Re: Intel DQ35MP
Hi, Using drive 0, partition 3. Loading... probing: pc0 apm mem[635K 3573M 16K a20=on] disk: hd0+ >> OpenBSD/i386 BOOT 3.01 boot> machine memory Region 0: type 1 at 0x1000 for 635KB Region 1: type 2 at 0x9fc00 for 1KB Region 2: type 2 at 0xe for 128KB Region 3: type 1 at 0x10 for 3659244KB Region 4: type 4 at 0xdf67b000 for 440KB Region 5: type 1 at 0xdf6e9000 for 16KB Region 6: type 3 at 0xdf6ed000 for 72KB Region 7: type 1 at 0xdf6ff000 for 4KB Low ram: 639KB Hight ram: 3659260KB Total free memory: 3659899KB boot> this comes from Intel D945GTP which also shows this problem. regards M.K. [EMAIL PROTECTED] pisze: > In gmane.os.openbsd.misc, you wrote: > >> I had same problem with DQ965GF, DSDT was overwritten by msgbuf. >> As a quick hack I changed msgbuf size and it solved my problem. I >> haven't had time to debug it further. >> >> Index: sys/arch/i386/include/param.h >> === >> RCS file: /OpenBSD/src/sys/arch/i386/include/param.h,v >> retrieving revision 1.42 >> diff -u -3 -p -r1.42 param.h >> --- sys/arch/i386/include/param.h 1 Oct 2007 12:10:55 - 1.42 >> +++ sys/arch/i386/include/param.h 10 Jan 2008 19:13:18 - >> @@ -97,7 +97,7 @@ >> #defineUSPACE_ALIGN(0) /* u-area alignment 0-none >> */ >> >> #ifndef MSGBUFSIZE >> -#define MSGBUFSIZE 4*NBPG /* default message buffer size */ >> +#define MSGBUFSIZE 2*NBPG /* default message buffer size */ >> #endif >> > > Please send me the output of 'machine memory' at the boot prompt > for this machine. I think I know what is causing this... > > -Toby.
Re: facts about OpenBSD
On Wed, Jan 09, 2008 at 11:03:29PM +0200, Nikns Siankin wrote: > # Secure By Default. > OpenBSD uses broken WEP for securing WiFi networks. > Has no WPA/WPA2 support. Where is your wpa code for OpenBSD ?
Re: 64 bit file I/O?
On Thu, Jan 10, 2008 at 06:09:24PM -0700, Darrin Chandler wrote: > On Thu, Jan 10, 2008 at 04:49:42PM -0800, Unix Fan wrote: > > Darrin Chandler wrote: > > > Ted Unangst wrote: > > > > what bs are you using? > > > > > > Try to be more polite, please. > > > > He wasn't being rude, bs the block size option for the dd command... > > which I the slow idiot. had set to 1.. > > Yes, I know. Apparently my deadpan delivery has the same effect online > as it does in person. Sorry for you, we've had enough idiots around here. When reading your initial email, I wondered: is he serious or making a joke. Deadpan humor doesn't work through email with people who don't know you real well...
Re: facts about OpenBSD
On Thu, Jan 10, 2008 at 03:03:02PM +0200, Nikns Siankin wrote: > On Thu, Jan 10, 2008 at 12:43:48PM +, Edd Barrett wrote: > >Hello, > > > >A lot of this is down to manpower or lack thereof. You can make it > >better if you put some effort in. Failing that, If it's so bad, then > >why don't you use another operating system? > > Hi, > I don't believe anymore, that someone from side can make it better. > The only people who could make it better are talking to community > only when release CD needs to get sold or donations are needed. Well, duh, the rest of the time, they're writing code and fixing various little problems. I don't think you have any actual idea how much time it takes to write code that would do any of the things you complain about.
Re: ssh controlling question
Kevin Wilcox wrote: > In sshd_config: > > == > > AllowUsers [EMAIL PROTECTED] To make it more manageable, the AllowGroups might be better. That way you only have to manage groups with SSH. -Lars
Re: SSH Brute Force Attacks Abound - and thanks!
On 1/10/08, Ken <[EMAIL PROTECTED]> wrote: > I never see anything like that, since my pf rules only allow me to ssh back > to home from my work IP range. > > In the space of about 15 minutes before I enabled pf all of the following > users were tried, probably > by an automated script: It appears to just be some bot going around that masks itself under various IP's and nothing more intelligent. When I moved my SSH port to port 23 (via pf and a redirect), all of that stopped. While moving the SSH port doesn't help much against anyone running an nmap scan, it stops blind port 22 scans that run generic password hacks and filling your logs with crap, --Kenny
Re: SSH Brute Force Attacks Abound - and thanks!
Kennith Mann III wrote: > ... > While moving the SSH port doesn't help much against anyone running an > nmap scan, it stops blind port 22 scans that run generic password > hacks and filling your logs with crap, Overloads help a bit: pass in on $ext_if proto tcp to ($ext_if) port ssh flags S/SA keep state (max-src-conn 4, \ max-src-conn-rate 2/60, overload \ flush global) Regarding the logs, one thing that worked in the past was giving the netblock owner a hard time. It's their responsibility. It's not too hard to make up a shellscript (or use another scripting language) which automates a daily report and the complaint. Regards, -Lars
Problems installing 4.2 from CD
Hello, I just tried installing OpenBSD 4.2 on an older PIII box I got a while back - but I can't get the install to boot from CD. Here's what I have so far: - The PC has an Intel server board, L440GX+, with two PIII/550 (Slot 1) on it. This board has both IDE and SCSI (Dual channel U2W, Adaptec AIC-7896) on-board. - The CD-ROM is SCSI and connected to channel B of the U2W controller. - There are two IDE disks - a 20GB connected to IDE1 (master) and a 160GB on IDE2 (master). - The SCSI controller is set to support bootable CDs and the OpenBSD CD is recognised as such. If I try to boot from CD, the only lines I get are: CR-ROM: 9F Loading /4.2/I386/CDBOOT probing: pc0 com0 com1 mem[635K 638M a20=on] disk: At this point, the machine hangs hard, i.e. neither keyboard, nor reset/power buttons work anymore. I litterally have to pull the plug. If I disable *both* IDE drives in the BIOS, booting from CD-ROM works (or at least I get to the 'boot>' prompt, haven't tested further yet). Disabling only one of them doesn't help, though. As a test, I also tried to boot from an OpenBSD 3.9 CD, but that showed the same symptoms. Same goes for a Kubuntu 7.04 live CD - got stuck right after the boot menu. The odd thing is: I *have* installed OpenBSD on this PC in the past (must have been 4.0 or 4.1). The changes I have made since then were - as far as I can remember: - I removed a second 20GB IDE drive that was slave on IDE1. - I added the 160GB drive on IDE2 - I think I removed a PCI VGA card and a sound card, but I'm not 100% whether they were actually in there when I installed OpenBSD the last time. - I added a 3C509B(?) NIC. Any insight on this would be most welcome. I saw one related thread in the archives, but that seemed to deal with PCI cards rather than on-board devices. One of the solutions offered there was to remove the boot-eeprom from one of those cards - but I don't thinks I have that option in this case... :-} Regards, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: : SSH Brute Force Attacks Abound - and thanks!
On Fri, Jan 11, 2008 at 09:28:57AM +, Khalid Schofield wrote: > put this in pf.conf > Is not this missing from the recipe:? block quick from > pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ > flags S/SA keep state \ > (max-src-conn-rate 3/30, overload flush > global) > > > :) > > enjoy > > > > On 10 Jan 2008, at 21:53, Ken wrote: > > >A practical example, real life, last night. > >I was replacing my hard drive on my home broadband OBSD firewall, > >and it was taking a few minutes > >to copy over the old pf.conf and enable the firewall. I had > >installed the latest snapshot as a > >fresh image and restarted. It took a little while to set up the > >local networks, and I was connected > >to the Internet, so I could download packages. > > > >I copied over the pf.conf from my backup host and enabled it, not > >thinking much more about it. > >Then this morning I looked at /var/log/authlog to see stuff like this: > > > >Jan 9 18:00:01 home-fw newsyslog[6065]: logfile turned over > >Jan 9 18:03:03 home-fw sshd[29544]: Invalid user andrew from > >125.16.26.123 > >Jan 9 18:03:03 home-fw sshd[240]: input_userauth_request: invalid > >user andrew > >Jan 9 18:03:03 home-fw sshd[29544]: Failed password for invalid > >user andrew from 125.16.26.123 port 52447 ssh2 > >Jan 9 18:03:03 home-fw sshd[240]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:06 home-fw sshd[19514]: Invalid user adam from > >125.16.26.123 > >Jan 9 18:03:06 home-fw sshd[15864]: input_userauth_request: > >invalid user adam > >Jan 9 18:03:06 home-fw sshd[19514]: Failed password for invalid > >user adam from 125.16.26.123 port 52651 ssh2 > >Jan 9 18:03:06 home-fw sshd[15864]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:08 home-fw sshd[18110]: Invalid user trial from > >125.16.26.123 > >Jan 9 18:03:08 home-fw sshd[22493]: input_userauth_request: > >invalid user trial > >Jan 9 18:03:09 home-fw sshd[18110]: Failed password for invalid > >user trial from 125.16.26.123 port 52821 ssh2 > >Jan 9 18:03:09 home-fw sshd[22493]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:11 home-fw sshd[20596]: Invalid user calendar from > >125.16.26.123 > >Jan 9 18:03:11 home-fw sshd[8582]: input_userauth_request: invalid > >user calendar > >Jan 9 18:03:11 home-fw sshd[20596]: Failed password for invalid > >user calendar from 125.16.26.123 port 53011 ssh2 > >Jan 9 18:03:12 home-fw sshd[8582]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:14 home-fw sshd[22151]: Invalid user poq from > >125.16.26.123 > >Jan 9 18:03:14 home-fw sshd[17137]: input_userauth_request: > >invalid user poq > >Jan 9 18:03:14 home-fw sshd[22151]: Failed password for invalid > >user poq from 125.16.26.123 port 53199 ssh2 > > > >I never see anything like that, since my pf rules only allow me to > >ssh back to home from my work IP range. > > > >In the space of about 15 minutes before I enabled pf all of the > >following users were tried, probably > >by an automated script: > > > >AaliyahAaron Aba Abel Exit Jewel > >Zmeu Zmeu adam adam add adm > >admin admin admin admin admin admin > >admin adminsadminsadrian alan alex > >alin alina alinusamanda andreiandrew > >angel apachearon at backupbnc > >bran brett cafe calendar cap cgi > >ch cmd com danny data david > >dulap fernando fluffyftpgames george > >getguest guest hacker haxor hk > >http httpd hyid ident if > >info info internet ircisit > >john kathi kaytenldap library linux > >lp luis mail mail mailman master > >maxmichael michael michi mikaelmike > >mike mysql mysql netnetwork news > >news nick octavio open oper oracle > >orgparty paul paul pepgsql > >pgsql plplay poqpostfix postmaster > >print psybncradu resin rex richard > >richardrobertrpm sales samba sara > >search sef sex sgisharonshell > >shell shop squid sshstan station > >stef stephen stevensunny sunsunsusan > >suva suzukitavi technicom telnettest > >test test test test trial trib > >uk unix unseenus user user > >username username users webwebadmin webmaster > >webmaster webpopword www-data wwwrunwwwrun > >yahoo za > > > >What a cesspool the internet is! Good passwords, limit access t
Re: SSH Brute Force Attacks Abound - and thanks!
On Fri, Jan 11 2008 at 24:11, Lars Nood?n wrote: > Kennith Mann III wrote: > > ... > > While moving the SSH port doesn't help much against anyone running an > > nmap scan, it stops blind port 22 scans that run generic password > > hacks and filling your logs with crap, > > Overloads help a bit: > > pass in on $ext_if proto tcp to ($ext_if) port ssh >flags S/SA keep state (max-src-conn 4, \ >max-src-conn-rate 2/60, overload \ >flush global) > > Regarding the logs, one thing that worked in the past was giving the > netblock owner a hard time. It's their responsibility. It's not too > hard to make up a shellscript (or use another scripting language) which > automates a daily report and the complaint. I always hesitate to use this trick. Could you please develop more the implications of this method? Is it still effective? Thanks! Claer
Re: SSH Brute Force Attacks Abound - and thanks!
Claer <[EMAIL PROTECTED]> writes: > I always hesitate to use this trick. Could you please develop more the > implications of this method? Is it still effective? Yes, it's still effective. You need to put in whatever values you feel are appropriate for your network and users. In Lars' example, > pass in on $ext_if proto tcp to ($ext_if) port ssh >flags S/SA keep state (max-src-conn 4, \ >max-src-conn-rate 2/60, overload \ >flush global) any host with more than 4 simultaneous ssh connections OR that connects more than twice during any 60-second period has all their existing connections terminated, their address put into the bruteforce table and their address no longer matches the criteria for the pass rule. Those values are low enough that you might risk tripping up legitimate connections if there are enough users coming in from behind a NATing gateway, but that scenario may not be relevant for your case. What happens to connections from addresses in the bruteforce table is up to you, but I suspect a rule involving 'block quick' is very common. And yes, it's in the tutorial[1] and covered in that little book of mine[2]. - Peter [1] http://home.nuug.no/~peter/pf/en/bruteforce.html goes right to this topic, http://home.nuug.no/~peter/pf/ for a choice of formats [2] http://nostarch.com/pf.htm -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: SSH Brute Force Attacks Abound - and thanks!
http://home.nuug.no/~peter/pf/en/long-firewall.html#BRUTEFORCE Best Martin
Re: SSH Brute Force Attacks Abound - and thanks!
On Fri, Jan 11 2008 at 47:11, Peter N. M. Hansteen wrote: > Claer <[EMAIL PROTECTED]> writes: > > > I always hesitate to use this trick. Could you please develop more the > > implications of this method? Is it still effective? > Yes, it's still effective. You need to put in whatever values you > feel are appropriate for your network and users. In Lars' example, Sorry for not being that clear. I was talking about auto mailing whois address block abuse contacts. I already uses rate filtering. Its true that this method is still effective. Some bots starts to distribute the attacks, so the effectiveness is eroding with time. For the record, I also tried the os fingerprint trick. This one is not effective for ssh bruteforce but for antispam. For the moment, only windows 2000 os is matched frequently (around once a day for my dsl connection). Anyway, thanks for your long explanation :) Regards, > > > pass in on $ext_if proto tcp to ($ext_if) port ssh > > flags S/SA keep state (max-src-conn 4, \ > > max-src-conn-rate 2/60, overload \ > > flush global) > > any host with more than 4 simultaneous ssh connections OR that > connects more than twice during any 60-second period has all their > existing connections terminated, their address put into the bruteforce > table and their address no longer matches the criteria for the pass > rule. Those values are low enough that you might risk tripping up > legitimate connections if there are enough users coming in from behind > a NATing gateway, but that scenario may not be relevant for your case. > > What happens to connections from addresses in the bruteforce table is > up to you, but I suspect a rule involving 'block quick' is very > common. And yes, it's in the tutorial[1] and covered in that little > book of mine[2]. > > - Peter > > [1] http://home.nuug.no/~peter/pf/en/bruteforce.html goes right to > this topic, http://home.nuug.no/~peter/pf/ for a choice of formats > > [2] http://nostarch.com/pf.htm > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: SSH Brute Force Attacks Abound - and thanks!
On 2008/01/11 12:33, Lars Noodin wrote: > > I suppose another option is to use pf to filter out all incoming traffic > to the servers originating from Windows computers you can take a look for yourself with tcpdump -O, but I think you'll find the ssh scans are more likely to be from some variety of unix. an inclusive match is usually better e.g. pass proto tcp from any os "OpenBSD" to port ssh
Re: SSH Brute Force Attacks Abound - and thanks!
put this in pf.conf pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload flush global) :) enjoy On 10 Jan 2008, at 21:53, Ken wrote: A practical example, real life, last night. I was replacing my hard drive on my home broadband OBSD firewall, and it was taking a few minutes to copy over the old pf.conf and enable the firewall. I had installed the latest snapshot as a fresh image and restarted. It took a little while to set up the local networks, and I was connected to the Internet, so I could download packages. I copied over the pf.conf from my backup host and enabled it, not thinking much more about it. Then this morning I looked at /var/log/authlog to see stuff like this: Jan 9 18:00:01 home-fw newsyslog[6065]: logfile turned over Jan 9 18:03:03 home-fw sshd[29544]: Invalid user andrew from 125.16.26.123 Jan 9 18:03:03 home-fw sshd[240]: input_userauth_request: invalid user andrew Jan 9 18:03:03 home-fw sshd[29544]: Failed password for invalid user andrew from 125.16.26.123 port 52447 ssh2 Jan 9 18:03:03 home-fw sshd[240]: Received disconnect from 125.16.26.123: 11: Bye Bye Jan 9 18:03:06 home-fw sshd[19514]: Invalid user adam from 125.16.26.123 Jan 9 18:03:06 home-fw sshd[15864]: input_userauth_request: invalid user adam Jan 9 18:03:06 home-fw sshd[19514]: Failed password for invalid user adam from 125.16.26.123 port 52651 ssh2 Jan 9 18:03:06 home-fw sshd[15864]: Received disconnect from 125.16.26.123: 11: Bye Bye Jan 9 18:03:08 home-fw sshd[18110]: Invalid user trial from 125.16.26.123 Jan 9 18:03:08 home-fw sshd[22493]: input_userauth_request: invalid user trial Jan 9 18:03:09 home-fw sshd[18110]: Failed password for invalid user trial from 125.16.26.123 port 52821 ssh2 Jan 9 18:03:09 home-fw sshd[22493]: Received disconnect from 125.16.26.123: 11: Bye Bye Jan 9 18:03:11 home-fw sshd[20596]: Invalid user calendar from 125.16.26.123 Jan 9 18:03:11 home-fw sshd[8582]: input_userauth_request: invalid user calendar Jan 9 18:03:11 home-fw sshd[20596]: Failed password for invalid user calendar from 125.16.26.123 port 53011 ssh2 Jan 9 18:03:12 home-fw sshd[8582]: Received disconnect from 125.16.26.123: 11: Bye Bye Jan 9 18:03:14 home-fw sshd[22151]: Invalid user poq from 125.16.26.123 Jan 9 18:03:14 home-fw sshd[17137]: input_userauth_request: invalid user poq Jan 9 18:03:14 home-fw sshd[22151]: Failed password for invalid user poq from 125.16.26.123 port 53199 ssh2 I never see anything like that, since my pf rules only allow me to ssh back to home from my work IP range. In the space of about 15 minutes before I enabled pf all of the following users were tried, probably by an automated script: AaliyahAaron Aba Abel Exit Jewel Zmeu Zmeu adam adam add adm admin admin admin admin admin admin admin adminsadminsadrian alan alex alin alina alinusamanda andreiandrew angel apachearon at backupbnc bran brett cafe calendar cap cgi ch cmd com danny data david dulap fernando fluffyftpgames george getguest guest hacker haxor hk http httpd hyid ident if info info internet ircisit john kathi kaytenldap library linux lp luis mail mail mailman master maxmichael michael michi mikaelmike mike mysql mysql netnetwork news news nick octavio open oper oracle orgparty paul paul pepgsql pgsql plplay poqpostfix postmaster print psybncradu resin rex richard richardrobertrpm sales samba sara search sef sex sgisharonshell shell shop squid sshstan station stef stephen stevensunny sunsunsusan suva suzukitavi technicom telnettest test test test test trial trib uk unix unseenus user user username username users webwebadmin webmaster webmaster webpopword www-data wwwrunwwwrun yahoo za What a cesspool the internet is! Good passwords, limit access to where it is necessary, and run an ironclad OS. Thanks for making it all possible.
Re: SSH Brute Force Attacks Abound - and thanks!
dam you seconds ahead of my reply with the same info :) On 11 Jan 2008, at 09:24, Lars Noodin wrote: Kennith Mann III wrote: ... While moving the SSH port doesn't help much against anyone running an nmap scan, it stops blind port 22 scans that run generic password hacks and filling your logs with crap, Overloads help a bit: pass in on $ext_if proto tcp to ($ext_if) port ssh flags S/SA keep state (max-src-conn 4, \ max-src-conn-rate 2/60, overload \ flush global) Regarding the logs, one thing that worked in the past was giving the netblock owner a hard time. It's their responsibility. It's not too hard to make up a shellscript (or use another scripting language) which automates a daily report and the complaint. Regards, -Lars
Re: Problems installing 4.2 from CD
Hello, Did you check errata 003 ? http://openbsd.org/errata42.html regards On 11/01/2008, T. Ribbrock <[EMAIL PROTECTED]> wrote: > > Hello, > > I just tried installing OpenBSD 4.2 on an older PIII box I got a while > back - but I can't get the install to boot from CD. Here's what I have > so far: > > - The PC has an Intel server board, L440GX+, with two PIII/550 (Slot 1) > on it. This board has both IDE and SCSI (Dual channel U2W, Adaptec > AIC-7896) on-board. > - The CD-ROM is SCSI and connected to channel B of the U2W controller. > - There are two IDE disks - a 20GB connected to IDE1 (master) and a 160GB > on > IDE2 (master). > - The SCSI controller is set to support bootable CDs and the OpenBSD CD > is recognised as such. > > If I try to boot from CD, the only lines I get are: > > CR-ROM: 9F > Loading /4.2/I386/CDBOOT > probing: pc0 com0 com1 mem[635K 638M a20=on] > disk: > > At this point, the machine hangs hard, i.e. neither keyboard, nor > reset/power buttons work anymore. I litterally have to pull the plug. > > If I disable *both* IDE drives in the BIOS, booting from CD-ROM works > (or at least I get to the 'boot>' prompt, haven't tested further yet). > Disabling only one of them doesn't help, though. > > As a test, I also tried to boot from an OpenBSD 3.9 CD, but that showed > the same symptoms. Same goes for a Kubuntu 7.04 live CD - got stuck > right after the boot menu. > > The odd thing is: I *have* installed OpenBSD on this PC in the past > (must have been 4.0 or 4.1). The changes I have made since then were - > as far as I can remember: > - I removed a second 20GB IDE drive that was slave on IDE1. > - I added the 160GB drive on IDE2 > - I think I removed a PCI VGA card and a sound card, but I'm not 100% > whether they were actually in there when I installed OpenBSD the last > time. > - I added a 3C509B(?) NIC. > > Any insight on this would be most welcome. I saw one related thread in > the archives, but that seemed to deal with PCI cards rather than > on-board devices. One of the solutions offered there was to remove the > boot-eeprom from one of those cards - but I don't thinks I have that > option in this case... :-} > > Regards, > > Thomas > -- > ** PLEASE: NO Cc's to me privately, I do read the list - thanks! > ** > > - > Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 >"You have to live on the edge of reality - to make your dreams come > true!"
Re: SSH Brute Force Attacks Abound - and thanks!
Claer wrote: > On Fri, Jan 11 2008 at 24:11, Lars Nood?n wrote: ... >> Regarding the logs, one thing that worked in the past was giving the >> netblock owner a hard time. It's their responsibility. It's not too >> hard to make up a shellscript (or use another scripting language) which >> automates a daily report and the complaint. > > I always hesitate to use this trick. Could you please develop more the > implications of this method? Is it still effective? Does it *still* work? I don't know yet, it looks like I will have to try it again though. Used to work well. But you have to establish responsiveness on the ISPs end first, usually by phone. e.g. Get a shrill, technically knowledgable woman to give them an earful a few times / break their balls. Giving the police report number helps. Once that is established then they'll be relieved to have the messages rather than the phone calls. I hadn't needed for a few years. Though back then, the number of attacks plummeted quickly. I suppose another option is to use pf to filter out all incoming traffic to the servers originating from Windows computers maybe except to relevant services like http port or https. If we could see a blanket ban on connecting Windows machines to the net, things would improve drastically. Regards -Lars
Re: SSH Brute Force Attacks Abound - and thanks!
On Fri, Jan 11, 2008 at 10:51:41AM +, Stuart Henderson wrote: > On 2008/01/11 12:33, Lars Noodin wrote: > > > > I suppose another option is to use pf to filter out all incoming traffic > > to the servers originating from Windows computers > > you can take a look for yourself with tcpdump -O, but I think you'll > find the ssh scans are more likely to be from some variety of unix. > > an inclusive match is usually better e.g. > pass proto tcp from any os "OpenBSD" to port ssh that could be less useful if you have ipv6 connections in, no? since pf.os(5) claims only to be able to fingerprint hosts "that originate an IPv4 TCP connection". but maybe the ssh client will fall back to using ipv4 if it meets that. i am unsure. jmc
Re: SSH Brute Force Attacks Abound - and thanks!
Peter N. M. Hansteen wrote: > Claer <[EMAIL PROTECTED]> writes: > >> I always hesitate to use this trick. Could you please develop more the >> implications of this method? Is it still effective? > > Yes, it's still effective. You need to put in whatever values you > feel are appropriate for your network and users. In Lars' example, > >> pass in on $ext_if proto tcp to ($ext_if) port ssh >> flags S/SA keep state (max-src-conn 4, \ >> max-src-conn-rate 2/60, overload \ >> flush global) Actually, it's originally your example ;) since I got it from the copy of your tutorial that I printed and bound this autumn. It's been invaluable. I have your book on order via work since a while back and have been looking forward to it. > ... Those values are low enough that you might risk tripping up > legitimate connections if there are enough users ... I had higher for a while but have adjusted them downwards several times. Regarding NAT, FUNET apparently has complete IPv6 support and I'm waiting on info from Sonera. > - Peter > > [1] http://home.nuug.no/~peter/pf/en/bruteforce.html goes right to > this topic, http://home.nuug.no/~peter/pf/ for a choice of formats > > [2] http://nostarch.com/pf.htm BTW the 2008 NORDUnet conference will be in Espoo: http://www.nordu.net/conference/ndn2008web/home.html It would be a good context to promote your book, PF, and OpenBSD. Regards, -Lars
Re: : SSH Brute Force Attacks Abound - and thanks!
Yes, it more correctly needs to be one of the two following... block in log quick on $ext_if from label BLOCKBRUTES pass in on $ext_if inet proto tcp \ from any to ($ext_if) port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload flush global) \ label BLOCKBRUTES -or- pass in on $ext_if inet proto tcp \ from ! to ($ext_if) port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload flush global) The block-pass pair has the advantage of logging the blocks. The pass variant logs successful passes only. /Scott -Original Message- From: Raimo Niskanen <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: Re: : SSH Brute Force Attacks Abound - and thanks! Date: Fri, 11 Jan 2008 11:12:00 +0100 Mailer: Mutt/1.5.9i Delivered-To: [EMAIL PROTECTED] On Fri, Jan 11, 2008 at 09:28:57AM +, Khalid Schofield wrote: > put this in pf.conf > Is not this missing from the recipe:? block quick from > pass in on $ext_if proto tcp from any to ($ext_if) port ssh \ > flags S/SA keep state \ > (max-src-conn-rate 3/30, overload flush > global) > > > :) > > enjoy > > > > On 10 Jan 2008, at 21:53, Ken wrote: > > >A practical example, real life, last night. > >I was replacing my hard drive on my home broadband OBSD firewall, > >and it was taking a few minutes > >to copy over the old pf.conf and enable the firewall. I had > >installed the latest snapshot as a > >fresh image and restarted. It took a little while to set up the > >local networks, and I was connected > >to the Internet, so I could download packages. > > > >I copied over the pf.conf from my backup host and enabled it, not > >thinking much more about it. > >Then this morning I looked at /var/log/authlog to see stuff like this: > > > >Jan 9 18:00:01 home-fw newsyslog[6065]: logfile turned over > >Jan 9 18:03:03 home-fw sshd[29544]: Invalid user andrew from > >125.16.26.123 > >Jan 9 18:03:03 home-fw sshd[240]: input_userauth_request: invalid > >user andrew > >Jan 9 18:03:03 home-fw sshd[29544]: Failed password for invalid > >user andrew from 125.16.26.123 port 52447 ssh2 > >Jan 9 18:03:03 home-fw sshd[240]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:06 home-fw sshd[19514]: Invalid user adam from > >125.16.26.123 > >Jan 9 18:03:06 home-fw sshd[15864]: input_userauth_request: > >invalid user adam > >Jan 9 18:03:06 home-fw sshd[19514]: Failed password for invalid > >user adam from 125.16.26.123 port 52651 ssh2 > >Jan 9 18:03:06 home-fw sshd[15864]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:08 home-fw sshd[18110]: Invalid user trial from > >125.16.26.123 > >Jan 9 18:03:08 home-fw sshd[22493]: input_userauth_request: > >invalid user trial > >Jan 9 18:03:09 home-fw sshd[18110]: Failed password for invalid > >user trial from 125.16.26.123 port 52821 ssh2 > >Jan 9 18:03:09 home-fw sshd[22493]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:11 home-fw sshd[20596]: Invalid user calendar from > >125.16.26.123 > >Jan 9 18:03:11 home-fw sshd[8582]: input_userauth_request: invalid > >user calendar > >Jan 9 18:03:11 home-fw sshd[20596]: Failed password for invalid > >user calendar from 125.16.26.123 port 53011 ssh2 > >Jan 9 18:03:12 home-fw sshd[8582]: Received disconnect from > >125.16.26.123: 11: Bye Bye > >Jan 9 18:03:14 home-fw sshd[22151]: Invalid user poq from > >125.16.26.123 > >Jan 9 18:03:14 home-fw sshd[17137]: input_userauth_request: > >invalid user poq > >Jan 9 18:03:14 home-fw sshd[22151]: Failed password for invalid > >user poq from 125.16.26.123 port 53199 ssh2 > > > >I never see anything like that, since my pf rules only allow me to > >ssh back to home from my work IP range. > > > >In the space of about 15 minutes before I enabled pf all of the > >following users were tried, probably > >by an automated script: > > > >AaliyahAaron Aba Abel Exit Jewel > >Zmeu Zmeu adam adam add adm > >admin admin admin admin admin admin > >admin adminsadminsadrian alan alex > >alin alina alinusamanda andreiandrew > >angel apachearon at backupbnc > >bran brett cafe calendar cap cgi > >ch cmd com danny data david > >dulap fernando fluffyftpgames george > >getguest guest hacker haxor hk > >http httpd hyid ident if > >info info internet ircisit > >john kathi kaytenldap library linux > >lp luis mail mail mailman master > >maxmichael michael michi mikaelmike > >mike mysql mysql netnetwork news > >news nick octavio open oper oracle > >orgparty paul pau
Re: SSH Brute Force Attacks Abound - and thanks!
On Fri, Jan 11, 2008 at 11:07:49AM +0001, Jason McIntyre wrote: | > an inclusive match is usually better e.g. | > pass proto tcp from any os "OpenBSD" to port ssh | | that could be less useful if you have ipv6 connections in, no? since | pf.os(5) claims only to be able to fingerprint hosts "that originate an | IPv4 TCP connection". | | but maybe the ssh client will fall back to using ipv4 if it meets that. | i am unsure. It should fall back to v4 connections, but this is generally not what you want. In my experience (from my logs) I see that all these brute forcing lunixtics use v4 so a rule to pass v6 ssh traffic without the limitations you have for v4 should help there. You'll need to revisit that once brute forcers start using v6 but you'll be good for some time. It's like spam : I've *NEVER* seen a spammer use IPv6 so I don't filter IPv6 mail until I do. Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: SSH Brute Force Attacks Abound - and thanks!
Re: Problems installing 4.2 from CD
On Fri, Jan 11, 2008 at 11:29:37AM +0100, Fridiric Pli wrote: > Did you check errata 003 ? > http://openbsd.org/errata42.html Embarrassingly, I forgot to check the erratas - thanks for the reminder. I tried that now, but CD2 isn't even recognised as bootable by the SCSI-controller, hence, the PC does not even try to boot from it... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Problems installing 4.2 from CD
On Fri, 11 Jan 2008, Fridiric Pli wrote: > Hello, > > Did you check errata 003 ? > http://openbsd.org/errata42.html This does not sound like e003. I have experienced that, and you dont get this far. --- Best Regards Edd [EMAIL PROTECTED] http://students.dec.bmth.ac.uk/ebarrett
Re: SSH Brute Force Attacks Abound - and thanks!
Lars NoodC)n wrote: I suppose another option is to use pf to filter out all incoming traffic to the servers originating from Windows computers maybe except to relevant services like http port or https. If we could see a blanket ban on connecting Windows machines to the net, things would improve drastically. Regards -Lars In the case of ssh these days, it seems to be nearly 100% zombied Linux machines sourcing the attacks. I use a combination of overload and a "Linux" os block and I only have about 1-3 attackers a month that make it past the os block, then they get snared in the overload after their six tries. block drop log quick on $ext_if proto tcp from any os "Linux" to any port ssh label "Block ssh from Linux hosts" block drop log quick on $ext_if from pass in on $ext_if proto tcp from any to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 6/60, overload flush global) YMMV. If you actually need to connect to your machines from linux, then exceptions will have to be made.
Re: ksh / csh / jobs discrepancy
Jason McIntyre wrote: > csh was the default shell for a long time. various bits of documentation > still reflect that, to some degree What's the correct procedure for adding requests for picayune changes to the List of Things To Do ? Regards -Lars
Please explain this disk (?) error
wd0(pciide1:0:0): timeout type: ata c_bcount: 16384 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0h: device timeout writing fsbn 87668544 of 87668544-87668575 (wd0 bn 144972399; cn 9024 tn 29 sn 12), retrying wd0: soft error (corrected) I suddenly got this error (while surfing the web in default Gnome session) on OpenBSD 4.2 release (patched up to patch_004, including it). Is it a disk error or something else ? Please help. j.
Re: [Fwd: Open-Hardware]
By taking them away from the developer and putting them under auspices of the FSF. I would never write a single line of code with a gun to my head and that is what the GPL does. You got it the wrong way around Richard. On Fri, Jan 11, 2008 at 08:57:39AM -0500, Richard Stallman wrote: > Those who would give up Essential Liberty to purchase a little Temporary > Safety, deserve neither Liberty nor Safety. > > Where the GPL is temporary safety in trade of Essential Liberty. > > The GPL protects the four essential liberties for every user. > That's the whole point of it. Non-copyleft licenses permit > non-free copies and non-free versions, which deny users the > essential freedoms. The GPL does not. > > In haiku form: > >Using GPL >Is encroaching on our rights >To encroach on yours
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 04:06:22PM +0200, Lars NoodC)n wrote: > ksh is the default shell, but the man page for 'jobs' refers to csh > > The two appear to differ in how they handle background / foreground > jobs. In csh, '%1' works the same way 'fg %1' does, but in ksh, only > 'fg %1' works: > > # echo $0 > -ksh > # jobs > [3] + Suspendedvi /etc/dnsmasq.conf > [1] - Suspendedvi ssh-log.sh > [2] Running tcpdump -i > # %2 > ksh: %2: not found > # %1 > ksh: %1: not found > # uname -a > OpenBSD foo 4.2 GENERIC#375 i386 > > > It's not a major obstacle but one of convenience. Perhaps the man page > can be updated to reflect ksh instead. Or is there a reason for using > csh as the example in the man page for 'jobs' ? > > Regards > -Lars csh was the default shell for a long time. various bits of documentation still reflect that, to some degree. for shell builtins, there's no great solution. just read the man page for the shell you use, and don;t worry to much. if anything, there probably should not be pages for builtins. jmc
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 04:28:12PM +0200, Lars NoodC)n wrote: > Jason McIntyre wrote: > > > csh was the default shell for a long time. various bits of documentation > > still reflect that, to some degree > > What's the correct procedure for adding requests for picayune changes to > the List of Things To Do ? > what are picayune changes? and what "List of Things To Do"? jmc
Re: 64 bit file I/O?
On Thu, 10 Jan 2008, Darrin Chandler wrote: On Thu, Jan 10, 2008 at 02:36:15PM -0800, Ted Unangst wrote: On 10 Jan 2008 14:17:43 -0800, Unix Fan <[EMAIL PROTECTED]> wrote: Does OpenBSD's base utilities support 64 bit I/O? I attempted to create a 8GB file using the "dd" application distributed with OpenBSD 4.2, unfortunately it fails with: dd: count: Result too large Confused, I tried making the size smaller, and noticed it bails out at exactly 4294967295 bytes, 4294967294 succeeds however.. what bs are you using? Try to be more polite, please. What in the word "blocksize" is not polite? Best regards, Markus
Re: SSH Brute Force Attacks Abound - and thanks!
On 2008/01/11 11:07, Jason McIntyre wrote: > On Fri, Jan 11, 2008 at 10:51:41AM +, Stuart Henderson wrote: > > On 2008/01/11 12:33, Lars Noodin wrote: > > > > > > I suppose another option is to use pf to filter out all incoming traffic > > > to the servers originating from Windows computers > > > > you can take a look for yourself with tcpdump -O, but I think you'll > > find the ssh scans are more likely to be from some variety of unix. > > > > an inclusive match is usually better e.g. > > pass proto tcp from any os "OpenBSD" to port ssh > > that could be less useful if you have ipv6 connections in, no? since > pf.os(5) claims only to be able to fingerprint hosts "that originate an > IPv4 TCP connection". I didn't notice that about pf.os before but it's not a big surprise. random address space scans are a bit less of a problem in ipv6 though so "pass in inet6 proto tcp to port ssh" might be acceptable. > but maybe the ssh client will fall back to using ipv4 if it meets that. > i am unsure. it should do; if packets are dropped on the floor i.e. "block drop" it will take some time to notice (like connecting to undeadly from v6 until occaid's sixxs tunnels are back up ;-) if it's "block return" it should be fast.
Re: kernel_map out of virtual space panic on different hardware within hours of difference
* Artur Grabowski <[EMAIL PROTECTED]> [2008-01-11 16:30]: > Martmn Coco <[EMAIL PROTECTED]> writes: > > > pfstatekeypl 108 108435160 5769657 138375 1243 137132 137132 0 > > 80 > > [...] > > > In use 540926K, total allocated 559516K; utilization 96.7% > > This is a bit extreme. Either you have some insane amount of states in > your pf or something is leaking memory. this smells like the errata fixed in stable, there was a leak in pfstatekeypl with failed inserts (quite common when using pfsync) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Real men don't attack straw men
2008/1/12, Richard Stallman <[EMAIL PROTECTED]>: > In that case, buying a Windows computer would be Ok, as long as you > don't update the version of Windows software that is on it... when you > want a newer version of Windows, just get a new computer. > > It is normal for users to install software on a PC. > Perhaps many users never install anything and use only the > software that was delivered. But it is not abnormal to install > software. > > > But it is abnormal to install firmware? Please explain, what's normal and what's not? For the masses it is quite abnormal to install Linux, let alone gNewsense... does it that mean ethics isn't important for such OS's? Oh, you said somewhere along the lines of updating firmware... | That is a borderline case. One possible resolution is that it is ok | to use this hardware, but updating the firmware is a bad thing. So say you buy a WinPC, and it is perfectly fine to use this hardware as is, provided you don't update Windows? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
gcc 4.2
Folks, I am trying to compile GCC 4.2 from ports, and I keep getting the same error... with OpenBSD 4.2 and current as well. checking whether the C compiler (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc -O2 -g ) works... no configure: error: installation or configuration problem: C compiler cannot create executables. *** Error code 1 Stop in /usr/ports/lang/gcc/4.2 (line 2057 of /usr/ports/infrastructure/mk/bsd.port.mk). Does anyone have any idea of what could make this port work? Thanks, Pvt Joker Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 04:21:08PM +, Jason McIntyre wrote: | > MD5 (/usr/share/man/cat1/csh.0) = 2c1dd890eea88efea42df42ae68f8b70 | > # md5 /usr/share/man/cat1/jobs.0 | > MD5 (/usr/share/man/cat1/jobs.0) = 2c1dd890eea88efea42df42ae68f8b70 | > # cp /usr/share/man/cat1/ksh.0 /usr/share/man/cat1/jobs.0 | | right now csh's makefile lists some (not all) builtins as links to | csh(1). i'm not sure that i see any sense in having MLINKS to builtins, | to be honest. I agree with that but I would add that, as a newbie unix user many moons ago, I was surprised to not find a manual page for some "commands" I could run which turned out to be documented in the manpage of my shell. If 'man jobs' shows me the manpage for a shell different from mine, I'll take that as a hint to look up the "command" in the manpage of my own shell. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
4.2-current throughput with pf enabled
Hi, I just upgraded my home firewall/router from 4.1 to a current snapshot from 9th January. I also changed the NIC which is connected to my core switch from fxp to em and upgraded the memory from 128Mb to 256Mb. With PF disabled I can route about 40Mbyte/s (sorry, don't have pps but the traffic should mostly be large packets) and the system still responds very well. (To get some numbers I just pinged the machine...): PING 10.1.0.254 (10.1.0.254) 56(84) bytes of data. 64 bytes from 10.1.0.254: icmp_seq=1 ttl=255 time=2.39 ms 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=0.078 ms 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.077 ms 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=0.258 ms 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.63 ms 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=2.03 ms 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.87 ms 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=0.954 ms 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=2.65 ms 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=0.315 ms --- 10.1.0.254 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9007ms rtt min/avg/max/mdev = 0.077/1.228/2.657/0.955 ms With pf enabled and a very short ruleset (see pf.conf below) the system doesn't respond to many of the dns queries (bind9 is also enabled on this system) and the throughput is decreased to about 10Mbyte/s with the same kind of traffic as above. See my stupid pingtest: PING 10.1.0.254 56(84) bytes of data. 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=5.39 ms 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.206 ms 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=9.87 ms 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.35 ms 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=10.1 ms 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.47 ms 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=11.1 ms 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=11.8 ms 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=12.1 ms 64 bytes from 10.1.0.254: icmp_seq=11 ttl=255 time=11.7 ms 64 bytes from 10.1.0.254: icmp_seq=12 ttl=255 time=12.7 ms 64 bytes from 10.1.0.254: icmp_seq=13 ttl=255 time=11.3 ms 64 bytes from 10.1.0.254: icmp_seq=14 ttl=255 time=14.0 ms 64 bytes from 10.1.0.254: icmp_seq=15 ttl=255 time=12.2 ms 64 bytes from 10.1.0.254: icmp_seq=16 ttl=255 time=11.7 ms 64 bytes from 10.1.0.254: icmp_seq=17 ttl=255 time=14.7 ms 64 bytes from 10.1.0.254: icmp_seq=18 ttl=255 time=11.1 ms 64 bytes from 10.1.0.254: icmp_seq=19 ttl=255 time=3.01 ms --- 10.1.0.254 ping statistics --- 19 packets transmitted, 18 received, 5% packet loss, time 18026ms rtt min/avg/max/mdev = 0.206/9.239/14.713/4.549 ms With openbsd 4.1 and an fxp NIC instead of the em one the system was able to handle full 12Mbyte/s with a pretty complex pf.conf (more than 200 lines). The system is an old Compaq Deskpro EN with a P3/500 and 256Mb of ram. pf.conf (already played with scrub, skip and pass with no success...) - ext_if="pppoe0" set skip on lo set skip on em0 #scrub in scrub out on pppoe0 max-mss 1440 no-df random-id fragment reassemble nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if:0) nat on fxp0 from any to 10.1.0.253 -> 10.1.0.254 rdr pass on vlan10 proto tcp to port ftp -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" #block in on pppoe0 #pass out Is there anything I can tune in pf? Should I provide a dmesg? -- Thanks Chris
Re: SSH Brute Force Attacks Abound - and thanks!
On 2008/01/11 12:18, Claer wrote: > Sorry for not being that clear. I was talking about auto mailing whois > address block abuse contacts. maybe you could get it to auto-mail *you* with the details to make it easier to send that onwards, but don't auto-mail whois contacts. you're asking people to spend time tracking down a problem and usually they will need to contact other people to get it fixed. the least you can do is manually verify that you're addressing the right person.
Re: Please explain this disk (?) error
On Fri, 11 Jan 2008 16:05:49 +0100, jere wrote > wd0(pciide1:0:0): timeout > type: ata > c_bcount: 16384 > c_skip: 0 > pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 > wd0h: device timeout writing fsbn 87668544 of 87668544-87668575 (wd0 > bn 144972399; cn 9024 tn 29 sn 12), retrying wd0: soft error > (corrected) > > I suddenly got this error (while surfing the web in default Gnome > session) on OpenBSD 4.2 release (patched up to patch_004, including > it). > > Is it a disk error or something else ? Please help. It is a disk error. At first, the disk did not respond, hence the "missing intterupt." The OS tried again, and the disk eventually responded. The OS classified this as a "soft" error, meaning it was corrected via retry. It is time to run a disk analysis. The built-in atactl(8) program can get you information from the drive's SMART electronics, but I prefer the smartmontools package. Good luck!
Re: facts about OpenBSD
Thanks everyone who responded in constructive fashion, and thanks for all additions to list, sorry for not answering you all! These who got hurt about these truthfull facts, rest in peace. hehehe On Wed, Jan 09, 2008 at 11:03:29PM +0200, Nikns Siankin wrote: >Facts about OpenBSD: > ># Stable release cycle. > If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! > But don't forget to buy release CD's!!! ># Secure By Default. > OpenBSD uses broken WEP for securing WiFi networks. > Has no WPA/WPA2 support. ># Do not let serious problems sit unsolved. > OpenBSD doesn't need MAC because it has their own security flawed systrace. ># Use of Cryptography. > OpenBSD uses file-backed encryption (svnd) which is very suited > for Full-disk-encryption. NOT. ># Full Disclosure. > OpenBSD at first denies remote exploitable flaws. > DoS flaws gets marked as reliability not security issues. ># Easy maintainable. > OpenBSD distributes source patches to make your farm of > Pentium2 firewalls updated easly. ># Secure Distribution. > The most secure operation system gets distributed on FTP servers > as unsigned binaries. > > >Disclaimer: Like it or not. I'm OpenBSD user for 4 years. >Shit on my head - shit on all OpenBSD supporters. > > > >I'm not subscribed, cc me, if have something to say.
Re: ksh / csh / jobs discrepancy
Jason McIntyre wrote: > what are picayune changes? http://dictionary.reference.com/search?q=picayune Trifling things like making the command 'man jobs' point to the man page for ksh instead of csh # md5 /usr/share/man/cat1/csh.0 MD5 (/usr/share/man/cat1/csh.0) = 2c1dd890eea88efea42df42ae68f8b70 # md5 /usr/share/man/cat1/jobs.0 MD5 (/usr/share/man/cat1/jobs.0) = 2c1dd890eea88efea42df42ae68f8b70 # cp /usr/share/man/cat1/ksh.0 /usr/share/man/cat1/jobs.0 > and what "List of Things To Do"? For OpenBSD 4.3 Regards, -Lars
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 05:18:59PM +0200, Lars NoodC)n wrote: > Jason McIntyre wrote: > > > what are picayune changes? > > http://dictionary.reference.com/search?q=picayune > ah ok. i've never heard the term before. > Trifling things like making the command 'man jobs' point to the man page > for ksh instead of csh > generally speaking, the docs have a bias towards ksh, since ksh is the default shell. i'm not sure that that means having jobs(1) be a link to csh(1) is wrong though. if it points to ksh(1), csh users lose out. and vice versa. > # md5 /usr/share/man/cat1/csh.0 > MD5 (/usr/share/man/cat1/csh.0) =2c1dd890eea88efea42df42ae68f8b70 > # md5 /usr/share/man/cat1/jobs.0 > MD5 (/usr/share/man/cat1/jobs.0) = 2c1dd890eea88efea42df42ae68f8b70 > # cp /usr/share/man/cat1/ksh.0 /usr/share/man/cat1/jobs.0 > right now csh's makefile lists some (not all) builtins as links to csh(1). i'm not sure that i see any sense in having MLINKS to builtins, to be honest. jmc
Re: ksh / csh / jobs discrepancy
Paul de Weerd wrote: >... I would add that, as a newbie unix user many > moons ago, I was surprised to not find a manual page for some > "commands" I could run which turned out to be documented in the > manpage of my shell. Yeah, I too figure that out, but never remember what's built into the shell. So I was mildly surprised that jobs had its 'own' man page. Since it does, is there any reason it should not simply be a symlink to the one of the shell pages? Regards, -Lars
Re: kernel_map out of virtual space panic on different hardware within hours of difference
That's interesting indeeed. We are running stable, but I'm not sure how frequently we are updating it. And it seems like this one is a somewhat recent patch, so maybe it's not been included on that install. I'm going to try it and let you know. Thanks for your advice and sorry for not checking the errata thoroughly before! Oh, and by the way, do you (or someone else) know why is that message appearing when trying to debug the core file? I mean: (gdb) target kvm bsd.0.core Cannot access memory at address 0xffbe6afc Thanks again, Martmn. Richard Toohey wrote: > On 11/01/2008, at 7:47 AM, Martmn Coco wrote: > >> Hi misc, >> >> I'm having frequent crashes on OpenBSD 4.2 (stable) on different >> machines with the following error: >> >> panic: pmap_pinit: kernel_map out of virtual space! >> >> Specifically, we have two carped firewalls (running pfsync) that >> showed >> the same error with a difference of around 8 hours. First the backup >> crashed, and then master. >> >> > [cut] >> In use 540926K, total allocated 559516K; utilization 96.7% >> >> Particularly, I saw this: >> >> Memory Totals: In UseFreeRequests >> 2115K225K286218211 >> >> And this: >> >> In use 540926K, total allocated 559516K; utilization 96.7% >> >> Which seems to be little to spare. I also checked that a swap >> device is >> configured like this: >> > [cut] >> The other thing I can think of is something related to carp or pfsync. >> >> Any input on this will be much appreciated. >> >> Thank you, >> Martmn. > > If you are running stable, it is not likely to be this (patch 4), is > it? Might be worth double-checking and eliminating the obvious. > > http://marc.info/?l=openbsd-misc&m=119798530823904&w=2
Re: Please explain this disk (?) error
On Fri, 2008-01-11 at 16:05:49 +0100, jere proclaimed... > I suddenly got this error (while surfing the web in default Gnome > session) on OpenBSD 4.2 release (patched up to patch_004, including it). > > Is it a disk error or something else ? Please help. > This is just a soft disk error; you may have problems with your hard disk in the future, but if you're only seeing a small number, I wouldn't worry muchyet. Dobar dan! - Eric
Re: kernel_map out of virtual space panic on different hardware within hours of difference
Martmn Coco <[EMAIL PROTECTED]> writes: > pfstatekeypl 108 108435160 5769657 138375 1243 137132 137132 0 > 80 [...] > In use 540926K, total allocated 559516K; utilization 96.7% This is a bit extreme. Either you have some insane amount of states in your pf or something is leaking memory. //art
ospfctl reload : bug or hidden feature ?
Hi,
I'm currently testing some stuff with ospfd (and his friend ospfctl) and
I wonder if I found a bug or if I have done something wrong.
Let's make a schema :
|---| xl1
172.16.1.2 (Test box 1) xl0 10.0.1.1 |--
|
| ste1 192.168.39.X/dhcp (Main box) ste0 172.16.1.1 |-|
| ste2 172.16.2.1 |-|
|
|---| xl1
172.16.2.2 (Test box 2) xl0 10.0.2.1 |--
Every masks are /24
I have the following configs (most comments dropped):
--- Main box :
# ospfd.conf
password="secret"
# areas
area 0.0.0.0 {
interface ste0 {
auth-type simple
auth-key $password
}
interface ste2 {
auth-type simple
auth-key $password
}
}
--- Test box 1 :
# ospfd.conf
password="secret"
redistribute 10.0.1.0/24
# areas
area 0.0.0.0 {
# interface xl0
interface xl1 {
auth-type simple
auth-key $password
}
}
--- Test box 2 :
# ospfd.conf
password="secret"
redistribute 10.0.2.0/24
# areas
area 0.0.0.0 {
# interface xl0
interface xl1 {
auth-type simple
auth-key $password
}
}
If you add a "redistribute" entry into ospfd.conf on box 1 and reload,
it does not announce it. Stop ospfd, restart it and it will announce.
So, did I hit a bug, or am I just getting wrong somewhere ?
Thanks,
Nicolas.
Re: Problems installing 4.2 from CD
On Fri, Jan 11, 2008 at 10:37:16AM +0100, T. Ribbrock wrote: [...] > If I try to boot from CD, the only lines I get are: > CR-ROM: 9F > Loading /4.2/I386/CDBOOT > probing: pc0 com0 com1 mem[635K 638M a20=on] > disk: I just tried a PXE boot using the on-board NIC - *that* works without a problem. I wonder why booting from the CD doesn't. :-/ Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
src/sys/arch/sparc64/dev/sab.c gone from CVS?
Hi, I just read the updated errata42.html and wanted to sync my tree so I can rebuild the kernel. I got a message from CVS: cvs server: sys/arch/sparc64/dev/sab.c is no longer in the repository I can see no OPENBSD_4_2 tag on http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/dev/sab.c only OPENBSD_4_2_BASE. I this right or is the OPENBSD_4_2 tag missing? regards, Maurice
Re: gcc 4.2
On Fri, Jan 11, 2008 at 08:03:49AM -0800, Private Joker wrote: > I am trying to compile GCC 4.2 from ports, and I keep > getting the same error... with OpenBSD 4.2 and current > as well. > checking whether the C compiler > (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc > -O2 -g ) works... no > configure: error: installation or configuration > problem: C compiler cannot create executables. > *** Error code 1 > > Stop in /usr/ports/lang/gcc/4.2 (line 2057 of > /usr/ports/infrastructure/mk/bsd.port.mk). What's in the config.log ? This usually happens when GCC is called by the configure script with erroneous options e.g., in CFLAGS. -- Olivier Mehani <[EMAIL PROTECTED]> PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 05:53:57PM +0100, Paul de Weerd wrote: > | > | right now csh's makefile lists some (not all) builtins as links to > | csh(1). i'm not sure that i see any sense in having MLINKS to builtins, > | to be honest. > > I agree with that but I would add that, as a newbie unix user many > moons ago, I was surprised to not find a manual page for some > "commands" I could run which turned out to be documented in the > manpage of my shell. If 'man jobs' shows me the manpage for a shell > different from mine, I'll take that as a hint to look up the "command" > in the manpage of my own shell. > yeah, that's a fair point. though to be honest, we already have a good number of ksh builtins with no man page. and whatever shell we go for, we leave users of the other shell at a disadvantage. i think the issue is that having MLINKs for a particular shell is not the correct fix. a better solution, as i see it, is to encourage users to read the man page for the shell they're using, and to use commands such as "whence" to find out what exactly they're executing, and man/locate to find stuff. perhaps afterboot(8) or help(1) could hint at this. jmc
Re: ksh / csh / jobs discrepancy
Jason McIntyre wrote: ... > generally speaking, the docs have a bias towards ksh, since ksh is the > default shell. i'm not sure that that means having jobs(1) be a link to > csh(1) is wrong though. if it points to ksh(1), csh users lose out. and > vice versa. Ok. It's not a big deal either way, just that since OpenBSD defaults to ksh, there is a reason to have the built-in shell commands default to ksh. What about saving space by using a symlink instead? Regards -Lars
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 09:02:36PM +0200, Lars NoodC)n wrote: > > What about saving space by using a symlink instead? > i saved space by removing all the builtin pages. please use tools like "whence" to find out what you're executing, and man/locate to find the stuff. jmc
Re: 4.2-current throughput with pf enabled
re-test and post with in your ruleset pass in quick on fxp0 inet from any to any keep state pass out quick on $ext_if inet from any to any keep state /S -Original Message- From: Chris Cohen <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: 4.2-current throughput with pf enabled Date: Fri, 11 Jan 2008 17:45:37 +0100 Mailer: KMail/1.9.7 Delivered-To: [EMAIL PROTECTED] Hi, I just upgraded my home firewall/router from 4.1 to a current snapshot from % 9th January. I also changed the NIC which is connected to my core switch from fxp to em and upgraded the memory from 128Mb to 256Mb. With PF disabled I can route about 40Mbyte/s (sorry, don't have pps but the traffic should mostly be large packets) and the system still responds very well. (To get some numbers I just pinged the machine...): PING 10.1.0.254 (10.1.0.254) 56(84) bytes of data. 64 bytes from 10.1.0.254: icmp_seq=1 ttl=255 time=2.39 ms 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=0.078 ms 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.077 ms 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=0.258 ms 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.63 ms 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=2.03 ms 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.87 ms 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=0.954 ms 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=2.65 ms 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=0.315 ms --- 10.1.0.254 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9007ms rtt min/avg/max/mdev = 0.077/1.228/2.657/0.955 ms With pf enabled and a very short ruleset (see pf.conf below) the system doesn't respond to many of the dns queries (bind9 is also enabled on this system) and the throughput is decreased to about 10Mbyte/s with the same kind of traffic as above. See my stupid pingtest: PING 10.1.0.254 56(84) bytes of data. 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=5.39 ms 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.206 ms 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=9.87 ms 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.35 ms 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=10.1 ms 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.47 ms 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=11.1 ms 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=11.8 ms 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=12.1 ms 64 bytes from 10.1.0.254: icmp_seq=11 ttl=255 time=11.7 ms 64 bytes from 10.1.0.254: icmp_seq=12 ttl=255 time=12.7 ms 64 bytes from 10.1.0.254: icmp_seq=13 ttl=255 time=11.3 ms 64 bytes from 10.1.0.254: icmp_seq=14 ttl=255 time=14.0 ms 64 bytes from 10.1.0.254: icmp_seq=15 ttl=255 time=12.2 ms 64 bytes from 10.1.0.254: icmp_seq=16 ttl=255 time=11.7 ms 64 bytes from 10.1.0.254: icmp_seq=17 ttl=255 time=14.7 ms 64 bytes from 10.1.0.254: icmp_seq=18 ttl=255 time=11.1 ms 64 bytes from 10.1.0.254: icmp_seq=19 ttl=255 time=3.01 ms --- 10.1.0.254 ping statistics --- 19 packets transmitted, 18 received, 5% packet loss, time 18026ms rtt min/avg/max/mdev = 0.206/9.239/14.713/4.549 ms With openbsd 4.1 and an fxp NIC instead of the em one the system was able to handle full 12Mbyte/s with a pretty complex pf.conf (more than 200 lines). The system is an old Compaq Deskpro EN with a P3/500 and 256Mb of ram. pf.conf (already played with scrub, skip and pass with no success...) - ext_if="pppoe0" set skip on lo set skip on em0 #scrub in scrub out on pppoe0 max-mss 1440 no-df random-id fragment reassemble nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if:0) nat on fxp0 from any to 10.1.0.253 -> 10.1.0.254 rdr pass on vlan10 proto tcp to port ftp -> 127.0.0.1 port 8021 anchor "ftp-proxy/*" #block in on pppoe0 #pass out Is there anything I can tune in pf? Should I provide a dmesg?
Re: Intel DQ35MP
Here is the output from the Intel DQ35MP: boot> machine memory Region 0: type 1 at 0x1000 for 630KB Region 1: type 2 at 0x9e800 for 6kb Region 2: type 2 at 0xe for 128KB Region 3: type 1 at 0x10 for 998016KB Region 4: type 4 at 0x3cfa for 772KB Region 5: type 1 at 0x3d061000 for 16800KB Region 6: type 2 at 0x3e0c9000 for 8KB Region 7: type 1 at 0x3e0cb000 for 688KB Region 8: type 4 at 0x3e177000 for 348KB Region 9: type 1 at 0x3e1ce000 for 64KB Region 10: type 4 at 0x3e1de000 for 28KB Region 11: type 1 at 0x3e1e5000 for 12KB Region 12: type 3 at 0x3e1e8000 for 44KB Region 13: type 1 at 0x3e1f3000 for 4KB Region 14: type 3 at 0x3e1f4000 for 44KB Region 15: type 1 at 0x3e1ff000 for 4KB Region 16: type 2 at 0x3e20 for 3072KB Region 17: type 2 at 0x3e50 for 1024kb Region 18: type 2 at 0x3e60 for 10240KB Region 19: type 2 at 0xf000 for 131072KB Region 20: type 2 at 0xffc0 for 4096KB Low ram: 634KB High ram: 1015580KB Total free memory: 1016218KB Atentamente, Marcos Laufer Marcos Laufer - IPversion4.com * [EMAIL PROTECTED] http://www.ipversion4.com ( 0800-444-HOSTING Rodriguez Peqa 468 1 C - Original Message - From: <[EMAIL PROTECTED]> To: "rivo nurges" <[EMAIL PROTECTED]> Cc: Sent: Thursday, January 10, 2008 9:17 PM Subject: Re: Intel DQ35MP In gmane.os.openbsd.misc, you wrote: > > I had same problem with DQ965GF, DSDT was overwritten by msgbuf. > As a quick hack I changed msgbuf size and it solved my problem. I > haven't had time to debug it further. > > Index: sys/arch/i386/include/param.h > === > RCS file: /OpenBSD/src/sys/arch/i386/include/param.h,v > retrieving revision 1.42 > diff -u -3 -p -r1.42 param.h > --- sys/arch/i386/include/param.h 1 Oct 2007 12:10:55 - 1.42 > +++ sys/arch/i386/include/param.h 10 Jan 2008 19:13:18 - > @@ -97,7 +97,7 @@ > #defineUSPACE_ALIGN(0) /* u-area alignment 0-none */ > > #ifndef MSGBUFSIZE > -#define MSGBUFSIZE 4*NBPG /* default message buffer size */ > +#define MSGBUFSIZE 2*NBPG /* default message buffer size */ > #endif Please send me the output of 'machine memory' at the boot prompt for this machine. I think I know what is causing this... -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: ksh / csh / jobs discrepancy
On 1/11/08, Jason McIntyre <[EMAIL PROTECTED]> wrote: > i think the issue is that having MLINKs for a particular shell is > not the correct fix. a better solution, as i see it, is to encourage > users to read the man page for the shell they're using, and to use > commands such as "whence" to find out what exactly they're executing, > and man/locate to find stuff. some systems have a page for all the builtins, which basically says "jobs is a shell builtin. refer to the appropriate manual."
Re: Problems installing 4.2 from CD - SOLVED?!
On Fri, Jan 11, 2008 at 10:37:16AM +0100, T. Ribbrock wrote: [...] > If I try to boot from CD, the only lines I get are: > CR-ROM: 9F > Loading /4.2/I386/CDBOOT > probing: pc0 com0 com1 mem[635K 638M a20=on] > disk: > At this point, the machine hangs hard, i.e. neither keyboard, nor > reset/power buttons work anymore. I litterally have to pull the plug. [...] I have no idea why, but this is working now. It started working when I removed the 3COM NIC (which, by the way, was a 3c905B, not 3c509B...). When I tried again with the NIC back in place, it kept working. I then proceeded to replace the 3COM NIC with a DEC DE500 (had better experience with those in the past) and added a Promise FastTrack 2000 ATA-133 controller for the 160GB drive. Still working. I was able to boot from CD and install 4.2 without a hitch. I hate it when problems "vanish" like this - always causes some lingering suspicion... :-/ Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: ksh / csh / jobs discrepancy
Forgot to Cc: [EMAIL PROTECTED] On Jan 11, 2008 8:02 PM, Lars Noodin <[EMAIL PROTECTED]> wrote: > Jason McIntyre wrote: > ... > > generally speaking, the docs have a bias towards ksh, since ksh is the > > default shell. i'm not sure that that means having jobs(1) be a link to > > csh(1) is wrong though. if it points to ksh(1), csh users lose out. and > > vice versa. > > Ok. It's not a big deal either way, just that since OpenBSD defaults to > ksh, there is a reason to have the built-in shell commands default to ksh. > > What about saving space by using a symlink instead? Saving space? It is already a hardlink (check the inode numbers). > > Regards > -Lars > > A solution would be to make a dummy page for built-in commands, and in this page tell the user to lookup the manpage of the shell he is using. But there is the problem of collision between built-in commands and binaries (e.g. time). So I think Jason's fix is better: drop the MLINKs, and tell the user to read the manpage of his shell in help(1) (I think that stuff doesn't belong in afterboot(8)). -- Pierre Riteau
Re: src/sys/arch/sparc64/dev/sab.c gone from CVS?
> I just read the updated errata42.html and wanted to sync my tree so I > can rebuild the kernel. I got a message from CVS: > cvs server: sys/arch/sparc64/dev/sab.c is no longer in the repository > > I can see no OPENBSD_4_2 tag on > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/dev/sab.c > only OPENBSD_4_2_BASE. > > I this right or is the OPENBSD_4_2 tag missing? The file has been corrupted by accident; this has now been fixed. Please wait a bit for your cvs mirror to get the fixed file, and everything should be back to normal. Sorry for the inconvenience. Miod
Re: Real men don't attack straw men
Sunnz ha scritto: 2008/1/12, Richard Stallman <[EMAIL PROTECTED]>: In that case, buying a Windows computer would be Ok, as long as you don't update the version of Windows software that is on it... when you want a newer version of Windows, just get a new computer. It is normal for users to install software on a PC. Perhaps many users never install anything and use only the software that was delivered. But it is not abnormal to install software. But it is abnormal to install firmware? Please explain, what's normal and what's not? For the masses it is quite abnormal to install Linux, let alone gNewsense... does it that mean ethics isn't important for such OS's? Oh, you said somewhere along the lines of updating firmware... | That is a borderline case. One possible resolution is that it is ok | to use this hardware, but updating the firmware is a bad thing. So say you buy a WinPC, and it is perfectly fine to use this hardware as is, provided you don't update Windows? I think, it's enough. Change at least the topic...After all, everyone have personal concept of this situation... Mr. Stallman, please, shut up. Some people give us proofs that you looks like an hypocrite. Isn't real? It's only a de Raadt fantasy or better a openbsd-misc reader fantasy? Are you a liar? You trust every word you say in your interviews? I dont think so... You're a politic Mr stallman, for my point of view... I really hope in your better world, but, sometimes, from your mouth, like everyone, going out bullshit. Kind regards, Francesco Vollero PS= Sorry for my english, i'm italian at all...
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 08:01:22PM +, Miod Vallat wrote: > > For some reason, this reminds me of Debian's undocumented(1) to which > all undocumented command manual pages point to. > wow! of course, we could go one better and have "typo(1)". we could MLINK all combinations of letters which are not commands, so that, for example, if i mistype "ls" as "lsd" (as i often do!), good things would happen. jmc
ksh / csh / jobs discrepancy
ksh is the default shell, but the man page for 'jobs' refers to csh The two appear to differ in how they handle background / foreground jobs. In csh, '%1' works the same way 'fg %1' does, but in ksh, only 'fg %1' works: # echo $0 -ksh # jobs [3] + Suspendedvi /etc/dnsmasq.conf [1] - Suspendedvi ssh-log.sh [2] Running tcpdump -i # %2 ksh: %2: not found # %1 ksh: %1: not found # uname -a OpenBSD foo 4.2 GENERIC#375 i386 It's not a major obstacle but one of convenience. Perhaps the man page can be updated to reflect ksh instead. Or is there a reason for using csh as the example in the man page for 'jobs' ? Regards -Lars
Re: 4.2-current throughput with pf enabled
On Friday 11 January 2008 18:36:54 scott wrote: > re-test and post with in your ruleset > > pass in quick on fxp0 inet from any to any keep state > pass out quick on $ext_if inet from any to any keep state > Did that, didn't change anything. Maybe I should add some details: I generated the traffic by simply dding from /dev/zero from one machine in my lan to a machine in my dmz (but i got almost the same results with ftp/http). They are in two different vlans which are both attached to em0. fxp0 is the interface to my adsl modem. -- Thanks Chris
Re: 4.2-current throughput with pf enabled
Try using something like iperf or netperf to get more results than just icmp. J On Jan 11, 2008 9:36 AM, scott <[EMAIL PROTECTED]> wrote: > re-test and post with in your ruleset > > pass in quick on fxp0 inet from any to any keep state > pass out quick on $ext_if inet from any to any keep state > > /S > > -Original Message- > From: Chris Cohen <[EMAIL PROTECTED]> > To: misc@openbsd.org > Subject: 4.2-current throughput with pf enabled > Date: Fri, 11 Jan 2008 17:45:37 +0100 > Mailer: KMail/1.9.7 > Delivered-To: [EMAIL PROTECTED] > > Hi, > > I just upgraded my home firewall/router from 4.1 to a current snapshot > from % > 9th January. I also changed the NIC which is connected to my core switch > from > fxp to em and upgraded the memory from 128Mb to 256Mb. > With PF disabled I can route about 40Mbyte/s (sorry, don't have pps but > the > traffic should mostly be large packets) and the system still responds very > well. (To get some numbers I just pinged the machine...): > > PING 10.1.0.254 (10.1.0.254) 56(84) bytes of data. > 64 bytes from 10.1.0.254: icmp_seq=1 ttl=255 time=2.39 ms > 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=0.078 ms > 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.077 ms > 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=0.258 ms > 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.63 ms > 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=2.03 ms > 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.87 ms > 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=0.954 ms > 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=2.65 ms > 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=0.315 ms > > --- 10.1.0.254 ping statistics --- > 10 packets transmitted, 10 received, 0% packet loss, time 9007ms > rtt min/avg/max/mdev = 0.077/1.228/2.657/0.955 ms > > With pf enabled and a very short ruleset (see pf.conf below) the system > doesn't respond to many of the dns queries (bind9 is also enabled on this > system) and the throughput is decreased to about 10Mbyte/s with the same > kind > of traffic as above. See my stupid pingtest: > > PING 10.1.0.254 56(84) bytes of data. > 64 bytes from 10.1.0.254: icmp_seq=2 ttl=255 time=5.39 ms > 64 bytes from 10.1.0.254: icmp_seq=3 ttl=255 time=0.206 ms > 64 bytes from 10.1.0.254: icmp_seq=4 ttl=255 time=9.87 ms > 64 bytes from 10.1.0.254: icmp_seq=5 ttl=255 time=1.35 ms > 64 bytes from 10.1.0.254: icmp_seq=6 ttl=255 time=10.1 ms > 64 bytes from 10.1.0.254: icmp_seq=7 ttl=255 time=1.47 ms > 64 bytes from 10.1.0.254: icmp_seq=8 ttl=255 time=11.1 ms > 64 bytes from 10.1.0.254: icmp_seq=9 ttl=255 time=11.8 ms > 64 bytes from 10.1.0.254: icmp_seq=10 ttl=255 time=12.1 ms > 64 bytes from 10.1.0.254: icmp_seq=11 ttl=255 time=11.7 ms > 64 bytes from 10.1.0.254: icmp_seq=12 ttl=255 time=12.7 ms > 64 bytes from 10.1.0.254: icmp_seq=13 ttl=255 time=11.3 ms > 64 bytes from 10.1.0.254: icmp_seq=14 ttl=255 time=14.0 ms > 64 bytes from 10.1.0.254: icmp_seq=15 ttl=255 time=12.2 ms > 64 bytes from 10.1.0.254: icmp_seq=16 ttl=255 time=11.7 ms > 64 bytes from 10.1.0.254: icmp_seq=17 ttl=255 time=14.7 ms > 64 bytes from 10.1.0.254: icmp_seq=18 ttl=255 time=11.1 ms > 64 bytes from 10.1.0.254: icmp_seq=19 ttl=255 time=3.01 ms > > --- 10.1.0.254 ping statistics --- > 19 packets transmitted, 18 received, 5% packet loss, time 18026ms > rtt min/avg/max/mdev = 0.206/9.239/14.713/4.549 ms > > With openbsd 4.1 and an fxp NIC instead of the em one the system was able > to > handle full 12Mbyte/s with a pretty complex pf.conf (more than 200 lines). > The system is an old Compaq Deskpro EN with a P3/500 and 256Mb of ram. > > > pf.conf (already played with scrub, skip and pass with no success...) > - > ext_if="pppoe0" > set skip on lo > set skip on em0 > #scrub in > scrub out on pppoe0 max-mss 1440 no-df random-id fragment reassemble > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > nat on $ext_if from !($ext_if) -> ($ext_if:0) > nat on fxp0 from any to 10.1.0.253 -> 10.1.0.254 > rdr pass on vlan10 proto tcp to port ftp -> 127.0.0.1 port 8021 > anchor "ftp-proxy/*" > #block in on pppoe0 > #pass out > > Is there anything I can tune in pf? > Should I provide a dmesg?
Re: ksh / csh / jobs discrepancy
On Fri, Jan 11, 2008 at 11:43:38AM -0800, Ted Unangst wrote: > On 1/11/08, Jason McIntyre <[EMAIL PROTECTED]> wrote: > > i think the issue is that having MLINKs for a particular shell is > > not the correct fix. a better solution, as i see it, is to encourage > > users to read the man page for the shell they're using, and to use > > commands such as "whence" to find out what exactly they're executing, > > and man/locate to find stuff. > > some systems have a page for all the builtins, which basically says > "jobs is a shell builtin. refer to the appropriate manual." yeah, we could do that. but i think it amounts to the same as having an MLINK to a shell page. we would end up with more pages too (providing MLINKS for all builtins). jmc
Re: ksh / csh / jobs discrepancy
> > i think the issue is that having MLINKs for a particular shell is > > not the correct fix. a better solution, as i see it, is to encourage > > users to read the man page for the shell they're using, and to use > > commands such as "whence" to find out what exactly they're executing, > > and man/locate to find stuff. > > some systems have a page for all the builtins, which basically says > "jobs is a shell builtin. refer to the appropriate manual." For some reason, this reminds me of Debian's undocumented(1) to which all undocumented command manual pages point to. Miod
Re: Real men don't attack straw men
--- Richard Stallman <[EMAIL PROTECTED]> wrote: > Thus the combined work, THE WHOLE POINT OF WRITING IT, is under > the GPL. That IS what you just said. Which is forcing me into a > license for my project that I don't want. > > We require you to use, for your program that contains our code, > a license that protects the essential freedom for all its users. > That defends real freedom. You mean your twisted definition of freedom. Btw, your own FAQ states that I can't BSD my code if I link to a GPL'd lib. Contrary to what you said I might add. I think you need to read your own FAQ. http://www.gnu.org/licenses/gpl-faq.html And find out what freedom actually means: http://dictionary.reference.com/browse/freedom I would comment further, and on other things, but I believe that you're too far gone to warrant any more time spent on this. At least from me and as it seems others as well. That is, until you gain some sanity. best regards, Reid Nichol President Bush says: War Is Peace Freedom Is Slavery Ignorance Is Strength Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: facts about OpenBSD
4 years using OpenBSD . huh ? i guess now, u stop using OpenBSD and start making your ownOS ... LOL and you just whining + flamer = junker = rest in hell ... On 1/12/08, Nikns Siankin <[EMAIL PROTECTED]> wrote: > > Thanks everyone who responded in constructive fashion, > and thanks for all additions to list, sorry for not answering you all! > > These who got hurt about these truthfull facts, rest in peace. hehehe > > > On Wed, Jan 09, 2008 at 11:03:29PM +0200, Nikns Siankin wrote: > >Facts about OpenBSD: > > > ># Stable release cycle. > > If you want to run latest bugfree ClamAV or FireFox - upgrade to > CURRENT! > > But don't forget to buy release CD's!!! > ># Secure By Default. > > OpenBSD uses broken WEP for securing WiFi networks. > > Has no WPA/WPA2 support. > ># Do not let serious problems sit unsolved. > > OpenBSD doesn't need MAC because it has their own security flawed > systrace. > ># Use of Cryptography. > > OpenBSD uses file-backed encryption (svnd) which is very suited > > for Full-disk-encryption. NOT. > ># Full Disclosure. > > OpenBSD at first denies remote exploitable flaws. > > DoS flaws gets marked as reliability not security issues. > ># Easy maintainable. > > OpenBSD distributes source patches to make your farm of > > Pentium2 firewalls updated easly. > ># Secure Distribution. > > The most secure operation system gets distributed on FTP servers > > as unsigned binaries. > > > > > >Disclaimer: Like it or not. I'm OpenBSD user for 4 years. > >Shit on my head - shit on all OpenBSD supporters. > > > > > > > >I'm not subscribed, cc me, if have something to say. > > -- number one puffy fans !
Re: gcc 4.2
I encounter same error for some other packages, when I set: CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" It works fine. 2008/1/12, Private Joker <[EMAIL PROTECTED]>: > > Folks, > > I am trying to compile GCC 4.2 from ports, and I keep > getting the same error... with OpenBSD 4.2 and current > as well. > > checking whether the C compiler > (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc > -O2 -g ) works... no > configure: error: installation or configuration > problem: C compiler cannot create executables. > *** Error code 1 > > Stop in /usr/ports/lang/gcc/4.2 (line 2057 of > /usr/ports/infrastructure/mk/bsd.port.mk). > > Does anyone have any idea of what could make this port > work? > > Thanks, > Pvt Joker > > > > > > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: 4.2-current throughput with pf enabled
I use both fxp and em NICs and have great throughput. You may want to
check the full-half duplex settings/agreements -- configured and
actual-operation -- with the pf box AND EACH adjacent device.
Disagreements can provoke a lot of re-sends.
Also, with the slower link, you may want to try implementing queuing so
that --at a minimum-- the tos lowlatency packets are prioritized over
the bulk large packet traffic. Queue is assigned on the PASS OUT
rule(s).
Something like...
---pf.conf frag---
altq on priq bandwidth 640Kb queue { Q1, Q7 }
queue Q7 priority 7
queue Q1 priority 1 priq(default)
#
#...
#
pass out on ... queue(Q1, Q7)
#
---pf.conf frag---
/S
-Original Message-
From: Chris Cohen <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: Re: 4.2-current throughput with pf enabled
Date: Fri, 11 Jan 2008 19:38:59 +0100
Mailer: KMail/1.9.7
Delivered-To: [EMAIL PROTECTED]
On Friday 11 January 2008 18:36:54 scott wrote:
> re-test and post with in your ruleset
>
> pass in quick on fxp0 inet from any to any keep state
> pass out quick on $ext_if inet from any to any keep state
>
Did that, didn't change anything. Maybe I should add some details:
I generated the traffic by simply dding from /dev/zero from one machine in my
lan to a machine in my dmz (but i got almost the same results with ftp/http).
They are in two different vlans which are both attached to em0. fxp0 is the
interface to my adsl modem.
Re: Open Source Article Spawns Interesting Ethical Question
> Cell phone systems keep track of the location of the phone, and they > can record the information permanently. They can do this even when > the phone is switched "off", because it still transmits. > > That information comes from the Palestine Information Technology > Association. In Palestine, being tracked often means you get killed > by a missile that wounds or kills other people passing by. I am unable to find the paper. Anyone has it? -- Regards Koh Choon Lin http://profiles.friendster.com/42928535";>"Best Teacher in Singapore"
Re: Open Source Article Spawns Interesting Ethical Question
On 10/01/2008, bofh <[EMAIL PROTECTED]> wrote: > On Jan 9, 2008 8:45 PM, Ted Unangst <[EMAIL PROTECTED]> wrote: > > > On 1/9/08, bofh <[EMAIL PROTECTED]> wrote: > > > > Just curious if you know how Kevin Mitnick was tracked down and > > captured? > > > > did the police go to the billing address of the cell phone he was > > using and paying for? > > > > Heh. A simple search for kevin mitnick capture will give you tons of > links. Here's one: > > http://www.takedown.com/coverage/prince-hackers.html > > I do apologize in advance for the link though - it was written by markoff. > There were... ethical issues with what he subsequently did. Indeed. Here's a better link: http://thepiratebay.org/tor/3429504/Freedom_Downtime_(2004_version)_-_Story_of_Hacker_Kevin_Mitnick And no, to the best of my knowledge this is not copyright infringement, because Emmanuel Goldstein of 2600 has mentioned on Off The Hook sometime that he doesn't object to such copying, and 2600/Emmanuel is the copyright holder. Or just email him at 2600.com if you're still unconvinced. Of course if you want to support 2600 magazine, an action I heartily encourage, you can also buy the DVD (which is full of hidden features, cf. http://www.2600.com/easter/eggs.html ) at http://store.2600.com/film.html
