Taller de Licitaciones Públicas para la Ley de Adquisiciones, Arrendamientos y Servicios749859
749859 [IMAGE] Taller de Licitaciones Públicas para la Ley de Adquisiciones, Arrendamientos y Servicios 28 de Junio, Cd. de México. Un taller totalmente práctico guiado por un experto. Optimice sus procesos y ahorre dinero con esta práctica herramienta! ¡Reciba la información completa, Inscríbase y Capacítese! Por favor responda este e-mail con los datos siguientes. Empresa, Nombre, Teléfono, Email, Número de Interesados En breve recibirá temario, reseña de expositor y tarifas. Si lo prefiere comuníquese a los teléfonos donde con gusto uno de nuestros ejecutivos le atenderá. Teléfonos: (0133) 8851-2365, (0133) 8851-2741 con más de 10 líneas. Pms Capacitación Efectiva de México es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tácticas, vanguardistas y de fácil aplicación. Síguenos en Twitter@pmscapacitacion o bien en Facebook PMS de México Tip del día! Planea: Evita los problemas de vivir al momento y crear estrategias de último momento. Planea tus objetivos, elige un rumbo y mantente. Anticipa posibles causales de emergencia y diseña planes de contingencia previos que permitan conocer rutas a seguir. Esto ayudará a crear metas en su compañía, compartirlas con su equipo y anticipar obstáculos. Copyright (C) 2011, PMS Capacitación Efectiva de México S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de México o bien un usuario le refirió para recibir este boletín. Como usuario de Pms de México, en este acto autoriza de manera expresa que Pms de México le puede contactar vía correo electrónico u otros medios. ALTO, si en esta ocasión la información recibida no fue de su interés pero desea recibir información personalizada en relación a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJALICITA Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJALICITA Tenga en cuenta que la gestión de nuestras bases de datos es de suma importancia para nosotros y no es intención de la empresa la inconformidad del receptor, nuestra intención es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of imagelicitaciones001.jpg]
after upgrade to current(25-06-2012), can not login ssh
I attached the server side error message (photo) please help, thank you. ssh - 192.168.168.1 OpenSSH_6.0p1 Debian-2, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/john/.ssh/config debug1: /home/john/.ssh/config line 1: Applying options for 192.168.168.1 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.168.1 [192.168.168.1] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load /home/john/.ssh/kdc.id_rsa as a RSA1 public key debug1: identity file /home/john/.ssh/kdc.id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/john/.ssh/kdc.id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 debug1: match: OpenSSH_6.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-2 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host 192.168.168.1 from file /home/john/.ssh/known_hosts debug3: load_hostkeys: found key type ECDSA in file /home/john/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server-client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client-server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA ee:e2:6a:0d:b9:a0:31:15:14:35:17:7b:b2:c6:f8:ba debug3: load_hostkeys: loading entries for host 192.168.168.1 from file /home/john/.ssh/known_hosts debug3: load_hostkeys: found key type ECDSA in file
Re: after upgrade to current(25-06-2012), can not login ssh
I upload the photo to here http://www1.picturepush.com/photo/a/8571544/640/8571544.jpg 2012/6/25 johnw johnw.m...@gmail.com I attached the server side error message (photo) please help, thank you. ssh - 192.168.168.1 OpenSSH_6.0p1 Debian-2, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/john/.ssh/config debug1: /home/john/.ssh/config line 1: Applying options for 192.168.168.1 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.168.1 [192.168.168.1] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load /home/john/.ssh/kdc.id_rsa as a RSA1 public key debug1: identity file /home/john/.ssh/kdc.id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/john/.ssh/kdc.id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 debug1: match: OpenSSH_6.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-2 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host 192.168.168.1 from file /home/john/.ssh/known_hosts debug3: load_hostkeys: found key type ECDSA in file /home/john/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server-client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client-server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA
question_about_OpenBSD_on_ADSL_modems/routers
Hallo list, I ask for information about ADSL modems/routers (preferably low-cost) on which OpenBSD can run. I know there was a possibility to get Traverse Technologies Viking PCI ADSL card on any box, but I have learned recently it is out of production. Thanking you in advance.
Recording from azalia does not work
Hi people, I'm trying to get recording from the mic input of my laptop working, but have not have success so far. I'm using a thinkpad laptop with an azalia device and a pretty run of the mill headset, attached to headphone out and microphone in. The headset itself works fine on other machines and the microphone input and headphone output of the laptop work fine hardware-wise (i.e. tested with another operating system). On OpenBSD however, the mic input remains silent. Files recorded with aucat -o foo.wav remain silent for the entire recording duration, as if the mic was somehow muted. Below is the output of mixerctl: outputs.spkr_source=dac-0:1 outputs.spkr_mute=on outputs.spkr=125,125 outputs.spkr_eapd=on outputs.hp_source=dac-0:1 outputs.hp_mute=off outputs.hp=155,155 outputs.hp_dir=output outputs.hp_boost=off outputs.mic_dir=input-vr80 inputs.beep_mute=off inputs.beep=108 inputs.mix_source=dac-0:1,mic,hp inputs.mix_dac-0:1=125,125 inputs.mix_mic=215,215 inputs.mix_hp=125,125 record.adc-0:1_source=mic record.adc-0:1_mute=off record.adc-0:1=253,253 outputs.hp_sense=plugged outputs.mic_sense=plugged outputs.spkr_muters=hp outputs.master=157,157 outputs.master.mute=off outputs.master.slaves=spkr,hp record.volume=255,255 record.volume.mute=off record.volume.slaves=adc-0:1 As you can see, all recording related devices are at full volume and no device is muted except for the built-in speakers. Is recording on azalia devices simply not supported or am I missing something really obvious here? -- Gregor Best [demime 1.01d removed an attachment of type application/pgp-signature]
Re: question_about_OpenBSD_on_ADSL_modems/routers
On Mon, Jun 25, 2012 at 10:47 AM, soko.tica soko.t...@gmail.com wrote: Hallo list, I ask for information about ADSL modems/routers (preferably low-cost) on which OpenBSD can run. Are you looking for ADSL modem/router to which you want to connect OpenBSD system or do you want to build ADSL modem on OpenBSD? I know there was a possibility to get Traverse Technologies Viking PCI ADSL card on any box, but I have learned recently it is out of production. Thanking you in advance.
Re: after upgrade to current(25-06-2012), can not login ssh
The sshd_config like this: ListenAddress 192.168.168.1 PermitRootLogin yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes UsePrivilegeSeparation sandbox Subsystem sftp /usr/libexec/sftp-server 2012/6/25 johnw johnw.m...@gmail.com I attached the server side error message (photo) please help, thank you. ssh - 192.168.168.1 OpenSSH_6.0p1 Debian-2, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/john/.ssh/config debug1: /home/john/.ssh/config line 1: Applying options for 192.168.168.1 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.168.1 [192.168.168.1] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load /home/john/.ssh/kdc.id_rsa as a RSA1 public key debug1: identity file /home/john/.ssh/kdc.id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/john/.ssh/kdc.id_rsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 debug1: match: OpenSSH_6.0 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-2 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host 192.168.168.1 from file /home/john/.ssh/known_hosts debug3: load_hostkeys: found key type ECDSA in file /home/john/.ssh/known_hosts:2 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com, ecdsa-sha2-nistp384-cert-...@openssh.com, ecdsa-sha2-nistp521-cert-...@openssh.com ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server-client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex:
Re: question_about_OpenBSD_on_ADSL_modems/routers
I think this is what you might be looking for: http://www.rocksolidelectronics.com/pages/products.php Not sure where you are based but if in Europe then Linitx can help you is in the UK however. http://linitx.com/viewcategory.php?catid=148 Regards, Kaya On Mon, Jun 25, 2012 at 9:47 AM, soko.tica soko.t...@gmail.com wrote: Hallo list, I ask for information about ADSL modems/routers (preferably low-cost) on which OpenBSD can run. I know there was a possibility to get Traverse Technologies Viking PCI ADSL card on any box, but I have learned recently it is out of production. Thanking you in advance.
Re: Something other than getty/login on console?
Hello David, da...@elven.com.au (David Diggles), 2012.06.25 (Mon) 07:10 (CEST): Thanks Marcus! I have been sidetracked with a few things, but will give this technique a try soon. please do not think I invented that wheel! See misc archives instead... I take it dostuff.sh is where I could put something like yes. #!/bin/sh I recommend the use of ``#!/bin/sh -e'', see ksh(1). while [ ! ]; do I use ``while :; do'' in such cases; BUT: please read init(8), it will respawn your process anyways; read DIAGNOSTICS section carefully, especially the ``getty repeating too quickly'' part. Bye, Marcus /usr/local/bin/ttyplay kickassci.demo done On Fri, Jun 15, 2012 at 09:36:43AM +0200, MERIGHI Marcus wrote: da...@elven.com.au (David Diggles), 2012.06.15 (Fri) 00:20 (CEST): I want the default login console to run something like /usr/games/worms -n100 or rsh host /opt/local/bin/xaos -driver aa -autopilot the way I do it... $ grep ttyC0 /etc/ttys ttyC0 /usr/local/libexec/getty.sh vt220 on $ ls -al /usr/local/libexec/getty.sh -rwxr-xr-x 1 root wheel 210 Feb 15 19:01 /usr/local/libexec/getty.sh $ cat /usr/local/libexec/getty.sh #!/bin/ksh -e TERM=vt220 /usr/local/sbin/dostuff.sh /dev/$1 /dev/$1 $ ls -la /usr/local/sbin/dostuff.sh -rwxr-xr-x 1 root wheel - 2.2K Feb 18 11:28 /usr/local/sbin/dostuff.sh dostuff.sh has stdin/stdout connected to console, now. Bye, Marcus (nice project, btw!) !DSPAM:4fe7f2c2455333111015!
Re: after upgrade to current(25-06-2012), can not login ssh
I change UsePrivilegeSeparation sandbox to UsePrivilegeSeparation yes, then i can login now. maybe the sandbox feature has something broken. thank you. 2012/6/25 Fred Crowson fred.crow...@gmail.com On 25 June 2012 10:03, johnw johnw.m...@gmail.com wrote: The sshd_config like this: ListenAddress 192.168.168.1 PermitRootLogin yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes UsePrivilegeSeparation sandbox Subsystem sftp /usr/libexec/sftp-server Is pf enabled on the server? Have you allowed ssh connections in pf? Broken pipes hint at a network error. hth Fred
Re: hello I have question for openssh !
Actually it doesn't. You're talking about different things: he's asking about RSA key exchange (ie how the client and server arrive at a shared secret, ie http://www.ietf.org/rfc/rfc4432.txt), but you're talking about RSA host key algorithms (ie how the server proves it is who you think it is, which happens latter in the connection). Does it prevent man in the middle attack ? Here's the list of supported key exchange algorithms (from usr.bin/ssh/myproposal.h): #define KEX_DEFAULT_KEX \ ecdh-sha2-nistp256, \ ecdh-sha2-nistp384, \ ecdh-sha2-nistp521, \ diffie-hellman-group-exchange-sha256, \ diffie-hellman-group-exchange-sha1, \ diffie-hellman-group14-sha1, \ diffie-hellman-group1-sha1 so no rsa1024-sha1 or rsa2048-sha256. To the original question: - Putty implements the client side, which makes me wonder what they tested against. Ben Harris mentioned that his initial implementation used OpenSSH. I don't know if the code is available anywhere, but it might be. - the threads on the ietf working group lists mentioned der Mouse implemented it, so it's probably in http://sparkle.rodents-montreal.org/mouseware/local-src/moussh/moussh/. On a related topic: I added an openssh specs page recently (http://www.openssh.com/specs.html) which should be the authoritative reference for what is supported. Corrections are welcome (but before someone says RFC6594, note that I'm trying to keep it accurate for the most recent release). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: after upgrade to current(25-06-2012), can not login ssh
On 25 June 2012 12:41, johnw johnw.m...@gmail.com wrote: I change UsePrivilegeSeparation sandbox to UsePrivilegeSeparation yes, then i can login now. maybe the sandbox feature has something broken. thank you. The following article gives some more information on the sandbox function: http://www.undeadly.org/cgi?action=articlesid=20110721123003 hth Fred
Re: ipsec tunnel speeds
Great question Ted Does anyone know the answer? Thanks Mark On Jun 22, 2012 12:58 PM, Ted Unangst t...@tedunangst.com wrote: On Fri, Jun 22, 2012 at 12:52, Ryan McBride wrote: 550Mb/s with aes-128-gcm (requires AES-NI and amd64) on hw.model=Intel(R) Xeon(R) CPU E5649 @ 2.53GHz hw.vendor=HP hw.product=ProLiant DL360 G7 what's the reason aes-128-gcm requires amd64? we can't add that code to i386?
PF: clock upd packets that allready have a state
Hi
From time to time I have some attacks to my SIP PBX. I like to block them on
my OpenBSD
box which stands in front of it. The problem I'm facing is that the attackers
IP has already
a state in the state table and the block rule I insert simply does nothing.
In the state table I see the following:
all udp my_ip:5060 - attacker_ip:5231 MULTIPLE:MULTIPLE
all udp attacker_ip:5231 - my_ip:5060 MULTIPLE:MULTIPLE
in /etc/pf.conf at the top I have the following
table badguys {attacker_ip}
block out quick to {badguys}
block in quick from {badguys}
After clearing all states with pfctl -F states the connection is blocked.
Is there a way to:
- clear a single state?
- to block a packet even with a established state ?
Regards
Matthias
--
Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach
http://www.freestone.net
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Re: PF: clock upd packets that allready have a state
On 25 jun 2012, at 15:36, Matthias Cramer wrote: After clearing all states with pfctl -F states the connection is blocked. Is there a way to: - clear a single state? - to block a packet even with a established state ? Hi Matthias, The pfctl -K/-k options allow you to kill specific state entries. /Johan
Re: PF: block upd packets that allready have a state
Hi Marios
On 25/06/12 15:58, Marios Makassikis wrote:
On 25 June 2012 15:36, Matthias Cramer cra...@freestone.net wrote:
Hi
Hi,
From time to time I have some attacks to my SIP PBX. I like to block them
on
my OpenBSD
box which stands in front of it. The problem I'm facing is that the
attackers
IP has already
a state in the state table and the block rule I insert simply does
nothing.
In the state table I see the following:
all udp my_ip:5060 - attacker_ip:5231 MULTIPLE:MULTIPLE
all udp attacker_ip:5231 - my_ip:5060 MULTIPLE:MULTIPLE
in /etc/pf.conf at the top I have the following
table badguys {attacker_ip}
block out quick to {badguys}
block in quick from {badguys}
After clearing all states with pfctl -F states the connection is blocked.
Is there a way to:
- clear a single state?
This will remove all states associated with attacker_ip:
pfctl -k attacker_ip
Superb.
If you want to remove only a given state, you can do so by specifying a
state id
rather than a IP address.
You can find out about the state IDs with pfctl -vvss
- to block a packet even with a established state ?
How are you detecting attackers in your current setup ?
At the moment by hand ... I know that is not acceptable ...
I would consider having PF rate-limit connections to your SIP PBX, and
add any host
that goes over the limit to your badguys table.
An example is described here:
http://home.nuug.no/~peter/pf/en/bruteforce.html
I saw this. But the problem is, the attacker allways comes with the same
IP/Port Combo
so the is allways the same session for pf. So this method does not work!
Is there a way to so something simmilar by packets per second ?
Regards
Matthias
--
Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach
http://www.freestone.net
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
Re: question_about_OpenBSD_on_ADSL_modems/routers
Thanks for your replies Tomas and Kaya. I am looking for a device that will be used as an ADSLmodem/router on which I want to build OpenBSD. I have been being connected from OpenBSD boxes through an ordinary ADSL modem since 4.3. I am not sure if the RockSolid cards are supported by OpenBSD. Can anyone confirm they are? Yes, I am in Europe (non-EU). Thanks in advance for your replies. On 6/25/12, Tomas Bodzar tomas.bod...@gmail.com wrote: On Mon, Jun 25, 2012 at 10:47 AM, soko.tica soko.t...@gmail.com wrote: Hallo list, I ask for information about ADSL modems/routers (preferably low-cost) on which OpenBSD can run. Are you looking for ADSL modem/router to which you want to connect OpenBSD system or do you want to build ADSL modem on OpenBSD? I know there was a possibility to get Traverse Technologies Viking PCI ADSL card on any box, but I have learned recently it is out of production. Thanking you in advance.
Re: question_about_OpenBSD_on_ADSL_modems/routers
25.06.2012 18:03 tarihinde, soko.tica yazdı: ... I am not sure if the RockSolid cards are supported by OpenBSD. Can anyone confirm they are? ... Single port modem works fine, it seems to OS as a realtech ethernet. -zafer
Re: question_about_OpenBSD_on_ADSL_modems/routers
2012/6/25 soko.tica soko.t...@gmail.com: Yes, I am in Europe (non-EU). You should check with your telco if the modem supports your ADSL. Best Martin
Re: question_about_OpenBSD_on_ADSL_modems/routers
I have an openbsd box plugged into a switch with other things that then connects to a dsl modem, no problem. On Jun 25, 2012 8:15 AM, Zafer DaÅtan z...@z-sistem.com wrote: 25.06.2012 18:03 tarihinde, soko.tica yazdı: ... I am not sure if the RockSolid cards are supported by OpenBSD. Can anyone confirm they are? ... Single port modem works fine, it seems to OS as a realtech ethernet. -zafer
Re: PF: block upd packets that allready have a state
On 25 June 2012 16:12, Matthias Cramer cra...@freestone.net wrote: Hi Marios Hi Matthias, On 25/06/12 15:58, Marios Makassikis wrote: On 25 June 2012 15:36, Matthias Cramer cra...@freestone.net wrote: - to block a packet even with a established state ? How are you detecting attackers in your current setup ? At the moment by hand ... I know that is not acceptable ... I would consider having PF rate-limit connections to your SIP PBX, and add any host that goes over the limit to your badguys table. An example is described here: http://home.nuug.no/~peter/pf/en/bruteforce.html I saw this. But the problem is, the attacker allways comes with the same IP/Port Combo so the is allways the same session for pf. So this method does not work! My understanding of this, is that the fact that PF creates a state, and uses it for the other communications with the attacker. Considering there is no other state created, it will never reach the limit to be added to the table. If that is the case, the question remains: how do you detect the attack ? Is the PBX rendered unusable for other clients ? I think a more accurate description of the attack would be helpful to find a solution to the problem. Is there a way to so something simmilar by packets per second ? packets per second sounds like a unit for bandwidth, which would suggest using something like ALTQ to throttle traffic. The problem remains though, since you may end up throttling all connections to your PBX, including legitimate clients. Regards Matthias -- Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach http://www.freestone.net GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
Re: PF: block upd packets that allready have a state
Hi Marios On 25/06/12 18:50, Marios Makassikis wrote: I would consider having PF rate-limit connections to your SIP PBX, and add any host that goes over the limit to your badguys table. An example is described here: http://home.nuug.no/~peter/pf/en/bruteforce.html I saw this. But the problem is, the attacker allways comes with the same IP/Port Combo so the is allways the same session for pf. So this method does not work! My understanding of this, is that the fact that PF creates a state, and uses it for the other communications with the attacker. Considering there is no other state created, it will never reach the limit to be added to the table. Exactly that's the case. If that is the case, the question remains: how do you detect the attack ? Is the PBX rendered unusable for other clients ? Yes, It becomes more or less unusable... I think a more accurate description of the attack would be helpful to find a solution to the problem. I now have a script, which watches the PBX for unsuccessful authentication and adds the IP, if there are 10 unsuccessful tries in 5 seconds, via ssh to the table on the OpenBSD box, that solves all my problems greatly. Is there a way to so something simmilar by packets per second ? packets per second sounds like a unit for bandwidth, which would suggest using something like ALTQ to throttle traffic. The problem remains though, since you may end up throttling all connections to your PBX, including legitimate clients. I considered ALTQ, but that is in my opinion not a very nice way to solve this problem. Regards Mattthias -- Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach, Switzerland http://www.freestone.net GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
HUKUKI BILGILENDIRME -1İSTANBUL PROJESİ - ISPARTAKULE (TULİP TURKUAZ PROJESİ) ( www.biristanbul.com )
1ÝSTANBUL PROJESÝ - ISPARTAKULE ( www.biristanbul.com ) 4822 SAYILI KANUNLA DEÐÝÞÝK 4077 SAYILI TÜKETÝCÝNÝN KORUNMASI HAKKINDA KANUN ÝKÝNCÝ KISIM Tüketicinin korunmasý ve aydýnlatýlmasý zorunluluðuna tabi olarak, ayýplý mal ve ayýplý hizmetlerle (Madde 4 ve 4/A) ilgili olarak 1ÝSTANBUL ISPARTAKULE projesinin ilgili taraflarý EMLAK KONUT GYO A.Þ. ve DOÐU ÝNÞAAT-PREKAST BETON-ÜSTÜNLER YAPI ADÝ ORTAKLIÐININ proje ile ilgili sayýn Tüketicileri tanýtým kýlavuzlarýnda veya reklam ve ilânlarýnda veya standardýnda veya teknik kuralýnda veya satýþ sözleþmelerinde mevcut teknik hukuki durum ve riskler açýsýndan hiçbir þekilde bilgilendirmediði hususunda aþaðýdaki açýklamayý projeden ev satýn alan ve almayý düþünen potansiyel müþterilerin dikkatine sunmayý zorunluluk olarak addetmekteyiz. Kanun tarifi çerçevesinde tanýtma ve kullanma kýlavuzunda ya da reklam ve ilânlarýnda yer alan veya satýcý tarafýndan bildirilen veya standardýnda veya teknik düzenlemesinde tespit edilen nitelik veya niteliði etkileyen niceliðine aykýrý olan ya da tahsis veya kullaným amacý bakýmýndan deðerini veya tüketicinin ondan beklediði faydalarý azaltan veya ortadan kaldýran maddi, hukuki veya ekonomik eksiklikler içeren mallar, ayýplý mal ve hizmet olarak kabul edilir. 1ÝSTANBUL ISPARTAKULE PROJESÝ ile ilgili olarak EMLAK KONUT GYO A.Þ. ve DOÐU ÝNÞAAT-PREKAST BETON-ÜSTÜNLER YAPI ADÝ ORTAKLIÐI tarafýndan Tüketicilerin bilgilendirilmediði hususlar aþaðýdadýr. Proje ile ilgili mevcut davalar ve hukuki süreç: Türkiye'deki Hukuk Süreçleri: 1. Bakýrköy 5. Asliye Ticaret Mahkemesi Dosya No. 2010/788 E. Davacý: TULIP Gayrimenkul Davalý: Emlak Konut GYO Dava Konusu: Proje ile ilgili haksýz feshin iptali. 2. Yargýtay 15. Hukuk Dairesi Dosya No. 2012/2502 E. Davacý: TULIP Gayrimenkul Davalý: Emlak Konut GYO Dava Konusu: Proje ile ilgili haksýz feshin iptali. 3. Kadýköy 5. Asliye Ticaret Mahkemesi Dosya No. 2010/1654 E. Davacý: TULIP-FMS-Mertkan-Ýlci Adi Ortaklýðý Davalý: Emlak Konut GYO Dava Konusu: Proje ile ilgili haksýz feshin iptali. Detaylar icin : www.emlakkonutgercegi.com Uluslararasý Hukuk Süreçleri: - DÜNYA BANKASI ICSID Washington ABD (Uluslararasý Yatýrým Anlaþmazlýklarý Çözüm Tahkim Mahkemesi) Dosya No. ICSID Case No. ARB/11/28 Davacý: Tulip Gayrimenkul Ana Ortaðý Tulip Real Estate Investment and Development Netherlands BV Detaylar icin : www.crowell.com/tuliparbitration Ayrýca yakýn tarihte tazminat talepleri ve diðer baþka davalarda gerek TULIP Gayrimenkul gerekse TULIP Real Estate Investment and Development Netherlands BV ve de TULIP-FMS-Mertkan-Ýlci Adi Ortaklýðý tarafýndan açýlacak ve bu davalarda açýldýkça eðer tüketiciye karþý yükümlü taraf EMLAK KONUT GYO A.Þ. ve/veya DOÐU ÝNÞAAT-PREKAST BETON-ÜSTÜNLER YAPI ADÝ ORTAKLIÐI tarafýndan bildirilmez ise Tüketici Kanunu uyarýnca tarafýmýzca ayrýca bilgi verilecektir. Hukuki sürecin projeden ev alan Tüketiciler veya almayý düþünen potansiyel Tüketiciler açýsýndan olasý sonuçlarý 1. 1ÝSTANBUL PROJESÝNDE haksýz feshin iptal edilerek DOÐU ÝNÞAAT-PREKAST BETON-ÜSTÜNLER YAPI ADÝ ORTAKLIÐININ sözleþmesinin iptali ile projenin TULIP'e iadesi, bu durumda projeden ev alanlarýn durumunun hukuken geçersiz olmasý, 2. TULIP, TULIP BV ve TULIP-FMS-Mertkan-Ýlci Adi Ortaklýðý kar kaybý tazminatlarý ödenmesi, bu durumda tazminat miktarlarý ödenmesi hususunda proje arsasý dahil diðer Emlak Konut GYO A.Þ. varlýklarýna icra takibi yapýlmasý ve ipotek konulmasý. Hukuken ev alan ve alacak Tüketicilerin dikkat etmesi gereken husus projeden ev alýmýnda yapýlan Satýþ Vaadi Sözleþmesidir bu projede yapýlan uygulamaya göre Satýþ Vaadi Sözleþmesi noterden onaylatýlmamaktadýr. Oysa Noterce onaylanmayan Satýþ Vaadi Sözleþmelerinde yukarýda belirtilen ve/veya baþka hukuki sorunlar çýkmasý halinde Alýcý açýsýndan önemli hak zayileri olabilmektedir. Bilgi edinilmesi için: Taþýnmaz Satýþ Vaadi Sözleþmesi, bir taþýnmazýn satým sözleþmesinin yapýlmasýný isteme hakký veren bir ön sözleþmedir. Taraflar düzenledikleri ön sözleþme ile ana sözleþmenin akdedilmesini hüküm altýna almak istemektedirler. Ön sözleþmenin akdedilmesi ile taraflardan biri yükümlülüðünü yerine getirmediði takdirde diðer tarafýn ifayý talep hakký doðacaktýr. Satýþ Vaadi Sözleþmesinin yukarýda anýlan ana sözleþme açýsýndan baðlayýcýlýk unsurunu taþýyabilmesi için kanunda belirtilmiþ olan þekil þartýna uygun olarak düzenlenmiþ olmasý gerekmektedir. Noterlik Kanunu'nun 60/3'ncü ve 89'ncu maddelerine göre taþýnmaz Satýþ Vaadi Sözleþmesinin geçerlilik kazanabilmesi için noterde düzenlenmesi gerekir. Taraflar bu þekilde noterde düzenlenecek ön sözleþme niteliðindeki Satýþ Vaadi Sözleþmesi ile ana sözleþmeyi akdetme iradelerini ortaya koyarlar. Burada önemli olan her iki taraf iradesinin açýkça ortaya konmasýdýr. Tek taraflý bir irade beyaný içeren belge satýþ vaadi sözleþmesi olarak deðerlendirilemez. Kanuni düzenlenme olmamasýna raðmen doktrin ve pratikte taþýnmaz Satýþ Vaadi Sözleþmesinin tapuda da düzenlenebileceði
Re: PF: block upd packets that allready have a state
On 25 June 2012 19:06, Matthias Cramer cra...@freestone.net wrote: Hi Marios On 25/06/12 18:50, Marios Makassikis wrote: I would consider having PF rate-limit connections to your SIP PBX, and add any host that goes over the limit to your badguys table. An example is described here: http://home.nuug.no/~peter/pf/en/bruteforce.html I saw this. But the problem is, the attacker allways comes with the same IP/Port Combo so the is allways the same session for pf. So this method does not work! My understanding of this, is that the fact that PF creates a state, and uses it for the other communications with the attacker. Considering there is no other state created, it will never reach the limit to be added to the table. Exactly that's the case. If that is the case, the question remains: how do you detect the attack ? Is the PBX rendered unusable for other clients ? Yes, It becomes more or less unusable... In that case, the ALTQ trick is pointless. I think a more accurate description of the attack would be helpful to find a solution to the problem. I now have a script, which watches the PBX for unsuccessful authentication and adds the IP, if there are 10 unsuccessful tries in 5 seconds, via ssh to the table on the OpenBSD box, that solves all my problems greatly. Seeing your solution ( glad you solved your problem by the way :) ), it looks like someone is bruteforcing your server. Which implies that the first step prior to attempting to authenticate is to establish a connection. I'm surprised PF doesn't catch it though. Even if the attacker is using the exact same packets, I recall reading that PF tracks connections by looking at source and destination transport addresses, but also ISNs. (Of course, you shouldn't take my word for it, as I couldn't find any source that backs this up.) In that case, it would mean your server is using weak ISNs and using modulate state instead of keep state would help mitigate the issue, as new states would be created for each connection and you can effectively do some rate limiting. There's also the possibility that your software keeps the connection open upon a failed auth, instead of closing after a predefined number of attempts. If that's the case, I'd send a bug report to the developers. Is there a way to so something simmilar by packets per second ? packets per second sounds like a unit for bandwidth, which would suggest using something like ALTQ to throttle traffic. The problem remains though, since you may end up throttling all connections to your PBX, including legitimate clients. I considered ALTQ, but that is in my opinion not a very nice way to solve this problem. Regards Mattthias -- Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach, Switzerland http://www.freestone.net GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: PF: block upd packets that allready have a state
Hi Marios On 25/06/12 20:36, Marios Makassikis wrote: Seeing your solution ( glad you solved your problem by the way :) ), it looks like someone is bruteforcing your server. Which implies that the first step prior to attempting to authenticate is to establish a connection. I'm surprised PF doesn't catch it though. Even if the attacker is using the exact same packets, I recall reading that PF tracks connections by looking at source and destination transport addresses, but also ISNs. (Of course, you shouldn't take my word for it, as I couldn't find any source that backs this up.) In that case, it would mean your server is using weak ISNs and using modulate state instead of keep state would help mitigate the issue, as new states would be created for each connection and you can effectively do some rate limiting. There's also the possibility that your software keeps the connection open upon a failed auth, instead of closing after a predefined number of attempts. If that's the case, I'd send a bug report to the developers. There are no connections to close ... It's SIP -- UDP .. The attacker can always use the same packet header. Think there is no way to solve that at Layer 3 or 4, You have to look at the content. Regards Matthias -- Matthias Cramer, Erachfeldstrasse 1b, CH-8180 Bülach, Switzerland http://www.freestone.net GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
thanks a bunch
Hi, Thanks to the many people who offered soekris and similar boards after my request on want.html. I can't update the page right now, but I have received offers from 4 people, one being a backup if the others change their plans. I should be fine now. Thanks again ! -- Gilles Chehade https://www.poolp.org @poolpOrg
Sudden crashes with OpenBSD 4.6-5.1, trunk and CARP interfaces
Hi, I'm having trouble pinpointing this problem. We got two CARPed OpenBSD boxes running for a very long time now, and I've been updating the machines up to 4.6. The last time we had hardware maintenance was over a year ago. One of them, zeca, crashed suddenly while it was the CARP master. Every time we tried to promote it to be master again (using advskew), it crashed. We upgraded it to OpenBSD 5.1, and it kept crashing. So we upgraded motherboard, CPU, and memory. It also crashed. Below is the serial output captured from a full cycle (boot, crash, ddb ps and trace, and new reboot). If you need further information, please let me know. Thanks for your attention. Best regards, OpenBSD/i386 BOOT 3.17 boot booting hd0a:/bsd: 8251712+1089284 [61+370672+356296]=0x99a1d8 entry point at 0x200120 [ using 727444 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2012 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE,LAHF real mem = 2137124864 (2038MB) avail mem = 2092040192 (1995MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/20/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06b0 (57 entries) bios0: vendor American Megatrends Inc. version 0402 date 05/20/2009 bios0: ASUSTeK Computer INC. P5KPL-AM-CKD-VISUM-SI acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) UAR1(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE,LAHF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 7 (P0P1) acpiprt2 at acpi0: bus 6 (P0P4) acpiprt3 at acpi0: bus 5 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS aibs0 at acpi0: RTMP RVLT RFAN GGRP GITM SITM acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xb400! cpu0: Enhanced SpeedStep 2801 MHz: speeds: 2793, 2128, 1596 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82G33 Host rev 0x10 ppb0 at pci0 dev 1 function 0 Intel 82G33 PCIE rev 0x10: apic 2 int 16 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 IDT 89HPES12N3A rev 0x0e pci2 at ppb1 bus 2 ppb2 at pci2 dev 2 function 0 IDT 89HPES12N3A rev 0x0e pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82576) rev 0x01: msi, address 00:1b:21:6e:95:68 em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82576) rev 0x01: msi, address 00:1b:21:6e:95:69 ppb3 at pci2 dev 4 function 0 IDT 89HPES12N3A rev 0x0e pci4 at ppb3 bus 4 em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82576) rev 0x01: msi, address 00:1b:21:6e:95:6c em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82576) rev 0x01: msi, address 00:1b:21:6e:95:6d vga1 at pci0 dev 2 function 0 Intel 82G33 Video rev 0x10 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 drm0 at inteldrm0 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: msi azalia0: codecs: VIA/0xe721 audio0 at azalia0 ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 2 int 16 pci5 at ppb4 bus 6 ppb5 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x01: apic 2 int 17 pci6 at ppb5 bus 5 re0 at pci6 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102EL (0x2480), apic 2 int 17, address 90:e6:ba:b4:c0:f0 rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB
