RE: Netflix's New Peering Appliance Uses FreeBSD
From: owner-freebsd-sta...@freebsd.org [mailto:owner-freebsd-sta...@freebsd.org] On Behalf Of Ian Smith On Tue, 5 Jun 2012, Kurt Jaeger wrote: I didn't see a link to this information in the e-mail below. I found this info detailed here: https://signup.netflix.com/openconnect/software If you come from an IP range outside of netflix' footprint, that page is not available. Indeed, I found it a tad strange that URL redirecting to https://signup.netflix.com/global which sayeth: Sorry, Netflix is not available in your country... yet Enter your name and email address below and we'll email you when Netflix is available. But have a look at that PDF, comes from their webpage: http://opsec.eu/backup/OpenConnectDeploymentGuide-v2.4a.pdf Interesting box alright. Hope it wasn't Top Secret in my country, and that I can ask my (Debian based) ISP when they'll be getting some? :) Good to see Scott's found something to keep him off the streets too .. Now if only Netflix figured out a way to allow FreeBSD (and Linux) users to watch their streams... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
RE: Hacked - FreeBSD 7.1-Release
From: Chris H On Tue, December 22, 2009 8:35 am, Andresen, Jason R. wrote: Squirrel wrote: most likely could be some kind of remote code execution or SQLi executed in the context of some php scripts, you should audit php code of your web interface and of the websites you host. also consider the strenght of your passwords, lots of login attempts to ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack maybe). you should also check webmin logs, there are a few bruteforcer for webmin out there, (*hint*) consider the lenght of your average password if it's more than 7-8 characters aplhanumeric with simbols most likely this isn't the case. While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise. That's why there's GREP(1), AWK(1), FIND(1), TAIL(1), and CAT(1) Consider the following... adding the following to your /etc/rc.conf: # SECURITY RELATED syslogd_flags=-ss log_in_vain=YES tcp_keepalive=YES now your log file will /really/ sing (log_in_vain=YES). Of course, unless you have a great deal of time on your hands, visually parsing that noisy log will be quite tedious, and time consuming. So you have a few options... If your running X11, simply run tail in a root window - there are quite a few utilities in ports for doing just this - some that'll only write messages you want to see. You could also create a script out of cron that will only produce messages you are interested in, for example: ~# cat /var/log/messages | ssh will emit any attempt to ssh into your box you can also redirect the messages to a file: ~# cat /var/log/messages | ssh ~/EVIL_DOERS You could also add en entry to PERIODIC(8) that will provide a daily report on any attempts you are interested in. HTH Your solution to excessive noise in the security log is to greatly increase the noise level?!? The point is, if your machine is on the internet, then bots are going to try password attacks on any open port they can find. It's just the sad fact of life on the current internet. Unfortunately, this activity will also make it much more difficult to determine when you are under attack from an actual person, which was my point earlier. It's one that is not going to be easy to solve either, unless you're willing to rewrite SSH to require every connection attempt to pass a Turing test or something. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
RE: Hacked - FreeBSD 7.1-Release
Squirrel wrote: most likely could be some kind of remote code execution or SQLi executed in the context of some php scripts, you should audit php code of your web interface and of the websites you host. also consider the strenght of your passwords, lots of login attempts to ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack maybe). you should also check webmin logs, there are a few bruteforcer for webmin out there, (*hint*) consider the lenght of your average password if it's more than 7-8 characters aplhanumeric with simbols most likely this isn't the case. While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
RE: Don't buy AMD products (was Re: Xorg and ATI card query.)
On Behalf Of fred Sean Bryant a écrit : Try the 'vesa' xorg driver. It may not be fancy or all that accelerated but it works quite well. I have an nvidia card and cannot get it to work for the life of me. the drive attached, but nothing happens after that. It might be the fact that I have a PCI express card. But the vesa driver is working just fine for me. ??? PCI-E GPU are known to work fine. Which GPU do you have ? May be one too old that nvidia does not support anymore ? I don't think there are any PCIe boards that are too old to support. FWIW, I have a Geforce 8800 GTX on my dual boot box and the nVidia driver works mostly. It's still pretty buggy (although this is on 7-Current, so it's hard to tell if it's the driver's fault or FreeBSDs), but it's good enough for day to day stuff (just don't play too many movies or start up too many OpenGL apps, and don't try to return to the console). On the other hand, the latest nVidia drivers for this card are buggy in Windows too, so maybe it is their fault. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dummynet and simulating random delay
From: Luigi Rizzo [mailto:[EMAIL PROTECTED] On Tue, Jan 30, 2007 at 03:03:06PM -0500, Andresen, Jason R. wrote: From: Luigi Rizzo [mailto:[EMAIL PROTECTED] On Wed, Jan 24, 2007 at 06:10:21PM +1100, Peter Jeremy wrote: On Tue, 2007-Jan-23 14:22:54 -0500, Andresen, Jason R. wrote: I have a project that requires me to simulate a link with varying but well defined delay. The link is guarenteed to deliver packets in order, so I wish to maintain that behavior with Dummynet. I don't think dummynet can do this in its current form. Based on actually dummynet never does reordering within a single pipe, even if you change the delay on the fly. But this said, you should explain varying but well defined delay, because if you use TCP or similar as the source, then you have no control on when the userland write-tcp transmission delay anyways so the concept is a bit vague and probably not a meaningful experiment. And even in any common network (from switched ethernet to wireless to dsl...) you have some variance on the delay, ranging from a fraction of a millisecond to much larger values, due to queueing and/or protocol issues (e.g. MAC channel allocation) and/or switch/router/operating system issues. I'm trying to simulate a satellite link that has a normal delay of 1 second, but every 20-30 seconds or so the delay shoots up to 3.5 seconds for about 4 seconds and then settles back down to 1 second. From what you said, I'm thinking that just twiddling the pipe on the fly will probably work. yes but just curious, this is something so odd that i wonder if you couldn't try to reproduce the real reasons for the increase. Is the extra delay due to the device stopping handling stuff for 2.5seconds, then catching up ? if that's the case you might try to change the bandwidth to a very low value for the period while the satellite is asleep, and then back to the normal value. I am not 100% sure but this should work and give a more accurate emulation of what happens, especially the recovery period. That will actually work? Wonderful! Although these links are already low bandwith (2400bps), I guess dropping it down to 10bps or something would work fine. I had thought originally that if I did that it might buffer an entire packet and tag it with a 10 bps speed, causing it to stall the connection for an excessively long period of time. If it just twiddles the output code independent of the queue than it should work perfectly. Thanks. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Dummynet and simulating random delay
From: Luigi Rizzo [mailto:[EMAIL PROTECTED] On Wed, Jan 24, 2007 at 06:10:21PM +1100, Peter Jeremy wrote: On Tue, 2007-Jan-23 14:22:54 -0500, Andresen, Jason R. wrote: I have a project that requires me to simulate a link with varying but well defined delay. The link is guarenteed to deliver packets in order, so I wish to maintain that behavior with Dummynet. I don't think dummynet can do this in its current form. Based on actually dummynet never does reordering within a single pipe, even if you change the delay on the fly. But this said, you should explain varying but well defined delay, because if you use TCP or similar as the source, then you have no control on when the userland write-tcp transmission delay anyways so the concept is a bit vague and probably not a meaningful experiment. And even in any common network (from switched ethernet to wireless to dsl...) you have some variance on the delay, ranging from a fraction of a millisecond to much larger values, due to queueing and/or protocol issues (e.g. MAC channel allocation) and/or switch/router/operating system issues. I'm trying to simulate a satellite link that has a normal delay of 1 second, but every 20-30 seconds or so the delay shoots up to 3.5 seconds for about 4 seconds and then settles back down to 1 second. From what you said, I'm thinking that just twiddling the pipe on the fly will probably work. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Dummynet and simulating random delay
I have a project that requires me to simulate a link with varying but well defined delay. The link is guarenteed to deliver packets in order, so I wish to maintain that behavior with Dummynet. My first thought was to create three or four different queues with different delays and use the probability rule to dump them into the queue, but that gets packets out of order and doesn't work. My next thought is to write a script that reconfigures the pipe randomly every few hundred milliseconds or so during the test, but I'm not sure what that means for packets that are already in it. Does it mean bursts of data when the delay is turned down (which would actually be realistic in this scenario), or is there a danger of out of order packets? Are there any dummynet experts out there that can tell me exactly how it will behave when delays are changed while there are still packets in the buckets? Thanks. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: portdowngrade/portupgrade question
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pertti Kosunen Par Leijonhufvud wrote: Nope, that does not do it, what it did was remove the old (6.3.6) version and fail to install the new version. I also tried going to /usr/ports/mail/fetchmail and doing a make install. Pretty much same error (fetchmail -- TLS enforcement problem/MITM attack/password exposure[...] Please update your ports tree and try again). What have I missed? Update your ports tree, that version of fetchmail has vulnerabilities. If you're wondering how to upgrade your ports tree, there is a good handbook entry on it: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.h tml ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Runaway kernel? Or an attack?
I would have thought so too excep that it's always a different host. It's usually inside of Verizon though. -Original Message- From: Chuck Swiger [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 4:33 PM To: Andresen, Jason R. Cc: freebsd-stable@freebsd.org Subject: Re: Runaway kernel? Or an attack? On Oct 18, 2006, at 1:07 PM, Andresen, Jason R. wrote: Ok, I have a recurring problem with my webserver. Once a day or so it gets locked into a loop with some random server usually somewhere in my ISP. When it does this, it spends all of its time spitting out packets and getting FIN, ACKs back. Shutting down the HTTP server doesn't stop the traffic. I have to create firewall rules to block the outgoing traffic to stop it. Frankly, this sounds more like the random remote host has been compromised, rather than your machine, and it is scanning the network for other hosts to attack. What URLs are being requested (check the http logs)? Here's a short tcpdump of the traffic when it happens, these packets are going out at a rate of thousands per second. The 192.168.42.2 is the local host and 192.76.86.83 is the apparently random victim: I'd talk to verizon.com and ask them what is going on from their side with that host... -- -Chuck ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Runaway kernel? Or an attack?
From: Jeremy Chadwick [mailto:[EMAIL PROTECTED] On Wed, Oct 18, 2006 at 04:07:14PM -0400, Andresen, Jason R. wrote: Ok, I have a recurring problem with my webserver. Once a day or so it gets locked into a loop with some random server usually somewhere in my ISP. When it does this, it spends all of its time spitting out packets and getting FIN, ACKs back. Shutting down the HTTP server doesn't stop the traffic. I have to create firewall rules to block the outgoing traffic to stop it. Wiping the disk and reinstalling from the CD didn't help either. This host is behind a NAT (A D-Link DI-604 router). Is this a bad packet injection attack, a bug, or has my box been compromised? And let me guess: your DI-604 is set to port forward TCP 80 to 192.168.42.2 (rather than make 192.168.42.2 the DMZ host). I recommend removing the DI-604 from the topology and see if the problem continues. Gut feeling (based on past experience with D-Link's residential products) is the problem will disappear. You'll have to trust me on this -- no matter how reliable you think the DI-series units are (It works fine for me!), they aren't. There are major IP stack implementation issues with these units (same with the DI-614+). Thoroughly scan the D-Link forum on www.broadbandreports.com for details of these problems. The IP stack on those units is awful. Consider picking up a WRT54GL (which runs Linux; sure, I'd prefer they run BSD, but I'll trust Linux's IP stack over some third-party out-of-country IP stack any day of the week). Do not go with a WRT54G (because you won't know what version you get; Linux-based or VxWorks-based (which has other IP stack problems), nor a WRT54GS (same risk (Linux vs. VxWorks)). So the upshot is to not trust anything that uses VxWorks? I've been considering reworking my network by adding a second interface to the webserver machine and having it replace the DI-604, but I've been reluctant because if my box was being compromised I didn't want to open it up even further to attack. Looks like I should do it anyway. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Runaway kernel? Or an attack?
Ok, I have a recurring problem with my webserver. Once a day or so it gets locked into a loop with some random server usually somewhere in my ISP. When it does this, it spends all of its time spitting out packets and getting FIN, ACKs back. Shutting down the HTTP server doesn't stop the traffic. I have to create firewall rules to block the outgoing traffic to stop it. Wiping the disk and reinstalling from the CD didn't help either. This host is behind a NAT (A D-Link DI-604 router). Is this a bad packet injection attack, a bug, or has my box been compromised? This problem has persisted from when the box was 5.4 all the way to it's current 6.0 life. Sadly, I cannot upgrade it beyond 6.0 Release at the moment because it has a proprietary vendor binary kernel module for the RAID array, and the newest version they have is for 6.0. Here's a short tcpdump of the traffic when it happens, these packets are going out at a rate of thousands per second. The 192.168.42.2 is the local host and 192.76.86.83 is the apparently random victim: 09:36:51.056914 IP (tos 0x0, ttl 64, id 57273, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.42.2.80 192.76.86.83.22929: ., cksum 0xd1b3 (correct), 0:0(0) ack 0 win 33120 nop,nop,timestamp 147178754 27589156 09:36:51.059404 IP (tos 0x0, ttl 51, id 61707, offset 0, flags [none], proto: TCP (6), length: 52) 192.76.86.83.22929 192.168.42.2.80: F, cksum 0x5331 (correct), 0:0(0) ack 1 win 65535 nop,nop,timestamp 27589156 147178723 09:36:51.059469 IP (tos 0x0, ttl 64, id 57274, offset 0, flags [DF], proto: TCP (6), length: 52) 192.168.42.2.80 192.76.86.83.22929: ., cksum 0xd1b0 (correct), 0:0(0) ack 0 win 33120 nop,nop,timestamp 147178757 27589156 09:36:51.060004 IP (tos 0x0, ttl 51, id 61709, offset 0, flags [none], proto: TCP (6), length: 52) 192.76.86.83.22929 192.168.42.2.80: F, cksum 0x5331 (correct), 0:0(0) ack 1 win 65535 nop,nop,timestamp 27589156 147178723 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
wine: ld-elf.so.1 not found
I'm having a very strange problem with Wine. It apparently refuses to see ld when starting: escaflowne/p7 (72 ~): wine ELF interpreter /libexec/ld-elf.so.1 not found Even though it's obviously on the system: escaflowne/p7 (74 ~): ls /libexec ld-elf.so.1 ld-elf.so.1.old Ktrace doesn't really provide much of anything helpful since even ld won't start: escaflowne/p7 (77 ~): ktrace wine ELF interpreter /libexec/ld-elf.so.1 not found [1]90037 abort ktrace wine escaflowne/p7 134 (78 ~): kdump 90037 ktrace RET ktrace 0 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /bin/wine 90037 ktrace RET execve -1 errno 2 No such file or directory 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /sbin/wine 90037 ktrace RET execve -1 errno 2 No such file or directory 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /usr/bin/wine 90037 ktrace RET execve -1 errno 2 No such file or directory 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /usr/games/wine 90037 ktrace RET execve -1 errno 2 No such file or directory 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /usr/sbin/wine 90037 ktrace RET execve -1 errno 2 No such file or directory 90037 ktrace CALL execve(0xbfbfe170,0xbfbfe698,0xbfbfe6a0) 90037 ktrace NAMI /usr/local/bin/wine 90037 ktrace NAMI /libexec/ld-elf.so.1 I'm a bit behind on the releases, but this just seem so odd regardless: escaflowne/p7 (79 ~): uname -a FreeBSD escaflowne.ceyah.org 6.0-RELEASE FreeBSD 6.0-RELEASE #1: Tue Jun 20 11:19:53 EDT 2006 [EMAIL PROTECTED]:/backup/obj/data/src/sys/ESCAFLOWNE i386 Recompiling Wine makes no difference, and it is the only application on my system that appears to be affected. I'm using Wine 0.9.17,1. I'm really stumped as to what the problem is. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Booting from ZIP 750 ...
IIRC ATAPI Zip drives appear as ATAPI Floppy Device to the kernel, you should be able to boot off of them but it might be a bit weird. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Machine Replication
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eli K. Breen Sent: Thursday, July 21, 2005 3:21 PM To: freebsd-stable@freebsd.org Subject: Machine Replication All, Does anyone have a good handle on how to replicate (read: image) a freebsd machine from one machine to an ostensibly similar machine? So far I've used countless variations and combinations of the following: dd (Slow, not usefull if the hardware isn't identical?) tar(Doesn't replicate MBR) rsync (No MBR support) Norton Ghost (Doesn't support UFS/UFS2?) G4U(little experience with this) If you need stuff replicated fast and you don't mind a bit of setup, there is emulab http://www.emulab.net/. I can push out new images to machines in less than 10 minutes including the time it takes to reboot twice (once into the imager and once back to the OS). You may need to use UFS1 for your filesystems though, I don't know if the imager can handle UFS2 yet. We use UFS1 here just to be safe. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cant make buildkernel
Gary Smith wrote: I have been tracking stable for a while without incident but since the last 2 weeks, after a cvsup and a make buildworld, make buildkernel fails with " make: dont know how to make /usr/src/sys/ufs/ffs/ffs_softdep.c. Stop " Any ideas as to why this happens ? my last cvsup was yesterday. The softupdates code was merged with current (the licence issues were resolved I guess), so when you cvsupped the system copied the updated ffs_softdep.c on your existing symlink, then deleted the target the symlink pointed to, leaving you with a dangling symlink. Delete those symlinks (ffs_softdep.c and softdep.h IIRC) and try cvsupping again. -- _ __ ___ ___ __ / \/ \ | ||_ _|| _ \|___| | Jason Andresen -- [EMAIL PROTECTED] / /\/\ \ | | | | | |/ /|_|_ | Views expressed may not reflect those /_/\_\|_| |_| |_|\_\|___| | of the Mitre Corporation. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
