Necesario: Actualización de Adquisiciones, Manual y Reglamento 20-21 de Junio 2011

[Lic Maria Martinez]

[IMAGE]

Pms Capacitacisn Efectiva de Mixico presenta:

Actualizacisn Nacional de Adquisiciones, Manual de Aplicacisn y su
Reglamento

20-21 de Junio, Mixico D.F.

Nos acompaqan 2 Expertos en la materia: Mtro. Gerardo Coronado y Mtro.
Alberto Ledesma

Empresa Registrada ante la STPS Reg. COLG640205CP30005

Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico

Solicite Mayores informes responda este correo electrsnico con los
siguientes datos.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
Y en breve le haremos llegar la informacisn completa del evento. 
O bien comunmquense a nuestros telifonos  un ejecutivo con gusto le
atendera
Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas
estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE
ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales
e imagenes son propiedad de sus respectivas corporaciones y se utilizan
con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAADQUISICION

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAADQUISICION
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del
receptor.

Re: Firewall PF with network alias

[Stuart Henderson]

On 2011-05-25, MArtin Grados Marquina themartin...@yahoo.es wrote:
 In the past, i configure a virtual machine with firewall PF in FreeBSD 8.1

Wrong mailing list.
This list is for OpenBSD.

Re: ospfd/ospf6d causing denial of service(?)

[Stuart Henderson]

On 2011-05-24, Chris Wopat m...@falz.net wrote:
 On Tue, May 24, 2011 at 3:11 PM, Claudio Jeker cje...@diehard.n-r-g.com 
 wrote:

 Are you running 4.9 or -current? Up until the code generating the LSA
 update packets (and sending them) did not change between 4.8 and 4.9.
 In -current this code got rewritten to fix a issue. IIRC the problem was
 that an LS Update got so big that it did not fit into a MTU sized packet.
 If my memory serves me right then the result was this kind of packet
 storm.

 You should try and compile a -current ospfd on your 4.9 system. I think it
 should run without any problems.

 I'm running 4.9, not -current. I didn't see anything about people
 having this issue in the mailing lists.

If this is related to sending huge LS updates, I don't think many
people currently running ospfd would hit it (you'd need to be announcing
quite a lot of networks into ospf), so you probably wouldn't have read
about it on the lists.

 I see that there was a patch
 applied only about 15 minutes ago to something else related to ospfd,
 I'm not sure what new issues will occur if I go to -current here since
 this box is in production.

You have a confirmed issue now, so -current isn't likely to make things
worse. (With daemons like this I'm usually happier running -current in
production than older code).

 * Can a reliability fix errata be created for this?

If compiling -current ospfd on your system fixes the problem, it
might be worth picking out the relevant commits and applying them
to -stable but that is more risky than just running -current ospfd.

 * Is the same bug in ospf6d?

It looks like this probably is the case.

spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode only.
It is running according to logs, netstat, ps ax and top. The table spamd 
in pf.conf gets populated by spamd-setup but nothing gets to the spamd.

I am missing something obvious here but I am lost...

Thanks for the help.


Here are my configs:

~ # cat /etc/rc.conf.local

# PF

pf=YES   # Packet filter / NAT

# SPAMD

spamd_flags=-bv  # for normal use: 

spamd_black=YES  # set to YES to run spamd without greylisting


from pf.conf:

 pass in log on $ext300 proto tcp from spamd to any port smtp rdr-to 
127.0.0.1 port spamd


pass in log on $ext300 proto tcp from spamd-black to any port smtp 
rdr-to 127.0.0.1 port spamd


~ # pfctl -t spamd -T show |wc -l
   51302

~ # netstat -anf inet | grep LISTEN
tcp  0  0  127.0.0.1.8026 *.*LISTEN
tcp  0  0  *.8025 *.*LISTEN
tcp  0  0  127.0.0.1.587  *.*LISTEN
tcp  0  0  127.0.0.1.25   *.*LISTEN
tcp  0  0  *.37   *.*LISTEN
tcp  0  0  *.13   *.*LISTEN
tcp  0  0  *.113  *.*LISTEN
tcp  0  0  *.22   *.*LISTEN


~ # tail -f /var/log/spamd
~ # tail -f /var/log/spamd
Apr  2 18:45:59 core spamd[13791]: listening for incoming connections.
Apr  2 18:55:48 core spamd[24760]: listening for incoming connections.
Apr  2 19:45:56 core spamd[6987]: listening for incoming connections.
May 25 11:21:34 core spamd[25947]: listening for incoming connections.

Re: pkg_add and pkg_delete parse error after upgrade to 4.9

[Steve Currie]

Oliver Rompcik oliver at rompcik.de writes:

 
 Hi guys,
 
 i got a problem with pkg_add and pkg_delete after release upgrade from 4.8
 to 4.9. This is the first problem afer a release upgrade since years (the
 machine started with 3.8 in 2005).
 
 pkg_info:
 bash-4.1.7p0GNU Bourne Again Shell
 bzip2-1.0.5 block-sorting file compressor, unencumbered
 curl-7.20.0 get files from FTP, Gopher, HTTP or HTTPS servers
 gettext-0.18.1  GNU gettext
 gnupg-1.4.10p0  GNU privacy guard - a free PGP replacement
 libiconv-1.13p1 character set conversion library
 libidn-1.11 internationalized string handling
 p5-Digest-HMAC-1.02 interface to HMAC Message-Digest Algorithms
 p5-Digest-SHA1-2.12 module to calculate SHA1 digests
 p5-Net-DNS-0.65 module to interface the DNS resolver
 p5-Net-IP-1.25p0perl module for IPv4/IPv6 address parsing
 pcre-8.02p1 perl-compatible regular expression library
 postfix-2.7.1   fast, secure sendmail replacement
 unzip-6.0   extract, list  test files in a ZIP archive
 wget-1.12p0 retrieve files from the web via HTTP, HTTPS and FTP
 
 pkg_add -ui:
 Fatal error: can't parse  object version 5.47 does not match bootstrap
 parameter %_ at /usr/libdata/perl5/i386-openbsd/5.12.2/DynaLoader.pm line
 223, $fh line 6.
 Compilation failed in require at /usr/libdata/perl5/OpenBSD/md5.pm line
 114, $fh line 6.
 BEGIN failed--compilation aborted at /usr/libdata/perl5/OpenBSD/md5.pm
 line 114, $fh line 6.
 Compilation failed in require at
 /usr/libdata/perl5/OpenBSD/PackingElement.pm line 706, $fh line 6, in
 SCALAR(0x85430780),  at /usr/libdata/perl5/OpenBSD/PackingList.pm line
 355, $fh line 6.
 
 Same with pkg_delete.
 
 Help appreciated.
 
 Yours,
 O. Rompcik
 
 

Hi Oliver,

I got the same error after upgrading OpenBSD from 4.8 to 4.9 and I'm a Perl noob
so it seemed daunting. Luckily I figured out that the problem is with the
Digest:SHA 5.47 binaries.

Like I said, I'm a Perl noob so these steps may not be the best or quickest
solution but they worked and they don't seem to be too hackish to me.

I downloaded Digest::SHA 5.47 from CPAN
(http://search.cpan.org/CPAN/authors/id/M/MS/MSHELOR/Digest-SHA-5.47.tar.gz) and
compiled it following its instructions.

  perl Makefile.PL
  make
  make test
  make install

This installs into /usr/libdata/perl5/i386-openbsd/5.12.2/auto/Digest/SHA but
that didn't solve the problem yet because the key was the next step. Since I
don't understand Perl I don't know why this is but it keeps a cache of binaries
in /usr/local so those have to be overwritten with the new ones.

Go to the directory you extracted the Digest::SHA file.

  cd blib/arch/auto/Digest/SHA
  cp * /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/Digest/SHA

That did it for me. Good luck!


Steve Currie

Affordable SMO (Social Media Optimization) Services

[Lavi]

Hello

 

Greetings of the day!!!

 

We are a Noida (India) based and leading web services company well reputable
in the market from the last three years, with main proficiency in SMO
(Social Media Optimization), working as an outsourced vendor for many
reputed SEO agency based in USA, UK, Canada and Australia with a dedicated
team of 70 professionals to serve you.

 

1) We adapt SMO Process/White Hat techniques with Google Guidelines to get
the Search Engine best results  perform the following activities:

 

 

* Social Media Website

* Social Book marking

* Press Releases Creation  Submission

* Directory Submission

* Blog Submission

* Video Optimization

* One Way Link Building

 

 

2) We strictly work on performance basis and can assure you of getting
quality work. Our SMO service will help to increase the popularity of your
website.

 

3)We follow a Agency Client Oriented Approach in our process, effective
online project management tracking tools, timely and smooth communication
etc.

 

We can provide you with the level of service you expect and deserve and that
we can establish a solid relationship with you. We pride ourselves as being
a solution driven firm. We can confidently say that we will make every
effort possible to achieve your timing commitments, budgetary restrictions
and other requirements.

 

Please let us know your SMO requirements so that we can serve you at best.

 

We look forward to hearing from you at your convience.

 

 

Kind Regards,



Lavi Noni

 

 

Online Marketing consultant



 

CONFIDENTIALITY NOTICE: This e-mail transmission and any documents, files,
or previous e-mail messages appended or attached to it, may contain
information that is confidential or legally privileged. If you are not the
intended recipient, or a person responsible for delivering it to the
intended recipient, you are hereby notified that you must not read this
transmission and that any disclosure, copying, printing, distribution, or
use of the information contained or attached to this transmission is
STRICTLY PROHIBITED. If you have received this transmission in error, please
immediately notify the sender by e-mail message, mailto:lavin...@gmail.com
and delete the original transmission, its attachments, and any copies
without reading or saving in any manner.

Re: pkg_add and pkg_delete parse error after upgrade to 4.9

[Tasmanian Devil]

 p5-Digest-SHA1-2.12 module to calculate SHA1 digests

I think that one shouldn't be there anymore since OpenBSD 4.5:
http://openbsd.org/faq/upgrade45.html#Pkgup

Tas.

Re: pkg_add and pkg_delete parse error after upgrade to 4.9

[Tasmanian Devil]

 I think that one shouldn't be there anymore since OpenBSD 4.5:
 http://openbsd.org/faq/upgrade45.html#Pkgup

On the other hand, I might be wrong...  p5-Digest-SHA1, not  p5-Digest-SHA.

Sorry for the noise.

Tas.

Re: pkg_add and pkg_delete parse error after upgrade to 4.9

[Stuart Henderson]

On 2011-05-25, Steve Currie scur...@dccnet.com wrote:
 This installs into /usr/libdata/perl5/i386-openbsd/5.12.2/auto/Digest/SHA but
 that didn't solve the problem yet because the key was the next step. Since I
 don't understand Perl I don't know why this is but it keeps a cache of 
 binaries
 in /usr/local so those have to be overwritten with the new ones.

Perl does not keep a cache of binaries in /usr/local. If you have files
there which aren't registered in packages, most likely you've somehow
installed them from CPAN rather than using OS packaging tools, this
is not recommended.

At this point I'd suggest removing perl-related packages and checking
the contents of /usr/local/libdata/perl5 as there may be other things
that should be removed..

Re: spamd in blacklist mode 4.8 not working?

[Stuart Henderson]

On 2011-05-25, Ivo Chutkin open...@bgone.net wrote:
 Hello Misc,
 Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
 Everything went well except my spamd setup. I run it in blacklist mode only.
 It is running according to logs, netstat, ps ax and top. The table spamd 
 in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
 I am missing something obvious here but I am lost...

in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.

Re: spamd in blacklist mode 4.8 not working?

[Joakim Aronius]

* Ivo Chutkin (open...@bgone.net) wrote:
 from pf.conf:
 
  pass in log on $ext300 proto tcp from spamd to any port smtp
 rdr-to 127.0.0.1 port spamd
 
 pass in log on $ext300 proto tcp from spamd-black to any port smtp
 rdr-to 127.0.0.1 port spamd


Hard to tell as you only show parts of the config. It could be a problem 
related to the changes to pf between 4.6 and 4.7. You should probably take a 
look at the current spamd(8) man page and update your pf rules for spamd 
according to the example. And you need to check the pf logs to see what is 
actually happening.

Regards,
/Joakim

How to check what traffic falls into default queue?

[RLW]

Hello,


I wonder how to check what traffic falls into default queue?


best regards,
RLW

Re: How to check what traffic falls into default queue?

[Insan Praja SW]

Hi,
On Wed, 25 May 2011 18:09:30 +0700, RLW seran...@o2.pl wrote:


Hello,


I wonder how to check what traffic falls into default queue?




I did this by creating an anchor and put all rules with default queue or  
without it (which automagically falls to default queue).



best regards,
RLW



Thanks,

Insan Praja
--
Using Opera's revolutionary email client: http://www.opera.com/mail/

Re: spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

On 25.5.2011 P3. 15:25 Q., Joakim Aronius wrote:

* Ivo Chutkin (open...@bgone.net) wrote:

from pf.conf:

  pass in log on $ext300 proto tcp fromspamd  to any port smtp
rdr-to 127.0.0.1 port spamd

pass in log on $ext300 proto tcp fromspamd-black  to any port smtp
rdr-to 127.0.0.1 port spamd



Hard to tell as you only show parts of the config. It could be a problem 
related to the changes to pf between 4.6 and 4.7. You should probably take a 
look at the current spamd(8) man page and update your pf rules for spamd 
according to the example. And you need to check the pf logs to see what is 
actually happening.

Regards,
/Joakim




Hi Joakim,
You gave me the right hint. I put quick in the rule and it start to 
work. I have to check which rule lat spammers get in.

I did not post my pf.conf because it is very long and a lot altq rules.

Thanks for the help,
Ivo

Re: spamd in blacklist mode 4.8 not working?

[Ivo Chutkin]

On 25.5.2011 P3. 15:32 Q., Stuart Henderson wrote:

On 2011-05-25, Ivo Chutkinopen...@bgone.net  wrote:

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode only.
It is running according to logs, netstat, ps ax and top. The table spamd
in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
I am missing something obvious here but I am lost...


in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.



I did so, but I am not able to reboot it now. It is production system.
When I get it done I will report back for sure.
Thanks,
Ivo

CASA ANNONCES NUMERO 845

[CASA ANNONCES]

[demime 1.01d removed an attachment of type application/octetstream which had a 
name of CASA ANNONCES NUMERO 845.pdf]

[demime 1.01d removed an attachment of type application/octetstream which had a 
name of FORMULAIRE DEMANDE INFORMATIONS CASA ANNONCES.pdf]

Re: spamd in blacklist mode 4.8 not working?

[Boudewijn Dijkstra]

Op Wed, 25 May 2011 15:46:01 +0200 schreef Ivo Chutkin open...@bgone.net:

On 25.5.2011 P3. 15:32 Q%07., Stuart Henderson wrote:

On 2011-05-25, Ivo Chutkinopen...@bgone.net  wrote:

Hello Misc,
Some months ago I upgraded my firewall to 4.8 -stable form 4.5.
Everything went well except my spamd setup. I run it in blacklist mode  
only.
It is running according to logs, netstat, ps ax and top. The table  
spamd

in pf.conf gets populated by spamd-setup but nothing gets to the spamd.
I am missing something obvious here but I am lost...


in /etc/rc look for this line

/usr/libexec/spamd-setup -D

please add -b to it, see if that helps, and report back.



I did so, but I am not able to reboot it now. It is production system.
When I get it done I will report back for sure.


You can run that as root without rebooting.

But, it should also be run periodically from crontab.


--
Gemaakt met Opera's revolutionaire e-mailprogramma:  
http://www.opera.com/mail/

(Remove the obvious prefix to reply.)

Re: Bad frame pointer crash again

[Jeff Ross]

On 05/24/11 01:52, Artur Grabowski wrote:

There is no such thing as a bad frame pointer crash. That's a
diagnostic message from ddb that it can't find anything further up the
stack trace, which is correct, since the function sched_sync is on top
of the stack.

Now, what the kernel tells you is that your kernel didn't panic, so
I'm not entirely sure how you end up in ddb, since there is no panic
or fault in the traceback. What does the traceback on other cpus show?
machine ddbcpu 0 will switch to cpu0, make a trace on each of them.

//art


Thanks, Art.

I was advised to try a current snapshot so if the server crashes again 
with the same problem I will be sure to get the traceback from the rest 
of the cpus.


Jeff


On Mon, May 23, 2011 at 5:42 PM, Jeff Rossjr...@openvistas.net  wrote:

Hi all,

I have a server that I'm trying to get on-line that continues to drop into
ddb with a bad frame pointer crash.  Right now it is only running an hourly
rsync from the server it is to replace on an hourly basis. The server will
run for no more than a week without this happening but sometimes it will
crash after only a day.

I filed a PR 6593 on Apr 26 on this.  Right now it is running i386 -current
from Apr 27, upgraded after I filed the PR.

The message I get at the ddb prompt is virtually identical to the one below.

If anyone has any ideas on how I can further debug this, I'd like to know..
  I was hoping to use the upcoming 3 day weekend to make the final switch to
this new server but I can't see how that will happen if I can't keep it
running.

Trace, ps and dmesg below.

Thanks,

Jeff Ross

jross@mail:/home/jross $ sudo cu -l /dev/cua00
Password:
Connected

ddb{2}  show panic
the kernel did not panic
ddb{2}  trace
handle_workitem_freeblocks(d9d2ee78,e2ac1860,e0352f2c,d03e1c95) at
handle_worki
tem_freeblocks+0x2b
process_worklist_item(0,0,e0352f5c,d03e1eff,e0352f44) at
process_worklist_item+
0x171
softdep_process_worklist(0,28,d08c4bbb,0,d03d2ec3) at
softdep_process_worklist+
0x13f
sched_sync(daea43b8) at sched_sync+0xe5
Bad frame pointer: 0xd0ba9e88




!DSPAM:4ddb640413991811913398!

[cwm] cwm misinterprets resize hints larger than screen

[Christian Neukirchen]

Hi,

I discovered the following oddity in cwm HEAD:

% xterm -g 80x160  # assuming 160 lines is more than your screen height
(or use urxvt, or xeyes)

Now enter, e.g. find / in the terminal, and you will see the text only
goes to the bottom of the screen, not the bottom of the terminal window.
Likewise, xeyes will only be sized to the visible potion of the window.
(Reproduced with cwm HEAD on Linux/Xorg, in fvwm everything works.)

Is this intentional or a bug?
-- 
Christian Neukirchen  chneukirc...@gmail.com  http://chneukirchen.org

Re: dmesg for notebooks useful?

[Paul Irofti]

On Wed, May 25, 2011 at 10:51:14AM +1200, Paul M wrote:
[--snip--]
 I have supplied d...@do-that.com with the dump for the K52F. I would

Thanks for feeding the spambots!

Re: Bad frame pointer crash again

[Amit Kulkarni]

  There is no such thing as a bad frame pointer crash. That's a
  diagnostic message from ddb that it can't find anything further up the
  stack trace, which is correct, since the function sched_sync is on top
  of the stack.
  
  Now, what the kernel tells you is that your kernel didn't panic, so
  I'm not entirely sure how you end up in ddb, since there is no panic
  or fault in the traceback. What does the traceback on other cpus show?
  machine ddbcpu 0 will switch to cpu0, make a trace on each of them.
  
  //art
 
 Thanks, Art.
 
 I was advised to try a current snapshot so if the server crashes again with
 the same problem I will be sure to get the traceback from the rest of the
 cpus.
 

   I filed a PR 6593 on Apr 26 on this.  Right now it is running i386
   -current
   from Apr 27, upgraded after I filed the PR.
   

ariane@ has integrated new vmmap into current, the devs might know if old 
version of it was in snapshots. So to remove ambiguity, you have to 
upgrade to current.

The vmmap version in current is much stable than what it was 
a few weeks ago, having shaken out the crashing bugs. I don't have crashes 
in Firefox4. Just a FYI to those lurkers reluctant to upgrade. I did have 
a hang which I reported to him, it was a one-off.So many people reported 
the crashing problems in browsers. If more poeple upgrade their snapshots 
the devs might have better idea where any remaining showstopper bugs are.

thanks

Tecnicas Especializadas en los Procesos de Credito y Cobranza en MONTERREY - 28 de Mayo

[Recuperacion de la Cartera]

CURSO TALLER

Tecnicas Especializadas en los Procesos de Credito y Cobranza

Duracion: (1 dma) 8 hrs.

 Inversion: $4,150 pesos mas IVA

BENEFICIOS:
Reconozca y cimente los principios y metodos que puede aplicar en el
otorgamiento de CREDITO, LA PREVENCION y RECUPERACION de la CARTERA por
CREDITOS MAL OTORGADOS, asi como las bases necesarias para reconocer el
tipo de DEUDOR y tratamiento del mismo. Tambien aprendera las bases para
tener una negociacion EXITOSA con los YA DEUDORES MOROSOS.

MONTERREY

Sede: Hotel Sheraton Ambassador / Ave. Hidalgo 310 Oriente, Centro.
Monterrey.

28 de Mayo
Solicite Temario de Click Aqui

 Credito y Cobranza

[IMAGE]

Curso Taller
Desarrollo de Proyectos mediante el ABC del Credito y la Cobranza
Mexico / Guadalajara / Monterrey / Cancun

[IMAGE]

Curso Taller
Negociacion en la Cobranza para una Efectiva Recuperacion de la Cartera
Mexico / Guadalajara / Monterrey / Merida / Villahermosa

[IMAGE]

Curso Taller
Aprenda a otorgar creditos sanos, prevenga y recupere su cartera vencida
Mexico / Guadalajara / Monterrey / Merida

[IMAGE]

Curso Taller
Administracion del Riesgo en el Credito y sus Implicaciones en la
Cobranza
Mexico / Guadalajara / Monterrey / Merida

[IMAGE]

Curso Taller
Tecnicas especializadas en los procesos de credito y cobranza
Mexico / Guadalajara / Monterrey

[IMAGE]

Curso Taller
Herramientas Especializadas para el Control y Recuperacion de la Cartera
Vencida
Mexico / Guadalajara / Monterrey / Villahermosa / Merida

Testimoniales de Participantes

  Participante: Martha Cecilia Garcia Barbarin
Empresa: C.P. Agustin de Iturbide S.C. de A.P. de R.L. de C.V.

Antes del Curso: Conocimiento minimo en tecnicas de Cobranza.
Despues del Curso: Incremento en uso de herramientas para analizar mejor
un credito y tecnicas para recuperar creditos en problemas y/o
  vencidos.

  Participante: Esaz Arizmendi Molina
Empresa: Intermec Tecnologies de Mexico, S.A. de C.V.

Antes del Curso: Desconocia como poder manejar a los clientes.
Despues del Curso: Tengo mas nocion de cuando y como hacer la cobranza.
Ademas de saber tratar al cliente.

Consulte la Programacion por Area:
Manufactura y Produccion | Credito y Cobranza | Recursos Humanos |
Adquisiciones y Obras Publicas | Entrenamiento Ejecutivo |
Seguridad e Higiene | Negociacion y Compras | Alimentos y Bebidas |
Economia y Finanzas | Asistentes Ejecutivas | Marketing y Ventas |

Si necesita mayor informacion,comuniquese un Asesor lo atendera de
inmediato.

SIMCA CAPACITACION
Entrenamiento Especializado
E-MAIL: simca_capacitac...@hotmail.com
Messenger: simca_capacitac...@hotmail.com
Lada sin costo: 01 800 543 32 30

 Servicios de Informacion Mexicana Capacitando America

Diseqamos el curso a la medida de sus necesidades..!Impartimos CURSOS de
forma PRIVADA en su empresa, envienos un correo especificando el numero
de participantes, el lugar donde se impartira, su nombre, cargo, empresa
y telefono.SOLICITE COTIZACION de Click Aqui

 Comentanos ?Que curso necesitas?

Envianos un correo

Da Click Aqui

Solicitala a tu Asesor.

Si usted no desea que le enviemos mas invitaciones, de Click Aqui,
gracias.

sdtemp/spdmem question

[Joe Gidi]

It looks like Brynet's patch to support SB800+ SMbus in piixpm is in
snapshots now, which is cool, because I'm now seeing sdtemp and spdmem in
my dmesg:

sdtemp0 at iic0 addr 0x18: mcp98242
sdtemp1 at iic0 addr 0x19: mcp98242
iic0: addr 0x1a 00=00 01=00 02=00 03=00 04=00 05=c2 06=00 07=21 08=01
09=60 0a=a5 0b=2b 0c=00 0d=00 words 00=00ef 01= 02= 03=
04= 05=c29c 06=0054 07=2101
iic0: addr 0x1b 00=00 01=00 02=00 03=00 04=00 05=c2 06=00 07=21 08=01
09=60 0a=a4 0b=2b 0c=00 0d=00 words 00=00ef 01= 02= 03=
04= 05=c2ac 06=0054 07=2101
spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM ECC PC3-10600 with thermal sensor
spdmem1 at iic0 addr 0x51: 2GB DDR3 SDRAM ECC PC3-10600 with thermal sensor
spdmem2 at iic0 addr 0x52: 2GB DDR3 SDRAM ECC PC3-10600 with thermal sensor
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM ECC PC3-10600 with thermal sensor

My question is, since I have 4 DIMMs with thermal sensors, should I be
seeing sdtemp2 and sdtemp3 as well? Or is it one sdtemp per memory
channel?

Possible complication: The DIMMs were ordered in two batches, a few months
apart. They're the same vendor part number, but it's possible the hardware
(and the thermal sensor?) are not identical... vendors like to ship
different hardware revisions without updating part numbers. Maybe one set
of DIMMs has a different, unsupported thermal sensor chip?

Full dmesg:

OpenBSD 4.9-current (GENERIC.MP) #7: Mon May 23 21:24:59 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8588427264 (8190MB)
avail mem = 8337600512 (7951MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (66 entries)
bios0: vendor American Megatrends Inc. version 1601 date 09/08/2010
bios0: ASUSTeK Computer INC. M4A88TD-V EVO/USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4)
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) P0PC(S4) GEC_(S4)
UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PE20(S4)
PE21(S4) RLAN(S4) PE22(S4) PE23(S4) PS2M(S4) PS2K(S4) UAR1(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) II X4 640 Processor, 3013.69 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DN
OW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) II X4 640 Processor, 3013.37 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DN
OW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Athlon(tm) II X4 640 Processor, 3013.37 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DN
OW
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Athlon(tm) II X4 640 Processor, 3013.37 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DN
OW
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus -1 (PCE4)
acpiprt5 at acpi0: bus -1 (PCE9)
acpiprt6 at acpi0: bus -1 (PCEA)
acpiprt7 at acpi0: bus 2 (P0PC)
acpiprt8 at acpi0: bus 4 (PE21)
acpiec0 at acpi0
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
aibs0 at acpi0: RTMP RVLT RFAN GGRP GITM SITM
acpibtn0 at acpi0: PWRB
cpu0: 3013 MHz: speeds: 3000 

Re: ospfd/ospf6d causing denial of service(?)

[Chris Wopat]

Stuart Henderson wrote:
 If this is related to sending huge LS updates, I don't think many
 people currently running ospfd would hit it (you'd need to be announcing
 quite a lot of networks into ospf), so you probably wouldn't have read
 about it on the lists.

I was able to do some sniffing and can confirm that other routers in
this same area do generate full MTU sized LS update packets. Based on
this information I suspect that the bug that Claudio mentioned is what
I've run in to.


 You have a confirmed issue now, so -current isn't likely to make things
 worse. (With daemons like this I'm usually happier running -current in
 production than older code).

This seems to imply that -current typically consists of bugfixes vs
new features/enhancements?


 * Is the same bug in ospf6d?

 It looks like this probably is the case.

Requesting a similar patch makes it into ospf6d if this is true.

I'll be doing some OSPF cleanup as well as lab testing with the -current ospfd.

Thanks,
Chris

Re: ospfd/ospf6d causing denial of service(?)

[Amit Kulkarni]

 You have a confirmed issue now, so -current isn't likely to make things
 worse. (With daemons like this I'm usually happier running -current in
 production than older code).

 This seems to imply that -current typically consists of bugfixes vs
 new features/enhancements?

all bugfixes go in current and only serious bugfixes or outright
security breaches are backported to the current release and current
release-1 branches, this is in the FAQ

http://www.openbsd.org/faq/faq5.html#Flavors

all new features and enhancements ONLY go in current.

The Nick Holland express will be here shortly to correct your perception.
:-)

Re: ospfd/ospf6d causing denial of service(?)

[Mark Felder]

On Wed, 25 May 2011 14:26:08 -0500, Amit Kulkarni amitk...@gmail.com  
wrote:



all bugfixes go in current and only serious bugfixes or outright
security breaches are backported to the current release and current
release-1 branches, this is in the FAQ



Is there a reason why an OSPF update larger than 1500 bytes which creates  
a DoS attack and takes down an entire network with ridiculous amounts of  
pps is not considered serious? I don't think I understand the logic  
here. All users of 4.9 (possibly even 4.8) deserve to have this fixed so  
they don't suffer the same fate.



Regards,


Mark

Re: em(4) is just 10baseT

[Jochen Fabricius]

Hi, 
 
  The following diff was just committed to -current which should fix
  this.
 
 thanks. I will test it in a few days and report. 
 

finally I got some time to test it. It works. Below is the full dmesg
and the ifconfig output. 

Thanks!

Jochen Fabricius jfabric...@web.de

dmesg: 
OpenBSD 4.9-current (GENERIC.MP) #7: Mon May 23 21:24:59 MDT 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4150788096 (3958MB)
avail mem = 4018089984 (3831MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9b000 (50 entries)
bios0: vendor American Megatrends Inc. version P01-A3 date 12/16/2009
bios0: Acer Aspire X3900
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI AWMI SSDT
acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E
(S4) PS2K(S4) PS2M(S4) GBE_(S4) BR20(S4) BR21(S4) BR22(S4) BR23(S4) BR24
(S4) BR25(S4) BR26(S4) BR27(S4) EUSB(S3) USB0(S3) USB1(S3) USB2(S3) USB3
(S3) USBE(S3) USB4(S3) USB5(S3) USB6(S3) SLPB(S4) acpitimer0 at acpi0:
3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5
CPU 650 @ 3.20GHz, 3192.39 MHz cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Core
(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 1
(application processor) cpu2: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz,
3192.00 MHz cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 5
(application processor) cpu3: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz,
3192.00 MHz cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 6 pa
0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1,
remapped to apid 6 acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 9 (BR1E)
acpiprt2 at acpi0: bus 2 (BR20)
acpiprt3 at acpi0: bus 3 (BR21)
acpiprt4 at acpi0: bus 4 (BR22)
acpiprt5 at acpi0: bus 5 (BR23)
acpiprt6 at acpi0: bus 6 (BR24)
acpiprt7 at acpi0: bus -1 (BR25)
acpiprt8 at acpi0: bus 7 (BR26)
acpiprt9 at acpi0: bus 8 (BR27)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
cpu0: Enhanced SpeedStep 3192 MHz: speeds: 3201, 3200, 3067, 2933,
2800, 2667, 2533, 2400, 2267, 2133, 2000, 1867, 1733, 1600, 1467, 1333,
1200 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel
Core Host rev 0x12 ppb0 at pci0 dev 1 function 0 Intel Core PCIE rev
0x12: apic 6 int 16 pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x0ca2
rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci1 dev 0 function 1 vendor NVIDIA, unknown product
0x0be4 rev 0xa1: apic 6 int 17 azalia0: no supported codecs
Intel 3400 MEI rev 0x06 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 Intel 82578DC rev 0x06: apic 6 int 20,
address 90:fb:a6:46:db:e1 ehci0 at pci0 dev 26 function 0 Intel 3400
USB rev 0x06: apic 6 int 16 usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia1 at pci0 dev 27 function 0 Intel 3400 HD Audio rev 0x06: apic
6 int 22 azalia1: codecs: Realtek ALC888
audio0 at azalia1
ppb1 at pci0 dev 28 function 0 Intel 3400 PCIE rev 0x06: apic 6 int 17
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 3400 PCIE rev 0x06: apic 6 int 16
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 2 Intel 3400 PCIE rev 0x06: apic 6 int 18
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 3400 PCIE rev 0x06: apic 6 int 19
pci5 at ppb4 bus 5
ppb5 at pci0 dev 28 function 4 Intel 3400 PCIE rev 0x06: apic 6 int 17
pci6 at ppb5 bus 6
vendor VIA, unknown product 0x3403 (class serial bus subclass
Firewire, rev 0x00) at pci6 dev 0 function 0 not configured ppb6 at
pci0 dev 28 function 6 Intel 3400 PCIE rev 0x06: apic 6 int 18 pci7
at ppb6 bus 7 ppb7 at pci0 dev 28 

Re: ospfd/ospf6d causing denial of service(?)

[Theo de Raadt]

On Wed, 25 May 2011 14:26:08 -0500, Amit Kulkarni amitk...@gmail.com  
wrote:

 all bugfixes go in current and only serious bugfixes or outright
 security breaches are backported to the current release and current
 release-1 branches, this is in the FAQ


Is there a reason why an OSPF update larger than 1500 bytes which creates  
a DoS attack

There was a bug.

It was in software you got for free.  It is hopefully fixed, before
the next bug is found and fixed.  In the meantime, further
advancements will improve that software so that it continues to do
neat innovative things.

and takes down an entire network with ridiculous amounts of  
pps is not considered serious?

OK, let me call it serious, just for a minute.  Do you feel better?
Hey, does everyone else feel better?  Hell, does anyone feel better?

I doubt it.

I don't think I understand the logic here.

What does logic have to do with calling something serious or not
calling it serious?  Am I calling it serious in the right places?
Do I need to put it on a web page, or a wiki, or is my logic faulty
for not broadcasting it enough?  Should claudio write it on his chest
in permanent marker for you to be satisfied?

Because clearly you are only mouthing off because you want to be
satisfied.

All users of 4.9 (possibly even 4.8) deserve to have this fixed so  
they don't suffer the same fate.

Oh... all users.

How about me, on my little laptop having a glass of wine with friends.
Do I deserve a fix right now, before I suffer the fate of the ospfd
bug?  I doubt it.

And deserve?

Noone deserves anything from us.  People get good things, and they are
happy.  The developers in this project do the best they can writing
innovative software, and will not accept preaching from pompous
self-entitled American pricks like you.

And if there is anyting All users deserve, it is for people like
you to start the apologies.

I believe you deserve to stop running the software.  Right now, ok?

Re: Firewall PF with network alias

[Alexander Hall]

On 05/25/11 05:12, MArtin Grados Marquina wrote:
 In the past, i configure a virtual machine with firewall PF in FreeBSD 8.1
 with three network interface (in pf.conf)

1. As sthen@ pointed out, try a FreeBSD list for questions regarding
FreeBSD's PF.

2. You posted my private reply to a mailing list. I do not care much for
this particular mail, but just don't do that.

 --- El lun, 23/5/11, Alexander Hall ha...@openbsd.org escribis:

3. Also (please read this again as THIS ANNOYS ME THE MOST):

 2. Don't cross-post.

Cheers,
Alexander

Re: ospfd/ospf6d causing denial of service(?)

[Mark Felder]

Theo, come on man... I really don't understand the hostility here. My goal  
here is not to get people worked up. I understand you get harassed a lot  
and people constantly beg for this and that, but I just wanted  
clarification as I have seen no strict guidelines on what actually becomes  
Errata. The description in the FAQ is rather vague and that is what  
prompted me to ask.


I apologize if I came off rude, but that was not the intent.

Honestly, the thought that this can easily affect other people with lots  
of network statements in OSPF is pretty scary, and the thought of running  
-current is equally scary. Most admins prefer not to live out on the edge  
and I understand the project's strict guidelines should ensure safe and  
reliable code commits, but nobody is perfect and this is one of those  
situations where I would like to be as safe as possible. Deciding to run  
non -release software with what would be described in most projects as  
being unofficial fixes is a giant leap of faith for most people. What  
can I say -- old habits die hard.


On the other hand, I had this discussion with co-workers today: What makes  
you trust hotfixes from vendors any more than code from members of the  
example: OpenBSD project? It doesn't make sense; you don't get responses  
from their developers directly most of the time, you have no idea what  
their skills are, and you certainly don't get to see the code! Suddenly  
you trust a vendor with your life because you were forced to drop a hefty  
bag of money in front of them? It seems very backwards, and I'd like to  
get that perception changed: quality open source software is available and  
it is a wise financial investment.


I have great respect for you, Theo, the OpenBSD project, and all of the  
contributers. The responses to this situation from Claude have instilled  
great confidence in the use of this software. I just want to point out  
that the FAQ does indeed say that Most users should be running either  
-stable or -release, and if there is absolutely no way that the OpenOSPFD  
fixes can make it into an official errata (even with a paid bounty?) I'll  
just have to grit my teeth, build some -current boxes, test the living  
hell out of them, and hope for the best. :-)



Cheers,


Mark

Re: ospfd/ospf6d causing denial of service(?)

[Theo de Raadt]

Theo, come on man... I really don't understand the hostility here. My goal  
here is not to get people worked up. I understand you get harassed a lot  
and people constantly beg for this and that, but I just wanted  
clarification as I have seen no strict guidelines on what actually becomes  
Errata.

There are no guidelines, and noone knows if Claudio's commit from
yesterday is the final part of the story on this bug.

The description in the FAQ is rather vague and that is what  
prompted me to ask.

Bullshit.  You did not ask.  You yelled at us.  The rest of your
new email is bullshit, too.

Lunatics deal in certificates not reality whilst burning wheel barrows of money.

[Kevin Chadwick]

A while back someone mentioned they needed certificates like Cisco etc.
had to get OpenBSD used by their organisation. Well they're certainly
certified now, lunatics that is.

I didn't have a great opinion of Cisco but this went from funny to more
than a joke.

A big thankyou to OpenBSDs no shit attitude and for making the world a
better place on so many levels.


Begin forwarded message:

Date: Wed, 25 May 2011 10:26:13 -0500
Subject: [osvdb] Cisco Security Advisory: Cisco RVS4000 and WRVS4400N
Web Management Interface Vulnerabilities


Details
===

The Cisco RVS4000 and WRVS4400N Gigabit Security Routers deliver
high-speed network access and IPsec VPN capabilities for small
businesses. They also provides firewall and intrusion prevention
capabilities.

The Cisco RVS4000 and WRVS4400N Gigabit Security Routers contain
three web management interface vulnerabilities:

  * Retrieval of the configuration file
If an administrator of the device has previously created a backup
of the configuration, using Administration -- Backup  Restore
-- Backup, it is possible for a remote unauthenticated user to  
access the backup configuration file. This file contains all
configuration parameters of the device, including the HTTP
authentication password and VPN pre-shared-keys (PSKs).

  * Root operating system arbitrary command injection by an
authenticated attacker
A user who is authenticated to the device can inject arbitrary
commands into the underlying operating system with root
privileges, via the ping test and traceroute test parameters.

  * Retrieval of admin SSL certificate private key
The admin SSL certificate private and public keys can be
retrieved (used for Quick VPN) by a remote unauthenticated user.


++
|Affected|Availability of First Fixed Release|
|Product |   |
|| 2011. |
|| 2011. |
|| 2011. |
++

Re: ospfd/ospf6d causing denial of service(?)

[Amit Kulkarni]

 Honestly, the thought that this can easily affect other people with lots of
 network statements in OSPF is pretty scary, and the thought of running
 -current is equally scary. Most admins prefer not to live out on the edge
 and I understand the project's strict guidelines should ensure safe and
 reliable code commits, but nobody is perfect and this is one of those
 situations where I would like to be as safe as possible. Deciding to run non
 -release software with what would be described in most projects as being
 unofficial fixes is a giant leap of faith for most people. What can I say
 -- old habits die hard.

If you run OpenBSD in production, you should subscribe and follow
misc@, tech@ and occasionally source-changes@.

I am newbie since August'10, and I can now understand somewhat when it
is safer to jump to -current and when its safer to hold off from
either compiling/installing from snaps. Though, I always run -current
as a desktop.

 On the other hand, I had this discussion with co-workers today: What makes
 you trust hotfixes from vendors any more than code from members of the
 example: OpenBSD project? It doesn't make sense; you don't get responses
 from their developers directly most of the time, you have no idea what their
 skills are, and you certainly don't get to see the code! Suddenly you trust
 a vendor with your life because you were forced to drop a hefty bag of money
 in front of them? It seems very backwards, and I'd like to get that
 perception changed: quality open source software is available and it is a
 wise financial investment.

Companies can also sit on your RFE or bug because not many people
complained and its not prioritized. So there goes your money and your
time bugging (or is it begging?) them. I can't blame the companies if
its low priority and you shouldn't either. Same with open source.

And here's some food for thought, if you were running a commercial
ospfd, then you wouldn't even know it was a problem. Ignorance is
bliss, huh? You might have gotten a fix in the monthly or quarterly or
6 monthly update. Or just maybe maybe never.

Re: ospfd/ospf6d causing denial of service(?)

[Christiano F. Haesbaert]

On Mon, May 23, 2011 at 09:59:53AM -0500, Chris Wopat wrote:
 Had a strange issue overnight. In short I had two OpenBSD boxes acting
 as routers denial of service my network with OSPFv3 multicast packets.
 
 The setup is as follows:
 
 Two OpenBSD 4.9 amd64 boxes running ospfd and ospf6d. Each box has two
 NICs, each of which is on a separate subnet. Both of these subnets are
 used for redundant connections for routers through separate switches
 (C 6500). There's about 10 OSPF neighbors on both subnets, each of
 those are generally Cisco devices that are dual homed the same way.
 
 The issue was discovered with tcpdump on a 3rd OpenBSD box that's
 setup with the same config as above. It showed multicast OSPFv3
 packets with the above two routers source IP with their router ID's.
 The rate was extremely high, something like 500k such packets in 10
 seconds. Unplugging these two boxes immediately restored connectivity.
 
 I'm not understanding why an OSPFv3 packet would have IPv4 source /
 destination addresses but myself and three others concur that that was
 what was going on OR something about ipv6 was mentioned in the dump
 but with v4 addresses.
 
 Unfortunately I didn't have the foresight to do a binary tcpdump. The
 tcpdump data that was on the local console also scrolled back too far
 for us to get back to to with scroll lock/page up.
 
 We're also exploring the possibility of these multicast packets
 somehow being forwarded or looped through and causing a denial of
 service. These OpenBSD boxes do have `net.inet.ip.mforwarding=1` but
 I'm leaning more towards some ospf6d/ospfd bug or issue since OSPF's
 TTL is 1.
 
 

Just one note here, OSPF group is not routable (224.0.0.0/24), this is a link 
local
multicast address, so no, it's not being forwarded. And the
net.inet.ip.mforwarding=1 makes no sense I suppose.

-- 
Christiano Farina HAESBAERT
Do NOT send me html mail.

[Zetta] Z11 mini monitoring camcorder

[darwinso]

Dear misc,

 This is Darwin So from Zetta Systems Limited.
 We are a manufacturer specializing in mini monitoring camcorder:
 www.zetta.com.hk

 Our best sellers currently are:
 Z11 - 8-hour battery recording, 96-hour circular recording mini DVR
 Z11EX - 24-hour battery recording, 96-hour circular recording mini DVR
 for home / shop / car security, car driving recording, meeting minutes and 
spy use.

 Attached please find our presentation.
 Please feel free to let us know if you have any comments.

 Thank you very much!

Regards,
Darwin So
Zetta Systems Limited
Email: darwi...@zetta.com.hk
Mobile: (852) 9773 3529
Tel: (852) 3188 4492
Fax: (852) 3755 4181
Address: Unit 513, Lakeside 1, No. 8 Science Park West Avenue, HKSTP, Shatin, 
N.T., HK
Website: www.zetta.com.hk

[demime 1.01d removed an attachment of type application/pdf]

Re: ospfd/ospf6d causing denial of service(?)

[Matt S]

I have to agree with Theo and I was honestly shocked at your initial email.
 You don't bite the hand that is trying to help nor do you bite the hand that
is giving you something for free. 


Sent: Wednesday, May 25, 2011 3:22 PM
Subject: Re: ospfd/ospf6d causing denial of service(?)

Theo, come on man... I
really don't understand the hostility here. My goal here is not to get people
worked up. I understand you get harassed a lot and people constantly beg for
this and that, but I just wanted clarification as I have seen no strict
guidelines on what actually becomes Errata. The description in the FAQ is
rather vague and that is what prompted me to ask.

I apologize if I came off
rude, but that was not the intent.

Honestly, the thought that this can easily
affect other people with lots of network statements in OSPF is pretty scary,
and the thought of running -current is equally scary. Most admins prefer not
to live out on the edge and I understand the project's strict guidelines
should ensure safe and reliable code commits, but nobody is perfect and this
is one of those situations where I would like to be as safe as possible.
Deciding to run non -release software with what would be described in most
projects as being unofficial fixes is a giant leap of faith for most people.
What can I say -- old habits die hard.

On the other hand, I had this
discussion with co-workers today: What makes you trust hotfixes from vendors
any more than code from members of the example: OpenBSD project? It doesn't
make sense; you don't get responses from their developers directly most of the
time, you have no idea what their skills are, and you certainly don't get to
see the code! Suddenly you trust a vendor with your life because you were
forced to drop a hefty bag of money in front of them? It seems very backwards,
and I'd like to get that perception changed: quality open source software is
available and it is a wise financial investment.

I have great respect for
you, Theo, the OpenBSD project, and all of the contributers. The responses to
this situation from Claude have instilled great confidence in the use of this
software. I just want to point out that the FAQ does indeed say that Most
users should be running either -stable or -release, and if there is
absolutely no way that the OpenOSPFD fixes can make it into an official errata
(even with a paid bounty?) I'll just have to grit my teeth, build some
-current boxes, test the living hell out of them, and hope for the best. :-)
Cheers,


Mark

Re: ospfd/ospf6d causing denial of service(?)

[Theo de Raadt]

  You have a confirmed issue now, so -current isn't likely to make things
  worse. (With daemons like this I'm usually happier running -current in
  production than older code).
 
 This seems to imply that -current typically consists of bugfixes vs
 new features/enhancements?

-current is what the developers run.

If -current has a bug, our eye is on it.

Some users might hate it when an official past release has a bug,
but their perspective is small and narrow compared to ours.

If -current has a bug, that bug will mean the next release will have
that bug.

Therefore, we focus on -current.

The result is that the next release probably has less bugs.

It is the best we can do.

de Master Seguridad Y Tecnicos Pc Para misc

[Pack Master Seguridad Y Tecnicos en Pc]

Hola misc, si no podes visualizar este correo, podes hacerlo clickeando
en este enlace.

MASTER SECURITY Y TECNICOS EN PC 2011

Un Pack en DVDs con las ultimas novedades en programas para
Hacking Seguridad de Sistemas y Tecnicos en PC. Envio SIN CARGO a todo el
Pais !!!
Los mismos no tienen limitacion restriccion alguna, son 100% funcionales
!!

Para visitar la web haga clic aqui
((( Click Aca Arriba Si NO puedes Entrar)))

El enlace no funciona?
  nbs p;  Enlace alternativo clic aqui Suprimir su correo
del boletin clic aqui

((( Haga Click Aca Para Ver Detalle Completo Y Comprar )))

Este e-mail tiene como unico destinatario: misc

Para ser eliminado de nuestras listas envienos un email y en asunto
aclarar REMOVER

control de envio: dmjojpiqpyxgaguxdkzkvzu