb1 bus 2 rl0 at pci2 dev 0 function 0 D-Link 530TX+ rev 0x10: apic 2 int 19 (irq 10), address 00:1e:58:3e:70:45 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci2 dev 1 function 0 D-Link 530TX+ rev 0x10: apic 2 int 16 (irq 10), address 00:11:95:63:48:63 rlphy1 at rl1 phy 0: RTL internal PHY pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 22 (irq 11) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD3200AAJS-08L7A0 wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00
Re: Intel NIC I340-T4 (82580 ethernet chipset)
There are plans to support 82580 but we ideally need hardware first, contact me off list if you can help out. On Mon, Jan 10, 2011 at 07:26:46PM +0100, fredrik danerklint wrote: Hi! Is there any plans for supporting this network card from Intel? There is an driver for FreeBSD 7.x series and later available from Intel http://downloadcenter.intel.com/Detail_Desc.aspx?agr=YDwnldID=15815keyword=%2282580%22lang=eng Is it very complicated to port this driver to OpenBSD? The only messages I've seen so far is this http://www.mail-archive.com/freebsd-questions@freebsd.org/msg237533.html -- //fredan
Question about snmpd and snmpctl...
Will sending a trap with snmpdctl update the MIB information for a custom MIB setup with snmpd.conf? Or, does it only send the information to the snmp trap receiver without updating the MIB that was setup with snmpd.conf?
Re: Pflow netflows exported twice for each connection?
On Tue, Jan 11, 2011 at 2:15 AM, Henning Brauer lists-open...@bsws.de
wrote:
* Daniel C. Sinclair daniel.c.sincl...@gmail.com [2011-01-11 09:46]:
From the firewalls point of view interfaces are not inside or outside
- they are just interfaces with some network behind them.
sigh.
you can continue to twist words, or you can solve your problem. if you
prefer to twist words I'm out.
internet OUTSIDE
firewall
shitloads of vlans INSIDE
My situation is different from yours.
I have many internet links in multiple buildings, private T1s between
some buildings, a bunch of servers in one location, staff PCs all
over, public kiosks, public internet stations, public wifi everywhere,
and firewalls to segregate everything. What is inside, what is
outside? Public wifi is not in the egress group and is full of
uncontrolled and often hostile hosts - is this inside? People have
even done weird things like get on the wifi and NAT their own internet
connection behind that so they can access our in-building only
services from anywhere they want. Now I have their internet on the
'inside' of my network?
I gave up trying to twist inside/outside to fit my situation. All my
firewalls block in all with pass in exceptions on some interfaces, and
pass out all with pflow. This solved my problems and is easy to
understand.
Where do you put the 'keep state(pflow)'?
just one spot.
ks = keep state(pflow)
doubt that helped you know tho
Do you have to add it to more than one rule?
me? yes.
In my case I always want pflow on everything and
I prefer to eliminate the chance that I (or someone else) forget to
add it somewhere. Adding it on the single 'pass out' rule keeps
things simple.
aha. you want fine grained (because otherwise you get it twice, bu
definition), but you only want to use one giant global hammer. now
that is going to work out.
Your 'giant global hammer' equals my 'sane default expressed in a
single location'. I want non-duplicated netflow everywhere and I
don't want to specify it on every rule. It doesn't matter if it's
'keep state(pflow)' or '$ks', I don't want to repeat it all over and
risk omitting it somewhere. I tried 'set state-defaults pflow' and
then turning off pflow on some rules to avoid duplicates but that
wasn't as simple as what I'm using.
Is there ever a case where one would want some of their netflow
duplicated? (only traffic that goes through is duplicated, to/from
the firewall isn't). It just inflates statistics/accounting and
wastes disk space.
Is Claudios idea for 'match in keep state(pflow)' really that
different from my 'pass out keep state(pflow)'?
Feel free to give an example. I'm sure many people would like to see
how you use pf. :)
i'm not going to post my production rulesets. i already said how I'm
doing things, and I am under the impression that was pretty
straightforward.
I didn't ask for your production ruleset - I expect that it is
thousands of lines long. I wouldn't want to bother people with my
entire ruleset either since most of it has nothing to do with this
thread. Instead I posted a simple example of how I'm doing things so
people could see one way of avoiding duplicate flows. Claudios single
line example could work well too.
heck, here's one.
block
pass in on egress to $mynetworks
pass out on vlan proto tcp to port { 80 443 } $ks
making this more fine grained, add fw self protection, spoof
protection, the set skips for loopback, pfsync and the physical if
under the vlans and allowing the INSIDE machines to initiate
connections to the OUTSIDE is left as excercise to the reader.
Thanks for this. I will try it out and see how well it works in my
situation.
Daniel
DNSSEC validating resolver
Has anyone had any luck configuring the bind included with 4.7 (named -v indicates it is 9.4.2-p2) as a DNSSEC validating resolver? Some digging around the web indicates it might be to old to handle this properly. If so is the version included with 4.8 any newer? Thanks, Josh Smith KD8HRX email/jabber:B juice...@gmail.com phone:B 304.237.9369(c)
Re: [OOT] AMD64 4.8 -stable Symux graph spike everytime pf(4) reload
Seems obvious that symux isn't detecting rollover properly for whatever variable you are seeing a graph spike. It should be fairly easy for them to fix if you report it. The fact that it affects 64bit and not 32bit counters is a damn good clue. Graph spike happens every time pf is reload (pfctl -f /etc/pf.conf) in an AMD64 machines, but doesn't happen on i386 4.7-stable. I see there is a difference in symux version ( 2.79 on 4.7 and 2.82 on 4.8). -- Let food be thy medicine and medicine be thy food - Hippocrates
Re: DNSSEC validating resolver
nsd is already part of the tree and unbound will join it at some point to replace bind. they are well documented, fairly easy to use, and unbound is available through ports. use it. Josh Smith [juice...@gmail.com] wrote: Has anyone had any luck configuring the bind included with 4.7 (named -v indicates it is 9.4.2-p2) as a DNSSEC validating resolver? Some digging around the web indicates it might be to old to handle this properly. If so is the version included with 4.8 any newer? Thanks, Josh Smith KD8HRX email/jabber:B juice...@gmail.com phone:B 304.237.9369(c) -- Let food be thy medicine and medicine be thy food - Hippocrates
ESCRITORES EN LA WEB INVITA A PARTICIPAR
TALLER LITERARIO PASISN DE ESCRITORES COORDINA: Viviana Alvarez - Poeta - Te invita a su TALLER LITERARIO ONLINE en sus dos modalidades: Curso anual: -comienza en marzo -duracisn 9 meses -gineros: poesma - prosa - prosa poitica- cuento - cuento corto -microcuento- nocturnos- poesma japonesa. Consta de: -envmo de 1 consigna semanal -correcciones hasta pulir el escrito y llevarlo a la hoja literaria. Curso intensivo: -duracisn 2 meses -gineros: poesma y prosa poitica -consta de: 1 consigna por semana y 1 correccisn Capacitacisn en Para ambas modalidades -desarrollo poitico -sintaxis y estilo -musicalidad del poema -material de trabajo adjunto en cada mail -certificado de participacisn difusisn de los trabajos de los talleristas en: www.poemasenanil.com.ar(Revista Literaria) www.pasiondeescritores.com.ar (Pagina dedicada al Taller) www.radiosentidos.com.ar (Programa Una Noche Inolvidable) Los interesados podran solicitar mayor informacisn y ficha de inscripcisna: pasiondeescritorestallerlitera...@hotmail.com Vacantes Limitadas [demime 1.01d removed an attachment of type image/jpeg which had a name of banner taller literario.jpg]
