Re: is there a way to block sshd trolling?

2005-09-23 Thread Mr.Slippery 
John Marten ([EMAIL PROTECTED]) dixit:
 You know what i mean? Every day I get some script kiddie, or adult
 trying to guess usernames or passwords.
 I've installed the newest version of SSH, so i'm covered there. But I
 still get a dozen or 2 of the
 sshd Invalid user somename from ###.##.##.###
 input_userauth_request: ivalid user somename
 Failed password for invalid user somename
 Recieved disconnect from ###.##.##.###
 Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
 from ###.##.##.### to any flags S/SA'
 entry in my pf.conf file. But if I had do that for every hacker my
 pf.conf would be huge!
 There's got to be a better way, and I'm open to suggestions.
 
 
 John F. Marten III
 
 Information Technology Specialist
 
That's how I handle this type of annoyance:
http://data.homeip.net/projects/ssh_wall.php
Of course, YMMV.
Ciao.
-- 
.--.
| Florin (Slippery) Iamandi|
| Reason is the first victim of emotion. -- Scytale, Dune Messiah  |

Re: Security Patch - OpenSSH

2005-09-04 Thread Mr.Slippery 
Han Boetes ([EMAIL PROTECTED]) dixit:
 Miroslav Kubik wrote:
  I'm just wondering if the patch for OpenSSH bugs (
  http://secunia.com/advisories/16686/ ) already exists for
  OpenBSD or if it necessary to compile new version of OpenSSH. On
  OpenBSD errata page is nothing.
 
 This is fixed in OpenSSH-4.2 which is in CVS now.

Since the -stable still has 4.1, is this a minor security issue?

-- 
.--.
| Florin (Slippery) Iamandi|
| Reason is the first victim of emotion. -- Scytale, Dune Messiah  |

CRC errors, difference between dmesg(8) and /var/run/dmesg.boot

2005-08-01 Thread Mr.Slippery 
Hello.
After a fresh reboot I have noticed difference between the output of
dmesg(8) and the contents of /var/run/dmesg.boot. What worries me is
that in the output of dmesg(8) I see CRC errors that are not shown in
the dmesg.boot
I have compared them right after reboots, several times, the difference
stands and the CRC errors are still there.

What could be the cause of this difference and what actions should I
take about those CRC errors?
Thanks in advance for your replies/advices.


A. Output of dmesg(8):
--
OpenBSD 3.7-stable (GENERIC) #0: Fri Jul  1 15:38:40 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm) Processor (AuthenticAMD 686-class) 807 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 502886400 (491100K)
avail mem = 451866624 (441276K)
using 4278 buffers containing 25247744 bytes (24656K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(01) BIOS, date 03/14/01, BIOS32 rev. 0 @ 0xf0ec0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1702
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1670/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8363 Host rev 0x81
ppb0 at pci0 dev 1 function 0 VIA VT8363 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor S3, unknown product 0x8a26 rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40
pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG SV1022D
wd0: 16-sector PIO, LBA, 9732MB, 19931184 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
wd1 at pciide0 channel 1 drive 1: Maxtor 6Y080L0
wd1: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 5
uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x16: irq 9
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x16: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x40
auvia0 at pci0 dev 7 function 5 VIA VT82C686 AC97 rev 0x50: irq 12
ac97: codec id 0x414c4710 (Avance Logic ALC200)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, Realtek 3D
audio0 at auvia0
rl0 at pci0 dev 14 function 0 Realtek 8139 rev 0x10: irq 10 address 
00:50:fc:cd:88:dd
rlphy0 at rl0 phy 0: RTL internal phy
rl1 at pci0 dev 15 function 0 Realtek 8139 rev 0x10: irq 12 address 
00:40:f4:b1:a6:be
rlphy1 at rl1 phy 0: RTL internal phy
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask eb65 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
dkcsum: wd1 matched BIOS disk 81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
wd1a:  aborted command, interface CRC error reading fsbn 96 of 96-127 (wd1 bn 
159; cn 0 tn 2 sn 33), retrying
wd1: soft error (corrected)
wd1: transfer error, downgrading to Ultra-DMA mode 4
wd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 4
wd1a:  aborted command, interface CRC error reading fsbn 30087584 of 
30087584-30087615 (wd1 bn 30087647; cn 29848 tn 13 sn 44), retrying
wd1: soft error (corrected)


B. Contents of /var/run/dmesg.boot
--
OpenBSD 3.7-stable (GENERIC) #0: Fri Jul  1 15:38:40 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm) Processor (AuthenticAMD 686-class) 807 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR
real mem  = 502886400 (491100K)
avail mem = 451866624 (441276K)
using 4278 buffers containing 25247744 bytes (24656K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(01) BIOS, date 03/14/01, BIOS32 rev. 0 @ 0xf0ec0
apm0 at bios0: Power Management spec V1.2
apm0: AC on,

Re: Blocking many accesses to ssh port from single IP

2005-06-30 Thread Mr.Slippery 
Steve Williams ([EMAIL PROTECTED]) dixit:
 
 Is there any way to block/limit the number of connections to a port in a 
 given time period?  I was getting around 5 connects per second from the 
 same IP/PORT (in Hungary :-( ).
 
 I can't think how this would work... unless there was a generic program 
 like spamd in greylisting mode...  But I'm not the first person to have 
 this problem, so there's likely a solution!  Can anyone shed some light?

You could also give SSH Scanner Blocker a shot...
[ http://www.e-shell.org/index.py?code=python ]
  
Ciao.
-- 
.--.
| Florin (Slippery) Iamandi|
| Reason is the first victim of emotion. -- Scytale, Dune Messiah  |

Re: package installation fatal error

2005-06-24 Thread Mr.Slippery 
Qv6 ([EMAIL PROTECTED]) dixit:
 Folks:
 
 Brand new to openbsd.
Brand new to *nix too?

 #PKG_PATH=ftp://ftp.openbsd.org/pub/OPENBSD/3.7/packages/i386/
(...)
 ftp://ftp.openbsd.org/pub/OPENBSD/3.7/packages/i386/snort-2.1.2.tgz
The issue is that OpenBSD is not the same as OPENBSD. 
-- 
|--|
|  Florin (Slippery) Iamandi