pf scrub options in OpenBSD 5.3
Hi all, A few questions about the operation of pf scrub options in OpenBSD 5.3: 1. In 2010 Henning advised against the use of "reassemble tcp" (link below). Is this advice still applicable and what are the known issues that this option may cause in the current implementation? http://marc.info/?l=openbsd-misc&m=126343406308201&w=2 2. Am I correct in assuming that the following example ruleset would be more efficient (and work the same way) if the 'match on LAN' rule was removed, or if scrubbing was only done for inbound packets (match in ...)? match on WAN scrub (no-df random-id) match on LAN scrub (no-df random-id) pass I'm trying to figure out exactly when options like "random-id" and "reassemble tcp" are applied. My current understanding is that a packet passing from LAN to WAN with the above ruleset will have its id randomized twice, and the same thing will happen for any returning packet that matches the two state entries. If I change both match rules to 'match in ...', then packets in both directions are scrubbed just once, but the returning packets are scrubbed as they leave the firewall instead of when they are first received. Is all of that right? If so, does it actually matter that the returning packets are not scrubbed when they are first received? For example, if "reassemble tcp" or "min-ttl" options are used and the other side lowers its TTL value to the point where the response packet expires upon reaching the firewall, then the TTL check will have no effect, since the OS wouldn't forward the packet to the outbound interface or run the second state check. - Max
Re: OT: the term ``hackathon'' - even the U.N. does it
On 07/24/13 08:32, MERIGHI Marcus wrote: cyber-attack cyber espionage cyber attack cyber war games cyber warriors Cyber 9/12 Cyber Storm cyber preparedness cyber scenario Cyber Storm cyber threat cyber attacks Right now, there are a lot of drunk college students out there. -- Scott McEachern https://www.blackstaff.ca "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
OT: the term ``hackathon'' - even the U.N. does it
I learned about this via http://www.infosecnews.org/subscribe-to-infosec-news/ Thread 'term "hackathon" trademarked in Germany': http://marc.info/?l=openbsd-misc&m=136766877107167 Bye, Marcus - Forwarded from InfoSec News Date: Wed, 24 Jul 2013 07:29:07 + (UTC) From: InfoSec News To: isn (at) lists [dot] infosecnews {dot} org Subject: [ISN] How Would the U.S. Respond to a Nightmare Cyber Attack? http://www.scientificamerican.com/article.cfm?id=how-would-us-respond-nightmare-cyber-attack By Josephine Wolff Scientific American July 23, 2013 It???s been a busy summer for computer security mavens. The U.S. and China locked horns on cyber espionage, Edward Snowden allegedly leaked classified intelligence about National Security Agency (NSA) monitoring programs that target communication networks, and the Cobalt malware took 13 U.S. oil refineries offline. If you missed that last one, that???s because it was fictional -- a scenario created for a student cyber attack challenge held on June 15 at American University in Washington, D.C. The event was a sort of a hybrid Model U.N. hackathon cyber war games exercise, involving 65 college and graduate students (including myself) who are training for careers as future cyber warriors and policy makers. In many ways the Cyber 9/12 Student Challenge mirrors the U.S. government???s own Cyber Storm exercises, with the important exception that the student exercise isn???t mandated by Congress to strengthen cyber preparedness in the public and private sectors. The Cobalt malware -- an invention of the Atlantic Council, which hosted the event - was fake, but its target was a real-life vulnerability: the U.S. energy infrastructure, specifically the oil refineries and pipelines that produce and transport gasoline and other refined fuel products all across the country. Almost any discussion or description of a doomsday cyber scenario involves an attack on U.S. critical infrastructure. You can see this play out in the Cyber Storm exercises hosted every few years by the Department of Homeland Security for government and industry organizations to practice cyber threat responses. In three simulations that took place in 2006, 2008 and 2010, catastrophic cyber attacks caused clear and serious physical damage. A computer virus that turns off the lights, shuts down the telephone system and halts military operations could cost lives. [...] - End forwarded message -
Re: Hang possibly related to pipex
On Mon, 8 Jul 2013 11:45:38 +0200 Marko Cupać wrote: > I have just upgraded to: > OpenBSD 5.3-current (GENERIC.MP) #25: Sat Jul 6 17:01:33 MDT 2013 No hangs since upgrade. Thank you for your help. -- Marko Cupać
Re: suspend/resume not working on thinkpad X41
Wed 24.Jul'13 at 0:31:22 +0300, haris [ ... ] > Everything back to normal and suspend resume is working like a charm > after testing as many times as I could during the day. You must have looked insane opening and shutting your laptop continuously throughout the day ;-) -- James Griffin: jmz at kontrol.kode5.net A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38